Kubernetes GHA ARC Runners

kube_gha_arc_runners

Alpha

Live

This module provides:

deployments of ARC runner scale sets that can be targeted in GHA workflows to execute our CI/CD scripts

The runners come pre-equipped with the following:

a configured environment using devenv through our custom container image found here
permissions needed to execute changes to the infrastructure through dynamic credentials:
- admin access to the containing cluster
- admin access to the AWS account containing the cluster
- admin access to the vault instance in the cluster
- ownership over the AAD apps created in the environment

Maintainer Notes

In order to authenticate with the GitHub API, we have set up a GitHub app following this guide. It is manually managed (no IaC - yet). It has the following parameters:
- Name: arc-cicd
- App Id: 379858
- Installation Id: 41013864

Providers

The following providers are needed by this module:

aws (5.39.1)
helm (2.12.1)
kubernetes (2.27.0)
vault (3.25.0)

Required Inputs

The following input variables are required:

aad_group

Description: The group the GHA runner service principal should join

Type: string

arc_controller_service_account_name

Description: The name of the ARC controller's service account

Type: string

arc_controller_service_account_namespace

Description: The namespace of the ARC controller

Type: string

eks_cluster_name

Description: The name of the EKS cluster.

Type: string

gha_runner_env_prefix

Description: The prefix to append to each runner's name

Type: string

gha_runner_max_replicas

Description: The maximum number of runners to use

Type: number

github_app_id

Description: The app id for the GitHub app used to authenticate the runner

Type: string

github_app_installation_id

Description: The installation id for the GitHub app used to authenticate the runner

Type: string

github_app_private_key

Description: The private key for the GitHub app used to authenticate the runner

Type: string

github_config_url

Description: The url for the organization that the runner will belong to

Type: string

ip_allow_list

Description: A list of IPs that can use the service account token to authenticate with AWS API

Type: list(string)

large_runner_config

Description: Configuration for the large runner

Type:

object({
    min_replicas   = optional(number, 0)
    tmp_space_gb   = number # The number of GB of disk space to allocate to the runner
    memory_mb      = number # The number of MB of memory to allocate to the runner
    cpu_millicores = number # The number of millicores of cpu to allocate to the runner
  })

medium_runner_config

Description: Configuration for the medium runner

Type:

object({
    min_replicas   = optional(number, 0)
    tmp_space_gb   = number # The number of GB of disk space to allocate to the runner
    memory_mb      = number # The number of MB of memory to allocate to the runner
    cpu_millicores = number # The number of millicores of cpu to allocate to the runner
  })

runner_image

Description: The runner image to use

Type: string

small_runner_config

Description: Configuration for the small runner

Type:

object({
    min_replicas   = optional(number, 0)
    tmp_space_gb   = number # The number of GB of disk space to allocate to the runner
    memory_mb      = number # The number of MB of memory to allocate to the runner
    cpu_millicores = number # The number of millicores of cpu to allocate to the runner
  })