Skip to content

Modernize terraform config for self-hosted runners #37127

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
shunping merged 2 commits into from
Dec 17, 2025
Merged

Modernize terraform config for self-hosted runners #37127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9146b2e
Change terraform config to use new syntax.
shunping Dec 17, 2025
9c5b1a2
Add a section in README about updating terraform config for self-host…
shunping Dec 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 20 additions & 1 deletion .github/gh-actions-self-hosted-runners/arc/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,26 @@ terraform init -backend-config="bucket=bucket_name"
terraform apply -var-file=environments/environment_name.env
```

# Updating
If you need to update the configuration (e.g. upgrading the github runner image, changing resource settings, etc), follow the steps below:

1. From this directory, login to your gcloud account that you created the bucket with and init terraform. Replace bucket_name with the bucket for storing terraform state, e.g. `beam-arc-state`.
```
gcloud auth login
gcloud auth application-default login
terraform init -backend-config="bucket=bucket_name"
```

2. Terraform plan. Replace environment_name.env with the file under environments, e.g. `beam.env`. Fix config problems if any.
```
terraform plan -var-file=environments/environment_name.env
```

3. Terraform apply. Replace environment_name.env with the file under environments, e.g. `beam.env`.
```
terraform apply -var-file=environments/environment_name.env
```

# Maintanance

- To access the ARC k8s cluster call the `get_kubeconfig_command` terraform output and run the command

23 changes: 12 additions & 11 deletions .github/gh-actions-self-hosted-runners/arc/helm.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,16 @@ resource "helm_release" "cert-manager" {
create_namespace = true
repository = "https://charts.jetstack.io"
chart = "cert-manager"

atomic = "true"
timeout = 100

set {
name = "installCRDs"
value = "true"
}
set = [
{
name = "installCRDs"
value = "true"
}
]
depends_on = [ google_container_node_pool.main-actions-runner-pool ]
}

Expand All @@ -43,12 +45,11 @@ resource "helm_release" "arc" {
atomic = "true"
timeout = 120

dynamic "set" {
for_each = local.arc_values
content {
name = set.key
value = set.value
set = [
for k, v in local.arc_values : {
name = k
value = v
}
}
]
depends_on = [ helm_release.cert-manager ]
}
6 changes: 3 additions & 3 deletions .github/gh-actions-self-hosted-runners/arc/provider.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 4.62.0"
version = "~> 6.7.0"
}
kubectl = {
source = "alekc/kubectl"
Expand All @@ -40,7 +40,7 @@ provider "google" {
}

provider "helm" {
kubernetes {
kubernetes = {
host = "https://${google_container_cluster.actions-runner-gke.endpoint}"
token = data.google_client_config.provider.access_token
cluster_ca_certificate = base64decode(google_container_cluster.actions-runner-gke.master_auth.0.cluster_ca_certificate)
Expand All @@ -66,4 +66,4 @@ provider "github" {
}
owner = var.organization

}
}