Hello, we have SonarQube on our company network only accessible from outside x VPN. We can allow IP’s and network segments to access the security group, so we need to know all the network segments that GitLab CI/CD uses to communicate to other systems.
What do you mean by “network segments”? I’m thinking something you route between, or at the very least different vlans, in any case it’s hard to see a need to spread you GitLab and runners across such segments.
A standard omnibus installation doesn’t make any network traffic to work, if you have split it up (e.g. made a seperate gitaly cluster), you should know, both what parts there are and what network traffic they make.
To access GitLab you need to allow HTTPS (TCP port 443) to the frontend servers (or HTTP).
If you want to use CI/CD features, the GitLab app and the runners make HTTPS connections between each other.
Hello Grove, thank you very much for your reply.
I have allowed the IP of the runner, with the port 443 (HTTPS) and nothing happens, I allow all the ports and nothing either…
That’s a very vague statement.
What do you think should happen? And what do you do that makes you think anything should happen?
When I say that nothing happens, it is because there is also no connectivity from the runner to my SonarQube which is behind my VPN.
If I have the network(s), I can allow them in the Security Group.