Hello!
We are using ARC with 'containerMode: kubernetes' to avoid Docker in Docker for our self-hosted runners. Thank you for this project, it helps us a lot :)
In our environment we have a strict Open Policy Agent rule that requires that every container is run as non-root. For the runners itself we can configure a 'securityContext' with options like 'runAsUser' but for the workflow pods that are created by the k8s hook we are not able to configure such behaviour.
Therefore we are not able to use Docker images without an explicit USER statement.
We are not sure if this is the correct place to discuss this kind of extensions, maybe it's more ARC related?
Hello!
We are using ARC with 'containerMode: kubernetes' to avoid Docker in Docker for our self-hosted runners. Thank you for this project, it helps us a lot :)
In our environment we have a strict Open Policy Agent rule that requires that every container is run as non-root. For the runners itself we can configure a 'securityContext' with options like 'runAsUser' but for the workflow pods that are created by the k8s hook we are not able to configure such behaviour.
Therefore we are not able to use Docker images without an explicit USER statement.
We are not sure if this is the correct place to discuss this kind of extensions, maybe it's more ARC related?