Use Azure's ACI as Gitlab runner
Description
We have a setup in which we use several banks of runners with different capabilities that run the pipelines for an ecosystem of several hundreds of micro services against gitlab.com. Those banks of runners are splitted between the ones that require Docker in Docker (DIND) to perform the operations they're assigned to and the ones that don't require this feature.
In our setup, we implement these capabilities splitting both at the level of hardware - what type of machine runs what stage of the pipeline - and image - what docker image is that certain machine using to perform that certain stage - that we mark conveniently with tags so that the pipeline definitions can assign those stages to the correct bank just by mentioning them appropriately.
At this moment, at the hardware side, we have Virtual Machines in Azure and containers running in Azure Kubernetes Service (AKS) that have the Gitlab Runner software installed. In the virtual machines, we run the Docker in Docker featured Gitlab runners and in AKS the non Docker in Docker featured runners since AKS doesn't support privileged mode.
In our experience, this setup is stable with gitlab.com and our strategy favors using managed services. As we understand, we can't really get rid of the virtual machines (yet) because we can't provide the Docker In Docker feature with any other managed service. However, what we see as strategic is using Azure Container Instances (ACI) being this a managed container service.
Proposal
Gitlab runner software is operative when using it on Azure Container Instances (ACI). Our expected flow would be that we could configure a stage on a gitlab pipeline that would run a certain container in ACI out of a Docker Image that contains the gitlab runner.
Links to related issues and merge requests / references
- Project attempting to achieve this functionality with custom executor
- This is not us but seems there's some attention to the topic
- Custom Executor documentation
- An article that we found interesting when reading up on Custom Executor