Use AWS CDK to create a gitlab runner, and use gitlab runner to help you execute your Gitlab pipeline job.
cdk-gitlab-runnerUse AWS CDK to create gitlab runner, and use gitlab runner to help you execute your Gitlab Pipeline Job.
GitLab Runner is the open source project that is used to run your CI/CD jobs and send the results back to GitLab. (source repo)
Gitlab provides 400 minutes per month for each free user, hosted Gitlab Runner to execute your gitlab pipeline job.That's pretty good and users don't need to manage gitlab runner. If it is just a simple ci job for test 400, it may be enough. But what if you want to deploy to your AWS production environment through pipeline job? Is there any security consideration for using the hosted gitlab runner?!
But creating Gitlab Runner is not that simple, so I created this OSS so that you can quickly create Gitlab Runner and delete your Gitlab Runner via AWS CDK. It will be used with AWS IAM Role, so you don't need to put AKSK in Gitlab environment variables.
VPC
EC2 (1 T3.micro)
gitlab project or gitlab groupThis registration process is only supported in GitLab Runner 15.10 or later This registration process is not supported in GitLab Runner 15.9 or earlier and only available as an experimental feature in GitLab Runner 15.10 and 15.11. You should upgrade to GitLab Runner 16.0 or later to use a stable version of this registration process. Check this issue
Group > Settings > CI/CD
This registration process is only supported in GitLab Runner 15.10 or later This registration process is not supported in GitLab Runner 15.9 or earlier and only available as an experimental feature in GitLab Runner 15.10 and 15.11. You should upgrade to GitLab Runner 16.0 or later to use a stable version of this registration process. Check this issue
Group > Build > Runners
This registration process is only supported in GitLab Runner 15.10 or later This registration process is not supported in GitLab Runner 15.9 or earlier and only available as an experimental feature in GitLab Runner 15.10 and 15.11. You should upgrade to GitLab Runner 16.0 or later to use a stable version of this registration process. Check this issue
Project > Settings > CI/CD > Runners
This registration process is only supported in GitLab Runner 15.10 or later This registration process is not supported in GitLab Runner 15.9 or earlier and only available as an experimental feature in GitLab Runner 15.10 and 15.11. You should upgrade to GitLab Runner 16.0 or later to use a stable version of this registration process. Check this issue
Project > Settings > CI/CD > Runners
Replace your gitlab runner token in $GITLABTOKEN
Use the npm dist tag to opt in CDKv1 or CDKv2:
// for CDKv2
npm install cdk-gitlab-runner
or
npm install cdk-gitlab-runner@latest
// for CDKv1
npm install cdk-gitlab-runner@cdkv1
import { GitlabContainerRunner } from 'cdk-gitlab-runner';
// If want change instance type to t3.large .
new GitlabContainerRunner(this, 'runner-instance', { gitlabtoken: 'glrt-GITLABTOKEN', ec2type:'t3.large',gitlabRunnerVersion: '15.10' });
// OR
// Just create a gitlab runner , by default instance type is t3.micro .
import { GitlabContainerRunner } from 'cdk-gitlab-runner';
new GitlabContainerRunner(this, 'runner-instance', { gitlabtoken: 'glrt-GITLABTOKEN', gitlabRunnerVersion: '15.10' });
If you want change what you want tag name .
// If you want change what your self Gitlab Server Url .
import { GitlabContainerRunner } from 'cdk-gitlab-runner';
new GitlabContainerRunner(this, 'runner-instance-change-tag', {
gitlabtoken: 'glrt-GITLABTOKEN',
gitlaburl: 'https://gitlab.my.com/',
gitlabRunnerVersion: '15.10'
});
If you want change what you want tag name . !!! Not support Gitlab Runner 15.10 and later !!!
// If you want change what you want tag name .
import { GitlabContainerRunner } from 'cdk-gitlab-runner';
new GitlabContainerRunner(this, 'runner-instance-change-tag', {
gitlabtoken: 'glrt-GITLABTOKEN',
gitlabRunnerVersion: '15.10',
tags: ['aa', 'bb', 'cc'],
});
If you want add runner other IAM Policy like s3-readonly-access.
// If you want add runner other IAM Policy like s3-readonly-access.
import { GitlabContainerRunner } from 'cdk-gitlab-runner';
import { ManagedPolicy } from 'aws-cdk-lib/aws-iam';
const runner = new GitlabContainerRunner(this, 'runner-instance-add-policy', {
gitlabtoken: 'glrt-GITLABTOKEN',
gitlabRunnerVersion: '15.10',
tags: ['aa', 'bb', 'cc'],
});
runner.runnerRole.addManagedPolicy(
ManagedPolicy.fromAwsManagedPolicyName('AmazonS3ReadOnlyAccess'),
);
If you want add runner other SG Ingress .
// If you want add runner other SG Ingress .
import { GitlabContainerRunner } from 'cdk-gitlab-runner';
import { Port, Peer } from 'aws-cdk-lib/aws-ec2';
const runner = new GitlabContainerRunner(this, 'runner-add-SG-ingress', {
gitlabtoken: 'glrt-GITLABTOKEN',
gitlabRunnerVersion: '15.10',
tags: ['aa', 'bb', 'cc'],
});
// you can add ingress in your runner SG .
runner.defaultRunnerSG.connections.allowFrom(
Peer.ipv4('0.0.0.0/0'),
Port.tcp(80),
);
2020/06/27 , you can use your self exist VPC or new VPC , but please check your
vpc public SubnetAuto-assign public IPv4 address must be Yes ,orvpc private Subnetroute table associatednat gateway.
import { GitlabContainerRunner } from 'cdk-gitlab-runner';
import { Port, Peer, Vpc, SubnetType } from 'aws-cdk-lib/aws-ec2';
import { ManagedPolicy } from 'aws-cdk-lib/aws-iam';
const newvpc = new Vpc(stack, 'VPC', {
ipAddresses: IpAddresses.cidr('10.0.0.0/16'),
maxAzs: 2,
subnetConfiguration: [
{
cidrMask: 26,
name: 'RunnerVPC',
subnetType: SubnetType.PUBLIC,
},
],
natGateways: 0,
});
const runner = new GitlabContainerRunner(this, 'testing', {
gitlabtoken: 'glrt-GITLABTOKEN',
gitlabRunnerVersion: '15.10',
ec2type: 't3.small',
selfvpc: newvpc,
});
2020/06/27 , you can use your self exist role assign to runner
import { GitlabContainerRunner } from 'cdk-gitlab-runner';
import { Port, Peer } from 'aws-cdk-lib/aws-ec2';
import { ManagedPolicy, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam';
const role = new Role(this, 'runner-role', {
assumedBy: new ServicePrincipal('ec2.amazonaws.com'),
description: 'For Gitlab EC2 Runner Test Role',
roleName: 'TestRole',
});
const runner = new GitlabContainerRunner(stack, 'testing', {
gitlabtoken: 'glrt-GITLABTOKEN',
gitlabRunnerVersion: '15.10',
ec2iamrole: role,
});
runner.runnerRole.addManagedPolicy(
ManagedPolicy.fromAwsManagedPolicyName('AmazonS3ReadOnlyAccess'),
);
2020/08/22 , you can change you want ebs size.
import { GitlabContainerRunner } from 'cdk-gitlab-runner';
new GitlabContainerRunner(stack, 'testing', {
gitlabtoken: 'glrt-GITLABTOKEN',
gitlabRunnerVersion: '15.10',
ebsSize: 50,
});
2020/11/25 , you can set the number of runners.
import { GitlabRunnerAutoscaling } from 'cdk-gitlab-runner';
new GitlabRunnerAutoscaling(stack, 'testing', {
gitlabToken: 'glrt-GITLABTOKEN',
gitlabRunnerVersion: '15.10',
minCapacity: 2,
maxCapacity: 2,
});
2020/08/27 , you can use spotfleet instance be your gitlab runner, after create spotfleet instance will auto output instance id.
import { GitlabContainerRunner, BlockDuration } from 'cdk-gitlab-runner';
const runner = new GitlabContainerRunner(stack, 'testing', {
gitlabToken: 'glrt-GITLABTOKEN',
gitlabRunnerVersion: '15.10',
ec2type: 't3.large',
spotFleet: true,
});
// configure the expiration after 1 hours
runner.expireAfter(Duration.hours(1));
2020/11/19, you setting job runtime bind host volumes. see more https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersdocker-section
import { GitlabContainerRunner, BlockDuration } from 'cdk-gitlab-runner';
const runner = new GitlabContainerRunner(stack, 'testing', {
gitlabToken: 'glrt-GITLABTOKEN',
gitlabRunnerVersion: '15.10',
ec2type: 't3.large',
dockerVolumes: [
{
hostPath: '/tmp/cache',
containerPath: '/tmp/cache',
},
],
});
gitlab , runner , awscdk ,!!!!! Not Support Gitlab Runner after 15.10 and later
gitlab-ci.yamldockerjob:
image: docker:18.09-dind
variables:
tags:
- runner
- awscdk
- gitlab
variables:
DOCKER_TLS_CERTDIR: ""
before_script:
- docker info
script:
- docker info;
- echo 'test 123';
- echo 'hello world 1228'
In your runner region !!!
runner and click start sessionbash# become to root
sudo -i
# list runner container .
root# docker ps -a
# modify gitlab-runner/config.toml
root# cd /home/ec2-user/.gitlab-runner/ && ls
config.toml
FAQs
Use AWS CDK to create a gitlab runner, and use gitlab runner to help you execute your Gitlab pipeline job.
We found that cdk-gitlab-runner demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.