docs: add example configuration for Windows-based runners (#1268)

Added an example configuration to use the module to set up Windows-based
runners and an example on how to create a custom Windows AMI usable with
the configuration.

---------

Co-authored-by: Matthias Kay <matthias.kay@hlag.com>

Author: zillemarco

.cspell.json

@@ -2,6 +2,7 @@
   "version": "0.2",
   "language": "en",
   "ignoreWords": [
+    "advfirewall",
     "alltrue",
     "amazonec",
     "anytrue",
@@ -13,6 +14,7 @@
     "buildx",
     "certdir",
     "checkmarx",
+    "choco",
     "concat",
     "containerd",
     "devskim",
@@ -23,13 +25,16 @@
     "formatlist",
     "glrt",
     "glrunners",
+    "HKLM",
     "hmarr",
     "icmpv6",
     "instancelifecycle",
     "keyrings",
     "kics",
     "joho",
     "jsonencode",
+    "localip",
+    "ltsc",
     "markdownlint",
     "matchDatasources",
     "mypy",
@@ -40,9 +45,12 @@
     "pylint",
     "pylintrc",
     "pyright",
+    "remoteip",
+    "servercore",
     "setsubtract",
     "shuf",
     "signum",
+    "Sizekb",
     "stretchr",
     "subkey",
     "substr",
@@ -52,6 +60,7 @@
     "terrascan",
     "terratest",
     "tfenv",
+    "Timeoutms",
     "tflint",
     "tftpl",
     "tfsec",
@@ -63,9 +72,12 @@
     "trimprefix",
     "trivy",
     "usermod",
+    "useraccount",
     "userns",
     "vcpu",
+    "windowsfeatures",
     "xanzy",
+    "xlarge",
     "xvda"
   ],
   "words": [
@@ -81,6 +93,7 @@
     "cpus",
     "cpuset",
     "gitter",
+    "netsh",
     "Niek",
     "oxsecurity",
     "rebalance",

examples/runner-windows/.terraform-version

@@ -0,0 +1 @@
+1.3.0

examples/runner-windows/README.md

@@ -0,0 +1,73 @@
+# Example - AWS Fleeting Plugin with Windows runners
+
+This example shows how to deploy a GitLab Runner using the [AWS Fleeting Plugin](https://docs.gitlab.com/runner/configuration/autoscale.html)
+with on Windows, allowing usage of Docker and spot instances.
+
+This examples shows:
+
+- You can log into the instance via SSM (Session Manager).
+- register the Runner manually in GitLab
+- Auto scaling Windows runners using AWS Fleeting Plugin.
+
+Multi region deployment is, of course, possible. Just instantiate the module multiple times with different AWS providers. In case
+you use the cache, make sure to have one cache per region.
+
+Attention: You **must** to built your own AMI before. See the [README.md](../../packer_images/README.md#windows-server-2022-ami) for more information.
+
+## Prerequisite
+
+The Terraform version is managed using [tfenv](https://github.com/Zordrak/tfenv). If you are not using `tfenv` please
+check `.terraform-version` for the tested version.
+
+<!-- markdownlint-disable -->
+<!-- cSpell:disable -->
+<!-- markdown-link-check-disable -->
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 5.78.0 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | >= 2.5.2 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | >= 3.2.3 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.6.3 |
+| <a name="requirement_tls"></a> [tls](#requirement\_tls) | >= 4.0.6 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 5.78.0 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_runner"></a> [runner](#module\_runner) | ../../ | n/a |
+| <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | >= 5.16.0 |
+| <a name="module_vpc_endpoints"></a> [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | >= 5.16.0 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
+| [aws_security_group.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS region. | `string` | `"eu-west-1"` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | A name that identifies the environment, will used as prefix and for tagging. | `string` | `"runners-default"` | no |
+| <a name="input_gitlab_url"></a> [gitlab\_url](#input\_gitlab\_url) | URL of the gitlab instance to connect to. | `string` | `"https://gitlab.com"` | no |
+| <a name="input_preregistered_runner_token_ssm_parameter_name"></a> [preregistered\_runner\_token\_ssm\_parameter\_name](#input\_preregistered\_runner\_token\_ssm\_parameter\_name) | The name of the SSM parameter to read the preregistered GitLab Runner token from. | `string` | n/a | yes |
+| <a name="input_runner_name"></a> [runner\_name](#input\_runner\_name) | Name of the runner, will be used in the runner config.toml | `string` | `"default-auto"` | no |
+| <a name="input_timezone"></a> [timezone](#input\_timezone) | Name of the timezone that the runner will be used in. | `string` | `"Europe/Amsterdam"` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->

examples/runner-windows/main.tf

@@ -0,0 +1,147 @@
+data "aws_availability_zones" "available" {
+  state = "available"
+}
+
+data "aws_security_group" "default" {
+  name   = "default"
+  vpc_id = module.vpc.vpc_id
+}
+
+# VPC Flow logs are not needed here
+# kics-scan ignore-line
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = ">= 5.16.0"
+
+  name = "vpc-${var.environment}"
+  cidr = "10.0.0.0/16"
+
+  azs                     = [data.aws_availability_zones.available.names[0]]
+  private_subnets         = ["10.0.1.0/24"]
+  public_subnets          = ["10.0.101.0/24"]
+  map_public_ip_on_launch = false
+
+  enable_nat_gateway = true
+  single_nat_gateway = true
+
+  tags = {
+    Environment = var.environment
+  }
+}
+
+module "vpc_endpoints" {
+  source  = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
+  version = ">= 5.16.0"
+
+  vpc_id = module.vpc.vpc_id
+
+  endpoints = {
+    s3 = {
+      service = "s3"
+      tags    = { Name = "s3-vpc-endpoint" }
+    }
+  }
+
+  tags = {
+    Environment = var.environment
+  }
+}
+
+module "runner" {
+  source = "../../"
+
+  environment = var.environment
+
+  vpc_id    = module.vpc.vpc_id
+  subnet_id = element(module.vpc.private_subnets, 0)
+
+  runner_instance = {
+    collect_autoscaling_metrics = ["GroupDesiredCapacity", "GroupInServiceCapacity"]
+    name                        = var.runner_name
+    ssm_access                  = true
+    private_address_only        = false
+  }
+
+  runner_networking = {
+    allow_incoming_ping_security_group_ids = [data.aws_security_group.default.id]
+  }
+
+  runner_gitlab = {
+    url = var.gitlab_url
+
+    preregistered_runner_token_ssm_parameter_name = var.preregistered_runner_token_ssm_parameter_name
+  }
+
+  runner_worker = {
+    type            = "docker-autoscaler"
+    max_jobs        = 10
+    use_private_key = true
+
+    environment_variables = [
+      "FF_USE_POWERSHELL_PATH_RESOLVER=1"
+    ]
+  }
+
+  runner_worker_gitlab_pipeline = {
+    pre_build_script  = <<EOT
+        '''
+        echo 'multiline 1'
+        echo 'multiline 2'
+        '''
+        EOT
+    post_build_script = "\"echo 'single line'\""
+  }
+
+  runner_worker_docker_autoscaler = {
+    fleeting_plugin_version = "1.0.0"
+    connector_config_user   = "Administrator"
+  }
+
+  runner_worker_docker_autoscaler_ami_owners = ["self"] # FIXME Leave to self or change to your AWS account ID
+  runner_worker_docker_autoscaler_ami_id     = "<windows-ami-id>"
+
+  runner_worker_docker_autoscaler_instance = {
+    monitoring           = true
+    private_address_only = false
+  }
+
+  runner_worker_docker_autoscaler_asg = {
+    subnet_ids                    = module.vpc.private_subnets
+    types                         = ["m6a.medium", "m6i.medium"] # FIXME change these to what best fits your needs, keeping in mind that Windows runners need bigger instances
+    enable_mixed_instances_policy = true
+
+    # FIXME These settings enable windows runners to scale down to zero if no jobs are running but you can change it to fit your needs
+    on_demand_base_capacity                  = 0
+    on_demand_percentage_above_base_capacity = 0
+    max_growth_rate                          = 10
+    spot_allocation_strategy                 = "price-capacity-optimized"
+    spot_instance_pools                      = 0
+  }
+
+  runner_worker_docker_autoscaler_autoscaling_options = [
+    {
+      periods      = ["* * * * *"]
+      timezone     = "Europe/Berlin"
+      idle_count   = 0
+      idle_time    = "0s"
+      scale_factor = 2
+    },
+    {
+      periods      = ["* 7-19 * * mon-fri"]
+      timezone     = "Europe/Berlin"
+      idle_count   = 3
+      idle_time    = "30m"
+      scale_factor = 2
+    }
+  ]
+
+  runner_worker_docker_options = {
+    volumes    = ["C:/cache"]
+    privileged = false
+  }
+
+  tags = {
+    "tf-aws-gitlab-runner:example"           = "runner-default"
+    "tf-aws-gitlab-runner:instancelifecycle" = "spot:yes"
+  }
+}

examples/runner-windows/providers.tf

@@ -0,0 +1,11 @@
+provider "aws" {
+  region = var.aws_region
+}
+
+provider "local" {}
+
+provider "null" {}
+
+provider "tls" {}
+
+provider "random" {}

examples/runner-windows/variables.tf

@@ -0,0 +1,34 @@
+variable "aws_region" {
+  description = "AWS region."
+  type        = string
+  default     = "eu-west-1"
+}
+
+variable "environment" {
+  description = "A name that identifies the environment, will used as prefix and for tagging."
+  type        = string
+  default     = "runners-default"
+}
+
+variable "runner_name" {
+  description = "Name of the runner, will be used in the runner config.toml"
+  type        = string
+  default     = "default-auto"
+}
+
+variable "gitlab_url" {
+  description = "URL of the gitlab instance to connect to."
+  type        = string
+  default     = "https://gitlab.com"
+}
+
+variable "preregistered_runner_token_ssm_parameter_name" {
+  description = "The name of the SSM parameter to read the preregistered GitLab Runner token from."
+  type        = string
+}
+
+variable "timezone" {
+  description = "Name of the timezone that the runner will be used in."
+  type        = string
+  default     = "Europe/Amsterdam"
+}

examples/runner-windows/versions.tf

@@ -0,0 +1,27 @@
+
+terraform {
+  required_version = ">= 1.3"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.78.0"
+    }
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.5.2"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 3.2.3"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 4.0.6"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.6.3"
+    }
+  }
+}