From 10e424f4659536ddeadeaffcaef83c484f83b030 Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Wed, 27 Apr 2022 15:41:59 +0100
Subject: [PATCH 01/14] Changed key, value to "key", "value" for
 runners.cache.[gcs,s3,azure]

---
 config.tf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config.tf b/config.tf
index 3cd5846..54fbaaa 100644
--- a/config.tf
+++ b/config.tf
@@ -11,15 +11,15 @@ locals {
     Shared = ${var.cache_shared}
     [runners.cache.s3]
     %{~for key, value in var.s3_cache_conf~}
-      ${key} = ${value}
+      "${key}" = "${value}"
     %{~endfor~}
     [runners.cache.gcs]
     %{~for key, value in var.gcs_cache_conf~}
-      ${key} = ${value}
+      "${key}" = "${value}"
     %{~endfor~}
     [runners.cache.azure]
     %{~for key, value in var.azure_cache_conf~}
-      ${key} = ${value}
+      "${key}" = "${value}"
     %{~endfor~}
     %{~endif~}
 %{~endif}

From 6c26145acaa2e78682a116668a65054356778a77 Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Wed, 27 Apr 2022 15:59:49 +0100
Subject: [PATCH 02/14] Added cache credentials, capability to add more secrets
 and fixed merge issue with helm_release.gitlab_runner

---
 main.tf      | 18 ++++++++++++++++--
 variables.tf | 24 ++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/main.tf b/main.tf
index 2a174db..c25115b 100644
--- a/main.tf
+++ b/main.tf
@@ -12,32 +12,46 @@ resource "helm_release" "gitlab_runner" {
   namespace        = var.namespace
   version          = var.chart_version
   create_namespace = var.create_namespace
+  atomic           = true
 
 
   values = [
-    yamlencode(merge({
+    yamlencode({
+
       image                   = var.runner_image
       gitlabUrl               = var.gitlab_url
       concurrent              = var.concurrent
       runnerRegistrationToken = var.runner_registration_token
+      replicas                = var.replicas
+      unregisterRunners       = true
+      secrets                 = var.additional_secrets
+
 
       runners = {
+        name        = var.runner_name
         runUntagged = var.run_untagged_jobs
         tags        = var.runner_tags
         locked      = var.runner_locked
         config      = local.config
+
+        cache = {
+          secretName = var.cache_secret_name
+        }
       }
+
       rbac = {
         create                    = var.create_service_account
         serviceAccountAnnotations = var.service_account_annotations
         serviceAccountName        = var.service_account
         clusterWideAccess         = var.service_account_clusterwide_access
       }
+
       nodeSelector   = var.manager_node_selectors
       tolerations    = var.manager_node_tolerations
       podLabels      = var.manager_pod_labels
       podAnnotations = var.manager_pod_annotations
-    }, var.values)),
+    }),
+    yamlencode(var.values),
     local.values_file
   ]
 
diff --git a/variables.tf b/variables.tf
index 467ca8b..c41ff95 100644
--- a/variables.tf
+++ b/variables.tf
@@ -229,3 +229,27 @@ variable "manager_pod_annotations" {
   default     = {}
 }
 
+variable "additional_secrets" {
+  description = "additional secrets to mount into the manager pods"
+  type = list(object({
+    name  = string
+    items = list(map(string))
+  }))
+  default = []
+}
+
+variable "replicas" {
+  description = "the number of manager pods to create"
+  type        = number
+  default     = 1
+}
+
+variable "runner_name" {
+  description = "name of the runner"
+  type        = string
+}
+
+variable "cache_secret_name" {
+  description = "name of the kubernetes secret that holds the credential file for the cache"
+  type        = string
+}
\ No newline at end of file

From 9bcf1a7ff003797c9feaea78766a99e572d02f7d Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Thu, 28 Apr 2022 12:13:39 +0100
Subject: [PATCH 03/14] changed the variable type for var.additional_secrets

---
 README.md    | 8 ++++++--
 variables.tf | 8 +++-----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 0c6051a..c920971 100644
--- a/README.md
+++ b/README.md
@@ -52,7 +52,7 @@ Full contributing guidelines are covered [here](CONTRIBUTING.md).
 
 | Name | Version |
 |------|---------|
-| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.4.1 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.5.1 |
 
 ## Modules
 
@@ -68,6 +68,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_additional_secrets"></a> [additional\_secrets](#input\_additional\_secrets) | additional secrets to mount into the manager pods | `list(map(string))` | `[]` | no |
 | <a name="input_azure_cache_conf"></a> [azure\_cache\_conf](#input\_azure\_cache\_conf) | Cache parameters define using Azure Blob Storage for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscacheazure-section. Only used when var.use\_local\_cache is false | `map` | `{}` | no |
 | <a name="input_build_dir"></a> [build\_dir](#input\_build\_dir) | Path on nodes for caching | `string` | `null` | no |
 | <a name="input_build_job_default_container_image"></a> [build\_job\_default\_container\_image](#input\_build\_job\_default\_container\_image) | Default container image to use for builds when none is specified | `string` | `"ubuntu:18.04"` | no |
@@ -76,10 +77,11 @@ No modules.
 | <a name="input_build_job_node_tolerations"></a> [build\_job\_node\_tolerations](#input\_build\_job\_node\_tolerations) | A map of node tolerations to apply to the pods as defined https://docs.gitlab.com/runner/executors/kubernetes.html#other-configtoml-settings | `map` | `{}` | no |
 | <a name="input_build_job_pod_annotations"></a> [build\_job\_pod\_annotations](#input\_build\_job\_pod\_annotations) | A map of annotations to be added to each build pod created by the Runner. The value of these can include environment variables for expansion. Pod annotations can be overwritten in each build. | `map` | `{}` | no |
 | <a name="input_build_job_pod_labels"></a> [build\_job\_pod\_labels](#input\_build\_job\_pod\_labels) | A map of labels to be added to each build pod created by the runner. The value of these can include environment variables for expansion. | `map` | `{}` | no |
-| <a name="input_build_job_priviledged"></a> [build\_job\_priviledged](#input\_build\_job\_priviledged) | Run all containers with the privileged flag enabled. This will allow the docker:dind image to run if you need to run Docker | `bool` | `false` | no |
+| <a name="input_build_job_privileged"></a> [build\_job\_privileged](#input\_build\_job\_privileged) | Run all containers with the privileged flag enabled. This will allow the docker:dind image to run if you need to run Docker | `bool` | `false` | no |
 | <a name="input_build_job_run_container_as_user"></a> [build\_job\_run\_container\_as\_user](#input\_build\_job\_run\_container\_as\_user) | SecurityContext: runAsUser for all running job pods | `string` | `null` | no |
 | <a name="input_build_job_secret_volumes"></a> [build\_job\_secret\_volumes](#input\_build\_job\_secret\_volumes) | Secret volume configuration instructs Kubernetes to use a secret that is defined in Kubernetes cluster and mount it inside of the containes as defined https://docs.gitlab.com/runner/executors/kubernetes.html#secret-volumes | <pre>object({<br>    name       = string<br>    mount_path = string<br>    read_only  = string<br>    items      = map(string)<br>  })</pre> | <pre>{<br>  "items": {},<br>  "mount_path": null,<br>  "name": null,<br>  "read_only": null<br>}</pre> | no |
 | <a name="input_cache_path"></a> [cache\_path](#input\_cache\_path) | Name of the path to prepend to the cache URL. Only used when var.use\_local\_cache is false | `string` | `null` | no |
+| <a name="input_cache_secret_name"></a> [cache\_secret\_name](#input\_cache\_secret\_name) | name of the kubernetes secret that holds the credential file for the cache | `string` | `null` | no |
 | <a name="input_cache_shared"></a> [cache\_shared](#input\_cache\_shared) | Enables cache sharing between runners. Only used when var.use\_local\_cache is false | `bool` | `false` | no |
 | <a name="input_cache_type"></a> [cache\_type](#input\_cache\_type) | One of: s3, gcs, azure. Only used when var.use\_local\_cache is false | `string` | `null` | no |
 | <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | The version of the chart | `string` | `"0.36.0"` | no |
@@ -97,9 +99,11 @@ No modules.
 | <a name="input_manager_pod_labels"></a> [manager\_pod\_labels](#input\_manager\_pod\_labels) | A map of labels to be added to each build pod created by the runner. The value of these can include environment variables for expansion. | `map` | `{}` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | n/a | `string` | `"gitlab-runner"` | no |
 | <a name="input_release_name"></a> [release\_name](#input\_release\_name) | The helm release name | `string` | `"gitlab-runner"` | no |
+| <a name="input_replicas"></a> [replicas](#input\_replicas) | the number of manager pods to create | `number` | `1` | no |
 | <a name="input_run_untagged_jobs"></a> [run\_untagged\_jobs](#input\_run\_untagged\_jobs) | Specify if jobs without tags should be run. https://docs.gitlab.com/ce/ci/runners/#runner-is-allowed-to-run-untagged-jobs | `bool` | `false` | no |
 | <a name="input_runner_image"></a> [runner\_image](#input\_runner\_image) | The docker gitlab runner version. https://hub.docker.com/r/gitlab/gitlab-runner/tags/ | `string` | `null` | no |
 | <a name="input_runner_locked"></a> [runner\_locked](#input\_runner\_locked) | Specify whether the runner should be locked to a specific project/group | `string` | `true` | no |
+| <a name="input_runner_name"></a> [runner\_name](#input\_runner\_name) | name of the runner | `string` | n/a | yes |
 | <a name="input_runner_registration_token"></a> [runner\_registration\_token](#input\_runner\_registration\_token) | runner registration token | `string` | n/a | yes |
 | <a name="input_runner_tags"></a> [runner\_tags](#input\_runner\_tags) | Specify the tags associated with the runner. Comma-separated list of tags. | `string` | n/a | yes |
 | <a name="input_s3_cache_conf"></a> [s3\_cache\_conf](#input\_s3\_cache\_conf) | Cache parameters define using S3 for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscaches3-section. Only used when var.use\_local\_cache is false | `map` | `{}` | no |
diff --git a/variables.tf b/variables.tf
index c41ff95..0ce95ba 100644
--- a/variables.tf
+++ b/variables.tf
@@ -231,11 +231,8 @@ variable "manager_pod_annotations" {
 
 variable "additional_secrets" {
   description = "additional secrets to mount into the manager pods"
-  type = list(object({
-    name  = string
-    items = list(map(string))
-  }))
-  default = []
+  type        = list(map(string))
+  default     = []
 }
 
 variable "replicas" {
@@ -252,4 +249,5 @@ variable "runner_name" {
 variable "cache_secret_name" {
   description = "name of the kubernetes secret that holds the credential file for the cache"
   type        = string
+  default     = null
 }
\ No newline at end of file

From a3594741578a44e1933f6a6c985bbe4a2968e5da Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Thu, 28 Apr 2022 12:15:03 +0100
Subject: [PATCH 04/14] updated the examples

---
 examples/main.tf      | 30 ++++++++++++++++++++----------
 examples/variables.tf |  1 +
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/examples/main.tf b/examples/main.tf
index 75b08d8..ce17d47 100644
--- a/examples/main.tf
+++ b/examples/main.tf
@@ -1,3 +1,10 @@
+locals {
+  labels = {
+    "node-kind" = "ci"
+  }
+
+}
+
 
 # ---------------------------------------------------------------------------------------------------------------------
 # PUBLIC GKE WITH NODE POOL AND SERVICE ACCOUNT
@@ -63,13 +70,10 @@ module "gke_node_pool_gitlab" {
   }]
 
   # Labels will be used in node selectors to ensure pods get scheduled to nodes with the same labels
-  labels = {
-    "node-kind" = "ci"
-  }
+  labels = local.labels
 }
 
 
-
 module "gitlab-runner" {
   source = "../"
 
@@ -78,17 +82,23 @@ module "gitlab-runner" {
   runner_registration_token = var.runner_registration_token
   namespace                 = var.runner_namespace
   image_pull_secrets        = ["some-pull-secret"]
+  runner_name               = "my-runner"
 
   # Mount docker socket instead of using docker-in-docker
-  mount_docker_socket = true
+  build_job_mount_docker_socket = true
 
-  # Job pods should be scheduled on nodes with this label
-  node_selectors = {
-    "node-kind" = "ci"
-  }
+  # pods should be scheduled on nodes with this label
+  build_job_node_selectors = local.labels
+  manager_node_selectors   = local.labels
 
   # Pods should be able to tolerate taints
-  node_tolerations = {
+  manager_node_tolerations = [{
+    key      = "node.gitlab.ci/dedicated"
+    operator = "Exists"
+    effect   = "NO_SCHEDULE"
+  }]
+
+  build_job_node_tolerations = {
     "node.gitlab.ci/dedicated=true" = "NO_SCHEDULE"
   }
 
diff --git a/examples/variables.tf b/examples/variables.tf
index fc8ec41..a29c731 100644
--- a/examples/variables.tf
+++ b/examples/variables.tf
@@ -41,3 +41,4 @@ variable "runner_namespace" {
 variable "runner_machine_type" {
   description = "The machine type to use when creating the node pools"
 }
+

From 7e8f10ccc8370a37ab2a1a9e0047c86222f7fa01 Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Thu, 28 Apr 2022 14:22:02 +0100
Subject: [PATCH 05/14] added variable unregister_runners

---
 main.tf      | 2 +-
 variables.tf | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index c25115b..37c04d8 100644
--- a/main.tf
+++ b/main.tf
@@ -23,7 +23,7 @@ resource "helm_release" "gitlab_runner" {
       concurrent              = var.concurrent
       runnerRegistrationToken = var.runner_registration_token
       replicas                = var.replicas
-      unregisterRunners       = true
+      unregisterRunners       = var.unregister_runners
       secrets                 = var.additional_secrets
 
 
diff --git a/variables.tf b/variables.tf
index 0ce95ba..74ad9d6 100644
--- a/variables.tf
+++ b/variables.tf
@@ -250,4 +250,10 @@ variable "cache_secret_name" {
   description = "name of the kubernetes secret that holds the credential file for the cache"
   type        = string
   default     = null
+}
+
+variable "unregister_runners" {
+  description = "whether runners should be unregistered when pool is deprovisioned"
+  type        = bool
+  default     = string
 }
\ No newline at end of file

From 201b51fb3758ebff5f683a5a4be4510d95fd608b Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Fri, 29 Apr 2022 09:18:16 +0100
Subject: [PATCH 06/14] added var.runner_token and specified derivative values
 for cache.secretName and replicas

---
 README.md    |  3 +++
 main.tf      | 12 ++++++++----
 variables.tf | 14 +++++++++++++-
 3 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index c920971..011363d 100644
--- a/README.md
+++ b/README.md
@@ -90,6 +90,7 @@ No modules.
 | <a name="input_create_service_account"></a> [create\_service\_account](#input\_create\_service\_account) | If true, the service account, it's role and rolebinding will be created, else, the service account is assumed to already be created | `bool` | `true` | no |
 | <a name="input_docker_fs_group"></a> [docker\_fs\_group](#input\_docker\_fs\_group) | The fsGroup to use for docker. This is added to security context when mount\_docker\_socket is enabled | `number` | `412` | no |
 | <a name="input_gcs_cache_conf"></a> [gcs\_cache\_conf](#input\_gcs\_cache\_conf) | Cache parameters define using Azure Blob Storage for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section. Only used when var.use\_local\_cache is false | `map` | `{}` | no |
+| <a name="input_gcs_cache_use_cred_file"></a> [gcs\_cache\_use\_cred\_file](#input\_gcs\_cache\_use\_cred\_file) | whether to use credentials file to to authenticate to google or use a service account id and private key. setting this to true selects the cred file, setting it to false means that the id and private key is the chosen means of authentication. | `bool` | `null` | no |
 | <a name="input_gitlab_url"></a> [gitlab\_url](#input\_gitlab\_url) | The GitLab Server URL (with protocol) that want to register the runner against | `string` | `"https://gitlab.com/"` | no |
 | <a name="input_image_pull_secrets"></a> [image\_pull\_secrets](#input\_image\_pull\_secrets) | A array of secrets that are used to authenticate Docker image pulling. | `list(string)` | `[]` | no |
 | <a name="input_local_cache_dir"></a> [local\_cache\_dir](#input\_local\_cache\_dir) | Path on nodes for caching | `string` | `"/tmp/gitlab/cache"` | no |
@@ -106,10 +107,12 @@ No modules.
 | <a name="input_runner_name"></a> [runner\_name](#input\_runner\_name) | name of the runner | `string` | n/a | yes |
 | <a name="input_runner_registration_token"></a> [runner\_registration\_token](#input\_runner\_registration\_token) | runner registration token | `string` | n/a | yes |
 | <a name="input_runner_tags"></a> [runner\_tags](#input\_runner\_tags) | Specify the tags associated with the runner. Comma-separated list of tags. | `string` | n/a | yes |
+| <a name="input_runner_token"></a> [runner\_token](#input\_runner\_token) | token of already registered runer. to use this var.runner\_registration\_token must be set to null | `string` | `null` | no |
 | <a name="input_s3_cache_conf"></a> [s3\_cache\_conf](#input\_s3\_cache\_conf) | Cache parameters define using S3 for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscaches3-section. Only used when var.use\_local\_cache is false | `map` | `{}` | no |
 | <a name="input_service_account"></a> [service\_account](#input\_service\_account) | The name of the Service account to create | `string` | `"gitlab-runner"` | no |
 | <a name="input_service_account_annotations"></a> [service\_account\_annotations](#input\_service\_account\_annotations) | The annotations to add to the service account | `map` | `{}` | no |
 | <a name="input_service_account_clusterwide_access"></a> [service\_account\_clusterwide\_access](#input\_service\_account\_clusterwide\_access) | Run the gitlab-bastion container with the ability to deploy/manage containers of jobs cluster-wide or only within namespace | `bool` | `false` | no |
+| <a name="input_unregister_runners"></a> [unregister\_runners](#input\_unregister\_runners) | whether runners should be unregistered when pool is deprovisioned | `bool` | `true` | no |
 | <a name="input_use_local_cache"></a> [use\_local\_cache](#input\_use\_local\_cache) | Use path on nodes for caching | `bool` | `false` | no |
 | <a name="input_values"></a> [values](#input\_values) | Additional values to be passed to the gitlab-runner helm chart | `map` | `{}` | no |
 | <a name="input_values_file"></a> [values\_file](#input\_values\_file) | Path to Values file to be passed to gitlab-runner helm chart | `string` | `null` | no |
diff --git a/main.tf b/main.tf
index 37c04d8..359e5b8 100644
--- a/main.tf
+++ b/main.tf
@@ -1,7 +1,10 @@
 locals {
-  values_file = var.values_file != null ? file(var.values_file) : ""
-  repository  = "https://charts.gitlab.io"
-  chart_name  = "gitlab-runner"
+  values_file       = var.values_file != null ? file(var.values_file) : ""
+  repository        = "https://charts.gitlab.io"
+  chart_name        = "gitlab-runner"
+  runner_token      = var.runner_registration_token == null ? var.runner_token : null
+  cache_secret_name = var.cache_type == "s3" ? "s3access" : var.cache_type == "azure" ? "azureaccess" : var.cache_type == "gcs" && var.gcs_cache_use_cred_file == true ? "google-application-credentials" : var.cache_type == "gcs" && var.gcs_cache_use_cred_file != true ? "gcsaccess" : ""
+  replicas          = var.runner_token != null ? 1 : var.replicas
 }
 
 //INSTALL HELM CHART
@@ -22,7 +25,8 @@ resource "helm_release" "gitlab_runner" {
       gitlabUrl               = var.gitlab_url
       concurrent              = var.concurrent
       runnerRegistrationToken = var.runner_registration_token
-      replicas                = var.replicas
+      runnerToken             = local.runner_token
+      replicas                = local.replicas
       unregisterRunners       = var.unregister_runners
       secrets                 = var.additional_secrets
 
diff --git a/variables.tf b/variables.tf
index 74ad9d6..c8da2c9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -255,5 +255,17 @@ variable "cache_secret_name" {
 variable "unregister_runners" {
   description = "whether runners should be unregistered when pool is deprovisioned"
   type        = bool
-  default     = string
+  default     = true
+}
+
+variable "runner_token" {
+  description = "token of already registered runer. to use this var.runner_registration_token must be set to null"
+  type        = string
+  default     = null
+}
+
+variable "gcs_cache_use_cred_file" {
+  description = "whether to use credentials file to to authenticate to google or use a service account id and private key. setting this to true selects the cred file, setting it to false means that the id and private key is the chosen means of authentication."
+  type        = bool
+  default     = null
 }
\ No newline at end of file

From 12149fb658c63e49c215a2d5625775a5953c4191 Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Fri, 29 Apr 2022 17:34:39 +0100
Subject: [PATCH 07/14] created a variable  of type object to hold all the
 cache information

---
 README.md    | 10 +------
 config.tf    | 18 ++++++-------
 local.tf     | 16 +++++++++++
 main.tf      | 10 +------
 variables.tf | 76 +++++++++++++++++++---------------------------------
 5 files changed, 55 insertions(+), 75 deletions(-)
 create mode 100644 local.tf

diff --git a/README.md b/README.md
index 011363d..9580356 100644
--- a/README.md
+++ b/README.md
@@ -69,7 +69,6 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_additional_secrets"></a> [additional\_secrets](#input\_additional\_secrets) | additional secrets to mount into the manager pods | `list(map(string))` | `[]` | no |
-| <a name="input_azure_cache_conf"></a> [azure\_cache\_conf](#input\_azure\_cache\_conf) | Cache parameters define using Azure Blob Storage for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscacheazure-section. Only used when var.use\_local\_cache is false | `map` | `{}` | no |
 | <a name="input_build_dir"></a> [build\_dir](#input\_build\_dir) | Path on nodes for caching | `string` | `null` | no |
 | <a name="input_build_job_default_container_image"></a> [build\_job\_default\_container\_image](#input\_build\_job\_default\_container\_image) | Default container image to use for builds when none is specified | `string` | `"ubuntu:18.04"` | no |
 | <a name="input_build_job_mount_docker_socket"></a> [build\_job\_mount\_docker\_socket](#input\_build\_job\_mount\_docker\_socket) | Path on nodes for caching | `bool` | `false` | no |
@@ -80,17 +79,12 @@ No modules.
 | <a name="input_build_job_privileged"></a> [build\_job\_privileged](#input\_build\_job\_privileged) | Run all containers with the privileged flag enabled. This will allow the docker:dind image to run if you need to run Docker | `bool` | `false` | no |
 | <a name="input_build_job_run_container_as_user"></a> [build\_job\_run\_container\_as\_user](#input\_build\_job\_run\_container\_as\_user) | SecurityContext: runAsUser for all running job pods | `string` | `null` | no |
 | <a name="input_build_job_secret_volumes"></a> [build\_job\_secret\_volumes](#input\_build\_job\_secret\_volumes) | Secret volume configuration instructs Kubernetes to use a secret that is defined in Kubernetes cluster and mount it inside of the containes as defined https://docs.gitlab.com/runner/executors/kubernetes.html#secret-volumes | <pre>object({<br>    name       = string<br>    mount_path = string<br>    read_only  = string<br>    items      = map(string)<br>  })</pre> | <pre>{<br>  "items": {},<br>  "mount_path": null,<br>  "name": null,<br>  "read_only": null<br>}</pre> | no |
-| <a name="input_cache_path"></a> [cache\_path](#input\_cache\_path) | Name of the path to prepend to the cache URL. Only used when var.use\_local\_cache is false | `string` | `null` | no |
-| <a name="input_cache_secret_name"></a> [cache\_secret\_name](#input\_cache\_secret\_name) | name of the kubernetes secret that holds the credential file for the cache | `string` | `null` | no |
-| <a name="input_cache_shared"></a> [cache\_shared](#input\_cache\_shared) | Enables cache sharing between runners. Only used when var.use\_local\_cache is false | `bool` | `false` | no |
-| <a name="input_cache_type"></a> [cache\_type](#input\_cache\_type) | One of: s3, gcs, azure. Only used when var.use\_local\_cache is false | `string` | `null` | no |
+| <a name="input_cache"></a> [cache](#input\_cache) | value | <pre>object({<br>    type   = string<br>    path   = string<br>    shared = bool<br>    gcs    = map(any)<br>    s3     = map(any)<br>    azure  = map(any)<br>  })</pre> | <pre>{<br>  "azure": {},<br>  "gcs": {<br>    "CredentialsFile": ""<br>  },<br>  "path": "",<br>  "s3": {},<br>  "shared": false,<br>  "type": ""<br>}</pre> | no |
 | <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | The version of the chart | `string` | `"0.36.0"` | no |
 | <a name="input_concurrent"></a> [concurrent](#input\_concurrent) | Configure the maximum number of concurrent jobs | `number` | `10` | no |
 | <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | (Optional) Create the namespace if it does not yet exist. Defaults to false. | `bool` | `true` | no |
 | <a name="input_create_service_account"></a> [create\_service\_account](#input\_create\_service\_account) | If true, the service account, it's role and rolebinding will be created, else, the service account is assumed to already be created | `bool` | `true` | no |
 | <a name="input_docker_fs_group"></a> [docker\_fs\_group](#input\_docker\_fs\_group) | The fsGroup to use for docker. This is added to security context when mount\_docker\_socket is enabled | `number` | `412` | no |
-| <a name="input_gcs_cache_conf"></a> [gcs\_cache\_conf](#input\_gcs\_cache\_conf) | Cache parameters define using Azure Blob Storage for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section. Only used when var.use\_local\_cache is false | `map` | `{}` | no |
-| <a name="input_gcs_cache_use_cred_file"></a> [gcs\_cache\_use\_cred\_file](#input\_gcs\_cache\_use\_cred\_file) | whether to use credentials file to to authenticate to google or use a service account id and private key. setting this to true selects the cred file, setting it to false means that the id and private key is the chosen means of authentication. | `bool` | `null` | no |
 | <a name="input_gitlab_url"></a> [gitlab\_url](#input\_gitlab\_url) | The GitLab Server URL (with protocol) that want to register the runner against | `string` | `"https://gitlab.com/"` | no |
 | <a name="input_image_pull_secrets"></a> [image\_pull\_secrets](#input\_image\_pull\_secrets) | A array of secrets that are used to authenticate Docker image pulling. | `list(string)` | `[]` | no |
 | <a name="input_local_cache_dir"></a> [local\_cache\_dir](#input\_local\_cache\_dir) | Path on nodes for caching | `string` | `"/tmp/gitlab/cache"` | no |
@@ -108,12 +102,10 @@ No modules.
 | <a name="input_runner_registration_token"></a> [runner\_registration\_token](#input\_runner\_registration\_token) | runner registration token | `string` | n/a | yes |
 | <a name="input_runner_tags"></a> [runner\_tags](#input\_runner\_tags) | Specify the tags associated with the runner. Comma-separated list of tags. | `string` | n/a | yes |
 | <a name="input_runner_token"></a> [runner\_token](#input\_runner\_token) | token of already registered runer. to use this var.runner\_registration\_token must be set to null | `string` | `null` | no |
-| <a name="input_s3_cache_conf"></a> [s3\_cache\_conf](#input\_s3\_cache\_conf) | Cache parameters define using S3 for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscaches3-section. Only used when var.use\_local\_cache is false | `map` | `{}` | no |
 | <a name="input_service_account"></a> [service\_account](#input\_service\_account) | The name of the Service account to create | `string` | `"gitlab-runner"` | no |
 | <a name="input_service_account_annotations"></a> [service\_account\_annotations](#input\_service\_account\_annotations) | The annotations to add to the service account | `map` | `{}` | no |
 | <a name="input_service_account_clusterwide_access"></a> [service\_account\_clusterwide\_access](#input\_service\_account\_clusterwide\_access) | Run the gitlab-bastion container with the ability to deploy/manage containers of jobs cluster-wide or only within namespace | `bool` | `false` | no |
 | <a name="input_unregister_runners"></a> [unregister\_runners](#input\_unregister\_runners) | whether runners should be unregistered when pool is deprovisioned | `bool` | `true` | no |
-| <a name="input_use_local_cache"></a> [use\_local\_cache](#input\_use\_local\_cache) | Use path on nodes for caching | `bool` | `false` | no |
 | <a name="input_values"></a> [values](#input\_values) | Additional values to be passed to the gitlab-runner helm chart | `map` | `{}` | no |
 | <a name="input_values_file"></a> [values\_file](#input\_values\_file) | Path to Values file to be passed to gitlab-runner helm chart | `string` | `null` | no |
 
diff --git a/config.tf b/config.tf
index 54fbaaa..9873453 100644
--- a/config.tf
+++ b/config.tf
@@ -1,24 +1,24 @@
 locals {
   config = <<EOF
 [[runners]]
-%{if var.use_local_cache~}
+%{if var.cache.type == "local"~}
   cache_dir = "${var.local_cache_dir}"
 %{~else~}
-  %{if var.cache_type != null~}
+  %{if var.cache.type != "local"~}
   [runners.cache]
-    Type = "${var.cache_type}"
-    Path = "${var.cache_path}"
-    Shared = ${var.cache_shared}
+    Type = "${var.cache.type}"
+    Path = "${var.cache.path}"
+    Shared = ${var.cache.shared}
     [runners.cache.s3]
-    %{~for key, value in var.s3_cache_conf~}
+    %{~for key, value in var.cache.s3~}
       "${key}" = "${value}"
     %{~endfor~}
     [runners.cache.gcs]
-    %{~for key, value in var.gcs_cache_conf~}
+    %{~for key, value in var.cache.gcs~}
       "${key}" = "${value}"
     %{~endfor~}
     [runners.cache.azure]
-    %{~for key, value in var.azure_cache_conf~}
+    %{~for key, value in var.cache.azure~}
       "${key}" = "${value}"
     %{~endfor~}
     %{~endif~}
@@ -66,7 +66,7 @@ locals {
         read_only = true
         host_path = "/var/run/docker.sock"
     %{~endif~}
-    %{~if var.use_local_cache~}
+    %{~if var.cache.type == "local"~}
       [[runners.kubernetes.volumes.host_path]]
         name = "cache"
         mount_path = "${var.local_cache_dir}"
diff --git a/local.tf b/local.tf
new file mode 100644
index 0000000..11f47e8
--- /dev/null
+++ b/local.tf
@@ -0,0 +1,16 @@
+
+locals {
+  values_file     = var.values_file != null ? file(var.values_file) : ""
+  repository      = "https://charts.gitlab.io"
+  chart_name      = "gitlab-runner"
+  runner_token    = var.runner_registration_token == null ? var.runner_token : null
+  replicas        = var.runner_token != null ? 1 : var.replicas
+  gcs_secret_name = lookup(var.cache.gcs, "CredentialsFile", "") != "" ? "google-application-credentials" : lookup(var.cache.gcs, "AccessID", "") != "" ? "gcsaccess" : ""
+
+  cache_secret_config = {
+    s3    = "s3access"
+    azure = "azureaccess"
+    gcs   = local.gcs_secret_name
+  }
+  cache_secret_name = lookup(local.cache_secret_config, var.cache.type, "")
+}
\ No newline at end of file
diff --git a/main.tf b/main.tf
index 359e5b8..b602a3b 100644
--- a/main.tf
+++ b/main.tf
@@ -1,11 +1,3 @@
-locals {
-  values_file       = var.values_file != null ? file(var.values_file) : ""
-  repository        = "https://charts.gitlab.io"
-  chart_name        = "gitlab-runner"
-  runner_token      = var.runner_registration_token == null ? var.runner_token : null
-  cache_secret_name = var.cache_type == "s3" ? "s3access" : var.cache_type == "azure" ? "azureaccess" : var.cache_type == "gcs" && var.gcs_cache_use_cred_file == true ? "google-application-credentials" : var.cache_type == "gcs" && var.gcs_cache_use_cred_file != true ? "gcsaccess" : ""
-  replicas          = var.runner_token != null ? 1 : var.replicas
-}
 
 //INSTALL HELM CHART
 resource "helm_release" "gitlab_runner" {
@@ -39,7 +31,7 @@ resource "helm_release" "gitlab_runner" {
         config      = local.config
 
         cache = {
-          secretName = var.cache_secret_name
+          secretName = local.cache_secret_name
         }
       }
 
diff --git a/variables.tf b/variables.tf
index c8da2c9..1748dd6 100644
--- a/variables.tf
+++ b/variables.tf
@@ -94,11 +94,6 @@ variable "create_service_account" {
   description = "If true, the service account, it's role and rolebinding will be created, else, the service account is assumed to already be created"
 }
 
-variable "use_local_cache" {
-  default     = false
-  description = "Use path on nodes for caching"
-}
-
 variable "local_cache_dir" {
   default     = "/tmp/gitlab/cache"
   description = "Path on nodes for caching"
@@ -154,38 +149,6 @@ variable "build_job_pod_annotations" {
 }
 
 
-variable "cache_type" {
-  description = "One of: s3, gcs, azure. Only used when var.use_local_cache is false"
-  default     = null
-  type        = string
-}
-
-variable "cache_path" {
-  description = "Name of the path to prepend to the cache URL. Only used when var.use_local_cache is false"
-  default     = null
-  type        = string
-}
-
-variable "cache_shared" {
-  description = "Enables cache sharing between runners. Only used when var.use_local_cache is false"
-  default     = false
-}
-
-variable "azure_cache_conf" {
-  description = "Cache parameters define using Azure Blob Storage for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscacheazure-section. Only used when var.use_local_cache is false"
-  default     = {}
-}
-
-variable "gcs_cache_conf" {
-  description = "Cache parameters define using Azure Blob Storage for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscachegcs-section. Only used when var.use_local_cache is false"
-  default     = {}
-}
-
-variable "s3_cache_conf" {
-  description = "Cache parameters define using S3 for caching as seen https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscaches3-section. Only used when var.use_local_cache is false"
-  default     = {}
-}
-
 variable "build_job_secret_volumes" {
   description = "Secret volume configuration instructs Kubernetes to use a secret that is defined in Kubernetes cluster and mount it inside of the containes as defined https://docs.gitlab.com/runner/executors/kubernetes.html#secret-volumes"
   type = object({
@@ -246,12 +209,6 @@ variable "runner_name" {
   type        = string
 }
 
-variable "cache_secret_name" {
-  description = "name of the kubernetes secret that holds the credential file for the cache"
-  type        = string
-  default     = null
-}
-
 variable "unregister_runners" {
   description = "whether runners should be unregistered when pool is deprovisioned"
   type        = bool
@@ -264,8 +221,31 @@ variable "runner_token" {
   default     = null
 }
 
-variable "gcs_cache_use_cred_file" {
-  description = "whether to use credentials file to to authenticate to google or use a service account id and private key. setting this to true selects the cred file, setting it to false means that the id and private key is the chosen means of authentication."
-  type        = bool
-  default     = null
-}
\ No newline at end of file
+
+variable "cache" {
+  description = "value"
+  type = object({
+    type   = string
+    path   = string
+    shared = bool
+    gcs    = map(any)
+    s3     = map(any)
+    azure  = map(any)
+  })
+
+  validation {
+    condition     = var.cache.type == "gcs" ? lookup(var.cache.gcs, "CredentialsFile", "") != "" || lookup(var.cache.gcs, "AccessID", "") != "" : true
+    error_message = "To use the gcs cache type you must set either CredentialsFile or AccessID and PrivateKey in var.cache.gcs."
+  }
+
+  default = {
+    type   = ""
+    shared = false
+    path   = ""
+    gcs = {
+      CredentialsFile = ""
+    }
+    s3    = {}
+    azure = {}
+  }
+}

From eb7cbac78abbbd9da78115c4eedc8daeccb6bc37 Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Fri, 29 Apr 2022 20:12:59 +0100
Subject: [PATCH 08/14] changed helm_release.gitlab_runner.atomic form literal
 to variable

---
 README.md    | 1 +
 main.tf      | 2 +-
 variables.tf | 6 ++++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 9580356..eb78ad5 100644
--- a/README.md
+++ b/README.md
@@ -69,6 +69,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_additional_secrets"></a> [additional\_secrets](#input\_additional\_secrets) | additional secrets to mount into the manager pods | `list(map(string))` | `[]` | no |
+| <a name="input_atomic"></a> [atomic](#input\_atomic) | whenteher to deploy the entire module as a unit | `bool` | `true` | no |
 | <a name="input_build_dir"></a> [build\_dir](#input\_build\_dir) | Path on nodes for caching | `string` | `null` | no |
 | <a name="input_build_job_default_container_image"></a> [build\_job\_default\_container\_image](#input\_build\_job\_default\_container\_image) | Default container image to use for builds when none is specified | `string` | `"ubuntu:18.04"` | no |
 | <a name="input_build_job_mount_docker_socket"></a> [build\_job\_mount\_docker\_socket](#input\_build\_job\_mount\_docker\_socket) | Path on nodes for caching | `bool` | `false` | no |
diff --git a/main.tf b/main.tf
index b602a3b..211e904 100644
--- a/main.tf
+++ b/main.tf
@@ -7,7 +7,7 @@ resource "helm_release" "gitlab_runner" {
   namespace        = var.namespace
   version          = var.chart_version
   create_namespace = var.create_namespace
-  atomic           = true
+  atomic           = var.atomic
 
 
   values = [
diff --git a/variables.tf b/variables.tf
index 1748dd6..35cb6ea 100644
--- a/variables.tf
+++ b/variables.tf
@@ -62,6 +62,12 @@ variable "release_name" {
   default     = "gitlab-runner"
 }
 
+variable "atomic" {
+  description = "whenteher to deploy the entire module as a unit"
+  type        = bool
+  default     = true
+}
+
 variable "build_job_default_container_image" {
   description = "Default container image to use for builds when none is specified"
   type        = string

From 39541f210f57744c15ad5368e6895fa60390e5f4 Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Sat, 30 Apr 2022 09:13:05 +0100
Subject: [PATCH 09/14] fixed the default value for var.cache

---
 variables.tf | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/variables.tf b/variables.tf
index 35cb6ea..d48beff 100644
--- a/variables.tf
+++ b/variables.tf
@@ -63,7 +63,7 @@ variable "release_name" {
 }
 
 variable "atomic" {
-  description = "whenteher to deploy the entire module as a unit"
+  description = "whether to deploy the entire module as a unit"
   type        = bool
   default     = true
 }
@@ -229,7 +229,7 @@ variable "runner_token" {
 
 
 variable "cache" {
-  description = "value"
+  description = "Describes the properties of the cache. type can be either of ['local', 'gcs', 's3', 'azure'], path defines a path to append to the bucket url, shared specifies whether the cache can be shared between runners. you also specify the individual properties of the particular cache type you select. see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscache-section"
   type = object({
     type   = string
     path   = string
@@ -246,12 +246,10 @@ variable "cache" {
 
   default = {
     type   = ""
-    shared = false
     path   = ""
-    gcs = {
-      CredentialsFile = ""
-    }
-    s3    = {}
-    azure = {}
+    shared = false
+    gcs    = {}
+    s3     = {}
+    azure  = {}
   }
 }

From 311f35f83ac4125237d25eca120be6b86febbea6 Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Sat, 30 Apr 2022 09:13:46 +0100
Subject: [PATCH 10/14] updated README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index eb78ad5..850ad30 100644
--- a/README.md
+++ b/README.md
@@ -69,7 +69,7 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_additional_secrets"></a> [additional\_secrets](#input\_additional\_secrets) | additional secrets to mount into the manager pods | `list(map(string))` | `[]` | no |
-| <a name="input_atomic"></a> [atomic](#input\_atomic) | whenteher to deploy the entire module as a unit | `bool` | `true` | no |
+| <a name="input_atomic"></a> [atomic](#input\_atomic) | whether to deploy the entire module as a unit | `bool` | `true` | no |
 | <a name="input_build_dir"></a> [build\_dir](#input\_build\_dir) | Path on nodes for caching | `string` | `null` | no |
 | <a name="input_build_job_default_container_image"></a> [build\_job\_default\_container\_image](#input\_build\_job\_default\_container\_image) | Default container image to use for builds when none is specified | `string` | `"ubuntu:18.04"` | no |
 | <a name="input_build_job_mount_docker_socket"></a> [build\_job\_mount\_docker\_socket](#input\_build\_job\_mount\_docker\_socket) | Path on nodes for caching | `bool` | `false` | no |
@@ -80,7 +80,7 @@ No modules.
 | <a name="input_build_job_privileged"></a> [build\_job\_privileged](#input\_build\_job\_privileged) | Run all containers with the privileged flag enabled. This will allow the docker:dind image to run if you need to run Docker | `bool` | `false` | no |
 | <a name="input_build_job_run_container_as_user"></a> [build\_job\_run\_container\_as\_user](#input\_build\_job\_run\_container\_as\_user) | SecurityContext: runAsUser for all running job pods | `string` | `null` | no |
 | <a name="input_build_job_secret_volumes"></a> [build\_job\_secret\_volumes](#input\_build\_job\_secret\_volumes) | Secret volume configuration instructs Kubernetes to use a secret that is defined in Kubernetes cluster and mount it inside of the containes as defined https://docs.gitlab.com/runner/executors/kubernetes.html#secret-volumes | <pre>object({<br>    name       = string<br>    mount_path = string<br>    read_only  = string<br>    items      = map(string)<br>  })</pre> | <pre>{<br>  "items": {},<br>  "mount_path": null,<br>  "name": null,<br>  "read_only": null<br>}</pre> | no |
-| <a name="input_cache"></a> [cache](#input\_cache) | value | <pre>object({<br>    type   = string<br>    path   = string<br>    shared = bool<br>    gcs    = map(any)<br>    s3     = map(any)<br>    azure  = map(any)<br>  })</pre> | <pre>{<br>  "azure": {},<br>  "gcs": {<br>    "CredentialsFile": ""<br>  },<br>  "path": "",<br>  "s3": {},<br>  "shared": false,<br>  "type": ""<br>}</pre> | no |
+| <a name="input_cache"></a> [cache](#input\_cache) | Describes the properties of the cache. type can be either of ['local', 'gcs', 's3', 'azure'], path defines a path to append to the bucket url, shared specifies whether the cache can be shared between runners. you also specify the individual properties of the particular cache type you select. see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscache-section | <pre>object({<br>    type   = string<br>    path   = string<br>    shared = bool<br>    gcs    = map(any)<br>    s3     = map(any)<br>    azure  = map(any)<br>  })</pre> | <pre>{<br>  "azure": {},<br>  "gcs": {},<br>  "path": "",<br>  "s3": {},<br>  "shared": false,<br>  "type": ""<br>}</pre> | no |
 | <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | The version of the chart | `string` | `"0.36.0"` | no |
 | <a name="input_concurrent"></a> [concurrent](#input\_concurrent) | Configure the maximum number of concurrent jobs | `number` | `10` | no |
 | <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | (Optional) Create the namespace if it does not yet exist. Defaults to false. | `bool` | `true` | no |

From 3a7418c1b5538bc22a27bbb300c600d8d7a23050 Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Wed, 4 May 2022 16:32:22 +0100
Subject: [PATCH 11/14] added validation for s3 and azure cache type

---
 README.md    |  2 +-
 config.tf    |  2 --
 variables.tf | 17 +++++++++++++++--
 3 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 850ad30..10fc74d 100644
--- a/README.md
+++ b/README.md
@@ -80,7 +80,7 @@ No modules.
 | <a name="input_build_job_privileged"></a> [build\_job\_privileged](#input\_build\_job\_privileged) | Run all containers with the privileged flag enabled. This will allow the docker:dind image to run if you need to run Docker | `bool` | `false` | no |
 | <a name="input_build_job_run_container_as_user"></a> [build\_job\_run\_container\_as\_user](#input\_build\_job\_run\_container\_as\_user) | SecurityContext: runAsUser for all running job pods | `string` | `null` | no |
 | <a name="input_build_job_secret_volumes"></a> [build\_job\_secret\_volumes](#input\_build\_job\_secret\_volumes) | Secret volume configuration instructs Kubernetes to use a secret that is defined in Kubernetes cluster and mount it inside of the containes as defined https://docs.gitlab.com/runner/executors/kubernetes.html#secret-volumes | <pre>object({<br>    name       = string<br>    mount_path = string<br>    read_only  = string<br>    items      = map(string)<br>  })</pre> | <pre>{<br>  "items": {},<br>  "mount_path": null,<br>  "name": null,<br>  "read_only": null<br>}</pre> | no |
-| <a name="input_cache"></a> [cache](#input\_cache) | Describes the properties of the cache. type can be either of ['local', 'gcs', 's3', 'azure'], path defines a path to append to the bucket url, shared specifies whether the cache can be shared between runners. you also specify the individual properties of the particular cache type you select. see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscache-section | <pre>object({<br>    type   = string<br>    path   = string<br>    shared = bool<br>    gcs    = map(any)<br>    s3     = map(any)<br>    azure  = map(any)<br>  })</pre> | <pre>{<br>  "azure": {},<br>  "gcs": {},<br>  "path": "",<br>  "s3": {},<br>  "shared": false,<br>  "type": ""<br>}</pre> | no |
+| <a name="input_cache"></a> [cache](#input\_cache) | Describes the properties of the cache. type can be either of ['local', 'gcs', 's3', 'azure'], path defines a path to append to the bucket url, shared specifies whether the cache can be shared between runners. you also specify the individual properties of the particular cache type you select. see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscache-section | <pre>object({<br>    type   = string<br>    path   = string<br>    shared = bool<br>    gcs    = map(any)<br>    s3     = map(any)<br>    azure  = map(any)<br>  })</pre> | <pre>{<br>  "azure": {},<br>  "gcs": {},<br>  "path": "",<br>  "s3": {},<br>  "shared": false,<br>  "type": "local"<br>}</pre> | no |
 | <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | The version of the chart | `string` | `"0.36.0"` | no |
 | <a name="input_concurrent"></a> [concurrent](#input\_concurrent) | Configure the maximum number of concurrent jobs | `number` | `10` | no |
 | <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | (Optional) Create the namespace if it does not yet exist. Defaults to false. | `bool` | `true` | no |
diff --git a/config.tf b/config.tf
index 9873453..e1f1424 100644
--- a/config.tf
+++ b/config.tf
@@ -4,7 +4,6 @@ locals {
 %{if var.cache.type == "local"~}
   cache_dir = "${var.local_cache_dir}"
 %{~else~}
-  %{if var.cache.type != "local"~}
   [runners.cache]
     Type = "${var.cache.type}"
     Path = "${var.cache.path}"
@@ -21,7 +20,6 @@ locals {
     %{~for key, value in var.cache.azure~}
       "${key}" = "${value}"
     %{~endfor~}
-    %{~endif~}
 %{~endif}
   [runners.kubernetes]
   %{~if var.build_job_default_container_image != null~}
diff --git a/variables.tf b/variables.tf
index d48beff..5c7095a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -241,11 +241,24 @@ variable "cache" {
 
   validation {
     condition     = var.cache.type == "gcs" ? lookup(var.cache.gcs, "CredentialsFile", "") != "" || lookup(var.cache.gcs, "AccessID", "") != "" : true
-    error_message = "To use the gcs cache type you must set either CredentialsFile or AccessID and PrivateKey in var.cache.gcs."
+    error_message = "To use the gcs cache type you must set either CredentialsFile or AccessID and PrivateKey in var.cache.gcs. see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscache-section for config details."
+  }
+  validation {
+    condition     = var.cache.type == "azure" ? length(var.cache.azure) > 0 : true
+    error_message = "To use the azure cache type you must set var.cache.azure. see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscache-section for config details."
+  }
+  validation {
+    condition     = var.cache.type == "s3" ? length(var.cache.azure) > 0 : true
+    error_message = "To use the s3 cache type you must set var.cache.s3 see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscache-section for config details."
+  }
+
+  validation {
+    condition     = var.cache.type == "gcs" || var.cache.type == "s3" || var.cache.type == "local" || var.cache.type == "azure" ? true : false
+    error_message = "Cache type must be one of 's3', 'gcs', 'azure', or 'local'."
   }
 
   default = {
-    type   = ""
+    type   = "local"
     path   = ""
     shared = false
     gcs    = {}

From d17d770a7b918ccab345764e1efa38aa4c9afa49 Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Thu, 12 May 2022 12:11:14 +0100
Subject: [PATCH 12/14] updated examples to use gke nodepool resource block
 instaed of the deimos gke node pool submodule

---
 examples/main.tf | 65 ++++++++++++++++++++++++------------------------
 1 file changed, 32 insertions(+), 33 deletions(-)

diff --git a/examples/main.tf b/examples/main.tf
index ce17d47..e8448d2 100644
--- a/examples/main.tf
+++ b/examples/main.tf
@@ -25,21 +25,20 @@ module "gke_cluster" {
 # NODE POOL
 # Node pool for running regular workloads
 #------------------------------------------------------------
-module "gke_node_pool" {
-  source  = "DeimosCloud/gke/google//modules/gke-node-pool"
-  version = "1.0.0"
-
-  project_id = var.project_id
-  name       = "default-node-pool"
-  cluster    = module.gke_cluster.name
-  location   = var.region
-
+resource "google_container_node_pool" "gke_node_pool" {
+  name               = "default-node-pool"
+  cluster            = module.gke_cluster.name
   initial_node_count = "1"
-  min_node_count     = "1"
-  max_node_count     = "5"
 
-  machine_type = var.gke_machine_type
+  autoscaling {
+    min_node_count = 1
+    max_node_count = 3
+  }
 
+  node_config {
+    image_type   = "COS"
+    machine_type = var.gke_machine_type
+  }
 }
 
 
@@ -47,30 +46,30 @@ module "gke_node_pool" {
 # Gitlab Node Pool
 # Node pool for running gitlab Jobs
 #------------------------------------------------------------
-module "gke_node_pool_gitlab" {
-  source  = "DeimosCloud/gke/google//modules/gke-node-pool"
-  version = "1.0.0"
-
-  project_id = var.project_id
-  name       = "gitlab-runner"
-  cluster    = module.gke_cluster.name
-  location   = var.region
-
+resource "google_container_node_pool" "gitlab_runner_pool" {
+  name               = "gitlab-runner"
+  cluster            = module.gke_cluster.name
   initial_node_count = "0"
-  min_node_count     = "0"
-  max_node_count     = "3"
 
-  machine_type = var.runner_machine_type
+  autoscaling {
+    min_node_count = 0
+    max_node_count = 3
+  }
 
-  # Only pods that tolerate this taint will be scheduled here
-  taints = [{
-    key    = "node.gitlab.ci/dedicated"
-    value  = "true"
-    effect = "NO_SCHEDULE"
-  }]
+  node_config {
+    image_type   = "COS"
+    machine_type = var.runner_machine_type
 
-  # Labels will be used in node selectors to ensure pods get scheduled to nodes with the same labels
-  labels = local.labels
+    # Labels will be used in node selectors to ensure pods get scheduled to nodes with the same labels
+    labels = local.labels
+
+    # Only pods that tolerate this taint will be scheduled here
+    taint = [{
+      key    = "node.gitlab.ci/dedicated"
+      value  = "true"
+      effect = "NO_SCHEDULE"
+    }]
+  }
 }
 
 
@@ -102,5 +101,5 @@ module "gitlab-runner" {
     "node.gitlab.ci/dedicated=true" = "NO_SCHEDULE"
   }
 
-  depends_on = [module.gke_cluster]
+  depends_on = [google_container_node_pool.gitlab_runner_pool]
 }

From 5f79bf1844a91df034b3e5a9e975f30500ca83b5 Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Thu, 12 May 2022 12:12:41 +0100
Subject: [PATCH 13/14] added memory and cpu request and limit for the runner
 pods

---
 README.md    |  2 ++
 config.tf    |  4 ++++
 variables.tf | 18 ++++++++++++++++++
 3 files changed, 24 insertions(+)

diff --git a/README.md b/README.md
index 10fc74d..0d448c8 100644
--- a/README.md
+++ b/README.md
@@ -71,7 +71,9 @@ No modules.
 | <a name="input_additional_secrets"></a> [additional\_secrets](#input\_additional\_secrets) | additional secrets to mount into the manager pods | `list(map(string))` | `[]` | no |
 | <a name="input_atomic"></a> [atomic](#input\_atomic) | whether to deploy the entire module as a unit | `bool` | `true` | no |
 | <a name="input_build_dir"></a> [build\_dir](#input\_build\_dir) | Path on nodes for caching | `string` | `null` | no |
+| <a name="input_build_job_cpu"></a> [build\_job\_cpu](#input\_build\_job\_cpu) | The CPU allocation given to and the requested for build containers | `map(any)` | <pre>{<br>  "limit": "2",<br>  "request": "1"<br>}</pre> | no |
 | <a name="input_build_job_default_container_image"></a> [build\_job\_default\_container\_image](#input\_build\_job\_default\_container\_image) | Default container image to use for builds when none is specified | `string` | `"ubuntu:18.04"` | no |
+| <a name="input_build_job_memory"></a> [build\_job\_memory](#input\_build\_job\_memory) | The memory allocation given to and the requested for build containers | `map(any)` | <pre>{<br>  "limit": "1Gi",<br>  "request": "512Mi"<br>}</pre> | no |
 | <a name="input_build_job_mount_docker_socket"></a> [build\_job\_mount\_docker\_socket](#input\_build\_job\_mount\_docker\_socket) | Path on nodes for caching | `bool` | `false` | no |
 | <a name="input_build_job_node_selectors"></a> [build\_job\_node\_selectors](#input\_build\_job\_node\_selectors) | A map of node selectors to apply to the pods | `map` | `{}` | no |
 | <a name="input_build_job_node_tolerations"></a> [build\_job\_node\_tolerations](#input\_build\_job\_node\_tolerations) | A map of node tolerations to apply to the pods as defined https://docs.gitlab.com/runner/executors/kubernetes.html#other-configtoml-settings | `map` | `{}` | no |
diff --git a/config.tf b/config.tf
index e1f1424..6b0fdd2 100644
--- a/config.tf
+++ b/config.tf
@@ -22,6 +22,10 @@ locals {
     %{~endfor~}
 %{~endif}
   [runners.kubernetes]
+    cpu_limit = "${var.build_job_cpu.limit}"
+    cpu_request = "${var.build_job_cpu.request}"
+    memory_limit = "${var.build_job_memory.limit}"
+    memory_request = "${var.build_job_memory.request}"
   %{~if var.build_job_default_container_image != null~}
     image = "${var.build_job_default_container_image}"
   %{~endif~}
diff --git a/variables.tf b/variables.tf
index 5c7095a..e3efac2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -266,3 +266,21 @@ variable "cache" {
     azure  = {}
   }
 }
+
+variable "build_job_cpu" {
+  description = "The CPU allocation given to and the requested for build containers"
+  type        = map(any)
+  default = {
+    limit   = "2"
+    request = "1"
+  }
+}
+
+variable "build_job_memory" {
+  description = "The memory allocation given to and the requested for build containers"
+  type        = map(any)
+  default = {
+    limit   = "1Gi"
+    request = "512Mi"
+  }
+}

From 9f26f6ecef54ac93248f95171d64c0d7810cd461 Mon Sep 17 00:00:00 2001
From: daphney Igwe <daphney.igwe@deimos.co.za>
Date: Thu, 12 May 2022 15:18:26 +0100
Subject: [PATCH 14/14] changes var.build_job_cpu & var.build_job_memory to
 var.build_job_limits & var.build_job_requests

---
 README.md    |  6 +++---
 config.tf    |  8 ++++----
 variables.tf | 14 +++++++-------
 3 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index 0d448c8..ea1b8ca 100644
--- a/README.md
+++ b/README.md
@@ -71,19 +71,19 @@ No modules.
 | <a name="input_additional_secrets"></a> [additional\_secrets](#input\_additional\_secrets) | additional secrets to mount into the manager pods | `list(map(string))` | `[]` | no |
 | <a name="input_atomic"></a> [atomic](#input\_atomic) | whether to deploy the entire module as a unit | `bool` | `true` | no |
 | <a name="input_build_dir"></a> [build\_dir](#input\_build\_dir) | Path on nodes for caching | `string` | `null` | no |
-| <a name="input_build_job_cpu"></a> [build\_job\_cpu](#input\_build\_job\_cpu) | The CPU allocation given to and the requested for build containers | `map(any)` | <pre>{<br>  "limit": "2",<br>  "request": "1"<br>}</pre> | no |
 | <a name="input_build_job_default_container_image"></a> [build\_job\_default\_container\_image](#input\_build\_job\_default\_container\_image) | Default container image to use for builds when none is specified | `string` | `"ubuntu:18.04"` | no |
-| <a name="input_build_job_memory"></a> [build\_job\_memory](#input\_build\_job\_memory) | The memory allocation given to and the requested for build containers | `map(any)` | <pre>{<br>  "limit": "1Gi",<br>  "request": "512Mi"<br>}</pre> | no |
+| <a name="input_build_job_limits"></a> [build\_job\_limits](#input\_build\_job\_limits) | The CPU allocation given to and the requested for build containers | `map(any)` | <pre>{<br>  "cpu": "2",<br>  "memory": "1Gi"<br>}</pre> | no |
 | <a name="input_build_job_mount_docker_socket"></a> [build\_job\_mount\_docker\_socket](#input\_build\_job\_mount\_docker\_socket) | Path on nodes for caching | `bool` | `false` | no |
 | <a name="input_build_job_node_selectors"></a> [build\_job\_node\_selectors](#input\_build\_job\_node\_selectors) | A map of node selectors to apply to the pods | `map` | `{}` | no |
 | <a name="input_build_job_node_tolerations"></a> [build\_job\_node\_tolerations](#input\_build\_job\_node\_tolerations) | A map of node tolerations to apply to the pods as defined https://docs.gitlab.com/runner/executors/kubernetes.html#other-configtoml-settings | `map` | `{}` | no |
 | <a name="input_build_job_pod_annotations"></a> [build\_job\_pod\_annotations](#input\_build\_job\_pod\_annotations) | A map of annotations to be added to each build pod created by the Runner. The value of these can include environment variables for expansion. Pod annotations can be overwritten in each build. | `map` | `{}` | no |
 | <a name="input_build_job_pod_labels"></a> [build\_job\_pod\_labels](#input\_build\_job\_pod\_labels) | A map of labels to be added to each build pod created by the runner. The value of these can include environment variables for expansion. | `map` | `{}` | no |
 | <a name="input_build_job_privileged"></a> [build\_job\_privileged](#input\_build\_job\_privileged) | Run all containers with the privileged flag enabled. This will allow the docker:dind image to run if you need to run Docker | `bool` | `false` | no |
+| <a name="input_build_job_requests"></a> [build\_job\_requests](#input\_build\_job\_requests) | The CPU allocation given to and the requested for build containers | `map(any)` | <pre>{<br>  "cpu": "1",<br>  "memory": "512Mi"<br>}</pre> | no |
 | <a name="input_build_job_run_container_as_user"></a> [build\_job\_run\_container\_as\_user](#input\_build\_job\_run\_container\_as\_user) | SecurityContext: runAsUser for all running job pods | `string` | `null` | no |
 | <a name="input_build_job_secret_volumes"></a> [build\_job\_secret\_volumes](#input\_build\_job\_secret\_volumes) | Secret volume configuration instructs Kubernetes to use a secret that is defined in Kubernetes cluster and mount it inside of the containes as defined https://docs.gitlab.com/runner/executors/kubernetes.html#secret-volumes | <pre>object({<br>    name       = string<br>    mount_path = string<br>    read_only  = string<br>    items      = map(string)<br>  })</pre> | <pre>{<br>  "items": {},<br>  "mount_path": null,<br>  "name": null,<br>  "read_only": null<br>}</pre> | no |
 | <a name="input_cache"></a> [cache](#input\_cache) | Describes the properties of the cache. type can be either of ['local', 'gcs', 's3', 'azure'], path defines a path to append to the bucket url, shared specifies whether the cache can be shared between runners. you also specify the individual properties of the particular cache type you select. see https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnerscache-section | <pre>object({<br>    type   = string<br>    path   = string<br>    shared = bool<br>    gcs    = map(any)<br>    s3     = map(any)<br>    azure  = map(any)<br>  })</pre> | <pre>{<br>  "azure": {},<br>  "gcs": {},<br>  "path": "",<br>  "s3": {},<br>  "shared": false,<br>  "type": "local"<br>}</pre> | no |
-| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | The version of the chart | `string` | `"0.36.0"` | no |
+| <a name="input_chart_version"></a> [chart\_version](#input\_chart\_version) | The version of the chart | `string` | `"0.40.1"` | no |
 | <a name="input_concurrent"></a> [concurrent](#input\_concurrent) | Configure the maximum number of concurrent jobs | `number` | `10` | no |
 | <a name="input_create_namespace"></a> [create\_namespace](#input\_create\_namespace) | (Optional) Create the namespace if it does not yet exist. Defaults to false. | `bool` | `true` | no |
 | <a name="input_create_service_account"></a> [create\_service\_account](#input\_create\_service\_account) | If true, the service account, it's role and rolebinding will be created, else, the service account is assumed to already be created | `bool` | `true` | no |
diff --git a/config.tf b/config.tf
index 6b0fdd2..76f1e30 100644
--- a/config.tf
+++ b/config.tf
@@ -22,10 +22,10 @@ locals {
     %{~endfor~}
 %{~endif}
   [runners.kubernetes]
-    cpu_limit = "${var.build_job_cpu.limit}"
-    cpu_request = "${var.build_job_cpu.request}"
-    memory_limit = "${var.build_job_memory.limit}"
-    memory_request = "${var.build_job_memory.request}"
+    cpu_limit = "${var.build_job_limits.cpu}"
+    cpu_request = "${var.build_job_requests.cpu}"
+    memory_limit = "${var.build_job_limits.memory}"
+    memory_request = "${var.build_job_requests.memory}"
   %{~if var.build_job_default_container_image != null~}
     image = "${var.build_job_default_container_image}"
   %{~endif~}
diff --git a/variables.tf b/variables.tf
index 8e8e8f7..81f0cdc 100644
--- a/variables.tf
+++ b/variables.tf
@@ -266,21 +266,21 @@ variable "cache" {
   }
 }
 
-variable "build_job_cpu" {
+variable "build_job_limits" {
   description = "The CPU allocation given to and the requested for build containers"
   type        = map(any)
   default = {
-    limit   = "2"
-    request = "1"
+    cpu    = "2"
+    memory = "1Gi"
   }
 }
 
-variable "build_job_memory" {
-  description = "The memory allocation given to and the requested for build containers"
+variable "build_job_requests" {
+  description = "The CPU allocation given to and the requested for build containers"
   type        = map(any)
   default = {
-    limit   = "1Gi"
-    request = "512Mi"
+    cpu    = "1"
+    memory = "512Mi"
   }
 }