actions/actions-runner-controller
1
0
Fork 0
mirror of https://github.com/actions/actions-runner-controller.git synced 2025-12-12 20:46:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Do not explicitly set Privileged to false. (#2009)

Browse Source 
Setting SecurityContext.Privileged bit to false, which is default,
prevents GKE from admitting Windows pods.  Privileged bit is not
supported on Windows.
This commit is contained in:
Igor Sarkisov
2022-11-14 18:29:37 -08:00
committed by GitHub
parent 40eec3c783
commit 8f374d561f
2 changed files with 8 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
controllers/runner_controller.go
View File

@@ -849,10 +849,6 @@ func newRunnerPodWithContainerMode(containerMode string, template corev1.Pod, ru
runnerContainerIndex = -1
runnerContainer = &corev1.Container{
Name: containerName,
SecurityContext: &corev1.SecurityContext{
// Runner need to run privileged if it contains DinD
Privileged: &dockerdInRunnerPrivileged,
},
}
}
@@ -887,8 +883,10 @@ func newRunnerPodWithContainerMode(containerMode string, template corev1.Pod, ru
runnerContainer.SecurityContext = &corev1.SecurityContext{}
}
if runnerContainer.SecurityContext.Privileged == nil {
// Runner need to run privileged if it contains DinD
// Runner need to run privileged if it contains DinD.
// Do not explicitly set SecurityContext.Privileged to false which is default,
// otherwise Windows pods don't get admitted on GKE.
if dockerdInRunnerPrivileged {
runnerContainer.SecurityContext.Privileged = &dockerdInRunnerPrivileged
}