add --google-skip-firewall-create (!57) · Merge requests · GitLab.org / Ops Sub-Department / docker-machine

Sailaxman Kumar requested to merge sailaxman.kumar59/docker-machine:feat/google-driver-skip-fw into main Jun 20, 2021

⚠ ️NOTE THAT THIS FORK IS MAINTAINED FOR CRITICAL BUG FIXES AFFECTING RUNNING COSTS ONLY. NO OTHER CONTRIBUTIONS WILL BE ACCEPTED. ⚠️

What critical bug this MR is fixing?

roles/compute.securityAdmin is a highly privilege role in GCP and not widely available to teams that is would like to use a gitlab runner but not part of the security team in the organisation. However, by using pre-created firewall rules from security teams, we should be able to still deploy runner by skipping all firewall checks.

FW rule pre-created can be tag based to allow 22 and 2376 to tag docker-machine or to executor VM service account from runner instance service account

How does this change help reduce cost of usage? What scale of cost reduction is it?

None

In what scenarios is this change usable with GitLab Runner's docker+machine executor?

Enables docker+machine gitlab executor usage in enterprises and organisations that have IAM's segregated with best security practices

Edited Jun 20, 2021 by Sailaxman Kumar

Admin message

add --google-skip-firewall-create

What critical bug this MR is fixing?

How does this change help reduce cost of usage? What scale of cost reduction is it?

In what scenarios is this change usable with GitLab Runner's docker+machine executor?

Merge request reports