How does a linux shell gitlab-runner access servers behind a vpn?

Question

I've been experimenting with gitlab runners and noticed shell runners installed on linux systems sitting behind a VPNs can be accessed without any networking issues or regards to the firewall.

If I wanted to set up a kubernetes runner in the same environment, that involves adding a publicly accessible endpoint.

How does the gitlab runner get around my vpn and firewall when using the shell runner?

Note that my VPN/Firewall limits incoming traffic, but not outgoing. Is the gitlab-runner making requests out to github to get instructions on when to run pipelines?

Answer 1

Is the gitlab-runner making requests out to github to get instructions on when to run pipelines?

Yes, the runners initiate the connection, not the GitLab instance. That's why runners can be behind a firewall/VPN/whatever. As long as the runner can connect to GitLab instance it works.