Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Bitbucket self-hosted runner user

Svetlozar Petkov July 10, 2023

I looked over the internet, but I could not find the answer to this question.

What user does the bitbucket runner use when installed in a linux server ?

For example gitlab uses the gitlab-runner user in bitbucket how can you define which user the runner uses and is it possible to do so ? The question is for both docker and linux shell.

1 answer

1 accepted

1 vote
Answer accepted
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 11, 2023

Hello @Svetlozar Petkov and thank you for reaching out to the community!

  • For Linux docker runner :

    When installing docker in your machine, the docker daemon by default uses the root user. If you want to run docker daemon in rootless mode, you will need to install docker following the instructions of Run docker daemon as non-root user.

    As for the user inside the runner container, it's also using the root user as default.
  • For the Linux Shell runner : 

    The user that executed the runner start script. It will usually be the user of the terminal session where you executed the ./start.sh pre-defined script you received when creating the runner.

Thank you, @Svetlozar Petkov !
Patrik S

Svetlozar Petkov July 12, 2023

Thank you for the response. This cleared things up nicely!

iamnst October 6, 2024

Hi @Patrik S,

I have been exploring ways to run self-hosted Bitbucket runners without requiring privileged mode (privileged: true). Specifically, I attempted to use the docker:23.0-dind-rootless image in combination with the Bitbucket runner image (docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner) as an alternative to the docker:23.0.0-dind image. Unfortunately, this led to various errors. Additionally, I tested integrating the Kaniko image alongside the Bitbucket runner image, but encountered Java-related errors during the process.

Given this, I have the following questions:

  1. Is there a recommended approach to securely build container images in Bitbucket using self-hosted runners, without needing privileged mode enabled?
  2. Does Bitbucket officially support tools such as Kaniko or Podman to allow for daemonless builds, thus eliminating the requirement for Docker daemon root privileges?

I noticed that GitLab provides clear documentation on how to use Kaniko for secure, daemonless builds (e.g., GitLab Documentation on Kaniko), but I was unable to find similar resources within the Bitbucket community. Having detailed guidance on this topic would be extremely helpful for Bitbucket users as well.

I would greatly appreciate your guidance or any best practices for addressing this use case.

Thank you for your time and assistance.

iamnst October 6, 2024

This is the kubernetes yaml for my self hosted bitbucket runners

apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: stage-bitbucket-runner
name: stage-bitbucket-runner
spec:
replicas: 1
selector:
matchLabels:
app: stage-bitbucket-runner
template:
metadata:
labels:
app: stage-bitbucket-runner
spec:
serviceAccountName: bitbucket-runner-sa
containers:
- name: stage-bitbucket-runner
image: docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 4000m
memory: 4000Mi
ephemeral-storage: "8Gi"
requests:
cpu: 50m
memory: 100Mi
ephemeral-storage: "4Gi"
envFrom:
- secretRef:
name: stage-bitbucket-runner-repo-secret
env:
- name: OAUTH_CLIENT_ID
value:
- name: OAUTH_CLIENT_SECRET
value:
- name: WORKING_DIRECTORY
value: "/tmp"
volumeMounts:
- name: tmp
mountPath: /tmp
- name: docker-containers
mountPath: /var/lib/docker/containers
readOnly: true
- name: var-run
mountPath: /var/run

- name: docker-in-docker
image: docker:23.0-dind
resources:
limits:
cpu: 4000m
memory: 4000Mi
ephemeral-storage: 4Gi
requests:
cpu: 50m
memory: 100Mi
ephemeral-storage: 2Gi
securityContext:
privileged: true
volumeMounts:
- name: tmp
mountPath: /tmp
- name: docker-containers
mountPath: /var/lib/docker/containers
- name: var-run
mountPath: /var/run

volumes:
- name: tmp
- name: docker-containers
- name: var-run

 

 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events