I'm running a GitLab instance from the official jetstack helm chart on my GKE cluster within the Google Cloud.
I would like to add a Windows VM to my VPC network that has only internal network access.
Normally you have to register the GitLab runner against the https address of GitLab which is not possible with an internal network. Is there a way to register the GitLab runner against the GitLab instance via the internal network?
The GitLab instance has its https resource published via an nginx-ingress controller which is running on the that GKE cluster as well.
Is there a way to register against the gitlab-unicorn pod with its internal IP that is listening on port 8080?
Thanks in advance!
There are two options:
clone_url if runner has an access to Gitlab instance but it's name distinct from resolved namessh-tunnel if runner doesn't have direct access to Gitlab instanceclone_urlIf your gitlab is accessible from the internal network, you can use clone_url option
See documentation:
How
clone_urlworksIn cases where the GitLab instance is exposed to an URL which can’t be used by the runner, a
clone_urlcan be configured. For example; GitLab is exposed tohttps://gitlab.example.com, but the runner can’t reach that because of a firewall setup. If the runner can reach the node on192.168.1.23, theclone_urlshould be set to"http://192.168.1.23.Only if the
clone_urlis set, the runner will construct a clone URL in the form ofhttp://gitlab-ci-token:s3cr3tt0k3n@192.168.1.23/namespace/project.git
ssh-tunnelIf your Gitlab instance does not have any available addresses, you might setup ssh-tunnel to it.
SSH Tunneling is a method of transporting arbitrary networking data over an encrypted SSH connection. It can be used to add encryption to legacy applications. It can also be used to implement VPNs (Virtual Private Networks) and access intranet services across firewalls.
ssh -L 8080:gitlab.yourinstance.com:80 gw.yourgateway.comAnd then you can use gw.yourgateway.com:8080 as yours clone_url