rahul-FLS
rahul-FLS
> > Check: CKV_K8S_22: "Use read-only filesystem for containers where possible" > > Would this be a matter of adding the below to actions-runner-controller and runner pods spec? > >...
@mumoshu I could able to resolve it by mounting a /tmp folder to runner container and found it writing below stuff to it which I believe it was trying to...
@mumoshu emptyDir volume was already mounted to /runner but I was getting the error. I mounted additional emptyDir to /tmp and it worked. Next is to use Kaniko for container...
@mumoshu here is the modified RunnerDeployment.yaml(look at the highlighted bits) and I have already got **dockerEnabled: false** so no docker :) So I need Kaniko to be hooked up in...
Thanks @mumoshu it looks like kaniko doesn’t support copying over binaries to another container https://github.com/GoogleContainerTools/kaniko#known-issues
Would be good if controller could support build tools other than docker too which don’t need privilege access as its not advisable by security folks 😊