Web terminals / session server on gitlab.com with self-hosted runner on gke

GitLab CI/CD
1

Hi,

Gitlab 11.3 introduced Web Terminals for Gitlab CI jobs - a feature we’re really excited about.
Unfortunately from the documentation it is not clear how exactly this feature is to be setup when running on gitlab.com and using a self-hosted runner.
The documentation mentions the session_server section in gitlab CI has to be configured: https://gitlab.com/gitlab-org/gitlab-runner/blob/master/docs/configuration/advanced-configuration.md#the-session_server-section . However it is unclear to which values listen_address and advertise_address should be set when using gitlab.com together with self-hosted runners on kubernetes/gke and having the whole setup secured (i.e. no external party can connect to web terminals running in our self-hosted k8s cluster).

For context this is the current setup we use:

Does anyone know what to set as listen_address / advertise_address and how the endpoint would be secured?

2 Likes
2

Hi, I cannot speak about security, but I managed to configure a custom runner like this on a physical machine:

concurrent = 2
check_interval = 0

[session_server]
  session_timeout = 1800
  listen_address = "0.0.0.0:8093"
  advertise_address = "my.domain.tld:8093"

[[runners]]
  name = "Whatever"
  url = "https://gitlab.com"
  token = "aaabbbcccddd"
  executor = "shell"
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]

Remember to allow connection on 8093/tcp port (and that is compatible with only certain executors) to see the button appear :slight_smile:

Not exactly what OP was asking, but could be a starting point. :slight_smile:

2 Likes
3

To complement the answer, I suppose the listen_address can be tailored in order to allow just a specific gitlab instance to be able to talk with the runner…

It would be indeed great if those two fields could be explained better in the docs.

2 Likes
4

What is “my.domain.tld”? Is that the url or ip of your runner server?