How to run gitlab-runner on remote k8s securely & only with outbound connection from gitlab-runner to gitlab-ci server?

Is it possible to run gitlab-runner on a remote location?
example:- let’s say my gitlab ci server is running on AWS EKS. Can I deploy gitlab-runner in Azure or GCP or on-premise Kubernetes environment?
How does the remotely running gitlab-runner gets connected to gitlab-ci server, is it outbound connection or two way connection?
How to make the connection between remote gitlab-runner and gitlab-ci server very very secured using TLS certificates & how to have only outbound connection from gitlab-runner to gitlab-ci server?

@hchouraria - could you respond if you don’t mind please.

I believe it will work from anywhere it can make a connection. Some use-cases involve developers running runner services on their workstations for their own projects.

You may find the infrastructure docs useful on the topic, it also carries a section on the data flow: CI Service Architecture | GitLab

1 Like

GtLab CI runner connects to GitLab server with http or https protocol (whichever you set up), using the token you get from the GitLab server. Thus your connection’s security is the same as when you connect to the sever using web IF.

The connection is both ways: the runner downloads the Git repo from the server and uploads the pipelines results, including the artifacts.

1 Like

@hchouraria / @gitlab ,
Thank you for the response.
We are currently using k8s executor for the runner (dedicated runner for each project). As the number of projects grow, we are concerned about having many runners just running continuously idle on k8s cluster as pods consuming resources.
Is there a way to provision runner when needed only? If yes, please guide how.

If we use docker or docker machine executor for the runner, does the runner gets provisioned only when required or does it keep running continuously just like how it runs in k8s?

If it’s possible to provision runner only when required to run pipeline jobs using k8s executor and then delete runner from k8s after pipeline running is done, please share that guideline as well.