| additional_node_service_account_roles |
additional roles to grant the service account |
list(any) |
[] |
no |
| additional_secrets |
additional secrets to mount into the manager pods |
list(map(string)) |
[] |
no |
| build_job_mount_docker_socket |
whether to enable docker build commands in CI jobs run on the runner. without running container in privileged mode |
bool |
true |
no |
| build_job_node_selectors |
A map of node selectors to apply to the pods |
map(any) |
{
"role": "gitlab-runner"
} |
no |
| build_job_node_tolerations |
A map of node tolerations to apply to the pods as defined https://docs.gitlab.com/runner/executors/kubernetes.html#other-configtoml-settings |
map |
{
"role=gitlab-runner": "NoSchedule"
} |
no |
| build_job_run_container_as_user |
SecurityContext: runAsUser for all running job pods |
string |
null |
no |
| build_job_secret_volumes |
Secret volume configuration instructs Kubernetes to use a secret that is defined in Kubernetes cluster and mount it inside the runner pods as defined https://docs.gitlab.com/runner/executors/kubernetes.html#secret-volumes |
object({
name = string
mount_path = string
read_only = string
items = map(string)
}) |
{
"items": {},
"mount_path": null,
"name": null,
"read_only": null
} |
no |
| cache_bucket_versioning |
Boolean used to enable versioning on the cache bucket, false by default. |
bool |
false |
no |
| cache_create_service_account |
whether to create service account for cache |
bool |
true |
no |
| cache_expiration_days |
Number of days before cache objects expires. |
number |
2 |
no |
| cache_labels |
The cache storage class |
map(string) |
{
"role": "gitlab-runner-cache"
} |
no |
| cache_location |
location of the cache bucket |
string |
null |
no |
| cache_path |
path to append to the bucket url |
string |
"" |
no |
| cache_service_account |
service account that should be granted access to the cache bucket. this is used if var.cache_create_service_account is set to null |
map(string) |
{
"email": "",
"name": ""
} |
no |
| cache_shared |
whether cache can be shared between runners |
bool |
true |
no |
| cache_storage_class |
The cache storage class |
string |
"STANDARD" |
no |
| cache_type |
type of cache to use for runners |
string |
"gcs" |
no |
| chart_version |
version of the gitlab runner chart to use |
string |
null |
no |
| cluster_location |
the location where the cluster is deployed |
string |
n/a |
yes |
| cluster_name |
name of the cluster to deploy the kubernetes gitlab runner in |
string |
n/a |
yes |
| concurrent |
the number of jobs that can be run concurrently |
number |
10 |
no |
| docker_fs_group |
The fsGroup to use for docker. This is added to security context when mount_docker_socket is enabled |
number |
412 |
no |
| enable_metrics_service |
create service resource to allow scraping metrics via prometheus-operator serviceMonitor |
bool |
false |
no |
| enable_prometheus_exporter |
enable prometheus metric exporter |
bool |
false |
no |
| enable_target_auto_detection |
Configure a prometheus-operator serviceMonitor to allow autodetection of the scraping target. requires var.enable_metrics_service to be set to true |
bool |
false |
no |
| gitlab_url |
the gitlab instance to connect to |
string |
"https://gitlab.com/" |
no |
| image_pull_secrets |
A array of secrets that are used to authenticate Docker image pulling. |
list(string) |
[] |
no |
| initial_node_count |
initial number of nodes that the node pool creates |
number |
0 |
no |
| manager_node_tolerations |
tolerations to apply to the manager pod |
list |
[
{
"effect": "NoSchedule",
"key": "role",
"operator": "Exists"
}
] |
no |
| manager_pod_annotations |
A map of annotations to be added to each build pod created by the Runner. The value of these can include environment variables for expansion. Pod annotations can be overwritten in each build. |
map |
{} |
no |
| manager_pod_labels |
A map of labels to be added to each build pod created by the runner. The value of these can include environment variables for expansion. |
map |
{} |
no |
| prefix |
string to be prepended to the nodes service account id and the service account for the cache |
string |
"gitlab-runner" |
no |
| project |
project in which to create iam binding for the cluster node service account |
string |
n/a |
yes |
| region |
where the resources should be deployed |
string |
n/a |
yes |
| replicas |
the number of manager pod to create |
number |
1 |
no |
| run_untagged_jobs |
Specify if jobs without tags should be run. https://docs.gitlab.com/ce/ci/runners/#runner-is-allowed-to-run-untagged-jobs |
bool |
true |
no |
| runner_create_service_account |
whether a service account should be created for the runner. if this is set to false then the var.serviceAccountname is used |
bool |
true |
no |
| runner_image |
the docker image to use for the runner |
string |
"gitlab/gitlab-runner:alpine-bleeding" |
no |
| runner_locked |
whether the runner is locked to a particular project or group |
bool |
true |
no |
| runner_name |
name of the runner |
string |
n/a |
yes |
| runner_namespace |
kubernetes namespace in which to create the runner |
string |
"runner" |
no |
| runner_node_pool_disk_size_gb |
(Optional) Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB |
number |
30 |
no |
| runner_node_pool_disk_type |
(Optional) Type of the disk attached to each node (e.g. 'pd-standard', 'pd-balanced' or 'pd-ssd'). |
string |
"pd-standard" |
no |
| runner_node_pool_image_type |
(optional) The type of image to be used |
string |
"COS" |
no |
| runner_node_pool_machine_type |
type of compute machine used for the nodes in the runner node pool |
string |
"n1-standard-2" |
no |
| runner_node_pool_max_node_count |
the maximum number of nodes that can be present in the node pool (autoscaling controls) |
number |
3 |
no |
| runner_node_pool_min_node_count |
the minimum number of nodes that can be present in the node pool (autoscaling controls) |
number |
0 |
no |
| runner_node_pool_name |
name of the runner node pool |
string |
null |
no |
| runner_node_pool_node_labels |
labels for nodes in the runner node pool |
map(any) |
{
"role": "gitlab-runner"
} |
no |
| runner_node_pool_node_taints |
taints to be applied to the nodes in the runner node pool |
list(map(string)) |
[
{
"effect": "NO_SCHEDULE",
"key": "role",
"value": "gitlab-runner"
}
] |
no |
| runner_node_pool_oauth_scopes |
(Optional) Scopes that are used by NAP when creating node pools. |
list(string) |
[
"https://www.googleapis.com/auth/cloud-platform"
] |
no |
| runner_node_pool_zones |
The zones to host the cluster in (optional if regional cluster / required if zonal) |
list(string) |
null |
no |
| runner_protected |
n/a |
bool |
true |
no |
| runner_registration_token |
runner registration token |
string |
n/a |
yes |
| runner_release_name |
helm release name |
string |
"gitlab-runner" |
no |
| runner_service_account_clusterwide_access |
whether the service account should be granted cluster wide access or access is restricted to the specified namespace |
bool |
false |
no |
| runner_tags |
comma separated list of tags to be applied to the runner |
string |
null |
no |
| runner_token |
token of already registered runer. to use this var.runner_registration_token must be set to null |
string |
null |
no |
| unregister_runners |
whether runners should be unregistered when pool is deprovisioned |
bool |
true |
no |
| values_file |
path to yaml file containing additional values for the runner |
string |
null |
no |