Container Runner in Privileged Mode
In some cases, you may wish to run your docker containers in a privileged environment. CircleCI Cloud does not offer this at this time, but you can do this with container runner. Please cast your vote to this feature request to see this in the cloud environment.
Values Setup
agent:
resourceClasses:
namespace/container-runner:
token: ${TOKEN}
spec:
containers:
- resources:
volumeMounts:
- name: docker-socket
mountPath: /var/run/docker.sock
securityContext:
privileged: true
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
type: Socket
Verifying Privileged Mode
You can run the following step within your job to verify the container is in privileged mode.
- run:
name: Privilege check
command: |
(ip link add dummy2 type dummy 2>&1 >/dev/null && echo "Running in privileged container" )|| (echo "Not in privileged container" )
You can also run the following Kubernetes command to verify.
kubectl get pod ${POD_NAME} -n <namespace> -o json | jq -r '.spec.containers[].securityContext.privileged'
Additional Resources
- https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
Comments
Article is closed for comments.