| auth_method |
GitHub authentication method to be deployed. |
string |
"pat" |
no |
| auth_secret_annotations |
Set the annotations of the auth secret. |
map(string) |
{} |
no |
| auth_secret_created |
Create Kubernetes secrets to authenticate with GitHub API. |
bool |
false |
no |
| auth_secret_enabled |
Expose GITHUB_* Environment variables manager container |
bool |
true |
no |
| auth_secret_name |
Set the name of the auth secret. |
string |
"controller-manager" |
no |
| cert_manager_enabled |
Whether to enable the cert manager. |
bool |
true |
no |
| chart_labels |
Set labels to apply to all resources in the chart. |
map(string) |
{} |
no |
| chart_name |
Helm chart name to provision. |
string |
"actions-runner-controller" |
no |
| chart_namespace |
Namespace to install the chart into. |
string |
"default" |
no |
| chart_namespace_create |
Create the namespace if it does not yet exist. |
bool |
false |
no |
| chart_repository |
Helm repository for the chart. |
string |
"https://actions-runner-controller.github.io/actions-runner-controller" |
no |
| chart_timeout |
Timeout to wait for the Chart to be deployed. |
number |
300 |
no |
| chart_version |
Version of Chart to install. Set to empty to install the latest version. |
string |
"0.20.0" |
no |
| controller_affinity |
Set the controller pod affinity rules. |
any |
{} |
no |
| controller_env |
Set environment variables for the controller container. |
map(any) |
{} |
no |
| controller_image_tag |
The tag of the controller container. If not specified, it's the appVersion inside Chart.yaml |
string |
"v0.25.0" |
no |
| controller_node_selector |
Set the controller pod nodeSelector. |
map(any) |
{} |
no |
| controller_pod_annotations |
Set annotations for the controller pod. |
map(string) |
{} |
no |
| controller_pod_disruption_budget |
Pod disruption budget for controller |
any |
{
"enabled": true,
"minAvailable": 1
} |
no |
| controller_pod_labels |
Set labels for the controller pod. |
map(string) |
{} |
no |
| controller_pod_security_context |
Set the security context to controller pod. |
map(any) |
{} |
no |
| controller_priority_class_name |
Set the controller pod priorityClassName. |
string |
"" |
no |
| controller_repository |
The repository/image of the controller container. |
string |
"summerwind/actions-runner-controller" |
no |
| controller_resources |
Set the controller pod resources. |
map(any) |
{
"limits": {
"cpu": "100m",
"memory": "128Mi"
},
"requests": {
"cpu": "100m",
"memory": "128Mi"
}
} |
no |
| controller_security_context |
Set the security context for each container in the controller pod. |
map(any) |
{} |
no |
| controller_service_annotation |
Set annotations for the provisioned webhook service resource. |
map(any) |
{} |
no |
| controller_service_port |
Set controller service ports. |
string |
"443" |
no |
| controller_service_type |
Set controller service type. |
string |
"ClusterIP" |
no |
| controller_tolerations |
Set the controller pod tolerations. |
list(any) |
[] |
no |
| dind_sidecar_image_tag |
The tag of the dind sidecar container. |
string |
"dind" |
no |
| dind_sidecar_repository |
The repository/image of the dind sidecar container. |
string |
"docker" |
no |
| docker_registry_mirror |
The default Docker Registry Mirror used by runners. |
string |
"" |
no |
| github_app_id |
GitHub App ID. This can't be set at the same time as github_token |
string |
"" |
no |
| github_app_installation_id |
GitHub App Installation ID. This can't be set at the same time as github_token |
string |
"" |
no |
| github_app_private_key |
The multiline string of your GitHub App's private key. This can't be set at the same time as github_token |
string |
"" |
no |
| github_enterprise_url |
The URL of your GitHub Enterprise server, if you're using one. |
string |
"" |
no |
| github_org_runners |
Github organization for deploying org runner |
list(object({
name = string # Organization Name
group = optional(string) # Runner group needs to be created first
replicas = number
label = string
tolerations = optional(list(any))
affinity = optional(any)
resources = optional(map(any))
})) |
[] |
no |
| github_token |
Your chosen GitHub PAT token. This can't be set at the same time as github_app_* |
string |
"" |
no |
| image_pull_policy |
The pull policy of the controller image. |
string |
"IfNotPresent" |
no |
| image_pull_secrets |
Specifies the secret to be used when pulling the controller pod containers. |
list(any) |
[] |
no |
| leader_election_id |
Set the election ID for the controller group. |
string |
"actions-runner-controller" |
no |
| log_level |
Set the log level of the controller container. |
string |
"" |
no |
| max_history |
Max History for Helm. |
number |
20 |
no |
| metrics_proxy_enabled |
Deploy kube-rbac-proxy container in controller pod. |
bool |
true |
no |
| metrics_proxy_image_repository |
The repository/image of the kube-proxy container. |
string |
"quay.io/brancz/kube-rbac-proxy" |
no |
| metrics_proxy_image_tag |
The tag of the kube-proxy container. |
string |
"v0.13.0" |
no |
| metrics_service_annotation |
Set annotations for the provisioned metrics service resource. |
map(string) |
{} |
no |
| metrics_service_monitor_enabled |
Whether to deploy serviceMonitor kind for for use with prometheus-operator CRDs. |
bool |
false |
no |
| metrics_service_monitor_labels |
Set labels to apply to ServiceMonitor resources. |
map(string) |
{} |
no |
| metrics_service_port |
Set port of metrics service. |
string |
"8443" |
no |
| oidc_provider_arn |
OIDC Provider ARN for IRSA |
string |
"" |
no |
| release_name |
Helm release name. |
string |
"actions-runner-controller" |
no |
| replicas |
Set the number of controller pods. |
number |
1 |
no |
| role_name |
Name of the iam role to be created. |
string |
"" |
no |
| role_policy_arns |
ARNs of any policies to attach to the IAM role |
map(string) |
{} |
no |
| runner_image_pull_secrets |
Specifies the secret to be used when pulling the runner pod containers. |
list(any) |
[] |
no |
| runner_image_tag |
The tag of the actions runner container. |
string |
"latest" |
no |
| runner_repository |
The repository/image of the actions runner container. |
string |
"summerwind/actions-runner" |
no |
| scope_single_namespace_enabled |
Limit the controller to watch a single namespace. |
bool |
false |
no |
| scope_watch_namespace |
Tells the controller and the GitHub webhook server which namespace to watch if scope.singleNamespace is true. |
string |
"" |
no |
| service_account_annotations |
Annotations to add to the service account. |
map(string) |
{} |
no |
| service_account_created |
Specifies whether a service account should be created. |
bool |
true |
no |
| service_account_name |
The name of the service account to use. |
string |
"actions-runner-controller" |
no |
| sync_period |
Set the period in which the controler reconciles the desired runners count. |
string |
"10m" |
no |
| webhook_ingress_class_name |
Ingress Class name for the Github Webhook Server |
string |
"" |
no |
| webhook_server_affinity |
Set environment variables for the githubWebhookServer container. |
any |
{} |
no |
| webhook_server_enabled |
Whether to deploy the webhook server pod. |
bool |
false |
no |
| webhook_server_image_pull_secrets |
Specifies the secret to be used when pulling the githubWebhookServer pod containers. |
list(any) |
[] |
no |
| webhook_server_ingress_annotations |
Set annotations for the githubWebhookServer ingress kind. |
map(string) |
{} |
no |
| webhook_server_ingress_enabled |
Whether to deploy an ingress kind for the githubWebhookServer. |
bool |
false |
no |
| webhook_server_ingress_hosts |
Set hosts for the githubWebhookServer ingress kind. |
list(any) |
[] |
no |
| webhook_server_ingress_tls |
Set tls configuration for the githubWebhookServer ingress kind. |
list(any) |
[] |
no |
| webhook_server_log_level |
Set the log level of the githubWebhookServer container. |
string |
"" |
no |
| webhook_server_node_selector |
Set the githubWebhookServer pod nodeSelector. |
map(any) |
{} |
no |
| webhook_server_pod_annotations |
Set annotations for the githubWebhookServer pod. |
map(string) |
{} |
no |
| webhook_server_pod_disruption_budget |
Pod disruption budget for webhook server |
any |
{
"enabled": true,
"minAvailable": 1
} |
no |
| webhook_server_pod_labels |
Set labels for the githubWebhookServer pod. |
map(string) |
{} |
no |
| webhook_server_pod_security_context |
Set the security context to githubWebhookServer pod. |
map(any) |
{} |
no |
| webhook_server_priority_class_name |
Set the githubWebhookServer pod priorityClassName. |
string |
"" |
no |
| webhook_server_replicas |
Set the number of webhook server pods. |
number |
1 |
no |
| webhook_server_resources |
Set the githubWebhookServer pod resources. |
map(any) |
{
"limits": {
"cpu": "100m",
"memory": "128Mi"
},
"requests": {
"cpu": "100m",
"memory": "128Mi"
}
} |
no |
| webhook_server_secret_created |
Whether to deploy the webhook hook secret. |
bool |
false |
no |
| webhook_server_secret_enabled |
Whether to enable the webhook hook secret. |
bool |
false |
no |
| webhook_server_secret_name |
Set the name of the webhook hook secret. |
string |
"github-webhook-server" |
no |
| webhook_server_secret_token |
Set the webhook secret token value. |
string |
"" |
no |
| webhook_server_security_context |
Set the security context for each container in the githubWebhookServer pod. |
map(any) |
{} |
no |
| webhook_server_service_account_annotations |
Set annotations for the githubWebhookServer service account. |
map(string) |
{} |
no |
| webhook_server_service_account_created |
Whether to deploy the githubWebhookServer under a service account. |
bool |
true |
no |
| webhook_server_service_account_name |
The name of the githubWebhookServer service account to use. |
string |
"" |
no |
| webhook_server_service_annotations |
Set annotations for the githubWebhookServer service. |
map(string) |
{} |
no |
| webhook_server_service_node_port |
Set githubWebhookServer service nodePort. |
string |
"" |
no |
| webhook_server_service_port |
Set githubWebhookServer service port. |
string |
"80" |
no |
| webhook_server_service_type |
Set githubWebhookServer service type. |
string |
"ClusterIP" |
no |
| webhook_server_sync_period |
Set the period in which the controller reconciles the resources. |
string |
"10m" |
no |
| webhook_server_tolerations |
Set the githubWebhookServer pod tolerations. |
list(any) |
[] |
no |