GitLab Runner on VM with internal network only

问题

I'm running a GitLab instance from the official jetstack helm chart on my GKE cluster within the Google Cloud.

I would like to add a Windows VM to my VPC network that has only internal network access.

Normally you have to register the GitLab runner against the https address of GitLab which is not possible with an internal network. Is there a way to register the GitLab runner against the GitLab instance via the internal network?

The GitLab instance has its https resource published via an nginx-ingress controller which is running on the that GKE cluster as well.

Is there a way to register against the gitlab-unicorn pod with its internal IP that is listening on port 8080?

Thanks in advance!

回答1:

There are two options:

• clone_url if runner has an access to Gitlab instance but it's name distinct from resolved name
• ssh-tunnel if runner doesn't have direct access to Gitlab instance

clone_url

If your gitlab is accessible from the internal network, you can use clone_url option

See documentation:

How clone_url works

In cases where the GitLab instance is exposed to an URL which can’t be used by the runner, a clone_url can be configured. For example; GitLab is exposed to https://gitlab.example.com, but the runner can’t reach that because of a firewall setup. If the runner can reach the node on 192.168.1.23, the clone_url should be set to "http://192.168.1.23.

Only if the clone_url is set, the runner will construct a clone URL in the form of http://gitlab-ci-token:s3cr3tt0k3n@192.168.1.23/namespace/project.git

ssh-tunnel

If your Gitlab instance does not have any available addresses, you might setup ssh-tunnel to it.

SSH Tunneling is a method of transporting arbitrary networking data over an encrypted SSH connection. It can be used to add encryption to legacy applications. It can also be used to implement VPNs (Virtual Private Networks) and access intranet services across firewalls.

ssh -L 8080:gitlab.yourinstance.com:80 gw.yourgateway.com

And then you can use gw.yourgateway.com:8080 as yours clone_url

来源：https://stackoverflow.com/questions/59422571/gitlab-runner-on-vm-with-internal-network-only