GitHub Actions Runner Controller

Deploys actions-runner-controller.

Additonal Note:

This runs version 1 of ARC, the following files are only applied the following objects are not empty within the module:

• org_runners.tf for github_org_runners
• ent_runners.tf for github_ent_runners
• ent_runners_dind.tf for github_ent_runners_dind
• ent_runners_dind_rootless.tf for github_ent_runners_dind_rootless

They are required for creating the necessary CRDs for deploying the runners.

Requirements

Name	Version
terraform	>= 1.3
helm	>= 2.6
kubernetes	>= 2.12

Providers

Name	Version
helm	2.7.1
kubernetes	2.14.0

Modules

Name	Source	Version
action_runner_irsa	terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks	~> 5.1.0

Resources

Name	Type
helm_release.release	resource
kubernetes_manifest.github_org_runners	resource

Inputs

Name	Description	Type	Default	Required
auth_method	GitHub authentication method to be deployed.	string	"pat"	no
auth_secret_annotations	Set the annotations of the auth secret.	map(string)	{}	no
auth_secret_created	Create Kubernetes secrets to authenticate with GitHub API.	bool	false	no
auth_secret_enabled	Expose GITHUB_* Environment variables manager container	bool	true	no
auth_secret_name	Set the name of the auth secret.	string	"controller-manager"	no
cert_manager_enabled	Whether to enable the cert manager.	bool	true	no
chart_labels	Set labels to apply to all resources in the chart.	map(string)	{}	no
chart_name	Helm chart name to provision.	string	"actions-runner-controller"	no
chart_namespace	Namespace to install the chart into.	string	"default"	no
chart_namespace_create	Create the namespace if it does not yet exist.	bool	false	no
chart_repository	Helm repository for the chart.	string	"https://actions-runner-controller.github.io/actions-runner-controller"	no
chart_timeout	Timeout to wait for the Chart to be deployed.	number	300	no
chart_version	Version of Chart to install. Set to empty to install the latest version.	string	"0.20.0"	no
controller_affinity	Set the controller pod affinity rules.	any	{}	no
controller_env	Set environment variables for the controller container.	map(any)	{}	no
controller_image_tag	The tag of the controller container. If not specified, it's the appVersion inside Chart.yaml	string	"v0.25.0"	no
controller_node_selector	Set the controller pod nodeSelector.	map(any)	{}	no
controller_pod_annotations	Set annotations for the controller pod.	map(string)	{}	no
controller_pod_disruption_budget	Pod disruption budget for controller	any	{ "enabled": true, "minAvailable": 1 }	no
controller_pod_labels	Set labels for the controller pod.	map(string)	{}	no
controller_pod_security_context	Set the security context to controller pod.	map(any)	{}	no
controller_priority_class_name	Set the controller pod priorityClassName.	string	""	no
controller_repository	The repository/image of the controller container.	string	"summerwind/actions-runner-controller"	no
controller_resources	Set the controller pod resources.	map(any)	{ "limits": { "cpu": "100m", "memory": "128Mi" }, "requests": { "cpu": "100m", "memory": "128Mi" } }	no
controller_security_context	Set the security context for each container in the controller pod.	map(any)	{}	no
controller_service_annotation	Set annotations for the provisioned webhook service resource.	map(any)	{}	no
controller_service_port	Set controller service ports.	string	"443"	no
controller_service_type	Set controller service type.	string	"ClusterIP"	no
controller_tolerations	Set the controller pod tolerations.	list(any)	[]	no
dind_sidecar_image_tag	The tag of the dind sidecar container.	string	"dind"	no
dind_sidecar_repository	The repository/image of the dind sidecar container.	string	"docker"	no
docker_registry_mirror	The default Docker Registry Mirror used by runners.	string	""	no
github_app_id	GitHub App ID. This can't be set at the same time as github_token	string	""	no
github_app_installation_id	GitHub App Installation ID. This can't be set at the same time as github_token	string	""	no
github_app_private_key	The multiline string of your GitHub App's private key. This can't be set at the same time as github_token	string	""	no
github_enterprise_url	The URL of your GitHub Enterprise server, if you're using one.	string	""	no
github_org_runners	Github organization for deploying org runner	list(object({ name = string # Organization Name group = optional(string) # Runner group needs to be created first replicas = number label = string tolerations = optional(list(any)) affinity = optional(any) resources = optional(map(any)) }))	[]	no
github_token	Your chosen GitHub PAT token. This can't be set at the same time as github_app_*	string	""	no
image_pull_policy	The pull policy of the controller image.	string	"IfNotPresent"	no
image_pull_secrets	Specifies the secret to be used when pulling the controller pod containers.	list(any)	[]	no
leader_election_id	Set the election ID for the controller group.	string	"actions-runner-controller"	no
log_level	Set the log level of the controller container.	string	""	no
max_history	Max History for Helm.	number	20	no
metrics_proxy_enabled	Deploy kube-rbac-proxy container in controller pod.	bool	true	no
metrics_proxy_image_repository	The repository/image of the kube-proxy container.	string	"quay.io/brancz/kube-rbac-proxy"	no
metrics_proxy_image_tag	The tag of the kube-proxy container.	string	"v0.13.0"	no
metrics_service_annotation	Set annotations for the provisioned metrics service resource.	map(string)	{}	no
metrics_service_monitor_enabled	Whether to deploy serviceMonitor kind for for use with prometheus-operator CRDs.	bool	false	no
metrics_service_monitor_labels	Set labels to apply to ServiceMonitor resources.	map(string)	{}	no
metrics_service_port	Set port of metrics service.	string	"8443"	no
oidc_provider_arn	OIDC Provider ARN for IRSA	string	""	no
release_name	Helm release name.	string	"actions-runner-controller"	no
replicas	Set the number of controller pods.	number	1	no
role_name	Name of the iam role to be created.	string	""	no
role_policy_arns	ARNs of any policies to attach to the IAM role	map(string)	{}	no
runner_image_pull_secrets	Specifies the secret to be used when pulling the runner pod containers.	list(any)	[]	no
runner_image_tag	The tag of the actions runner container.	string	"latest"	no
runner_repository	The repository/image of the actions runner container.	string	"summerwind/actions-runner"	no
scope_single_namespace_enabled	Limit the controller to watch a single namespace.	bool	false	no
scope_watch_namespace	Tells the controller and the GitHub webhook server which namespace to watch if scope.singleNamespace is true.	string	""	no
service_account_annotations	Annotations to add to the service account.	map(string)	{}	no
service_account_created	Specifies whether a service account should be created.	bool	true	no
service_account_name	The name of the service account to use.	string	"actions-runner-controller"	no
sync_period	Set the period in which the controler reconciles the desired runners count.	string	"10m"	no
webhook_ingress_class_name	Ingress Class name for the Github Webhook Server	string	""	no
webhook_server_affinity	Set environment variables for the githubWebhookServer container.	any	{}	no
webhook_server_enabled	Whether to deploy the webhook server pod.	bool	false	no
webhook_server_image_pull_secrets	Specifies the secret to be used when pulling the githubWebhookServer pod containers.	list(any)	[]	no
webhook_server_ingress_annotations	Set annotations for the githubWebhookServer ingress kind.	map(string)	{}	no
webhook_server_ingress_enabled	Whether to deploy an ingress kind for the githubWebhookServer.	bool	false	no
webhook_server_ingress_hosts	Set hosts for the githubWebhookServer ingress kind.	list(any)	[]	no
webhook_server_ingress_tls	Set tls configuration for the githubWebhookServer ingress kind.	list(any)	[]	no
webhook_server_log_level	Set the log level of the githubWebhookServer container.	string	""	no
webhook_server_node_selector	Set the githubWebhookServer pod nodeSelector.	map(any)	{}	no
webhook_server_pod_annotations	Set annotations for the githubWebhookServer pod.	map(string)	{}	no
webhook_server_pod_disruption_budget	Pod disruption budget for webhook server	any	{ "enabled": true, "minAvailable": 1 }	no
webhook_server_pod_labels	Set labels for the githubWebhookServer pod.	map(string)	{}	no
webhook_server_pod_security_context	Set the security context to githubWebhookServer pod.	map(any)	{}	no
webhook_server_priority_class_name	Set the githubWebhookServer pod priorityClassName.	string	""	no
webhook_server_replicas	Set the number of webhook server pods.	number	1	no
webhook_server_resources	Set the githubWebhookServer pod resources.	map(any)	{ "limits": { "cpu": "100m", "memory": "128Mi" }, "requests": { "cpu": "100m", "memory": "128Mi" } }	no
webhook_server_secret_created	Whether to deploy the webhook hook secret.	bool	false	no
webhook_server_secret_enabled	Whether to enable the webhook hook secret.	bool	false	no
webhook_server_secret_name	Set the name of the webhook hook secret.	string	"github-webhook-server"	no
webhook_server_secret_token	Set the webhook secret token value.	string	""	no
webhook_server_security_context	Set the security context for each container in the githubWebhookServer pod.	map(any)	{}	no
webhook_server_service_account_annotations	Set annotations for the githubWebhookServer service account.	map(string)	{}	no
webhook_server_service_account_created	Whether to deploy the githubWebhookServer under a service account.	bool	true	no
webhook_server_service_account_name	The name of the githubWebhookServer service account to use.	string	""	no
webhook_server_service_annotations	Set annotations for the githubWebhookServer service.	map(string)	{}	no
webhook_server_service_node_port	Set githubWebhookServer service nodePort.	string	""	no
webhook_server_service_port	Set githubWebhookServer service port.	string	"80"	no
webhook_server_service_type	Set githubWebhookServer service type.	string	"ClusterIP"	no
webhook_server_sync_period	Set the period in which the controller reconciles the resources.	string	"10m"	no
webhook_server_tolerations	Set the githubWebhookServer pod tolerations.	list(any)	[]	no

Outputs

Name	Description
helm_release	Output of the helm release
org_runners	Output of Github Org Runners

Requirements

Name	Version
terraform	>= 1.3
helm	>= 2.6, < 3.0

Providers

No providers.

Modules

Name	Source	Version
action_runner_scale_set	./modules/gha-runner-scale-set	n/a
action_runner_scale_set_controller	./modules/gha-runner-scale-set-controller	n/a

Resources

No resources.

Inputs

Name	Description	Type	Default	Required
action_runner_scale_set_chart_version	ARC Scale set chart version	string	"0.12.1"	no
action_runner_scale_set_controller_chart_version	ARC Controller chart version	string	"0.12.1"	no
auth_method	values for auth method	string	"github-app"	no
controller_affinity	Affinity for the controller pod	any	{}	no
controller_helm_release_name	Helm release name for the controller	string	"gha-controller"	no
controller_node_selector	Node selector for the controller pod	any	{}	no
controller_tolerations	Tolerations for the controller pod	any	[]	no
controller_topology_spread_constraints	Topology spread constraints for the controller pod	any	[]	no
github_app_id	GitHub App ID. This can't be set at the same time as github_token	string	""	no
github_app_installation_id	GitHub App Installation ID. This can't be set at the same time as github_token	string	""	no
github_app_private_key	The multiline string of your GitHub App's private key. This can't be set at the same time as github_token	string	""	no
github_config_url	githubConfigUrl is the GitHub url for where you want to configure runners	string	n/a	yes
github_token	Enterprise Runners' pat token of an enterprise admin user	string	""	no
k8s_cluster_ca_certificate	Kubernetes cluster CA certificate	string	n/a	yes
k8s_host	Kubernetes host	string	n/a	yes
k8s_token	Kubernetes token	string	n/a	yes
max_runners	Maximum number of runners to scale to	number	3	no
min_runners	Minimum number of runners to scale to	number	1	no
runner_affinity	Affinity for the runner pods	any	{}	no
runner_container_mode_type	Container mode type for the runner pods, set to 'dind' to enable docker in docker or set to 'kubernetes' to use kubernetes mode or set null to use custom configs	string	"dind"	no
runner_group	Name of the runner group	string	n/a	yes
runner_node_selector	Node selector for the runner pods	any	{}	no
runner_scale_set_name	Name of the scale set	string	n/a	yes
runner_template_spec_config_type	Configuration type for the pod template spec.	string	"custom"	no
runner_template_spec_metadata_labels	Labels to be added to the pod template metadata.	any	{}	no
runner_tolerations	Tolerations for the runner pods	any	[]	no
runner_topology_spread_constraints	Topology spread constraints for the runner pods	any	[]	no
scale_set_release_name	Helm release name for the scale set	string	"gha-scale-set"	no

Outputs

No outputs.