From ec3e7de701d8e9cd6d9d623068cde3fd79a31948 Mon Sep 17 00:00:00 2001 From: Moto Ishizawa Date: Thu, 30 Jan 2020 23:52:40 +0900 Subject: [PATCH] Add docker container to a runner pod --- controllers/runner_controller.go | 41 +++++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 3 deletions(-) diff --git a/controllers/runner_controller.go b/controllers/runner_controller.go index 3eced055..f7ae154d 100644 --- a/controllers/runner_controller.go +++ b/controllers/runner_controller.go @@ -172,6 +172,11 @@ func (r *RunnerReconciler) getRegistrationToken(ctx context.Context, repo string } func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) { + var ( + privileged bool = true + group int64 = 0 + ) + image := runner.Spec.Image if image == "" { image = defaultImage @@ -190,19 +195,49 @@ func (r *RunnerReconciler) newPod(runner v1alpha1.Runner) (corev1.Pod, error) { Image: image, ImagePullPolicy: "Always", Env: []corev1.EnvVar{ - corev1.EnvVar{ + { Name: "RUNNER_NAME", Value: runner.Name, }, - corev1.EnvVar{ + { Name: "RUNNER_REPO", Value: runner.Spec.Repository, }, - corev1.EnvVar{ + { Name: "RUNNER_TOKEN", Value: runner.Status.Registration.Token, }, }, + VolumeMounts: []corev1.VolumeMount{ + { + Name: "docker", + MountPath: "/var/run", + }, + }, + SecurityContext: &corev1.SecurityContext{ + RunAsGroup: &group, + }, + }, + { + Name: "docker", + Image: "docker:19.03.5-dind", + VolumeMounts: []corev1.VolumeMount{ + { + Name: "docker", + MountPath: "/var/run", + }, + }, + SecurityContext: &corev1.SecurityContext{ + Privileged: &privileged, + }, + }, + }, + Volumes: []corev1.Volume{ + corev1.Volume{ + Name: "docker", + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, }, }, },