Commit 510e9be4 authored by Tomasz Maczukin's avatar Tomasz Maczukin

Merge branch 'patch-2' into 'master'

docs(runners.cache.s3): explicit IAM instance profile usage

See merge request gitlab-org/gitlab-runner!1071
parents 54ee8e8c fe2671dd
......@@ -517,6 +517,20 @@ With GitLab Runner 11.3.0, the configuration parameters related to S3 were moved
The old format of the configuration with S3 configured directly in `[runners.cache]` section is still supported,
but is deprecated with GitLab Runner 11.3.0. **This support will be removed in GitLab Runner 12.0.0**.
NOTE: **Note:**
The cache mechanism uses pre-signed URLs to upload and download cache. URLs are being signed by GitLab Runner on its **own instance**.
No matter if the job's script - so also the cache upload/download script - are being executed on local or external
machines (e.g. `shell` or `docker` executors are running their scripts on the same
machine where GitLab Runner process is running, while `virtualbox` or `docker+machine`
connects to a separate VM to execute the script). This is done for security reasons:
minimizing the possibility of leaking the cache adapter's credentials.
NOTE: **Note:**
Previous note implies [S3 cache adapter](#the-runnerscaches3-section), if configured to use
IAM instance profile, will use the profile attached with GitLab Runner's machine.
Similarly for [GCS cache adapter](#the-runnerscachegcs-section), if configured to
use the `CredentialsFile`, the file needs to be present on GitLab Runner's machine.
Bellow is a table containing a summary of `config.toml`, cli options and ENV variables deprecations:
| Setting | TOML field | CLI option for `register` | ENV for `register` | deprecated TOML field | deprecated CLI option | deprecated ENV |
......@@ -535,7 +549,6 @@ Bellow is a table containing a summary of `config.toml`, cli options and ENV var
| GCS.CredentialsFile | `[runners.cache.gcs] -> CredentialsFile` | `--cache-gcs-credentials-file` | `$GOOGLE_APPLICATION_CREDENTIALS` | | | |
| GCS.BucketName | `[runners.cache.gcs] -> BucketName` | `--cache-gcs-bucket-name` | `$CACHE_GCS_BUCKET_NAME` | | | |
### The `[runners.cache.s3]` section
NOTE: **Note:**
......@@ -575,7 +588,7 @@ get bucket metadata and modify the URL to point to the valid region (eg. `s3-eu-
NOTE: **Note:**
If any of `ServerAddress`, `AccessKey` or `SecretKey` aren't specified, then the S3 client will use the
IAM instance profile available to the instance.
IAM instance profile available to the `gitlab-runner` instance.
### The `[runners.cache.gcs]` section
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment