) the Prometheus metrics HTTP server should listen on (listen\_address).
sentry\_dsn = Sentry DSN of the project for the Runner Manager to use (uses legacy DSN format) (sentry\_dsn) | object({
gitlab_check_interval = optional(number, 3)
maximum_concurrent_jobs = optional(number, 10)
prometheus_listen_address = optional(string, "")
sentry_dsn = optional(string, "__SENTRY_DSN_REPLACED_BY_USER_DATA__")
}) | `{}` | no |
-| [runner\_metadata\_options](#input\_runner\_metadata\_options) | Enable the Runner instance metadata service. IMDSv2 is enabled by default. | object({
http_endpoint = string
http_tokens = string
http_put_response_hop_limit = number
instance_metadata_tags = string
}) | {
"http_endpoint": "enabled",
"http_put_response_hop_limit": 2,
"http_tokens": "required",
"instance_metadata_tags": "disabled"
} | no |
-| [runner\_networking](#input\_runner\_networking) | allow\_incoming\_ping = Allow ICMP Ping to the Runner. Specify `allow_incoming_ping_security_group_ids` too!
allow\_incoming\_ping\_security\_group\_ids = A list of security group ids that are allowed to ping the Runner.
security\_group\_description = A description for the Runner's security group
security\_group\_ids = IDs of security groups to add to the Runner. | object({
allow_incoming_ping = optional(bool, false)
allow_incoming_ping_security_group_ids = optional(list(string), [])
security_group_description = optional(string, "A security group containing gitlab-runner agent instances")
security_group_ids = optional(list(string), [])
}) | `{}` | no |
-| [runner\_networking\_egress\_rules](#input\_runner\_networking\_egress\_rules) | List of egress rules for the Runner. | list(object({
cidr_blocks = list(string)
ipv6_cidr_blocks = list(string)
prefix_list_ids = list(string)
from_port = number
protocol = string
security_groups = list(string)
self = bool
to_port = number
description = string
})) | [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 0,
"ipv6_cidr_blocks": [
"::/0"
],
"prefix_list_ids": null,
"protocol": "-1",
"security_groups": null,
"self": null,
"to_port": 0
}
]
| no |
-| [runner\_role](#input\_runner\_role) | additional\_tags = Map of tags that will be added to the role created. Useful for tag based authorization.
allow\_iam\_service\_linked\_role\_creation = Boolean used to control attaching the policy to the Runner to create service linked roles.
assume\_role\_policy\_json = The assume role policy for the Runner.
create\_role\_profile = Whether to create the IAM role/profile for the Runner. If you provide your own role, make sure that it has the required permissions.
policy\_arns = List of policy ARNs to be added to the instance profile of the Runner.
role\_profile\_name = IAM role/profile name for the Runner. If unspecified then `${var.iam_object_prefix}-instance` is used. | object({
additional_tags = optional(map(string))
allow_iam_service_linked_role_creation = optional(bool, true)
assume_role_policy_json = optional(string, "")
create_role_profile = optional(bool, true)
policy_arns = optional(list(string), [])
role_profile_name = optional(string)
}) | `{}` | no |
-| [runner\_schedule\_config](#input\_runner\_schedule\_config) | Map containing the configuration of the ASG scale-out and scale-in for the Runner. Will only be used if `agent_schedule_enable` is set to `true`. | `map(any)` | {
"scale_in_count": 0,
"scale_in_recurrence": "0 18 * * 1-5",
"scale_in_time_zone": "Etc/UTC",
"scale_out_count": 1,
"scale_out_recurrence": "0 8 * * 1-5",
"scale_out_time_zone": "Etc/UTC"
} | no |
-| [runner\_schedule\_enable](#input\_runner\_schedule\_enable) | Set to `true` to enable the auto scaling group schedule for the Runner. | `bool` | `false` | no |
-| [runner\_sentry\_secure\_parameter\_store\_name](#input\_runner\_sentry\_secure\_parameter\_store\_name) | The Sentry DSN name used to store the Sentry DSN in Secure Parameter Store | `string` | `"sentry-dsn"` | no |
-| [runner\_terminate\_ec2\_lifecycle\_hook\_name](#input\_runner\_terminate\_ec2\_lifecycle\_hook\_name) | Specifies a custom name for the ASG terminate lifecycle hook and related resources. | `string` | `null` | no |
-| [runner\_terraform\_timeout\_delete\_asg](#input\_runner\_terraform\_timeout\_delete\_asg) | Timeout when trying to delete the Runner ASG. | `string` | `"10m"` | no |
-| [runner\_worker](#input\_runner\_worker) | For detailed information, check https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section.
environment\_variables = List of environment variables to add to the Runner Worker (environment).
max\_jobs = Number of jobs which can be processed in parallel by the Runner Worker.
output\_limit = Sets the maximum build log size in kilobytes. Default is 4MB (output\_limit).
request\_concurrency = Limit number of concurrent requests for new jobs from GitLab (default 1) (request\_concurrency).
ssm\_access = Allows to connect to the Runner Worker via SSM.
type = The Runner Worker type to use. Currently supports `docker+machine` or `docker`. | object({
environment_variables = optional(list(string), [])
max_jobs = optional(number, 0)
output_limit = optional(number, 4096)
request_concurrency = optional(number, 1)
ssm_access = optional(bool, false)
type = optional(string, "docker+machine")
}) | `{}` | no |
-| [runner\_worker\_cache](#input\_runner\_worker\_cache) | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared
cache. To use the same cache across multiple Runner Worker disable the creation of the cache and provide a policy and
bucket name. See the public runner example for more details."
For detailed documentation check https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscaches3-section
access\_log\_bucker\_id = The ID of the bucket where the access logs are stored.
access\_log\_bucket\_prefix = The bucket prefix for the access logs.
authentication\_type = A string that declares the AuthenticationType for [runners.cache.s3]. Can either be 'iam' or 'credentials'
bucket = Name of the cache bucket. Requires `create = false`.
bucket\_prefix = Prefix for s3 cache bucket name. Requires `create = true`.
create = Boolean used to enable or disable the creation of the cache bucket.
expiration\_days = Number of days before cache objects expire. Requires `create = true`.
include\_account\_id = Boolean used to include the account id in the cache bucket name. Requires `create = true`.
policy = Policy to use for the cache bucket. Requires `create = false`.
random\_suffix = Boolean used to enable or disable the use of a random string suffix on the cache bucket name. Requires `create = true`.
shared = Boolean used to enable or disable the use of the cache bucket as shared cache.
versioning = Boolean used to enable versioning on the cache bucket. Requires `create = true`. | object({
access_log_bucket_id = optional(string, null)
access_log_bucket_prefix = optional(string, null)
authentication_type = optional(string, "iam")
bucket = optional(string, "")
bucket_prefix = optional(string, "")
create = optional(bool, true)
expiration_days = optional(number, 1)
include_account_id = optional(bool, true)
policy = optional(string, "")
random_suffix = optional(bool, false)
shared = optional(bool, false)
versioning = optional(bool, false)
}) | `{}` | no |
-| [runner\_worker\_docker\_add\_dind\_volumes](#input\_runner\_worker\_docker\_add\_dind\_volumes) | Add certificates and docker.sock to the volumes to support docker-in-docker (dind) | `bool` | `false` | no |
-| [runner\_worker\_docker\_machine\_ami\_filter](#input\_runner\_worker\_docker\_machine\_ami\_filter) | List of maps used to create the AMI filter for the Runner Worker. | `map(list(string))` | {
"name": [
"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"
]
} | no |
-| [runner\_worker\_docker\_machine\_ami\_owners](#input\_runner\_worker\_docker\_machine\_ami\_owners) | The list of owners used to select the AMI of the Runner Worker. | `list(string)` | [
"099720109477"
]
| no |
-| [runner\_worker\_docker\_machine\_autoscaling\_options](#input\_runner\_worker\_docker\_machine\_autoscaling\_options) | Set autoscaling parameters based on periods, see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersmachine-section | list(object({
periods = list(string)
idle_count = optional(number)
idle_scale_factor = optional(number)
idle_count_min = optional(number)
idle_time = optional(number)
timezone = optional(string, "UTC")
})) | `[]` | no |
-| [runner\_worker\_docker\_machine\_ec2\_metadata\_options](#input\_runner\_worker\_docker\_machine\_ec2\_metadata\_options) | Enable the Runner Worker metadata service. Requires you use CKI maintained docker machines. | object({
http_tokens = string
http_put_response_hop_limit = number
}) | {
"http_put_response_hop_limit": 2,
"http_tokens": "required"
} | no |
-| [runner\_worker\_docker\_machine\_ec2\_options](#input\_runner\_worker\_docker\_machine\_ec2\_options) | List of additional options for the docker+machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no |
-| [runner\_worker\_docker\_machine\_extra\_egress\_rules](#input\_runner\_worker\_docker\_machine\_extra\_egress\_rules) | List of egress rules for the Runner Workers. | list(object({
cidr_blocks = list(string)
ipv6_cidr_blocks = list(string)
prefix_list_ids = list(string)
from_port = number
protocol = string
security_groups = list(string)
self = bool
to_port = number
description = string
})) | [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Allow all egress traffic for Runner Workers.",
"from_port": 0,
"ipv6_cidr_blocks": [
"::/0"
],
"prefix_list_ids": null,
"protocol": "-1",
"security_groups": null,
"self": null,
"to_port": 0
}
]
| no |
-| [runner\_worker\_docker\_machine\_fleet](#input\_runner\_worker\_docker\_machine\_fleet) | enable = Activates the fleet mode on the Runner. https://gitlab.com/cki-project/docker-machine/-/blob/v0.16.2-gitlab.19-cki.2/docs/drivers/aws.md#fleet-mode
key\_pair\_name = The name of the key pair used by the Runner to connect to the docker-machine Runner Workers. This variable is only supported when `enables` is set to `true`. | object({
enable = bool
key_pair_name = optional(string, "fleet-key")
}) | {
"enable": false
} | no |
-| [runner\_worker\_docker\_machine\_instance](#input\_runner\_worker\_docker\_machine\_instance) | For detailed documentation check https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersmachine-section
docker\_registry\_mirror\_url = The URL of the Docker registry mirror to use for the Runner Worker.
destroy\_after\_max\_builds = Destroy the instance after the maximum number of builds has been reached.
ebs\_optimized = Enable EBS optimization for the Runner Worker.
idle\_count = Number of idle Runner Worker instances (not working for the Docker Runner Worker) (IdleCount).
idle\_time = Idle time of the Runner Worker before they are destroyed (not working for the Docker Runner Worker) (IdleTime).
max\_growth\_rate = The maximum number of machines that can be added to the runner in parallel.
monitoring = Enable detailed monitoring for the Runner Worker.
name\_prefix = Set the name prefix and override the `Name` tag for the Runner Worker.
private\_address\_only = Restrict Runner Worker to the use of a private IP address. If `runner_instance.use_private_address_only` is set to `true` (default), `runner_worker_docker_machine_instance.private_address_only` will also apply for the Runner.
root\_size = The size of the root volume for the Runner Worker.
start\_script = Cloud-init user data that will be passed to the Runner Worker. Should not be base64 encrypted.
subnet\_ids = The list of subnet IDs to use for the Runner Worker when the fleet mode is enabled.
types = The type of instance to use for the Runner Worker. In case of fleet mode, multiple instance types are supported.
volume\_type = The type of volume to use for the Runner Worker. | object({
destroy_after_max_builds = optional(number, 0)
docker_registry_mirror_url = optional(string, "")
ebs_optimized = optional(bool, true)
idle_count = optional(number, 0)
idle_time = optional(number, 600)
max_growth_rate = optional(number, 0)
monitoring = optional(bool, false)
name_prefix = optional(string, "")
private_address_only = optional(bool, true)
root_size = optional(number, 8)
start_script = optional(string, "")
subnet_ids = optional(list(string), [])
types = optional(list(string), ["m5.large"])
volume_type = optional(string, "gp2")
}) | `{}` | no |
-| [runner\_worker\_docker\_machine\_instance\_spot](#input\_runner\_worker\_docker\_machine\_instance\_spot) | enable = Enable spot instances for the Runner Worker.
max\_price = The maximum price willing to pay. By default the price is limited by the current on demand price for the instance type chosen. | object({
enable = optional(bool, true)
max_price = optional(string, "on-demand-price")
}) | `{}` | no |
-| [runner\_worker\_docker\_machine\_role](#input\_runner\_worker\_docker\_machine\_role) | additional\_tags = Map of tags that will be added to the Runner Worker.
assume\_role\_policy\_json = Assume role policy for the Runner Worker.
policy\_arns = List of ARNs of IAM policies to attach to the Runner Workers.
profile\_name = Name of the IAM profile to attach to the Runner Workers. | object({
additional_tags = optional(map(string), {})
assume_role_policy_json = optional(string, "")
policy_arns = optional(list(string), [])
profile_name = optional(string, "")
}) | `{}` | no |
-| [runner\_worker\_docker\_machine\_security\_group\_description](#input\_runner\_worker\_docker\_machine\_security\_group\_description) | A description for the Runner Worker security group | `string` | `"A security group containing Runner Worker instances"` | no |
-| [runner\_worker\_docker\_options](#input\_runner\_worker\_docker\_options) | Options added to the [runners.docker] section of config.toml to configure the Docker container of the Runner Worker. For
details check https://docs.gitlab.com/runner/configuration/advanced-configuration.html
Default values if the option is not given:
disable\_cache = "false"
image = "docker:18.03.1-ce"
privileged = "true"
pull\_policy = "always"
shm\_size = 0
tls\_verify = "false"
volumes = "/cache" | object({
allowed_images = optional(list(string))
allowed_pull_policies = optional(list(string))
allowed_services = optional(list(string))
cache_dir = optional(string)
cap_add = optional(list(string))
cap_drop = optional(list(string))
container_labels = optional(list(string))
cpuset_cpus = optional(string)
cpu_shares = optional(number)
cpus = optional(string)
devices = optional(list(string))
device_cgroup_rules = optional(list(string))
disable_cache = optional(bool, false)
disable_entrypoint_overwrite = optional(bool)
dns = optional(list(string))
dns_search = optional(list(string))
extra_hosts = optional(list(string))
gpus = optional(string)
helper_image = optional(string)
helper_image_flavor = optional(string)
host = optional(string)
hostname = optional(string)
image = optional(string, "docker:18.03.1-ce")
isolation = optional(string)
links = optional(list(string))
mac_address = optional(string)
memory = optional(string)
memory_swap = optional(string)
memory_reservation = optional(string)
network_mode = optional(string)
oom_kill_disable = optional(bool)
oom_score_adjust = optional(number)
privileged = optional(bool, true)
pull_policies = optional(list(string), ["always"])
runtime = optional(string)
security_opt = optional(list(string))
shm_size = optional(number, 0)
sysctls = optional(list(string))
tls_cert_path = optional(string)
tls_verify = optional(bool, false)
user = optional(string)
userns_mode = optional(string)
volumes = optional(list(string), ["/cache"])
volumes_from = optional(list(string))
volume_driver = optional(string)
wait_for_services_timeout = optional(number)
}) | {
"disable_cache": "false",
"image": "docker:18.03.1-ce",
"privileged": "true",
"pull_policy": "always",
"shm_size": 0,
"tls_verify": "false",
"volumes": [
"/cache"
]
} | no |
-| [runner\_worker\_docker\_services](#input\_runner\_worker\_docker\_services) | Starts additional services with the Docker container. All fields must be set (examine the Dockerfile of the service image for the entrypoint - see ./examples/runner-default/main.tf) | list(object({
name = string
alias = string
entrypoint = list(string)
command = list(string)
})) | `[]` | no |
-| [runner\_worker\_docker\_services\_volumes\_tmpfs](#input\_runner\_worker\_docker\_services\_volumes\_tmpfs) | Mount a tmpfs in gitlab service container. https://docs.gitlab.com/runner/executors/docker.html#mounting-a-directory-in-ram | list(object({
volume = string
options = string
})) | `[]` | no |
-| [runner\_worker\_docker\_volumes\_tmpfs](#input\_runner\_worker\_docker\_volumes\_tmpfs) | Mount a tmpfs in Executor container. https://docs.gitlab.com/runner/executors/docker.html#mounting-a-directory-in-ram | list(object({
volume = string
options = string
})) | `[]` | no |
-| [runner\_worker\_gitlab\_pipeline](#input\_runner\_worker\_gitlab\_pipeline) | post\_build\_script = Script to execute in the pipeline just after the build, but before executing after\_script.
pre\_build\_script = Script to execute in the pipeline just before the build.
pre\_clone\_script = Script to execute in the pipeline before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | object({
post_build_script = optional(string, "\"\"")
pre_build_script = optional(string, "\"\"")
pre_clone_script = optional(string, "\"\"")
}) | `{}` | no |
-| [security\_group\_prefix](#input\_security\_group\_prefix) | Set the name prefix and overwrite the `Name` tag for all security groups. | `string` | `""` | no |
-| [subnet\_id](#input\_subnet\_id) | Subnet id used for the Runner and Runner Workers. Must belong to the `vpc_id`. In case the fleet mode is used, multiple subnets for
the Runner Workers can be provided with runner\_worker\_docker\_machine\_instance.subnet\_ids. | `string` | n/a | yes |
-| [suppressed\_tags](#input\_suppressed\_tags) | List of tag keys which are automatically removed and never added as default tag by the module. | `list(string)` | `[]` | no |
-| [tags](#input\_tags) | Map of tags that will be added to created resources. By default resources will be tagged with name and environment. | `map(string)` | `{}` | no |
-| [vpc\_id](#input\_vpc\_id) | The VPC used for the runner and runner workers. | `string` | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [runner\_agent\_role\_arn](#output\_runner\_agent\_role\_arn) | ARN of the role used for the ec2 instance for the GitLab runner agent. |
-| [runner\_agent\_role\_name](#output\_runner\_agent\_role\_name) | Name of the role used for the ec2 instance for the GitLab runner agent. |
-| [runner\_agent\_sg\_id](#output\_runner\_agent\_sg\_id) | ID of the security group attached to the GitLab runner agent. |
-| [runner\_as\_group\_name](#output\_runner\_as\_group\_name) | Name of the autoscaling group for the gitlab-runner instance |
-| [runner\_cache\_bucket\_arn](#output\_runner\_cache\_bucket\_arn) | ARN of the S3 for the build cache. |
-| [runner\_cache\_bucket\_name](#output\_runner\_cache\_bucket\_name) | Name of the S3 for the build cache. |
-| [runner\_eip](#output\_runner\_eip) | EIP of the Gitlab Runner |
-| [runner\_launch\_template\_name](#output\_runner\_launch\_template\_name) | The name of the runner's launch template. |
-| [runner\_role\_arn](#output\_runner\_role\_arn) | ARN of the role used for the docker machine runners. |
-| [runner\_role\_name](#output\_runner\_role\_name) | Name of the role used for the docker machine runners. |
-| [runner\_sg\_id](#output\_runner\_sg\_id) | ID of the security group attached to the docker machine runners. |
diff --git a/examples/runner-default/variables.tf b/examples/runner-default/variables.tf
index e4cf50afb..22b732839 100644
--- a/examples/runner-default/variables.tf
+++ b/examples/runner-default/variables.tf
@@ -23,7 +23,7 @@ variable "gitlab_url" {
}
variable "registration_token" {
- description = "Registration token for the runner."
+ description = "The registration token obtained from your Gitlab instance."
type = string
}
diff --git a/examples/runner-docker/variables.tf b/examples/runner-docker/variables.tf
index 87254732f..074f5dde0 100644
--- a/examples/runner-docker/variables.tf
+++ b/examples/runner-docker/variables.tf
@@ -23,6 +23,6 @@ variable "gitlab_url" {
}
variable "registration_token" {
- description = "Registration token for the runner."
+ description = "The registration token obtained from your Gitlab instance."
type = string
}
diff --git a/examples/runner-pre-registered/.terraform-version b/examples/runner-pre-registered/.terraform-version
deleted file mode 100644
index 589268e6f..000000000
--- a/examples/runner-pre-registered/.terraform-version
+++ /dev/null
@@ -1 +0,0 @@
-1.3.0
\ No newline at end of file
diff --git a/examples/runner-pre-registered/.terraform.lock.hcl b/examples/runner-pre-registered/.terraform.lock.hcl
deleted file mode 100644
index 1b47d29aa..000000000
--- a/examples/runner-pre-registered/.terraform.lock.hcl
+++ /dev/null
@@ -1,148 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/archive" {
- version = "2.4.0"
- hashes = [
- "h1:R/tcBtwBplwtaHRfLxk+LvOwx1KaoWHUlA6jvV5rys8=",
- "zh:18e408596dd53048f7fc8229098d0e3ad940b92036a24287eff63e2caec72594",
- "zh:392d4216ecd1a1fd933d23f4486b642a8480f934c13e2cae3c13b6b6a7e34a7b",
- "zh:655dd1fa5ca753a4ace21d0de3792d96fff429445717f2ce31c125d19c38f3ff",
- "zh:70dae36c176aa2b258331ad366a471176417a94dd3b4985a911b8be9ff842b00",
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:7d8c8e3925f1e21daf73f85983894fbe8868e326910e6df3720265bc657b9c9c",
- "zh:a032ec0f0aee27a789726e348e8ad20778c3a1c9190ef25e7cff602c8d175f44",
- "zh:b8e50de62ba185745b0fe9713755079ad0e9f7ac8638d204de6762cc36870410",
- "zh:c8ad0c7697a3d444df21ff97f3473a8604c8639be64afe3f31b8ec7ad7571e18",
- "zh:df736c5a2a7c3a82c5493665f659437a22f0baf8c2d157e45f4dd7ca40e739fc",
- "zh:e8ffbf578a0977074f6d08aa8734e36c726e53dc79894cfc4f25fadc4f45f1df",
- "zh:efea57ff23b141551f92b2699024d356c7ffd1a4ad62931da7ed7a386aef7f1f",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/aws" {
- version = "5.26.0"
- constraints = "5.26.0"
- hashes = [
- "h1:1EL/ElEZWL9Bn0iPHwn45HyAx/F94oGErpH3OpPMFlQ=",
- "h1:4tjW8yu3cNmZ2WqzXBkq+CcO4AF4bsazAv0JIxe0LvA=",
- "h1:9qDT1IbwexFiMzv4er3gxNSYjEZvV3gBGoqu3iOu3W4=",
- "h1:CW2Vxb2LdinlmVzgSwLXwjekU2Z1rKurJ7MpkTaHNII=",
- "h1:FAOnqlKh7dBZ/OTMFD8x0rO384Udr4yB7qySAKX3mnk=",
- "h1:FS71X8LD5cQz0eE9OXEyUMKkr6+xRzAWX/iNRbzQMLE=",
- "h1:McIRw8larBNW5TeXxyiWd8fD55oj1szEbMOuSQOSDBs=",
- "h1:N6Iu1W6tvozB4RsClM9aHPuZhrKD6GCUAjlnl8THcLs=",
- "h1:UkBMGEScvNP+9JDzKXGrgj931LngYpIB8TBBUY+mvdg=",
- "h1:ZcKlDWW/WQZaZWa1wjdlNcydxS9XZ2lMr3s80dT4L9Y=",
- "h1:j9vZkUHI7/jTbv7ORkVmEF5MADuFKRygSIyqy0oI2C4=",
- "h1:mImNjLS9zgNDl2mc5ZE3qMfa9DGj+brb4qt5YILlJxU=",
- "h1:s+Vkd8q7/hhuIcRdvY5dK8TO0E3TOYRF0Ma3dt/Y4Vc=",
- "h1:vGpmxI0GCEgFQhNx+u+EWw4/7JgepoB1rYT5hkN+9Hg=",
- "zh:11a4062491e574c8e96b6bc7ced67b5e9338ccfa068223fc9042f9e1e7eda47a",
- "zh:4331f85aeb22223ab656d04b48337a033f44f02f685c8def604c4f8f4687d10f",
- "zh:915d6c996390736709f7ac7582cd41418463cfc07696218af6fea4a282df744a",
- "zh:9306c306dbb2e1597037c54d20b1bd5f22a9cdcdb2b2b7bad657c8230bea2298",
- "zh:93371860b9df369243219606711bfd3cfbd263db67838c06d5d5848cf47b6ede",
- "zh:98338c17764a7b9322ddb6efd3af84e6890a4a0687f846eefdfb0fa03cec892d",
- "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
- "zh:a28c9d77a5be25bac42d99418365757e4eb65a2c7c6788828263772cf2774869",
- "zh:bd9c4648a090622d6b8c3c91dad513eec81e54db3dfe940ab6d155e5f37735e5",
- "zh:bde63db136cccdeb282489e2ec2b3f9a7566edc9df27911a296352ab00832261",
- "zh:ccd33f9490ce3f2d89efab995abf3b30e75579585f6a8a5b1f756246903d3518",
- "zh:d73d1c461eb9d22833251f6533fc214cf014bc1d3165c5bfaa8ca29cd295ffb2",
- "zh:db4ffb7eec5d0e1d0dbd0d65e1a3eaa6173a3337058105aec41fd0b2af5a2b46",
- "zh:eb36b933419e9f6563330f3b7d53d4f1b09e62d27f7786d5dc6c4a2d0f6de182",
- "zh:ec85ce1976e43f7d7fa10fa191c0a85e97326a3cb22387c0ed8b74d426ec94fd",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/local" {
- version = "2.4.0"
- constraints = ">= 2.4.0, 2.4.0"
- hashes = [
- "h1:7RnIbO3CFakblTJs7o0mUiY44dc9xGYsLhSNFSNS1Ds=",
- "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=",
- "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9",
- "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf",
- "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732",
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35",
- "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04",
- "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406",
- "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6",
- "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7",
- "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2",
- "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc",
- "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/null" {
- version = "3.2.2"
- constraints = "3.2.2"
- hashes = [
- "h1:+0yGEKrNZZ6b9F1AqXYoaS2SPtAcCMvwLZynYaylMX8=",
- "h1:Gef5VGfobY5uokA5nV/zFvWeMNR2Pmq79DH94QnNZPM=",
- "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=",
- "h1:JViWrgF7Ks2GqB6UfcLDUbusXeSfhfhFymo4c0N5e+I=",
- "h1:MjytJ5oGpFKJ9v8yDSz4SkiLKVIdErNNPhoQCHL03xg=",
- "h1:VJ/4vfi4/Co3FEUdyYx5pAD8IxlWGOODqalsIBNlHvw=",
- "h1:m467k2tZ9cdFFgHW7LPBK2GLPH43LC6wc3ppxr8yvoE=",
- "h1:p4+f7s1dQCVjFry4TH7SOCRbayTv2cg4Me3YLOtU9fc=",
- "h1:vWAsYRd7MjYr3adj8BVKRohVfHpWQdvkIwUQ2Jf5FVM=",
- "h1:zT1ZbegaAYHwQa+QwIFugArWikRJI9dqohj8xb0GY88=",
- "h1:zVRVdwjVqmGsNJ68eGFrlHT2rbPEXTmt1n7vCvGBWHQ=",
- "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7",
- "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a",
- "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3",
- "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606",
- "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546",
- "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539",
- "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452",
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422",
- "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae",
- "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1",
- "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/random" {
- version = "3.5.1"
- constraints = "3.5.1"
- hashes = [
- "h1:0ULxM8/DscMzfiDWg1yclBf/39U44wQmlx745BfYZ80=",
- "h1:3hjTP5tQBspPcFAJlfafnWrNrKnr7J4Cp0qB9jbqf30=",
- "h1:6FVyQ/aG6tawPam6B+oFjgdidKd83uG9n7dOSQ66HBA=",
- "h1:6ePAACdONiMGe1j5pwUc0gpDFt82y/ka0zRimMg/geM=",
- "h1:BD3Y4CcrGHb9sx+Bl5V8M2PSyw23mykzXSwj+/6FhHA=",
- "h1:HGeb7Tajn7HZwX0MhrdyL57LoCSz5GMcI2wbHs12D4U=",
- "h1:IL9mSatmwov+e0+++YX2V6uel+dV6bn+fC/cnGDK3Ck=",
- "h1:JiENkIxSWc32/2Dtd1n4CWY3ow/PHvAeGhdgcOLpWZM=",
- "h1:MROYZuKGTuaTNf2FgbwCgSVpteQW25ubnb+Xfok2jvk=",
- "h1:VSnd9ZIPyfKHOObuQCaKfnjIHRtR7qTw19Rz8tJxm+k=",
- "h1:sZ7MTSD4FLekNN2wSNFGpM+5slfvpm5A/NLVZiB7CO0=",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/tls" {
- version = "4.0.4"
- constraints = ">= 3.0.0, 4.0.4"
- hashes = [
- "h1:GZcFizg5ZT2VrpwvxGBHQ/hO9r6g0vYdQqx3bFD3anY=",
- "h1:pe9vq86dZZKCm+8k1RhzARwENslF3SXb9ErHbQfgjXU=",
- "h1:rKKMyIEBZwR+8j6Tx3PwqBrStuH+J+pxcbCR5XN8WAw=",
- "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55",
- "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848",
- "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be",
- "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5",
- "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe",
- "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e",
- "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48",
- "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8",
- "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60",
- "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e",
- "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- ]
-}
diff --git a/examples/runner-pre-registered/README.md b/examples/runner-pre-registered/README.md
deleted file mode 100644
index a53e9f8d6..000000000
--- a/examples/runner-pre-registered/README.md
+++ /dev/null
@@ -1,62 +0,0 @@
-# Example - Spot Runner - Private subnets
-
-This is the previous default example. For this example you need to register the runner before running terraform and
-provide the runner token. Since version 3+ the runner can register itself by providing the registration token. This
-example is provided to showcase backwards compatibility.
-
-## Prerequisite
-
-The terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please
-check `.terraform-version` for the tested version.
-
-
-
-
-
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3 |
-| [aws](#requirement\_aws) | 5.25.0 |
-| [local](#requirement\_local) | 2.4.0 |
-| [null](#requirement\_null) | 3.2.1 |
-| [random](#requirement\_random) | 3.5.1 |
-| [tls](#requirement\_tls) | 4.0.4 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [aws](#provider\_aws) | 5.25.0 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [runner](#module\_runner) | ../../ | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.1.2 |
-| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 5.1.2 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.25.0/docs/data-sources/availability_zones) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [aws\_region](#input\_aws\_region) | AWS region. | `string` | `"eu-west-1"` | no |
-| [environment](#input\_environment) | A name that identifies the environment, will used as prefix and for tagging. | `string` | `"ci-runners"` | no |
-| [gitlab\_url](#input\_gitlab\_url) | URL of the gitlab instance to connect to. | `string` | n/a | yes |
-| [runner\_name](#input\_runner\_name) | Name of the runner, will be used in the runner config.toml | `string` | n/a | yes |
-| [runner\_token](#input\_runner\_token) | Token for the runner, will be used in the runner config.toml | `string` | n/a | yes |
-| [timezone](#input\_timezone) | Timezone that will be set for the runner. | `string` | `"Europe/Amsterdam"` | no |
-
-## Outputs
-
-No outputs.
-
diff --git a/examples/runner-pre-registered/generated/.gitkeep b/examples/runner-pre-registered/generated/.gitkeep
deleted file mode 100644
index e69de29bb..000000000
diff --git a/examples/runner-pre-registered/main.tf b/examples/runner-pre-registered/main.tf
deleted file mode 100644
index f7faefc94..000000000
--- a/examples/runner-pre-registered/main.tf
+++ /dev/null
@@ -1,70 +0,0 @@
-data "aws_availability_zones" "available" {
- state = "available"
-}
-
-# VPC Flow logs are not needed here
-# kics-scan ignore-line
-module "vpc" {
- source = "terraform-aws-modules/vpc/aws"
- version = "5.2.0"
-
- name = "vpc-${var.environment}"
- cidr = "10.0.0.0/16"
-
- azs = [data.aws_availability_zones.available.names[0]]
- private_subnets = ["10.0.1.0/24"]
- public_subnets = ["10.0.101.0/24"]
- map_public_ip_on_launch = false
-
- enable_nat_gateway = true
- single_nat_gateway = true
-
- tags = {
- Environment = var.environment
- }
-}
-
-module "vpc_endpoints" {
- source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
- version = "5.2.0"
-
- vpc_id = module.vpc.vpc_id
-
- endpoints = {
- s3 = {
- service = "s3"
- tags = { Name = "s3-vpc-endpoint" }
- }
- }
-
- tags = {
- Environment = var.environment
- }
-}
-
-module "runner" {
- source = "../../"
-
- vpc_id = module.vpc.vpc_id
- subnet_id = element(module.vpc.private_subnets, 0)
- environment = var.environment
-
- runner_instance = {
- name = var.runner_name
- }
-
- runner_gitlab = {
- url = var.gitlab_url
- registration_token = var.runner_token
- }
-
- # working 9 to 5 :)
- runner_worker_docker_machine_autoscaling_options = [
- {
- periods = ["* * 0-9,17-23 * * mon-fri *", "* * * * * sat,sun *"]
- idle_count = 0
- idle_time = 60
- timezone = var.timezone
- }
- ]
-}
diff --git a/examples/runner-pre-registered/providers.tf b/examples/runner-pre-registered/providers.tf
deleted file mode 100644
index 161b858de..000000000
--- a/examples/runner-pre-registered/providers.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-provider "aws" {
- region = var.aws_region
-}
-
-provider "local" {}
-
-provider "null" {}
-
-provider "tls" {}
-
-provider "random" {}
diff --git a/examples/runner-pre-registered/variables.tf b/examples/runner-pre-registered/variables.tf
deleted file mode 100644
index 84a4dad81..000000000
--- a/examples/runner-pre-registered/variables.tf
+++ /dev/null
@@ -1,32 +0,0 @@
-variable "aws_region" {
- description = "AWS region."
- type = string
- default = "eu-west-1"
-}
-
-variable "environment" {
- description = "A name that identifies the environment, will used as prefix and for tagging."
- default = "ci-runners"
- type = string
-}
-
-variable "runner_name" {
- description = "Name of the runner, will be used in the runner config.toml"
- type = string
-}
-
-variable "gitlab_url" {
- description = "URL of the gitlab instance to connect to."
- type = string
-}
-
-variable "runner_token" {
- description = "Token for the runner, will be used in the runner config.toml"
- type = string
-}
-
-variable "timezone" {
- description = "Timezone that will be set for the runner."
- type = string
- default = "Europe/Amsterdam"
-}
diff --git a/examples/runner-pre-registered/versions.tf b/examples/runner-pre-registered/versions.tf
deleted file mode 100644
index d29e6a23f..000000000
--- a/examples/runner-pre-registered/versions.tf
+++ /dev/null
@@ -1,27 +0,0 @@
-
-terraform {
- required_version = ">= 1.3"
-
- required_providers {
- aws = {
- source = "hashicorp/aws"
- version = "5.26.0"
- }
- local = {
- source = "hashicorp/local"
- version = "2.4.0"
- }
- null = {
- source = "hashicorp/null"
- version = "3.2.2"
- }
- tls = {
- source = "hashicorp/tls"
- version = "4.0.4"
- }
- random = {
- source = "hashicorp/random"
- version = "3.5.1"
- }
- }
-}
diff --git a/examples/runner-public/variables.tf b/examples/runner-public/variables.tf
index 1a27878a1..a3d9cd432 100644
--- a/examples/runner-public/variables.tf
+++ b/examples/runner-public/variables.tf
@@ -23,6 +23,6 @@ variable "gitlab_url" {
}
variable "registration_token" {
- description = "Registration token for the runner."
+ description = "The registration token obtained from your Gitlab instance."
type = string
}
diff --git a/locals.tf b/locals.tf
index 80e7d9720..a47bfc5dc 100644
--- a/locals.tf
+++ b/locals.tf
@@ -65,7 +65,7 @@ locals {
runners_max_builds_string = var.runner_worker_docker_machine_instance.destroy_after_max_builds == 0 ? "" : format("MaxBuilds = %d", var.runner_worker_docker_machine_instance.destroy_after_max_builds)
# Define key for runner token for SSM
- secure_parameter_store_runner_token_key = "${var.environment}-${var.runner_gitlab_token_secure_parameter_store}"
+ secure_parameter_store_runner_token_key = "${var.environment}-runner-token"
secure_parameter_store_runner_sentry_dsn = "${var.environment}-${var.runner_sentry_secure_parameter_store_name}"
# Custom names for runner agent instance, security groups, and IAM objects
diff --git a/variables.tf b/variables.tf
index 17c72c6d3..871baa21f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -345,12 +345,6 @@ variable "runner_gitlab_registration_token_secure_parameter_store_name" {
default = "gitlab-runner-registration-token"
}
-variable "runner_gitlab_token_secure_parameter_store" {
- description = "Name of the Secure Parameter Store entry to hold the GitLab Runner token."
- type = string
- default = "runner-token"
-}
-
variable "runner_sentry_secure_parameter_store_name" {
description = "The Sentry DSN name used to store the Sentry DSN in Secure Parameter Store"
type = string