A Terraform module for configuring a GCP-based GitLab CI Runner.
This runner is configured to use the docker+machine executor which allows the infrastructure to be scaled up and down as demand requires. The minimum cost (during zero activity) is the cost of an f1-micro instance.
The long-running runner instance runs under a gitlab-ci-runner service account. This account will be granted all required permissions to spawn worker instances on demand.
The worker instances run under a gitlab-ci-worker service account. This account will need to be granted any privileges required to perform build and deploy activities. For example, the storage.admin role can be granted to the worker account as follows:
To use this module you can create a main.tf file similar to the following example. Note that you will need to modify the roles assigned to the CI worker service account based on your specific project needs.
# Configure GCP provider
provider "google" {
version = "~> 2.13"
project = var.gcp_project
region = var.gcp_region
}
# Install the GitLab CI Runner infrastructure
module "ci" {
source = "git@JuanSeBestia/terraform-google-gitlab-runner.git"
gcp_project = var.gcp_project
gcp_zone = var.gcp_zone
cache_bucket_name = "gitlab-runner-cache"
gitlab_url = var.gitlab_url
ci_token = var.ci_token
ci_runner_instance_name = var.ci_runner_instance_name
ci_concurrency = var.ci_concurrency
}
# Grant the storage.admin role to the CI workers. Add other roles as required.
resource "google_project_iam_member" "worker_storage_admin" {
role = "roles/storage.admin"
member = "serviceAccount:${module.ci.ci_worker_service_account.email}"
}
Then perform the following commands:
terraform initto get the pluginsterraform planto see the infrastructure planterraform applyto apply the infrastructure buildterraform destroyto destroy the built infrastructure