Setting Up CI/CD Pipelines with GitLab Runner on Bare Metal

Why Run GitLab Runner on Bare Metal?

Continuous Integration and Continuous Deployment (CI/CD) pipelines are the backbone of modern software delivery. While cloud-hosted runners are convenient, running GitLab Runner on a dedicated server provides predictable performance, lower costs at scale, and full control over your build environment.

With BRHOSTING.COM dedicated servers starting at $158/month, you get AMD EPYC processors with high core counts that excel at parallel CI/CD workloads. A single EPYC 9354P with 32 cores can handle dozens of concurrent build jobs without performance degradation.

Installing GitLab Runner

Add the Official Repository

curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo bash
sudo apt install gitlab-runner -y

Register the Runner

sudo gitlab-runner register   --url https://gitlab.com/   --registration-token YOUR_TOKEN   --executor docker   --docker-image alpine:latest   --description "bare-metal-runner"   --tag-list "bare-metal,docker,production"

Configuring Docker Executor for Performance

Edit /etc/gitlab-runner/config.toml:

concurrent = 16
check_interval = 3

[[runners]]
  name = "bare-metal-runner"
  executor = "docker"
  [runners.docker]
    image = "alpine:latest"
    privileged = false
    volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]
    shm_size = 536870912
    cpus = "4"
    memory = "8g"

Setting concurrent = 16 allows up to 16 parallel jobs. On an EPYC 9354P with 32 cores, allocating 4 CPUs per job leaves headroom for the host system.

Shared Cache with S3-Compatible Storage

[runners.cache]
  Type = "s3"
  Shared = true
  [runners.cache.s3]
    ServerAddress = "minio.internal:9000"
    AccessKey = "runner-cache"
    SecretKey = "your-secret-key"
    BucketName = "gitlab-cache"
    Insecure = false

Optimizing Build Performance

Docker Layer Caching

Enable Docker BuildKit and layer caching in your .gitlab-ci.yml:

variables:
  DOCKER_BUILDKIT: 1
  BUILDKIT_PROGRESS: plain

build:
  stage: build
  script:
    - docker build --cache-from $CI_REGISTRY_IMAGE:latest
      --build-arg BUILDKIT_INLINE_CACHE=1
      -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .

Dependency Caching

cache:
  key:
    files:
      - package-lock.json
  paths:
    - node_modules/
    - .npm/

Monitoring Runner Health

GitLab Runner exposes a Prometheus metrics endpoint. Add to your monitoring stack:

listen_address = "0.0.0.0:9252"

Key metrics to watch include gitlab_runner_jobs (active jobs), gitlab_runner_errors_total (failed jobs), and process_resident_memory_bytes (memory usage).

Security Hardening

Never enable privileged = true unless absolutely necessary for Docker-in-Docker builds
Use separate runners for production deployments with restricted tags
Rotate registration tokens regularly
Limit network access from build containers using Docker network policies
Run GitLab Runner as a non-root service account

Conclusion

Running GitLab Runner on a BRHOSTING.COM dedicated server gives you enterprise-grade CI/CD performance without cloud egress costs. With servers available in Frankfurt, St. Louis, and Singapore, you can place your runners close to your development teams for minimal latency.

为什么在裸金属服务器上运行 GitLab Runner？

持续集成和持续部署（CI/CD）流水线是现代软件交付的支柱。虽然云托管的 Runner 很方便，但在独立服务器上运行 GitLab Runner 可以提供可预测的性能、大规模使用时更低的成本以及对构建环境的完全控制。

BRHOSTING.COM 从 $158/月起的独立服务器配备高核心数的 AMD EPYC 处理器，非常适合并行 CI/CD 工作负载。单个 EPYC 9354P 拥有 32 核心，可以在不影响性能的情况下处理数十个并发构建任务。

安装 GitLab Runner

添加官方仓库

curl -L "https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh" | sudo bash
sudo apt install gitlab-runner -y

注册 Runner

sudo gitlab-runner register   --url https://gitlab.com/   --registration-token YOUR_TOKEN   --executor docker   --docker-image alpine:latest   --description "bare-metal-runner"   --tag-list "bare-metal,docker,production"

配置 Docker 执行器以提高性能

编辑 /etc/gitlab-runner/config.toml：

concurrent = 16
check_interval = 3

[[runners]]
  name = "bare-metal-runner"
  executor = "docker"
  [runners.docker]
    image = "alpine:latest"
    privileged = false
    volumes = ["/cache", "/var/run/docker.sock:/var/run/docker.sock"]
    shm_size = 536870912
    cpus = "4"
    memory = "8g"

设置 concurrent = 16 允许最多 16 个并行任务。在拥有 32 核的 EPYC 9354P 上，每个任务分配 4 个 CPU，为主机系统留出余量。

使用 S3 兼容存储的共享缓存

[runners.cache]
  Type = "s3"
  Shared = true
  [runners.cache.s3]
    ServerAddress = "minio.internal:9000"
    AccessKey = "runner-cache"
    SecretKey = "your-secret-key"
    BucketName = "gitlab-cache"
    Insecure = false

优化构建性能

Docker 层缓存

在 .gitlab-ci.yml 中启用 Docker BuildKit 和层缓存：

variables:
  DOCKER_BUILDKIT: 1
  BUILDKIT_PROGRESS: plain

build:
  stage: build
  script:
    - docker build --cache-from $CI_REGISTRY_IMAGE:latest
      --build-arg BUILDKIT_INLINE_CACHE=1
      -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .

依赖缓存

cache:
  key:
    files:
      - package-lock.json
  paths:
    - node_modules/
    - .npm/

监控 Runner 健康状况

GitLab Runner 提供 Prometheus 指标端点。添加到您的监控栈中：

listen_address = "0.0.0.0:9252"

需要关注的关键指标包括 gitlab_runner_jobs（活动任务）、gitlab_runner_errors_total（失败任务）和 process_resident_memory_bytes（内存使用）。

安全加固

除非 Docker-in-Docker 构建绝对需要，否则不要启用 privileged = true
使用带有受限标签的独立 Runner 用于生产部署
定期轮换注册令牌
使用 Docker 网络策略限制构建容器的网络访问
以非 root 服务账户运行 GitLab Runner

总结

在 BRHOSTING.COM 独立服务器上运行 GitLab Runner 可以为您提供企业级 CI/CD 性能，而无需承担云出口费用。服务器分布在法兰克福、圣路易斯和新加坡，您可以将 Runner 部署在离开发团队最近的位置，实现最低延迟。

Setting Up CI/CD Pipelines with GitLab Runner on Bare Metal在裸金属服务器上配置 GitLab Runner CI/CD 流水线