-
Notifications
You must be signed in to change notification settings - Fork 343
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Private VPC cloud runners? #1472
Comments
I may be mistaken but I think I tried that initially and the github action never realized the machine was healthy/ready when it was on a private subnet.
I got:
and I had terraform logging set to DEBUG:
So it seems the github action is doing something to see if the runner is ready. |
Yes, it is doing something, and it does require being able to reach out the EC2 instance's SSH server. The quickest/hackiest workaround could be ignoring the exit code of |
First of all this is going to be a very "AWS focused" comment so apologies.
I was wondering if there were any plans to support private subnet runners or at least a way to specify an elastic IP.
My core issue is I want my runner to connect to our mlflow which is behind a security group that only allows certain IPs and security groups to access. I can't use complementary security groups (e.g. allow runner sg to connect to mlflow sg on port 443) because the runner ec2 is public.
I see
cml runner launch
uses terraform so if you can point me to the correct repo for the runner client and terraform generation code I could try to carry my own water.Ideally I'd like to see a "private vpc" runner mode and instead of needing to use SSH to connect to the runner we could use
aws ssm start-session
or some other callback or api to not require direct network access over the public internet from the github actions endpoints. Is there any reason for this direct network access besides the initial health check?The text was updated successfully, but these errors were encountered: