I looked over the internet, but I could not find the answer to this question.
What user does the bitbucket runner use when installed in a linux server ?
For example gitlab uses the gitlab-runner user in bitbucket how can you define which user the runner uses and is it possible to do so ? The question is for both docker and linux shell.
Hello @Svetlozar Petkov and thank you for reaching out to the community!
Thank you, @Svetlozar Petkov !
Patrik S
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Patrik S,
I have been exploring ways to run self-hosted Bitbucket runners without requiring privileged mode (privileged: true
). Specifically, I attempted to use the docker:23.0-dind-rootless
image in combination with the Bitbucket runner image (docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner
) as an alternative to the docker:23.0.0-dind
image. Unfortunately, this led to various errors. Additionally, I tested integrating the Kaniko image alongside the Bitbucket runner image, but encountered Java-related errors during the process.
Given this, I have the following questions:
I noticed that GitLab provides clear documentation on how to use Kaniko for secure, daemonless builds (e.g., GitLab Documentation on Kaniko), but I was unable to find similar resources within the Bitbucket community. Having detailed guidance on this topic would be extremely helpful for Bitbucket users as well.
I would greatly appreciate your guidance or any best practices for addressing this use case.
Thank you for your time and assistance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This is the kubernetes yaml for my self hosted bitbucket runners
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: stage-bitbucket-runner
name: stage-bitbucket-runner
spec:
replicas: 1
selector:
matchLabels:
app: stage-bitbucket-runner
template:
metadata:
labels:
app: stage-bitbucket-runner
spec:
serviceAccountName: bitbucket-runner-sa
containers:
- name: stage-bitbucket-runner
image: docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 4000m
memory: 4000Mi
ephemeral-storage: "8Gi"
requests:
cpu: 50m
memory: 100Mi
ephemeral-storage: "4Gi"
envFrom:
- secretRef:
name: stage-bitbucket-runner-repo-secret
env:
- name: OAUTH_CLIENT_ID
value:
- name: OAUTH_CLIENT_SECRET
value:
- name: WORKING_DIRECTORY
value: "/tmp"
volumeMounts:
- name: tmp
mountPath: /tmp
- name: docker-containers
mountPath: /var/lib/docker/containers
readOnly: true
- name: var-run
mountPath: /var/run
- name: docker-in-docker
image: docker:23.0-dind
resources:
limits:
cpu: 4000m
memory: 4000Mi
ephemeral-storage: 4Gi
requests:
cpu: 50m
memory: 100Mi
ephemeral-storage: 2Gi
securityContext:
privileged: true
volumeMounts:
- name: tmp
mountPath: /tmp
- name: docker-containers
mountPath: /var/lib/docker/containers
- name: var-run
mountPath: /var/run
volumes:
- name: tmp
- name: docker-containers
- name: var-run
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.