feat: allow specifying runtime class in runner spec (#580)

This allows using the `runtimeClassName` directive in the runner's spec. One of the use-cases for this is Kata Containers, which use `runtimeClassName` in a pod spec as an indicator that the pod should run inside a Kata container. This allows us a greater degree of pod isolation.
2025-12-11 12:06:57 +00:00 · 2021-06-03 18:56:43 -05:00
parent 30ab0c0b71
commit 7523ea44f1
10 changed files with 37 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -771,7 +771,7 @@ spec:
      # - https://cloud.google.com/container-registry/docs/pulling-cached-images
      dockerRegistryMirror: https://mirror.gcr.io/
      # false (default) = Docker support is provided by a sidecar container deployed in the runner pod.
-      # true = No docker sidecar container is deployed in the runner pod but docker can be used within teh runner container instead. The image summerwind/actions-runner-dind is used by default.
+      # true = No docker sidecar container is deployed in the runner pod but docker can be used within the runner container instead. The image summerwind/actions-runner-dind is used by default.
      dockerdWithinRunnerContainer: true
      # Docker sidecar container image tweaks examples below, only applicable if dockerdWithinRunnerContainer = false
      dockerdContainerResources:
@@ -805,6 +805,10 @@ spec:
      dockerVolumeMounts:
        - mountPath: /var/lib/docker
          name: docker-extra
+      # Optional name of the container runtime configuration that should be used for pods.
+      # This must match the name of a RuntimeClass resource available on the cluster.
+      # More info: https://kubernetes.io/docs/concepts/containers/runtime-class
+      runtimeClassName: "runc"
 ```

 ### Runner Labels