act_runner/examples/kubernetes/README.md

## Kubernetes Docker in Docker Deployment with `act_runner`

NOTE: Docker in Docker (dind) requires elevated privileges on Kubernetes. The current way to achieve this is to set the pod `SecurityContext` to `privileged`. Keep in mind that this is a potential security issue that has the potential for a malicious application to break out of the container context.

Files in this directory:

- [`dind-docker.yaml`](dind-docker.yaml)
  How to create a Deployment and Persistent Volume for Kubernetes to act as a runner. The Docker credentials are re-generated each time the pod connects and does not need to be persisted.

- [`rootless-docker.yaml`](rootless-docker.yaml)
  How to create a rootless Deployment and Persistent Volume for Kubernetes to act as a runner. The Docker credentials are re-generated each time the pod connects and does not need to be persisted.
Documentation enhancements (#207) This PR addresses the issue listed in issue #170 regarding how to set up rootless Docker. It also expands on the documentation to show how to create deployments for different environments. Co-authored-by: ccureau <ccureau@noreply.gitea.io> Reviewed-on: https://gitea.com/gitea/act_runner/pulls/207 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: Chris Cureau <cmcureau@gmail.com> Co-committed-by: Chris Cureau <cmcureau@gmail.com> 2023-06-05 10:46:15 +02:00			## Kubernetes Docker in Docker Deployment with `act_runner`

			NOTE: Docker in Docker (dind) requires elevated privileges on Kubernetes. The current way to achieve this is to set the pod `SecurityContext` to `privileged`. Keep in mind that this is a potential security issue that has the potential for a malicious application to break out of the container context.

			`Files in this directory:`

			- [`dind-docker.yaml`](dind-docker.yaml)
			`How to create a Deployment and Persistent Volume for Kubernetes to act as a runner. The Docker credentials are re-generated each time the pod connects and does not need to be persisted.`
implement act_runner rootless image (#208) This PR creates a rootless Docker image that runs both `dockerd` and `act_runner` using `supervisord`. It has been tested locally for a few days and seems stable. Co-authored-by: ccureau <ccureau@noreply.gitea.io> Reviewed-on: https://gitea.com/gitea/act_runner/pulls/208 Reviewed-by: Jason Song <i@wolfogre.com> Co-authored-by: ccureau <ccureau@noreply.gitea.com> Co-committed-by: ccureau <ccureau@noreply.gitea.com> 2023-06-12 08:35:27 +02:00
			- [`rootless-docker.yaml`](rootless-docker.yaml)
			`How to create a rootless Deployment and Persistent Volume for Kubernetes to act as a runner. The Docker credentials are re-generated each time the pod connects and does not need to be persisted.`