Container Runner in Privileged Mode

In some cases, you may wish to run your docker containers in a privileged environment. CircleCI Cloud does not offer this at this time, but you can do this with container runner. Please cast your vote to this feature request to see this in the cloud environment.

Values Setup

agent:
  resourceClasses:
    namespace/container-runner:
     token: ${TOKEN}
     spec:
       containers:
        - resources:
          volumeMounts:
             - name: docker-socket
               mountPath: /var/run/docker.sock
          securityContext:
           privileged: true
       volumes:
         - name: docker-socket
           hostPath:
             path: /var/run/docker.sock
             type: Socket

Verifying Privileged Mode

You can run the following step within your job to verify the container is in privileged mode.

      - run:
          name: Privilege check
          command: |
            (ip link add dummy2 type dummy 2>&1 >/dev/null && echo "Running in privileged container" )|| (echo "Not in privileged container" )

You can also run the following Kubernetes command to verify.

kubectl get pod ${POD_NAME} -n <namespace> -o json | jq -r '.spec.containers[].securityContext.privileged'

Additional Resources

• https://kubernetes.io/docs/tasks/configure-pod-container/security-context/