mirror/act_runner
1
0
Fork 0
mirror of https://gitea.com/gitea/act_runner.git synced 2024-11-06 02:37:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
91bfe4c186
act_runner/examples/kubernetes
History
Andrew Imeson 990db1bfc0 Fix k8s rootless Docker filesystem permissions (#366) 
Without this the deployment fails because the runner can't write to
/data/

Credit to @ccureau for identifying the fix

Relates to: gitea/act_runner#264

Reviewed-on: https://gitea.com/gitea/act_runner/pulls/366
Reviewed-by: techknowlogick <techknowlogick@noreply.gitea.com>
Co-authored-by: Andrew Imeson <andrew@andrewimeson.com>
Co-committed-by: Andrew Imeson <andrew@andrewimeson.com>
2023-10-02 15:12:14 +00:00
..
dind-docker.yaml Documentation enhancements (#207) 2023-06-05 08:46:15 +00:00
README.md implement act_runner rootless image (#208) 2023-06-12 06:35:27 +00:00
rootless-docker.yaml Fix k8s rootless Docker filesystem permissions (#366) 2023-10-02 15:12:14 +00:00

README.md

Kubernetes Docker in Docker Deployment with act_runner

NOTE: Docker in Docker (dind) requires elevated privileges on Kubernetes. The current way to achieve this is to set the pod SecurityContext to privileged. Keep in mind that this is a potential security issue that has the potential for a malicious application to break out of the container context.

Files in this directory:

  • dind-docker.yaml How to create a Deployment and Persistent Volume for Kubernetes to act as a runner. The Docker credentials are re-generated each time the pod connects and does not need to be persisted.

  • rootless-docker.yaml How to create a rootless Deployment and Persistent Volume for Kubernetes to act as a runner. The Docker credentials are re-generated each time the pod connects and does not need to be persisted.