Skip to content

Commit

Permalink
Merge pull request #19 from FriedCircuits/feature/github-runners-serv…
Browse files Browse the repository at this point in the history 
…ice-account

Service account for github runners
  • Loading branch information
@FriedCircuits
FriedCircuits authored Nov 5, 2022
2 parents 06d618c + 8989554 commit c054858
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 1 deletion.
42 changes: 41 additions & 1 deletion modules/k8s/github-runners/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,44 @@ module "github" {
]
}

resource "kubernetes_service_account" "github" {
count = var.enable_service_account == true ? 1 : 0
metadata {
name = var.service_account_name
namespace = var.namespace
}
}

resource "kubernetes_cluster_role" "github" {
count = var.enable_service_account == true ? 1 : 0
metadata {
name = var.service_account_name
}

rule {
api_groups = ["", "apps", "networking.k8s.io", "extensions"]
resources = ["deployments", "services", "configmaps", "secrets", "ingresses"]
verbs = ["get", "watch", "list", "patch", "update", "delete"]
}
}

resource "kubernetes_cluster_role_binding" "github" {
count = var.enable_service_account == true ? 1 : 0
metadata {
name = var.service_account_name
}
subject {
kind = "ServiceAccount"
name = var.service_account_name
namespace = var.namespace
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = var.service_account_name
}
}

resource "kubernetes_manifest" "runner" {
for_each = { for repo in var.repos : repo.repo => repo }
manifest = {
Expand All @@ -90,7 +128,9 @@ resource "kubernetes_manifest" "runner" {
spec = {
template = {
spec = {
repository = each.value.repo
repository = each.value.repo
serviceAccountName = var.service_account_name
automountServiceAccountToken = var.enable_service_account
}
}
}
Expand Down
12 changes: 12 additions & 0 deletions modules/k8s/github-runners/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,3 +30,15 @@ variable "repos" {
}))
default = []
}

variable "enable_service_account" {
description = "Enable creation of service account for github runner."
type = bool
default = true
}

variable "service_account_name" {
description = "Name of kuberbets service account for Github runner pod."
type = string
default = "actions-runner"
}

0 comments on commit c054858

Please sign in to comment.