) the Prometheus metrics HTTP server should listen on (listen\_address).
sentry\_dsn = Sentry DSN of the project for the Runner Manager to use (uses legacy DSN format) (sentry\_dsn) | object({
gitlab_check_interval = optional(number, 3)
maximum_concurrent_jobs = optional(number, 10)
prometheus_listen_address = optional(string, "")
sentry_dsn = optional(string, "__SENTRY_DSN_REPLACED_BY_USER_DATA__")
}) | `{}` | no |
| [runner\_metadata\_options](#input\_runner\_metadata\_options) | Enable the Runner instance metadata service. IMDSv2 is enabled by default. | object({
http_endpoint = string
http_tokens = string
http_put_response_hop_limit = number
instance_metadata_tags = string
}) | {
"http_endpoint": "enabled",
"http_put_response_hop_limit": 2,
"http_tokens": "required",
"instance_metadata_tags": "disabled"
} | no |
| [runner\_networking](#input\_runner\_networking) | allow\_incoming\_ping = Allow ICMP Ping to the Runner. Specify `allow_incoming_ping_security_group_ids` too!
allow\_incoming\_ping\_security\_group\_ids = A list of security group ids that are allowed to ping the Runner.
security\_group\_description = A description for the Runner's security group
security\_group\_ids = IDs of security groups to add to the Runner. | object({
allow_incoming_ping = optional(bool, false)
allow_incoming_ping_security_group_ids = optional(list(string), [])
security_group_description = optional(string, "A security group containing gitlab-runner agent instances")
security_group_ids = optional(list(string), [])
}) | `{}` | no |
-| [runner\_networking\_egress\_rules](#input\_runner\_networking\_egress\_rules) | List of egress rules for the Runner. | list(object({
cidr_blocks = list(string)
ipv6_cidr_blocks = list(string)
prefix_list_ids = list(string)
from_port = number
protocol = string
security_groups = list(string)
self = bool
to_port = number
description = string
})) | [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": null,
"from_port": 0,
"ipv6_cidr_blocks": [
"::/0"
],
"prefix_list_ids": null,
"protocol": "-1",
"security_groups": null,
"self": null,
"to_port": 0
}
]
| no |
| [runner\_role](#input\_runner\_role) | additional\_tags = Map of tags that will be added to the role created. Useful for tag based authorization.
allow\_iam\_service\_linked\_role\_creation = Boolean used to control attaching the policy to the Runner to create service linked roles.
assume\_role\_policy\_json = The assume role policy for the Runner.
create\_role\_profile = Whether to create the IAM role/profile for the Runner. If you provide your own role, make sure that it has the required permissions.
policy\_arns = List of policy ARNs to be added to the instance profile of the Runner.
role\_profile\_name = IAM role/profile name for the Runner. If unspecified then `${var.iam_object_prefix}-instance` is used. | object({
additional_tags = optional(map(string))
allow_iam_service_linked_role_creation = optional(bool, true)
assume_role_policy_json = optional(string, "")
create_role_profile = optional(bool, true)
policy_arns = optional(list(string), [])
role_profile_name = optional(string)
}) | `{}` | no |
| [runner\_schedule\_config](#input\_runner\_schedule\_config) | Map containing the configuration of the ASG scale-out and scale-in for the Runner. Will only be used if `runner_schedule_enable` is set to `true`. | `map(any)` | {
"scale_in_count": 0,
"scale_in_recurrence": "0 18 * * 1-5",
"scale_in_time_zone": "Etc/UTC",
"scale_out_count": 1,
"scale_out_recurrence": "0 8 * * 1-5",
"scale_out_time_zone": "Etc/UTC"
} | no |
| [runner\_schedule\_enable](#input\_runner\_schedule\_enable) | Set to `true` to enable the auto scaling group schedule for the Runner. | `bool` | `false` | no |
@@ -207,24 +214,23 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
| [runner\_terminate\_ec2\_lifecycle\_timeout\_duration](#input\_runner\_terminate\_ec2\_lifecycle\_timeout\_duration) | Amount of time in seconds to wait for GitLab Runner to finish picked up jobs. Defaults to the `maximum_timeout` configured + `5m`. Maximum allowed is `7200` (2 hours) | `number` | `null` | no |
| [runner\_terminate\_ec2\_timeout\_duration](#input\_runner\_terminate\_ec2\_timeout\_duration) | Timeout in seconds for the graceful terminate worker Lambda function. | `number` | `90` | no |
| [runner\_terraform\_timeout\_delete\_asg](#input\_runner\_terraform\_timeout\_delete\_asg) | Timeout when trying to delete the Runner ASG. | `string` | `"10m"` | no |
-| [runner\_worker](#input\_runner\_worker) | For detailed information, check https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section.
environment\_variables = List of environment variables to add to the Runner Worker (environment).
max\_jobs = Number of jobs which can be processed in parallel by the Runner Worker.
output\_limit = Sets the maximum build log size in kilobytes. Default is 4MB (output\_limit).
request\_concurrency = Limit number of concurrent requests for new jobs from GitLab (default 1) (request\_concurrency).
ssm\_access = Allows to connect to the Runner Worker via SSM.
type = The Runner Worker type to use. Currently supports `docker+machine` or `docker` or `docker-autoscaler`. | object({
environment_variables = optional(list(string), [])
max_jobs = optional(number, 0)
output_limit = optional(number, 4096)
request_concurrency = optional(number, 1)
ssm_access = optional(bool, false)
type = optional(string, "docker+machine")
}) | `{}` | no |
-| [runner\_worker\_cache](#input\_runner\_worker\_cache) | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared
cache. To use the same cache across multiple Runner Worker disable the creation of the cache and provide a policy and
bucket name. See the public runner example for more details."
For detailed documentation check https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscaches3-section
access\_log\_bucker\_id = The ID of the bucket where the access logs are stored.
access\_log\_bucket\_prefix = The bucket prefix for the access logs.
authentication\_type = A string that declares the AuthenticationType for [runners.cache.s3]. Can either be 'iam' or 'credentials'
bucket = Name of the cache bucket. Requires `create = false`.
bucket\_prefix = Prefix for s3 cache bucket name. Requires `create = true`.
create = Boolean used to enable or disable the creation of the cache bucket.
create\_aws\_s3\_bucket\_public\_access\_block = Boolean used to enable or disable the creation of the public access block for the cache bucket. Useful when organizations do not allow the creation of public access blocks on individual buckets (e.g. public access is blocked on all buckets at the organization level).
expiration\_days = Number of days before cache objects expire. Requires `create = true`.
include\_account\_id = Boolean used to include the account id in the cache bucket name. Requires `create = true`.
policy = Policy to use for the cache bucket. Requires `create = false`.
random\_suffix = Boolean used to enable or disable the use of a random string suffix on the cache bucket name. Requires `create = true`.
shared = Boolean used to enable or disable the use of the cache bucket as shared cache.
versioning = Boolean used to enable versioning on the cache bucket. Requires `create = true`. | object({
access_log_bucket_id = optional(string, null)
access_log_bucket_prefix = optional(string, null)
authentication_type = optional(string, "iam")
bucket = optional(string, "")
bucket_prefix = optional(string, "")
create = optional(bool, true)
create_aws_s3_bucket_public_access_block = optional(bool, true)
expiration_days = optional(number, 1)
include_account_id = optional(bool, true)
policy = optional(string, "")
random_suffix = optional(bool, false)
shared = optional(bool, false)
versioning = optional(bool, false)
}) | `{}` | no |
+| [runner\_worker](#input\_runner\_worker) | For detailed information, check https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section.
environment\_variables = List of environment variables to add to the Runner Worker (environment).
max\_jobs = Number of jobs which can be processed in parallel by the Runner Worker.
output\_limit = Sets the maximum build log size in kilobytes. Default is 4MB (output\_limit).
request\_concurrency = Limit number of concurrent requests for new jobs from GitLab (default 1) (request\_concurrency).
ssm\_access = Allows to connect to the Runner Worker via SSM.
type = The Runner Worker type to use. Currently supports `docker+machine` or `docker` or `docker-autoscaler`.
use\_private\_key = Use a private key to connect the Runner Manager to the Runner Workers. Ignored when fleeting is enabled (defaults to `true`). | object({
environment_variables = optional(list(string), [])
max_jobs = optional(number, 0)
output_limit = optional(number, 4096)
request_concurrency = optional(number, 1)
ssm_access = optional(bool, false)
type = optional(string, "docker+machine")
# false positive, use_private_key is not a secret
# kics-scan ignore-line
use_private_key = optional(bool, false)
}) | `{}` | no |
+| [runner\_worker\_cache](#input\_runner\_worker\_cache) | Configuration to control the creation of the cache bucket. By default the bucket will be created and used as shared
cache. To use the same cache across multiple Runner Worker disable the creation of the cache and provide a policy and
bucket name. See the public runner example for more details."
For detailed documentation check https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscaches3-section.
access\_log\_bucker\_id = The ID of the bucket where the access logs are stored.
access\_log\_bucket\_prefix = The bucket prefix for the access logs.
authentication\_type = A string that declares the AuthenticationType for [runners.cache.s3]. Can either be 'iam' or 'credentials'.
bucket = Name of the cache bucket. Requires `create = false`.
bucket\_prefix = Prefix for s3 cache bucket name. Requires `create = true`.
create = Boolean used to enable or disable the creation of the cache bucket.
create\_aws\_s3\_bucket\_public\_access\_block = Boolean used to enable or disable the creation of the public access block for the cache bucket. Useful when organizations do not allow the creation of public access blocks on individual buckets (e.g. public access is blocked on all buckets at the organization level).
expiration\_days = Number of days before cache objects expire. Requires `create = true`.
include\_account\_id = Boolean used to include the account id in the cache bucket name. Requires `create = true`.
policy = Policy to use for the cache bucket. Requires `create = false`.
random\_suffix = Boolean used to enable or disable the use of a random string suffix on the cache bucket name. Requires `create = true`.
shared = Boolean used to enable or disable the use of the cache bucket as shared cache.
versioning = Boolean used to enable versioning on the cache bucket. Requires `create = true`. | object({
access_log_bucket_id = optional(string, null)
access_log_bucket_prefix = optional(string, null)
authentication_type = optional(string, "iam")
bucket = optional(string, "")
bucket_prefix = optional(string, "")
create = optional(bool, true)
create_aws_s3_bucket_public_access_block = optional(bool, true)
expiration_days = optional(number, 1)
include_account_id = optional(bool, true)
policy = optional(string, "")
random_suffix = optional(bool, false)
shared = optional(bool, false)
versioning = optional(bool, false)
}) | `{}` | no |
| [runner\_worker\_docker\_add\_dind\_volumes](#input\_runner\_worker\_docker\_add\_dind\_volumes) | Add certificates and docker.sock to the volumes to support docker-in-docker (dind) | `bool` | `false` | no |
-| [runner\_worker\_docker\_autoscaler](#input\_runner\_worker\_docker\_autoscaler) | fleeting\_plugin\_version = The version of aws fleeting plugin
connector\_config\_user = User to connect to worker machine
key\_pair\_name = The name of the key pair used by the Runner to connect to the docker-machine Runner Workers. This variable is only supported when `enables` is set to `true`.
capacity\_per\_instance = The number of jobs that can be executed concurrently by a single instance.
max\_use\_count = Max job number that can run on a worker
update\_interval = The interval to check with the fleeting plugin for instance updates.
update\_interval\_when\_expecting = The interval to check with the fleeting plugin for instance updates when expecting a state change.
instance\_ready\_command = Executes this command on each instance provisioned by the autoscaler to ensure that it is ready for use. A failure results in the instance being removed. | object({
fleeting_plugin_version = optional(string, "1.0.0")
connector_config_user = optional(string, "ec2-user")
key_pair_name = optional(string, "runner-worker-key")
capacity_per_instance = optional(number, 1)
max_use_count = optional(number, 100)
update_interval = optional(string, "1m")
update_interval_when_expecting = optional(string, "2s")
instance_ready_command = optional(string, "")
}) | `{}` | no |
+| [runner\_worker\_docker\_autoscaler](#input\_runner\_worker\_docker\_autoscaler) | fleeting\_plugin\_version = The version of aws fleeting plugin.
connector\_config\_user = User to connect to worker machine.
key\_pair\_name = The name of the key pair used by the Runner to connect to the docker-machine Runner Workers. This variable is only supported when `enables` is set to `true`.
capacity\_per\_instance = The number of jobs that can be executed concurrently by a single instance.
max\_use\_count = Max job number that can run on a worker.
update\_interval = The interval to check with the fleeting plugin for instance updates.
update\_interval\_when\_expecting = The interval to check with the fleeting plugin for instance updates when expecting a state change.
instance\_ready\_command = Executes this command on each instance provisioned by the autoscaler to ensure that it is ready for use. A failure results in the instance being removed. | object({
fleeting_plugin_version = optional(string, "1.0.0")
connector_config_user = optional(string, "ec2-user")
key_pair_name = optional(string, "runner-worker-key")
capacity_per_instance = optional(number, 1)
max_use_count = optional(number, 100)
update_interval = optional(string, "1m")
update_interval_when_expecting = optional(string, "2s")
instance_ready_command = optional(string, "")
}) | `{}` | no |
| [runner\_worker\_docker\_autoscaler\_ami\_filter](#input\_runner\_worker\_docker\_autoscaler\_ami\_filter) | List of maps used to create the AMI filter for the Runner Worker (autoscaler). | `map(list(string))` | {
"name": [
"ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"
]
} | no |
| [runner\_worker\_docker\_autoscaler\_ami\_id](#input\_runner\_worker\_docker\_autoscaler\_ami\_id) | The ID of the AMI to use for the Runner Worker (autoscaler). | `string` | `""` | no |
| [runner\_worker\_docker\_autoscaler\_ami\_owners](#input\_runner\_worker\_docker\_autoscaler\_ami\_owners) | The list of owners used to select the AMI of the Runner Worker (autoscaler). | `list(string)` | [
"099720109477"
]
| no |
-| [runner\_worker\_docker\_autoscaler\_asg](#input\_runner\_worker\_docker\_autoscaler\_asg) | enable\_mixed\_instances\_policy = Make use of autoscaling-group mixed\_instances\_policy capacities to leverage pools and spot instances.
health\_check\_grace\_period = Time (in seconds) after instance comes into service before checking health
health\_check\_type = Controls how health checking is done. Values are - EC2 and ELB
instance\_refresh\_min\_healthy\_percentage = The amount of capacity in the Auto Scaling group that must remain healthy during an instance refresh to allow the operation to continue, as a percentage of the desired capacity of the Auto Scaling group.
instance\_refresh\_triggers = Set of additional property names that will trigger an Instance Refresh. A refresh will always be triggered by a change in any of launch\_configuration, launch\_template, or mixed\_instances\_policy.
max\_growth\_rate = The maximum number of machines that can be added to the runner in parallel.
on\_demand\_base\_capacity = Absolute minimum amount of desired capacity that must be fulfilled by on-demand instances.
on\_demand\_percentage\_above\_base\_capacity = Percentage split between on-demand and Spot instances above the base on-demand capacity.
override\_instance\_types = List to override the instance type in the Launch Template. Allow to spread spot instances on several types, to reduce interruptions
profile\_name = profile\_name = Name of the IAM profile to attach to the Runner Workers.
sg\_ingresses = Extra security group rule for workers
spot\_allocation\_strategy = How to allocate capacity across the Spot pools. 'lowest-price' to optimize cost, 'capacity-optimized' to reduce interruptions
spot\_instance\_pools = Number of Spot pools per availability zone to allocate capacity. EC2 Auto Scaling selects the cheapest Spot pools and evenly allocates Spot capacity across the number of Spot pools that you specify.
subnet\_ids = The list of subnet IDs to use for the Runner Worker when the fleet mode is enabled.
types = The type of instance to use for the Runner Worker. In case of fleet mode, multiple instance types are supported.
upgrade\_strategy = Auto deploy new instances when launch template changes. Can be either 'bluegreen', 'rolling' or 'off'
enabled\_metrics = List of metrics to collect. | object({
enable_mixed_instances_policy = optional(bool, false)
health_check_grace_period = optional(number, 300)
health_check_type = optional(string, "EC2")
instance_refresh_min_healthy_percentage = optional(number, 90)
instance_refresh_triggers = optional(list(string), [])
max_growth_rate = optional(number, 0)
on_demand_base_capacity = optional(number, 0)
on_demand_percentage_above_base_capacity = optional(number, 100)
profile_name = optional(string, "")
spot_allocation_strategy = optional(string, "lowest-price")
spot_instance_pools = optional(number, 2)
subnet_ids = optional(list(string), [])
types = optional(list(string), ["m5.large"])
upgrade_strategy = optional(string, "rolling")
enabled_metrics = optional(list(string), [])
sg_ingresses = optional(list(object({
description = string
from_port = number
to_port = number
protocol = string
cidr_blocks = list(string)
})), [])
}) | `{}` | no |
+| [runner\_worker\_docker\_autoscaler\_asg](#input\_runner\_worker\_docker\_autoscaler\_asg) | enabled\_metrics = List of metrics to collect.
enable\_mixed\_instances\_policy = Make use of autoscaling-group mixed\_instances\_policy capacities to leverage pools and spot instances.
health\_check\_grace\_period = Time (in seconds) after instance comes into service before checking health.
health\_check\_type = Controls how health checking is done. Values are - EC2 and ELB.
instance\_refresh\_min\_healthy\_percentage = The amount of capacity in the Auto Scaling group that must remain healthy during an instance refresh to allow the operation to continue, as a percentage of the desired capacity of the Auto Scaling group.
instance\_refresh\_triggers = Set of additional property names that will trigger an Instance Refresh. A refresh will always be triggered by a change in any of launch\_configuration, launch\_template, or mixed\_instances\_policy.
on\_demand\_base\_capacity = Absolute minimum amount of desired capacity that must be fulfilled by on-demand instances.
on\_demand\_percentage\_above\_base\_capacity = Percentage split between on-demand and Spot instances above the base on-demand capacity.
spot\_allocation\_strategy = How to allocate capacity across the Spot pools. 'lowest-price' to optimize cost, 'capacity-optimized' to reduce interruptions.
spot\_instance\_pools = Number of Spot pools per availability zone to allocate capacity. EC2 Auto Scaling selects the cheapest Spot pools and evenly allocates Spot capacity across the number of Spot pools that you specify.
subnet\_ids = The list of subnet IDs to use for the Runner Worker when the fleet mode is enabled.
types = The type of instance to use for the Runner Worker. In case of fleet mode, multiple instance types are supported.
upgrade\_strategy = Auto deploy new instances when launch template changes. Can be either 'bluegreen', 'rolling' or 'off'. | object({
enabled_metrics = optional(list(string), [])
enable_mixed_instances_policy = optional(bool, false)
health_check_grace_period = optional(number, 300)
health_check_type = optional(string, "EC2")
instance_refresh_min_healthy_percentage = optional(number, 90)
instance_refresh_triggers = optional(list(string), [])
on_demand_base_capacity = optional(number, 0)
on_demand_percentage_above_base_capacity = optional(number, 100)
spot_allocation_strategy = optional(string, "lowest-price")
spot_instance_pools = optional(number, 2)
subnet_ids = optional(list(string), [])
types = optional(list(string), ["m5.large"])
upgrade_strategy = optional(string, "rolling")
}) | `{}` | no |
| [runner\_worker\_docker\_autoscaler\_autoscaling\_options](#input\_runner\_worker\_docker\_autoscaler\_autoscaling\_options) | Set autoscaling parameters based on periods, see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersautoscalerpolicy-sections | list(object({
periods = list(string)
timezone = optional(string, "UTC")
idle_count = optional(number)
idle_time = optional(string)
scale_factor = optional(number)
scale_factor_limit = optional(number, 0)
})) | `[]` | no |
-| [runner\_worker\_docker\_autoscaler\_instance](#input\_runner\_worker\_docker\_autoscaler\_instance) | ebs\_optimized = Enable EBS optimization for the Runner Worker.
http\_tokens = Whether or not the metadata service requires session tokens
http\_put\_response\_hop\_limit = The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.
monitoring = Enable detailed monitoring for the Runner Worker.
private\_address\_only = Restrict Runner Worker to the use of a private IP address. If `runner_instance.use_private_address_only` is set to `true` (default),
root\_device\_name = The name of the root volume for the Runner Worker.
root\_size = The size of the root volume for the Runner Worker.
start\_script = Cloud-init user data that will be passed to the Runner Worker. Should not be base64 encrypted.
volume\_type = The type of volume to use for the Runner Worker. `gp2`, `gp3`, `io1` or `io2` are supported
volume\_iops = Guaranteed IOPS for the volume. Only supported when using `gp3`, `io1` or `io2` as `volume_type`.
volume\_throughput = Throughput in MB/s for the volume. Only supported when using `gp3` as `volume_type`. | object({
ebs_optimized = optional(bool, true)
http_tokens = optional(string, "required")
http_put_response_hop_limit = optional(number, 2)
monitoring = optional(bool, false)
private_address_only = optional(bool, true)
root_device_name = optional(string, "/dev/sda1")
root_size = optional(number, 8)
start_script = optional(string, "")
volume_type = optional(string, "gp2")
volume_throughput = optional(number, 125)
volume_iops = optional(number, 3000)
}) | `{}` | no |
+| [runner\_worker\_docker\_autoscaler\_instance](#input\_runner\_worker\_docker\_autoscaler\_instance) | ebs\_optimized = Enable EBS optimization for the Runner Worker.
http\_tokens = Whether or not the metadata service requires session tokens.
http\_put\_response\_hop\_limit = The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.
monitoring = Enable detailed monitoring for the Runner Worker.
private\_address\_only = Restrict Runner Worker to the use of a private IP address. If `runner_instance.use_private_address_only` is set to `true` (default),
root\_device\_name = The name of the root volume for the Runner Worker.
root\_size = The size of the root volume for the Runner Worker.
start\_script = Cloud-init user data that will be passed to the Runner Worker. Should not be base64 encrypted.
volume\_type = The type of volume to use for the Runner Worker. `gp2`, `gp3`, `io1` or `io2` are supported.
volume\_iops = Guaranteed IOPS for the volume. Only supported when using `gp3`, `io1` or `io2` as `volume_type`.
volume\_throughput = Throughput in MB/s for the volume. Only supported when using `gp3` as `volume_type`. | object({
ebs_optimized = optional(bool, true)
http_tokens = optional(string, "required")
http_put_response_hop_limit = optional(number, 2)
monitoring = optional(bool, false)
private_address_only = optional(bool, true)
root_device_name = optional(string, "/dev/sda1")
root_size = optional(number, 8)
start_script = optional(string, "")
volume_type = optional(string, "gp2")
volume_throughput = optional(number, 125)
volume_iops = optional(number, 3000)
}) | `{}` | no |
| [runner\_worker\_docker\_autoscaler\_role](#input\_runner\_worker\_docker\_autoscaler\_role) | additional\_tags = Map of tags that will be added to the Runner Worker.
assume\_role\_policy\_json = Assume role policy for the Runner Worker.
policy\_arns = List of ARNs of IAM policies to attach to the Runner Workers.
profile\_name = Name of the IAM profile to attach to the Runner Workers. | object({
additional_tags = optional(map(string), {})
assume_role_policy_json = optional(string, "")
policy_arns = optional(list(string), [])
profile_name = optional(string, "")
}) | `{}` | no |
-| [runner\_worker\_docker\_machine\_ami\_filter](#input\_runner\_worker\_docker\_machine\_ami\_filter) | List of maps used to create the AMI filter for the Runner Worker (docker-machine). | `map(list(string))` | {
"name": [
"ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server*"
]
} | no |
+| [runner\_worker\_docker\_machine\_ami\_filter](#input\_runner\_worker\_docker\_machine\_ami\_filter) | List of maps used to create the AMI filter for the Runner Worker (docker-machine). | `map(list(string))` | {
"name": [
"ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"
]
} | no |
| [runner\_worker\_docker\_machine\_ami\_id](#input\_runner\_worker\_docker\_machine\_ami\_id) | The ID of the AMI to use for the Runner Worker (docker-machine). | `string` | `""` | no |
| [runner\_worker\_docker\_machine\_ami\_owners](#input\_runner\_worker\_docker\_machine\_ami\_owners) | The list of owners used to select the AMI of the Runner Worker (docker-machine). | `list(string)` | [
"099720109477"
]
| no |
| [runner\_worker\_docker\_machine\_autoscaling\_options](#input\_runner\_worker\_docker\_machine\_autoscaling\_options) | Set autoscaling parameters based on periods, see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersmachine-section | list(object({
periods = list(string)
idle_count = optional(number)
idle_scale_factor = optional(number)
idle_count_min = optional(number)
idle_time = optional(number)
timezone = optional(string, "UTC")
})) | `[]` | no |
| [runner\_worker\_docker\_machine\_ec2\_metadata\_options](#input\_runner\_worker\_docker\_machine\_ec2\_metadata\_options) | Enable the Runner Worker metadata service. Requires you use CKI maintained docker machines. | object({
http_tokens = string
http_put_response_hop_limit = number
}) | {
"http_put_response_hop_limit": 2,
"http_tokens": "required"
} | no |
| [runner\_worker\_docker\_machine\_ec2\_options](#input\_runner\_worker\_docker\_machine\_ec2\_options) | List of additional options for the docker+machine config. Each element of this list must be a key=value pair. E.g. '["amazonec2-zone=a"]' | `list(string)` | `[]` | no |
-| [runner\_worker\_docker\_machine\_extra\_egress\_rules](#input\_runner\_worker\_docker\_machine\_extra\_egress\_rules) | List of egress rules for the Runner Workers. | list(object({
cidr_blocks = list(string)
ipv6_cidr_blocks = list(string)
prefix_list_ids = list(string)
from_port = number
protocol = string
security_groups = list(string)
self = bool
to_port = number
description = string
})) | [
{
"cidr_blocks": [
"0.0.0.0/0"
],
"description": "Allow all egress traffic for Runner Workers.",
"from_port": 0,
"ipv6_cidr_blocks": [
"::/0"
],
"prefix_list_ids": null,
"protocol": "-1",
"security_groups": null,
"self": null,
"to_port": 0
}
]
| no |
| [runner\_worker\_docker\_machine\_fleet](#input\_runner\_worker\_docker\_machine\_fleet) | enable = Activates the fleet mode on the Runner. https://gitlab.com/cki-project/docker-machine/-/blob/v0.16.2-gitlab.19-cki.2/docs/drivers/aws.md#fleet-mode
key\_pair\_name = The name of the key pair used by the Runner to connect to the docker-machine Runner Workers. This variable is only supported when `enables` is set to `true`. | object({
enable = bool
key_pair_name = optional(string, "fleet-key")
}) | {
"enable": false
} | no |
| [runner\_worker\_docker\_machine\_instance](#input\_runner\_worker\_docker\_machine\_instance) | For detailed documentation check https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersmachine-section
docker\_registry\_mirror\_url = The URL of the Docker registry mirror to use for the Runner Worker.
destroy\_after\_max\_builds = Destroy the instance after the maximum number of builds has been reached.
ebs\_optimized = Enable EBS optimization for the Runner Worker.
idle\_count = Number of idle Runner Worker instances (not working for the Docker Runner Worker) (IdleCount).
idle\_time = Idle time of the Runner Worker before they are destroyed (not working for the Docker Runner Worker) (IdleTime).
max\_growth\_rate = The maximum number of machines that can be added to the runner in parallel.
monitoring = Enable detailed monitoring for the Runner Worker.
name\_prefix = Set the name prefix and override the `Name` tag for the Runner Worker.
private\_address\_only = Restrict Runner Worker to the use of a private IP address. If `runner_instance.use_private_address_only` is set to `true` (default), `runner_worker_docker_machine_instance.private_address_only` will also apply for the Runner.
root\_device\_name = The name of the root volume for the Runner Worker.
root\_size = The size of the root volume for the Runner Worker.
start\_script = Cloud-init user data that will be passed to the Runner Worker. Should not be base64 encrypted.
subnet\_ids = The list of subnet IDs to use for the Runner Worker when the fleet mode is enabled.
types = The type of instance to use for the Runner Worker. In case of fleet mode, multiple instance types are supported.
volume\_type = The type of volume to use for the Runner Worker. `gp2`, `gp3`, `io1` or `io2` are supported.
volume\_throughput = Throughput in MB/s for the volume. Only supported when using `gp3` as `volume_type`.
volume\_iops = Guaranteed IOPS for the volume. Only supported when using `gp3`, `io1` or `io2` as `volume_type`. Works for fleeting only. See `runner_worker_docker_machine_fleet`. | object({
destroy_after_max_builds = optional(number, 0)
docker_registry_mirror_url = optional(string, "")
ebs_optimized = optional(bool, true)
idle_count = optional(number, 0)
idle_time = optional(number, 600)
max_growth_rate = optional(number, 0)
monitoring = optional(bool, false)
name_prefix = optional(string, "")
private_address_only = optional(bool, true)
root_device_name = optional(string, "/dev/sda1")
root_size = optional(number, 8)
start_script = optional(string, "")
subnet_ids = optional(list(string), [])
types = optional(list(string), ["m5.large"])
volume_type = optional(string, "gp2")
volume_throughput = optional(number, 125)
volume_iops = optional(number, 3000)
}) | `{}` | no |
| [runner\_worker\_docker\_machine\_instance\_spot](#input\_runner\_worker\_docker\_machine\_instance\_spot) | enable = Enable spot instances for the Runner Worker.
max\_price = The maximum price willing to pay. By default the price is limited by the current on demand price for the instance type chosen. | object({
enable = optional(bool, true)
max_price = optional(string, "on-demand-price")
}) | `{}` | no |
@@ -234,7 +240,9 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
| [runner\_worker\_docker\_services](#input\_runner\_worker\_docker\_services) | Starts additional services with the Docker container. All fields must be set (examine the Dockerfile of the service image for the entrypoint - see ./examples/runner-default/main.tf) | list(object({
name = string
alias = string
entrypoint = list(string)
command = list(string)
})) | `[]` | no |
| [runner\_worker\_docker\_services\_volumes\_tmpfs](#input\_runner\_worker\_docker\_services\_volumes\_tmpfs) | Mount a tmpfs in gitlab service container. https://docs.gitlab.com/runner/executors/docker.html#mounting-a-directory-in-ram | list(object({
volume = string
options = string
})) | `[]` | no |
| [runner\_worker\_docker\_volumes\_tmpfs](#input\_runner\_worker\_docker\_volumes\_tmpfs) | Mount a tmpfs in Executor container. https://docs.gitlab.com/runner/executors/docker.html#mounting-a-directory-in-ram | list(object({
volume = string
options = string
})) | `[]` | no |
+| [runner\_worker\_egress\_rules](#input\_runner\_worker\_egress\_rules) | Map of egress rules for the Runner workers | map(object({
from_port = optional(number, null)
to_port = optional(number, null)
protocol = string
description = string
cidr_block = optional(string, null)
ipv6_cidr_block = optional(string, null)
prefix_list_id = optional(string, null)
security_group = optional(string, null)
})) | {
"allow_https_ipv4": {
"cidr_block": "0.0.0.0/0",
"description": "Allow HTTPS egress traffic to all destinations (IPv4)",
"from_port": 443,
"protocol": "tcp",
"to_port": 443
},
"allow_https_ipv6": {
"description": "Allow HTTPS egress traffic to all destinations (IPv6)",
"from_port": 443,
"ipv6_cidr_block": "::/0",
"protocol": "tcp",
"to_port": 443
},
"allow_ssh_ipv4": {
"cidr_block": "0.0.0.0/0",
"description": "Allow SSH egress traffic to all destinations (IPv4)",
"from_port": 22,
"protocol": "tcp",
"to_port": 22
},
"allow_ssh_ipv6": {
"description": "Allow SSH egress traffic to all destinations (IPv6)",
"from_port": 22,
"ipv6_cidr_block": "::/0",
"protocol": "tcp",
"to_port": 22
}
} | no |
| [runner\_worker\_gitlab\_pipeline](#input\_runner\_worker\_gitlab\_pipeline) | post\_build\_script = Script to execute in the pipeline just after the build, but before executing after\_script.
pre\_build\_script = Script to execute in the pipeline just before the build.
pre\_clone\_script = Script to execute in the pipeline before cloning the Git repository. this can be used to adjust the Git client configuration first, for example. | object({
post_build_script = optional(string, "\"\"")
pre_build_script = optional(string, "\"\"")
pre_clone_script = optional(string, "\"\"")
}) | `{}` | no |
+| [runner\_worker\_ingress\_rules](#input\_runner\_worker\_ingress\_rules) | Map of ingress rules for the Runner workers | map(object({
from_port = optional(number, null)
to_port = optional(number, null)
protocol = string
description = string
cidr_block = optional(string, null)
ipv6_cidr_block = optional(string, null)
prefix_list_id = optional(string, null)
security_group = optional(string, null)
})) | `{}` | no |
| [security\_group\_prefix](#input\_security\_group\_prefix) | Set the name prefix and overwrite the `Name` tag for all security groups. | `string` | `""` | no |
| [subnet\_id](#input\_subnet\_id) | Subnet id used for the Runner and Runner Workers. Must belong to the `vpc_id`. In case the fleet mode is used, multiple subnets for
the Runner Workers can be provided with runner\_worker\_docker\_machine\_instance.subnet\_ids. | `string` | n/a | yes |
| [suppressed\_tags](#input\_suppressed\_tags) | List of tag keys which are automatically removed and never added as default tag by the module. | `list(string)` | `[]` | no |
diff --git a/examples/runner-certificates/README.md b/examples/runner-certificates/README.md
index c33e8db3c..180819825 100644
--- a/examples/runner-certificates/README.md
+++ b/examples/runner-certificates/README.md
@@ -139,31 +139,31 @@ For **user images**, you must:
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [aws](#requirement\_aws) | 5.78.0 |
-| [local](#requirement\_local) | 2.5.2 |
-| [null](#requirement\_null) | 3.2.3 |
-| [random](#requirement\_random) | 3.6.3 |
-| [tls](#requirement\_tls) | 4.0.6 |
+| [aws](#requirement\_aws) | >= 5.78.0 |
+| [local](#requirement\_local) | >= 2.5.2 |
+| [null](#requirement\_null) | >= 3.2.3 |
+| [random](#requirement\_random) | >= 3.6.3 |
+| [tls](#requirement\_tls) | >= 4.0.6 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.78.0 |
+| [aws](#provider\_aws) | >= 5.78.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [runner](#module\_runner) | ../../ | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.16.0 |
-| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 5.16.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | >= 5.16.0 |
+| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | >= 5.16.0 |
## Resources
| Name | Type |
|------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/availability_zones) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
## Inputs
diff --git a/examples/runner-default/README.md b/examples/runner-default/README.md
index f13b8e54f..3a5ecab9d 100644
--- a/examples/runner-default/README.md
+++ b/examples/runner-default/README.md
@@ -33,32 +33,32 @@ check `.terraform-version` for the tested version.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [aws](#requirement\_aws) | 5.78.0 |
-| [local](#requirement\_local) | 2.5.2 |
-| [null](#requirement\_null) | 3.2.3 |
-| [random](#requirement\_random) | 3.6.3 |
-| [tls](#requirement\_tls) | 4.0.6 |
+| [aws](#requirement\_aws) | >= 5.78.0 |
+| [local](#requirement\_local) | >= 2.5.2 |
+| [null](#requirement\_null) | >= 3.2.3 |
+| [random](#requirement\_random) | >= 3.6.3 |
+| [tls](#requirement\_tls) | >= 4.0.6 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.78.0 |
+| [aws](#provider\_aws) | >= 5.78.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [runner](#module\_runner) | ../../ | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.16.0 |
-| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 5.16.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | >= 5.16.0 |
+| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | >= 5.16.0 |
## Resources
| Name | Type |
|------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/availability_zones) | data source |
-| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/security_group) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source |
## Inputs
diff --git a/examples/runner-docker/README.md b/examples/runner-docker/README.md
index 7db4dfb04..ebdb934e6 100644
--- a/examples/runner-docker/README.md
+++ b/examples/runner-docker/README.md
@@ -36,31 +36,31 @@ check `.terraform-version` for the tested version.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [aws](#requirement\_aws) | 5.78.0 |
-| [local](#requirement\_local) | 2.5.2 |
-| [null](#requirement\_null) | 3.2.3 |
-| [random](#requirement\_random) | 3.6.3 |
-| [tls](#requirement\_tls) | 4.0.6 |
+| [aws](#requirement\_aws) | >= 5.78.0 |
+| [local](#requirement\_local) | >= 2.5.2 |
+| [null](#requirement\_null) | >= 3.2.3 |
+| [random](#requirement\_random) | >= 3.6.3 |
+| [tls](#requirement\_tls) | >= 4.0.6 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.78.0 |
+| [aws](#provider\_aws) | >= 5.78.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [runner](#module\_runner) | ../../ | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.16.0 |
-| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 5.16.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | >= 5.16.0 |
+| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | >= 5.16.0 |
## Resources
| Name | Type |
|------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/availability_zones) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
## Inputs
diff --git a/examples/runner-fleeting-plugin/README.md b/examples/runner-fleeting-plugin/README.md
index 9d18f377b..e055b4b20 100644
--- a/examples/runner-fleeting-plugin/README.md
+++ b/examples/runner-fleeting-plugin/README.md
@@ -29,32 +29,32 @@ check `.terraform-version` for the tested version.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [aws](#requirement\_aws) | 5.78.0 |
-| [local](#requirement\_local) | 2.5.2 |
-| [null](#requirement\_null) | 3.2.3 |
-| [random](#requirement\_random) | 3.6.3 |
-| [tls](#requirement\_tls) | 4.0.6 |
+| [aws](#requirement\_aws) | >= 5.78.0 |
+| [local](#requirement\_local) | >= 2.5.2 |
+| [null](#requirement\_null) | >= 3.2.3 |
+| [random](#requirement\_random) | >= 3.6.3 |
+| [tls](#requirement\_tls) | >= 4.0.6 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.78.0 |
+| [aws](#provider\_aws) | >= 5.78.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [runner](#module\_runner) | ../../ | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.16.0 |
-| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | 5.16.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | >= 5.16.0 |
+| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | >= 5.16.0 |
## Resources
| Name | Type |
|------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/availability_zones) | data source |
-| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/security_group) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source |
## Inputs
diff --git a/examples/runner-public/README.md b/examples/runner-public/README.md
index a2d8d30a9..e25001f3a 100644
--- a/examples/runner-public/README.md
+++ b/examples/runner-public/README.md
@@ -30,17 +30,17 @@ check `.terraform-version` for the tested version.
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
-| [aws](#requirement\_aws) | 5.78.0 |
-| [local](#requirement\_local) | 2.5.2 |
-| [null](#requirement\_null) | 3.2.3 |
-| [random](#requirement\_random) | 3.6.3 |
-| [tls](#requirement\_tls) | 4.0.6 |
+| [aws](#requirement\_aws) | >= 5.78.0 |
+| [local](#requirement\_local) | >= 2.5.2 |
+| [null](#requirement\_null) | >= 3.2.3 |
+| [random](#requirement\_random) | >= 3.6.3 |
+| [tls](#requirement\_tls) | >= 4.0.6 |
## Providers
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.78.0 |
+| [aws](#provider\_aws) | >= 5.78.0 |
## Modules
@@ -49,13 +49,13 @@ check `.terraform-version` for the tested version.
| [cache](#module\_cache) | ../../modules/cache | n/a |
| [runner](#module\_runner) | ../../ | n/a |
| [runner2](#module\_runner2) | ../../ | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | 5.16.0 |
+| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | >= 5.16.0 |
## Resources
| Name | Type |
|------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/5.78.0/docs/data-sources/availability_zones) | data source |
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
## Inputs