Runners communicate with GitLab over HTTPS, entirely through connections initiated from the Runner to GitLab and never in reverse. The advantage here is that you can install a Runner behind a firewall and as long as the Runner has outbound access to GitLab.com it will work. From there, it really doesn’t matter which executor you use (Shell, Docker, etc).
I have a doubt. If connection is one way , from runner to gitlab then how does gitlab deploy to remote? How does runner comes to know that we have ran a pipeline and it has to comunicate with gitlab?
I would like to come back to this thread. Is there - meanwhile - any option to reverse the directory of connection initiation? Following scenario: I’ve an internal Gitlab server running on on-premises resources. It is - obviously - not accessible from the world. Now I want to deploy runners on container infrastructures like GCP or MassiveGrid. However, these runners can not connect to the Gitlab server while the Gitlab server could connect to these runners. Is there any option? Or workaround?