Automated Infrastructure for GitLab Runner Orchestration on Amazon EC2

Published by TechMarmot Editorail Staff on | Category GitLab CI

The paradigm of modern software development relies heavily on the efficiency of Continuous Integration and Continuous Delivery (CI/CD) pipelines. In the GitLab ecosystem, this process is bifurcated into two fundamental pillars: the .gitlab-ci.yml file, which serves as the declarative blueprint for pipeline jobs, and the GitLab Runner, the specialized application responsible for the physical execution of those jobs. For enterprise-scale organizations managing hundreds of pipelines across diverse environments, the manual provisioning of runner infrastructure is not merely inefficient; it is a bottleneck that introduces inconsistency and operational fragility. To mitigate these risks, advanced DevOps methodologies leverage Infrastructure-as-Code (IaC) to automate the deployment, scaling, and management of GitLab Runner fleets on Amazon EC2. By utilizing IaC, engineers can ensure that every runner deployment is repeatable, consistent, and subject to version control, thereby transforming runner management from a manual task into a codified, scalable service.

Architectural Foundations of GitLab CI/CD

To understand the deployment of a GitLab Runner, one must first grasp the relationship between the orchestration layer and the execution layer. The GitLab CI/CD pipeline is the engine of automation, but the Runner is the fuel that drives the work.

The primary components of the Runner architecture include:

  • The GitLab Runner application: A lightweight agent that communicates with the GitLab instance to receive job instructions and report results.
  • The Executor: The specific environment where the job is executed, such as a Docker container, a Shell, or a Virtual Machine. In high-scale automated environments, the Docker executor is frequently preferred for its isolation properties.
  • The Infrastructure: The underlying compute resources, such as Amazon EC2 instances, which provide the CPU, memory, and network bandwidth necessary to run the jobs.

The complexity of managing these components manually is significant. It requires provisioning the compute instances, installing the specific Runner software, configuring the necessary permissions, and ensuring the Runner is properly registered with the GitLab server. Automating this lifecycle through Amazon EC2 and CloudFormation allows for the implementation of guardrails and best practices, ensuring that the runner environment remains secure and standardized across all deployment targets.

Prerequisites for Automated Deployment

Before initiating the deployment of the GitLab Runner stack via CloudFormation, a specific set of environmental requirements and tools must be established. Failure to meet these prerequisites will result in deployment failures or incomplete runner registration.

The necessary technical prerequisites are categorized below:

GitLab Account and Registry Requirements

  • GitLab Account: Access is required for any tier, including GitLab Free self-managed, GitLab Free SaaS, or any higher-tier enterprise license. This demonstration assumes the use of the gitlab.com free tier.
  • GitLab Container Registry: Essential for hosting the Docker executor images used by the runners to execute jobs.

Local Development Environment

  • Git Client: A local installation of Git is required to clone the source code and manage configuration files.
  • AWS CLI: The latest version of the Amazon Web Services Command Line Interface must be installed and functional.
  • AWS Credentials: Local credentials must be properly configured, typically residing within the ~/.aws/credentials file, to allow the CLI to interact with the AWS account.
  • Docker: A local Docker engine must be installed and running on the host machine (laptop or workstation) to build the executor images.
  • Node.js and npm: These environments are required for local build processes and dependency management during the image construction phase.

AWS Infrastructure Requirements

  • VPC Configuration: A Virtual Private Cloud (VPC) must be pre-configured with at least two private subnets. These subnets must have connectivity to the internet via a NAT Gateway to allow outbound traffic for downloading dependencies and communicating with GitLab.
  • IAM Permissions: The AWSServiceRoleForAutoScaling service-linked role must be present in the AWS account to allow the Auto Scaling service to manage EC2 instances.
  • Amazon S3: An S3 bucket must be provisioned to store Lambda deployment packages used during the automated processes.

The GitLab Runner Infrastructure Framework

The deployment strategy utilizes a specific set of files to define and execute the infrastructure. This approach separates the high-level architectural definition from the environment-specific configurations.

The core components of the automation framework are:

  • gitlab-runner.yaml: This is the CloudFormation template that defines the entire infrastructure stack, including the EC2 instances, Auto Scaling groups, IAM roles, and networking components.
  • sample-runner.properties: This configuration file contains the specific parameters required to populate the CloudFormation template. It acts as the interface for the user to define environment-specific values.
  • Launch Template: A resource created by the CloudFormation stack that uses the values defined in the properties file to define the configuration of the EC2 instances.
  • cfn-init helper script: A specialized script utilized during the EC2 provisioning process to execute a series of commands that install the GitLab Runner software and configure its environment on the instance.

By utilizing this structure, an organization can deploy the same architecture to multiple environments (e.g., Development, Staging, Production) simply by creating different properties files. This ensures that the runner environment in Production is an exact replica of the environment tested in Staging.

Step-by-Step Deployment Procedure

The deployment process follows a rigorous sequence: building the executor image, configuring the parameters, and executing the CloudFormation deployment.

Phase 1: Building the Docker Executor Image

Because the solution utilizes a Docker executor, a custom image must be constructed. This image contains the GitLab Runner binary and the necessary Docker dependencies.

  1. Clone the source code repository containing the deployment scripts.
  2. Execute the build commands to create the Docker executor image.
  3. Push the resulting image to the GitLab Container Registry.

Phase 2: Configuration and Parameterization

Before the stack can be launched, the user must align the properties file with their specific GitLab and AWS environment.

  • Obtain Registration Tokens: Navigate to the GitLab project, select Settings, then CI/CD, and expand the Runners section to find the unique registration token.
  • Update Properties File: Modify the sample-runner.properties file. Users can rename this file or create multiple versions (e.g., prod-runner.properties, dev-runner.properties) to manage different environments.
  • Reference the Template: Users should consult gitlab-runner.yaml to understand which parameters are available for modification within the properties file.

Phase 3: Executing the Deployment

Once the configuration is prepared, the deployment is triggered via a shell script.

The command syntax for the deployment script is as follows:

bash ./deploy-runner.sh <properties-file> <region> <aws-profile> <stack-name>

Where:
- <properties-file> is the name of the updated properties file.
- <region> is the AWS region for deployment.
- <aws-profile> is the local AWS CLI profile name.
- <stack-name> is the identifier for the CloudFormation stack.

After a successful deployment, the GitLab Runner autoscaling group will appear in the Amazon EC2 console. To verify the status, users should check the GitLab project under Settings > CI/CD > Runners. A green circle next to the runner indicates it is fully configured and ready to accept jobs.

Advanced Management and Lifecycle Operations

A robust CI/CD infrastructure is not static; it requires continuous updates, scaling, and eventual decommissioning.

Updating the GitLab Runner Fleet

Modifications to the runner environment, such as changing the instance type or updating the Amazon Machine Image (AMI), are handled through the existing IaC pipeline.

  • Changing Instance Type: To change the compute capacity, the InstanceType parameter in the properties file is updated (e.g., InstanceType=t2.medium).
  • Updating Disk Space: If a runner encounters disk space issues, the VolumeSize parameter can be adjusted.
  • Updating the AMI: When a new, patched AMI becomes available, the AMI ID can be updated in the configuration.

To apply these changes, the user simply runs the deployment script again. The stack utilizes an AutoscalingRollingUpdate policy. This policy ensures that when the launch template changes, CloudFormation replaces instances in batches of MaxBatchSize while maintaining a minimum number of instances (MinInstanceInService) to ensure job continuity.

Update Type Parameter to Modify Impact on Infrastructure
Compute Capacity InstanceType Triggers a rolling update; instances are replaced.
Storage Capacity VolumeSize Triggers a replacement of the EC2 instance.
Software/OS Version AMI ID Triggers a rolling replacement with the new image.

Scaling and Capacity Management

One of the primary advantages of this architecture is the ability to autoscale based on workload. By leveraging Amazon EC2 Auto Scaling, the number of active runners can expand during peak development hours and contract during idle periods, optimizing cost-efficiency.

Termination and Cleanup

To prevent unnecessary AWS charges, the entire runner architecture must be decommissioned properly. This is achieved by deleting the CloudFormation stack. Deleting the stack ensures that all associated resources—EC2 instances, Auto Scaling groups, and other provisioned components—are terminated gracefully.

Troubleshooting and Observability

During the provisioning process, errors may occur, particularly during the cfn-init phase where software is installed on the EC2 instances.

If the runner does not appear as "Ready" in GitLab, users should perform the following:

  • Connect to the EC2 instance via SSH or Session Manager.
  • Inspect the CloudFormation initialization logs located at /var/log/cfn-*.log.
  • Verify the network connectivity from the instance to the GitLab instance.

Analysis of the Automated Runner Lifecycle

The transition from manual runner management to an automated, IaC-driven approach represents a significant maturity leap in DevOps engineering. By decoupling the runner configuration (properties files) from the infrastructure definition (CloudFormation) and the execution environment (Docker), this architecture solves the three core challenges of CI/CD scaling: consistency, speed, and cost-control.

The use of the AutoscalingRollingUpdate policy is a critical component for high-availability environments. It demonstrates how IaC can manage the "state" of a fleet, ensuring that updates do not cause service interruptions. Furthermore, the integration of Git for versioning the configuration files creates a "GitOps" workflow for the runner infrastructure itself, allowing teams to audit changes, roll back to previous configurations, and enforce security guardrails through code reviews. Ultimately, this methodology transforms the GitLab Runner from a collection of disparate servers into a unified, elastic, and highly manageable service capable of supporting the most demanding enterprise software lifecycles.

Sources

  1. Deploy and Manage Gitlab Runners on Amazon EC2
  2. Get started with GitLab Runner

Related Posts