separate docker autoscaler variables from docker machine

Author: mmoutama09

Diff for: data.tf

@@ -27,7 +27,7 @@ data "aws_ami" "runner" {
 }
 
 data "aws_ami" "docker-machine" {
-  count = contains(["docker+machine", "docker-autoscaler"], var.runner_worker.type) ? 1 : 0
+  count = var.runner_worker.type == "docker+machine" ? 1 : 0
 
   most_recent = "true"
 
@@ -41,3 +41,19 @@ data "aws_ami" "docker-machine" {
 
   owners = var.runner_worker_docker_machine_ami_owners
 }
+
+data "aws_ami" "docker-autoscaler" {
+  count = var.runner_worker.type == "docker-autoscaler" ? 1 : 0
+
+  most_recent = "true"
+
+  dynamic "filter" {
+    for_each = var.runner_worker_docker_autoscaler_ami_filter
+    content {
+      name   = filter.key
+      values = filter.value
+    }
+  }
+
+  owners = var.runner_worker_docker_autoscaler_ami_owners
+}

Diff for: docker_autoscaler.tf

@@ -61,33 +61,33 @@ resource "aws_launch_template" "this" {
   count = var.runner_worker.type == "docker-autoscaler" ? 1 : 0
 
   name          = "${local.name_runner_agent_instance}-worker-launch-template"
-  user_data     = base64gzip(var.runner_worker_docker_machine_instance.start_script)
-  image_id      = data.aws_ami.docker-machine[0].id
-  instance_type = var.runner_worker_docker_machine_instance.types[0]
+  user_data     = base64gzip(var.runner_worker_docker_autoscaler_asg.start_script)
+  image_id      = data.aws_ami.docker-autoscaler[0].id
+  instance_type = var.runner_worker_docker_autoscaler_asg.types[0]
   key_name      = aws_key_pair.autoscaler[0].key_name
-  ebs_optimized = var.runner_worker_docker_machine_instance.ebs_optimized
+  ebs_optimized = var.runner_worker_docker_autoscaler_asg.ebs_optimized
 
   monitoring {
-    enabled = var.runner_worker_docker_machine_instance.monitoring
+    enabled = var.runner_worker_docker_autoscaler_asg.monitoring
   }
 
   iam_instance_profile {
-    name = aws_iam_instance_profile.docker_machine[0].name
+    name = aws_iam_instance_profile.docker_autoscaler[0].name
   }
 
   network_interfaces {
     security_groups             = [aws_security_group.docker_autoscaler[0].id]
-    associate_public_ip_address = !var.runner_worker_docker_machine_instance.private_address_only
+    associate_public_ip_address = !var.runner_worker_docker_autoscaler_asg.private_address_only
   }
 
   block_device_mappings {
     device_name = "/dev/sda1"
 
     ebs {
-      volume_size = var.runner_worker_docker_machine_instance.root_size
-      volume_type = var.runner_worker_docker_machine_instance.volume_type
-      iops        = contains(["gp3", "io1", "io2"], var.runner_worker_docker_machine_instance.volume_type) ? var.runner_worker_docker_machine_instance.volume_iops : null
-      throughput  = var.runner_worker_docker_machine_instance.volume_type == "gp3" ? var.runner_worker_docker_machine_instance.volume_throughput : null
+      volume_size = var.runner_worker_docker_autoscaler_asg.root_size
+      volume_type = var.runner_worker_docker_autoscaler_asg.volume_type
+      iops        = contains(["gp3", "io1", "io2"], var.runner_worker_docker_autoscaler_asg.volume_type) ? var.runner_worker_docker_autoscaler_asg.volume_iops : null
+      throughput  = var.runner_worker_docker_autoscaler_asg.volume_type == "gp3" ? var.runner_worker_docker_autoscaler_asg.volume_throughput : null
     }
   }
 
@@ -104,8 +104,8 @@ resource "aws_launch_template" "this" {
   tags = local.tags
 
   metadata_options {
-    http_tokens                 = var.runner_worker_docker_machine_ec2_metadata_options.http_tokens
-    http_put_response_hop_limit = var.runner_worker_docker_machine_ec2_metadata_options.http_put_response_hop_limit
+    http_tokens                 = var.runner_worker_docker_autoscaler_asg.http_tokens
+    http_put_response_hop_limit = var.runner_worker_docker_autoscaler_asg.http_put_response_hop_limit
     instance_metadata_tags      = "enabled"
   }
 
@@ -147,7 +147,7 @@ resource "aws_autoscaling_group" "autoscaler" {
           version            = aws_launch_template.this[0].latest_version
         }
         dynamic "override" {
-          for_each = var.runner_worker_docker_machine_instance.types
+          for_each = var.runner_worker_docker_autoscaler_asg.types
           content {
             instance_type = override.value
           }
@@ -156,11 +156,21 @@ resource "aws_autoscaling_group" "autoscaler" {
     }
   }
 
+  dynamic "instance_refresh" {
+    for_each = var.runner_worker_docker_autoscaler_asg.upgrade_strategy == "rolling" ? [1] : []
+    content {
+      strategy = "Rolling"
+      preferences {
+        min_healthy_percentage = var.runner_worker_docker_autoscaler_asg.instance_refresh_min_healthy_percentage
+      }
+      triggers = var.runner_worker_docker_autoscaler_asg.instance_refresh_triggers
+    }
+  }
 
-  vpc_zone_identifier       = var.runner_worker_docker_machine_instance.subnet_ids
+  vpc_zone_identifier       = var.runner_worker_docker_autoscaler_asg.subnet_ids
   max_size                  = var.runner_worker.max_jobs
   min_size                  = 0 # Will be overwrite by runner idle count
-  desired_capacity          = var.runner_worker_docker_machine_instance.idle_count
+  desired_capacity          = var.runner_worker_docker_autoscaler_asg.idle_count
   health_check_grace_period = var.runner_worker_docker_autoscaler_asg.health_check_grace_period
   health_check_type         = var.runner_worker_docker_autoscaler_asg.health_check_type
   force_delete              = true

Diff for: main.tf

@@ -127,8 +127,8 @@ locals {
       runners_capacity_per_instance = 1
       runners_max_use_count         = var.runner_worker_docker_autoscaler.max_use_count
       runners_max_instances         = var.runner_worker.max_jobs
-      runners_idle_count            = var.runner_worker_docker_machine_instance.idle_count
-      runners_idle_time             = format("%dm%ds", floor(var.runner_worker_docker_machine_instance.idle_time / 60), var.runner_worker_docker_machine_instance.idle_time % 60)
+      runners_idle_count            = var.runner_worker_docker_autoscaler_asg.idle_count
+      runners_idle_time             = format("%dm%ds", floor(var.runner_worker_docker_autoscaler_asg.idle_time / 60), var.runner_worker_docker_machine_instance.idle_time % 60)
   })
 
   template_runner_config = templatefile("${path.module}/template/runner-config.tftpl",
@@ -141,37 +141,12 @@ locals {
         for key, value in config :
         # Convert key from snake_case to PascalCase which is the casing for this section.
         join("", [for subkey in split("_", key) : title(subkey)]) => jsonencode(value) if value != null
-      }]
-      runners_vpc_id                    = var.vpc_id
-      runners_subnet_id                 = var.subnet_id
-      runners_subnet_ids                = length(var.runner_worker_docker_machine_instance.subnet_ids) > 0 ? var.runner_worker_docker_machine_instance.subnet_ids : [var.subnet_id]
-      runners_aws_zone                  = data.aws_availability_zone.runners.name_suffix
-      runners_instance_types            = var.runner_worker_docker_machine_instance.types
-      runners_spot_price_bid            = var.runner_worker_docker_machine_instance_spot.max_price == "on-demand-price" || var.runner_worker_docker_machine_instance_spot.max_price == null ? "" : var.runner_worker_docker_machine_instance_spot.max_price
-      runners_ami                       = var.runner_worker.type == "docker+machine" ? data.aws_ami.docker-machine[0].id : ""
-      runners_security_group_name       = var.runner_worker.type == "docker+machine" ? aws_security_group.docker_machine[0].name : ""
-      runners_max_growth_rate           = var.runner_worker_docker_machine_instance.max_growth_rate
-      runners_monitoring                = var.runner_worker_docker_machine_instance.monitoring
-      runners_ebs_optimized             = var.runner_worker_docker_machine_instance.ebs_optimized
-      runners_instance_profile          = var.runner_worker.type == "docker+machine" ? aws_iam_instance_profile.docker_machine[0].name : ""
-      docker_machine_options            = length(local.docker_machine_options_string) == 1 ? "" : local.docker_machine_options_string
-      docker_machine_name               = format("%s-%s", local.runner_tags_merged["Name"], "%s") # %s is always needed
+      }] 
       runners_name                      = var.runner_instance.name
-      runners_tags                      = replace(replace(local.runner_tags_string, ",,", ","), "/,$/", "")
       runners_token                     = var.runner_gitlab.registration_token
-      runners_userdata                  = var.runner_worker_docker_machine_instance.start_script
       runners_executor                  = var.runner_worker.type
       runners_limit                     = var.runner_worker.max_jobs
       runners_concurrent                = var.runner_manager.maximum_concurrent_jobs
-      runners_idle_count                = var.runner_worker_docker_machine_instance.idle_count
-      runners_idle_time                 = var.runner_worker_docker_machine_instance.idle_time
-      runners_max_builds                = local.runners_max_builds_string
-      runners_root_size                 = var.runner_worker_docker_machine_instance.root_size
-      runners_volume_type               = var.runner_worker_docker_machine_instance.volume_type
-      runners_iam_instance_profile_name = var.runner_worker_docker_machine_role.profile_name
-      runners_use_private_address_only  = var.runner_worker_docker_machine_instance.private_address_only
-      runners_use_private_address       = !var.runner_worker_docker_machine_instance.private_address_only
-      runners_request_spot_instance     = var.runner_worker_docker_machine_instance_spot.enable
       runners_environment_vars          = jsonencode(var.runner_worker.environment_variables)
       runners_pre_build_script          = var.runner_worker_gitlab_pipeline.pre_build_script
       runners_post_build_script         = var.runner_worker_gitlab_pipeline.post_build_script
@@ -188,8 +163,6 @@ locals {
       sentry_dsn                        = var.runner_manager.sentry_dsn
       prometheus_listen_address         = var.runner_manager.prometheus_listen_address
       auth_type                         = var.runner_worker_cache.authentication_type
-      use_fleet                         = var.runner_worker_docker_machine_fleet.enable
-      launch_template                   = var.runner_worker_docker_machine_fleet.enable == true ? aws_launch_template.fleet_gitlab_runner[0].name : ""
       runners_docker_autoscaler         = var.runner_worker.type == "docker-autoscaler" ? local.template_runner_docker_autoscaler : ""
       runners_docker_machine            = var.runner_worker.type == "docker+machine" ? local.template_runner_docker_machine : ""
     }
@@ -623,23 +596,37 @@ resource "aws_iam_role_policy_attachment" "docker_machine_cache_instance" {
 ### docker machine instance policy
 ################################################################################
 resource "aws_iam_role" "docker_machine" {
-  count                = contains(["docker+machine", "docker-autoscaler"], var.runner_worker.type) ? 1 : 0
+  count                = var.runner_worker.type == "docker+machine" ? 1 : 0
   name                 = "${local.name_iam_objects}-docker-machine"
   assume_role_policy   = length(var.runner_worker_docker_machine_role.assume_role_policy_json) > 0 ? var.runner_worker_docker_machine_role.assume_role_policy_json : templatefile("${path.module}/policies/instance-role-trust-policy.json", {})
   permissions_boundary = var.iam_permissions_boundary == "" ? null : "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:policy/${var.iam_permissions_boundary}"
 
   tags = local.tags
 }
 
-
-
 resource "aws_iam_instance_profile" "docker_machine" {
-  count = contains(["docker+machine", "docker-autoscaler"], var.runner_worker.type) ? 1 : 0
+  count = var.runner_worker.type == "docker+machine" ? 1 : 0
   name  = "${local.name_iam_objects}-docker-machine"
   role  = aws_iam_role.docker_machine[0].name
   tags  = local.tags
 }
 
+resource "aws_iam_role" "docker_autoscaler" {
+  count                = var.runner_worker.type == "docker-autoscaler" ? 1 : 0
+  name                 = "${local.name_iam_objects}-docker-autoscaler"
+  assume_role_policy   = length(var.runner_worker_docker_autoscaler_role.assume_role_policy_json) > 0 ? var.runner_worker_docker_autoscaler_role.assume_role_policy_json : templatefile("${path.module}/policies/instance-role-trust-policy.json", {})
+  permissions_boundary = var.iam_permissions_boundary == "" ? null : "arn:${data.aws_partition.current.partition}:iam::${data.aws_caller_identity.current.account_id}:policy/${var.iam_permissions_boundary}"
+
+  tags = local.tags
+}
+
+resource "aws_iam_instance_profile" "docker_autoscaler" {
+  count = var.runner_worker.type == "docker-autoscaler" ? 1 : 0
+  name  = "${local.name_iam_objects}-docker-autoscaler"
+  role  = aws_iam_role.docker_autoscaler[0].name
+  tags  = local.tags
+}
+
 ################################################################################
 ### Add user defined policies
 ################################################################################
@@ -650,6 +637,13 @@ resource "aws_iam_role_policy_attachment" "docker_machine_user_defined_policies"
   policy_arn = var.runner_worker_docker_machine_role.policy_arns[count.index]
 }
 
+resource "aws_iam_role_policy_attachment" "docker_autoscaler_user_defined_policies" {
+  count = var.runner_worker.type == "docker-autoscaler" ? length(var.runner_worker_docker_autoscaler_role.policy_arns) : 0
+
+  role       = aws_iam_role.docker_autoscaler[0].name
+  policy_arn = var.runner_worker_docker_autoscaler_role.policy_arns[count.index]
+}
+
 ################################################################################
 resource "aws_iam_role_policy_attachment" "docker_machine_session_manager_aws_managed" {
   count = (var.runner_worker.type == "docker+machine" && var.runner_worker.ssm_access) ? 1 : 0
@@ -658,7 +652,12 @@ resource "aws_iam_role_policy_attachment" "docker_machine_session_manager_aws_ma
   policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonSSMManagedInstanceCore"
 }
 
+resource "aws_iam_role_policy_attachment" "docker_autoscaler_session_manager_aws_managed" {
+  count = (var.runner_worker.type == "docker-autoscaler" && var.runner_worker.ssm_access) ? 1 : 0
 
+  role       = aws_iam_role.docker_autoscaler[0].name
+  policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
 
 ################################################################################
 ### Service linked policy, optional