-
|
The Role definition for Kubernetes Mode includes get & create for Is this necessary? We're looking to reduce the need for pod/exec where possible. Reading through the ADR 2023-04-11: Limit Permissions for Service Accounts in Actions-Runner-Controller doesn't really address the reasoning either. Reference: - apiGroups: [""]
resources: ["pods/exec"]
verbs: ["get", "create"] |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
ARC in kube mode works this way, it creates another workflow pod and uses kube exec API to run steps in this pod. As long as it is used this way it has to have them |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @GitBluub When the workflow pod gets created and it shares the persistent volume can it not share the actions/steps to be executed as well? |
Beta Was this translation helpful? Give feedback.
-
|
The runner pod is the one sending the logs to github, it uses kube exec to stream the logs from the workflow pod to github, you would need the runner process inside the workflow pod it you wanted to avoid kube exec this way. Even if you share the steps/actions to be executed in the volume, you will need a way to tell the pod to run them and to send the logs back to github |
Beta Was this translation helpful? Give feedback.
ARC in kube mode works this way, it creates another workflow pod and uses kube exec API to run steps in this pod. As long as it is used this way it has to have them