Difference between Shared and Specific Runenrs

yukccy · June 18, 2021, 9:28am

I am studying the difference between two types of runners to find out which one is suitable for my solution. I understand it may be silly questions, but it’s really confusing me.

There are few questions:

If a CI job is without tag, services and image in .gitlab-ci.yml, what’s the rule for GitLab selecting a shared runner for my job?
If I have set the image for a job in .gitlab-ci.yml, is that image become the the runner image? Or, the shared runner will still use its original image, then a new container will be created with this image in the shared runner container?
Which image will be chosen for below situation, custom1 or custom2? Provided that Custom 1 is a specific runner with custom image A, and Custom2 is custom image B.

job:
  stage: xxx
  tag: custom1
  image: custom2
  script: xxxxxxxx

balonik · June 18, 2021, 1:47pm

Hi @yukccy
I assume you have a GitLab Runner with Docker executor.

First runner that matches the requirements is selected. If you need to use a specific Runner, use tags.

Each job is run in a dedicated container which is created when the job starts and destroyed when it is done. Which image is used depends on the configuration. The order is:

image specified for job in .gitlab-ci.yml
default image of the Runner specified in Runner config file config.toml (this is mandatory)

tag is a tag of the runner, it has nothing to do with container image tags. In your example an image custom2 will be used.

yukccy · June 19, 2021, 2:31pm

Thanks for your reply. @balonik

I was thinking the difference between shared runner and specific runner is specific runner can use custom image while shared runner cannot.

But after reading your reply, I am thinking that even I use shared runner, i can still use custom image by defining it in .gitlab-ci.yml, am i correct?

Moreover, people are always saying that shared runner is more suitable for similar jobs while specific runner is suitable for jobs with different demands. I am wondering that why I cannot just define different image in .gitlab-ci.yml for shared runner when I have different jobs requirement? What’s difference between using shared runner with specific image and specific runner?

balonik · June 20, 2021, 5:37pm

Yes.

There is no official term ‘specific’ runner really. The difference is that shared runner is used by multiple projects. If its used only by one project it is not shared, but I wouldn’t call it specific.

you can have a runner that is general for all work that can be shared or not.
I would call a runner 'specific’if it meets a special purpose, for example it has access to resources that other runners don’t or has a specific configuration like privileged ( which is needed for DinD image builds) or trusts a custom CA

yukccy · June 21, 2021, 2:15am

@balonik

Thanks for your reply again.

I do have two more question on choosing runner provided by GitLab SaaS and self-hosted runner.

Can a runner provided by GitLab SaaS be set up as a specific runner?
Is security the only major concern on choosing SaaS or self-hosted? May you share your opinions?

balonik · June 30, 2021, 8:12am

Hi @yukccy

that depends on your requirements and what you need to achieve. With GitLab SaaS runners you don’t have access to config.toml to configure advanced settings.
Security is one of the main topics. It depends on your environment and if you are legally obliged to some security level (FIPS/ISO27xxx/local regulations/…). GitLab SaaS can be considered secure, but like with any SaaS you have to trust it. Another thing is availability. While GitLab SaaS Runners availability is really good, there might be an issue on the SaaS infrastructure. If you have high availability requirements (like 99.99%), setting up your own Runner might be needed. Last thing is functionality as already mentioned above, this includes on-prem resources, custom CA, …