Levelling up your geek-fu
kubernetes gitlab note

Avoid deploying GitLab Runner application into Kubernetes (use helm instead)

by funkypenguin 1 min read

Iโ€™ve recently been reading Connecting GitLab with a Kubernetes cluster , and I noted the following:

GitLab Runners have the privileged mode enabled by default, which allows them to execute special commands and running Docker in Docker. This functionality is needed to run some of the Auto DevOps jobs. This implies the containers are running in privileged mode and you should, therefore, be aware of some important details.
The privileged flag gives all capabilities to the running container, which in turn can do almost everything that the host can do. Be aware of the inherent security risk associated with performing docker run operations on arbitrary images as they effectively have root access.
If you donโ€™t want to use GitLab Runner in privileged mode, first make sure that you donโ€™t have it installed via the applications, and then use the Runnerโ€™s Helm chart to install it manually.

If I ever end up deploying GitLab to Kubernetes, you can bet Iโ€™ll be avoiding privileged mode for my runners, unless I was building the containers myself from scratch!

The link has been copied!
Youโ€™ve successfully subscribed to ๐Ÿง‘โ€๐Ÿ’ป Funky Penguin
Welcome back! Youโ€™ve successfully signed in.
Great! Youโ€™ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.