I need to whitelist the ci/cd runner’s cidr (ip range) in aws service to run my pipeline. have tried using the cidr available in gitlab’s official documents but its not the valid one.
please provide me the valid cidr
I got this from their documentation, same info what we are looking for:
IP range
GitLab.com uses the IP ranges 34.74.90.64/28 and 34.74.226.0/24 for traffic from its Web/API fleet. This whole range is solely allocated to GitLab. You can expect connections from webhooks or repository mirroring to come from those IPs and allow them.
GitLab.com is fronted by Cloudflare. For incoming connections to GitLab.com, you might need to allow CIDR blocks of Cloudflare (IPv4 and IPv6).
For outgoing connections from CI/CD runners, we are not providing static IP addresses.
All GitLab.com shared runners are deployed into Google Cloud Platform (GCP). Any IP-based firewall can be configured by looking up all IP address ranges or CIDR blocks for GCP.
curl https://www.gstatic.com/ipranges/cloud.json | jq '[.prefixes[] | select(.scope == "us-east1") | .ipv4Prefix | select(. != null)] | join(",")'
gcloud container clusters update CLUSTER_NAME --zone ZONE --project PROJECT \
--enable-master-authorized-networks \
--master-authorized-networks=YOUR_LIST_FROM_ABOVE_COMMAND
The only problem I see is ipv6 cidr blocks are shown as invalid to be able to deploy a helm chart. Can gitlab please ensure that ips will only be of ipv4 format? Or add cloud nat so they all come from 1 ipv4 address.
gcp will NOT allow me to bind any of these as an authorized network to our gke cluster.
curl https://www.gstatic.com/ipranges/cloud.json | jq '[.prefixes[] | select(.scope == "us-east1") | .ipv6Prefix | select(. != null)] | join(",")'