具有私有 IP 的 AWS Gitlab Autoscale runner,不想启用 Public IP

AWS Gitlab Autoscale runner with private IP, don't want to enable Public IP

在 AWS 中,使用私有 IP 的 Gitlab Autoscale runner,不想启用 Public IP。 目前我们的 Gitlab Autoscale runner 配置了 public IP,因此 Runner Hub 通过 autoscale runners 的 Public IP 连接。为此,我们在安全组中打开所有 TCP 端口。 为避免这种情况,是否可以停止使用 Public IP 并使用私有 IP 连接 Gitlab Hub 和自动缩放运行器?

concurrent = 100
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "aws-abc-runner-autoscale"
  limit = 110
  url = "https://git.abc-example.in/"
  token = "xxxxxxxxxxxx"
  executor = "docker+machine"
  environment = ["DOCKER_AUTH_CONFIG={ \"auths\": { \"docker.dev.abc.com\": { \"auth\": \"################################################\" }, \"silicon.docker.dev.abc.com\": { \"auth\": \"################################################\" }, \"cde.dev.abc.com\": { \"auth\": \"################################################\" }, \"abcde.azurecr.io\": { \"auth\": \"##########################################\" }, \"efghijk.azurecr.io\": { \"auth\": \"###################################################\" } } }"]
  [runners.custom_build_dir]
    enabled = true
  [runners.cache]
    Type = "s3"
    Shared = true
    [runners.cache.s3]
      ServerAddress = "ip-172-31-11-12.eu-central-1.compute.internal:9005"
      AccessKey = "xxxxxxxxxx"
      SecretKey = "xxxxxxxxxx"
      BucketName = "runner-autoscale"
      Insecure = true
  [runners.docker]
    tls_verify = false
    image = "docker:latest"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/var/run/docker.sock:/var/run/docker.sock"]
    shm_size = 0
  [runners.machine]
    IdleCount = 4
    IdleTime = 300
    MachineDriver = "amazonec2"
    MachineName = "abcdev-runners-%s"
    MachineOptions = ["amazonec2-ami=ami-08a1a615784dd1c82f", "amazonec2-region=eu-central-1", "amazonec2-zone=b", "amazonec2-vpc-id=vpc-0f458d68", "amazonec2-subnet-id=subnet-c23438b8", "amazonec2-instance-type=t3.xlarge", "amazonec2-root-size=250", "amazonec2-volume-type=gp2", "amazonec2-use-private-address=true"]
    OffPeakTimezone = ""
    OffPeakIdleCount = 0
    OffPeakIdleTime = 0

有人可以提供我们如何实现吗?

根据您的设置方式,您的跑步者不需要可以从您的 GitLab 实例进行网络访问,因此让他们拥有私有 IP 就像更改您在 [= 中设置的子网一样简单10=] 是一个不分配 public IP 的人。请注意,您的私有子网需要附加一个 NAT 网关才能访问您的 GitLab 实例,或者配置为使用 vpc 内部网络。