Hi I'm trying setup kubernetes based runners using https://community.atlassian.com/t5/Bitbucket-Pipelines-Runner/gh-p/bitbucket-runner-autoscaler-4k8s
I've successfully assigned AWS IAM service role to runner pod (both runner and docker containers) so I can see all the AWS specific env vars and may use aws cli if I jump intpo runner container OR docker container in the runner pod, how ever non of these variables are visible in the nested container (which is responsible for pipeline steps execution) when I'm running pipeline.
Is there any chance that I may proxy AWS config from runner pod to nested container in any way ?
@Marcos Sampaio regarding autoscaler - it does not seems to be supporting Arm runners so far. Fix is trivial but API spec for runners endpoint is not public. Is there any chance we may work on this ?
so to add arm64 we just need to add a proper label into the request.
but some how it can be done via the GUI but can't be done via API
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
when I'm trying to add "linux.arm64" label I have
Status code: 400. {"key": "agent-service.request.bad-request", "message": "Only one platform label must be provided.", "arguments": {}}
the reason is folloving default config
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Edmund Munday @Liam Nunns @Marcos Sampaio @Raul Gomis @Oleksandr Kyrdan @Igor Stoyanov
May be You have any ideas as a maintainers ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In this question I'm referring to the following AWS feature to https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi @vitalii.kostenko ,
Passing these variables to the build container is not possible at the moment.
However, not sure if it fits your use case but one thing that you could consider using is Bitbucket Pipelines OIDC feature:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Marcos Sampaio that's exactly answer to my question. I understand why such architecture was suggested by Atlassian but I don't think any SecOps engineer will approve adding a external OIDC which is not controlled by corporate IT. So it does not seems be good way for me to go.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.