Ability to specify multiple Subnets and SecurityGroups for Fargate executors
It would be great if we were able to specify Subnets and SecurityGroups for the Fargate executors. This would be very beneficial once we're able to override these parameters using Env Variables (after !35 (merged) is merged).
-
Subnets: As an example let's say that you have a VPC with 3 subnets: Subnet-A(16 IPs), Subnet-B(16 IPs) and Subnet-C(32 IPs) and you're sharing account/VPC with other developers. In the current setup (single Subnet - let's say Subnet-A) after gitlab-runner instance is instantiated you only have 15 IPs left. That means that if you & your team run 15 CI jobs in parallel that will exhaust the pool of available IPs. The 16th job would fail due to no IPs left. Therefore, the ability to pass multiple subnets would greatly reduce risk of running out of IPs for Fargate tasks as there would be 63 available IPs across all 3 subnets for Fargate task purposes.
-
SecurityGroups: Currently you can only pass one Security Group to the Fargate executor task. Allowing multiple security groups would allow adding additional security groups (up to 5 - AWS limit) to a Fargate task. Few examples: Let's say that you need particular CI job to be able to reach to an existing RDS instance? Or maybe to ssh into a running EC2 instance? Your dev team cannot create custom Security Groups and needs to use pre-defined SGs created by DevOps team. Etc...
MR related to this issue (!42 (closed)) will introduce breaking changes (singular -> plural) of Subnet
and SecurityGroup
parameters. Maintainers will have to take appropriate actions to notify users after the changes get merged.