How to run Container Runner in Privileged Mode

Container Runner in Privileged Mode

In some cases, you may wish to run your docker containers in a privileged environment. CircleCI Cloud does not offer this at this time, but you can do this with container runner. Please cast your vote to this feature request to see this in the cloud environment.

 

Values Setup

agent:
resourceClasses:
namespace/container-runner:
token: ${TOKEN}
spec:
containers:
- resources:
volumeMounts:
- name: docker-socket
mountPath: /var/run/docker.sock
securityContext:
privileged: true
volumes:
- name: docker-socket
hostPath:
path: /var/run/docker.sock
type: Socket

 

Verifying Privileged Mode

You can run the following step within your job to verify the container is in privileged mode.

      - run:
          name: Privilege check
          command: |
            (ip link add dummy2 type dummy 2>&1 >/dev/null && echo "Running in privileged container" )|| (echo "Not in privileged container" )

You can also run the following Kubernetes command to verify.

kubectl get pod ${POD_NAME} -n <namespace> -o json | jq -r '.spec.containers[].securityContext.privileged'

 

Additional Resources

  • https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.