Follow-up from "Initial self hosted"
The following discussions from !1 (merged) should be addressed:
-
@steveazz started a discussion: issue: We need to make it clear that the user has to specify the GCP token for
tf
to work.Error: Error loading Default TokenSource: google: could not find default credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information. on main.tf line 43, in provider "google": 43: provider "google" {
For example, I specified
GOOGLE_APPLICATION_CREDENTIALS
-
@steveazz started a discussion: suggestion: We should make it clear that this is just an example project
$ gcloud config set project $GCP_PROJECT_ID
-
@steveazz started a discussion: suggestion: What do you think if we use
RUNNER_NAME
as a namespace for all the resources that we generate?For example right now if I run this script on
group-verify-df9383
I get the following error:Error: Error creating Network: googleapi: Error 409: The resource 'projects/group-verify-df9383/regions/us-central1/subnetworks/runner-network' already exists, alreadyExists on main.tf line 128, in resource "google_compute_network" "runner_network": 128: resource "google_compute_network" "runner_network" {
Because you already created the network, not as you know these Runners can be shared Runners or project-specific Runners, so I'm sure users are going to want to set up multiple of these for the own project on the same GCP project, which is why we should namespace everything. So we can have X "deployments" of this in the same GCP project and don't have any collisions.
-
@steveazz started a discussion: suggestion: We have quite a lot of bash script here, would it make sense to add the shellcheck linter
-
@steveazz started a discussion: suggestion: I would name this
GCP_PROJECT
so be clear that we are talking about the GCP project and not the Runner project here.The same suggestion applies to
ZONE
, we should be clear what we mean by things, if there are GCP resources, GITLAB resources or RUNNER resources since there might be some overlapping with naming. -
@steveazz started a discussion: suggestion: Should this fallback to
latest
?If we use
latest
we don't have to keep bumping up the version, and they will get the latest version out of the box. -
@steveazz started a discussion: question: Why do we exactly need this to be here?
-
@steveazz started a discussion: suggestion: I don't think we should have
"group-verify-df9383"
since this is a project used for development.Is this so that someone can import the base image automatically? Should we have a separate "production" project for this?
-
@steveazz started a discussion: suggestion: Should we default to Docker instead
🤔 It seems likedocker
is our most popular executor. -
@steveazz started a discussion: question: Is there a specific reason why we are not using
gitlab-runner install
gitlab-runner start
? -
@steveazz started a discussion: question: Why do we need a target pool? Reading https://cloud.google.com/load-balancing/docs/target-pools makes it sound like it's needed when sometimes is receiving requests.
In the case of the Runner, the Runner sends requests and doesn't have any incoming requests so it seems like we are opening up the Runners to the internet which is not something most people want. The only expectation for this rule is interactive web terminal but this is something that should be enabled explicitly and not something that should be enabled by default since it opens up an attack vector that the user might not be aware of.
-
@steveazz started a discussion: suggestion: Should we default to the latest version? So like we don't have to keep updating this
🤔 ? -
@steveazz started a discussion: suggestion: Should this be just a
packer
image that we provide to the user so the user doesn't have to worry anything about setting up the base image, they just use the base image we provide? Something similar to how we publish Docker Images but we publish packer images for GCP.