mirror of
https://github.com/actions/actions-runner-controller.git
synced 2025-12-10 19:50:30 +00:00
Add rootless DinD runner (#1644)
* add rootless dind images * add small blurb on rootless dind * Add ToC entry for README section
This commit is contained in:
Natalie Somersall
committed by
GitHub
GitHub
parent
bea0775bec
commit
37aa1a0b8c
@@ -31,6 +31,7 @@ ToC:
|
||||
- [Scheduled Overrides](#scheduled-overrides)
|
||||
- [Alternative Runners](#alternative-runners)
|
||||
- [Runner with DinD](#runner-with-dind)
|
||||
- [Runner with rootless DinD](#runner-with-rootless-dind)
|
||||
- [Runner with k8s jobs](#runner-with-k8s-jobs)
|
||||
- [Additional Tweaks](#additional-tweaks)
|
||||
- [Custom Volume mounts](#custom-volume-mounts)
|
||||
@@ -1163,6 +1164,10 @@ spec:
|
||||
env: []
|
||||
```
|
||||
|
||||
#### Runner with rootless DinD
|
||||
|
||||
When using the DinD runner, it assumes that the main runner is rootful, which can be problematic in a regulated or more security-conscious environment, such as co-tenanting across enterprise projects. The `actions-runner-dind-rootless` image runs rootless Docker inside the container as `runner` user. Note that this user does not have sudo access, so anything requiring admin privileges must be built into the runner's base image (like running `apt` to install additional software).
|
||||
|
||||
#### Runner with K8s Jobs
|
||||
|
||||
When using the default runner, jobs that use a container will run in docker. This necessitates privileged mode, either on the runner pod or the sidecar container
|
||||
|
||||
Reference in New Issue
Block a user