The best SUDO strategy for agents
21 views
Skip to first unread message
Melting Turret
Aug 10, 2022, 1:05:25 PM8/10/22
to go-cd
Hi,
I would like to install some packages on the agent to support my tasks what is the best way to achieve this? The agents are running on a closed K8S installation so I am not worry too much about security.
Can this be done with the agent images available or would it be better to create my own giving the go user sudo privs?
apiVersion: v1
kind: Pod
metadata:
name: gocd-agent-{{ POD_POSTFIX }}
labels:
app: siab-agent
spec:
serviceAccountName: default
containers:
- name: gocd-agent-container-{{ CONTAINER_POSTFIX }}
image: gocd/gocd-agent-ubuntu-20.04:v22.1.0
securityContext:
privileged: true
kind: Pod
metadata:
name: gocd-agent-{{ POD_POSTFIX }}
labels:
app: siab-agent
spec:
serviceAccountName: default
containers:
- name: gocd-agent-container-{{ CONTAINER_POSTFIX }}
image: gocd/gocd-agent-ubuntu-20.04:v22.1.0
securityContext:
privileged: true
Cheers.
Paul
Jason Smyth
Aug 16, 2022, 11:25:41 AM8/16/22
to go-cd
Hi Paul,
Assuming you are using elastic agents then, unless the GoCD user already has the required privileges in the provided images then you will need to either use an init container to modify the image at launch time or build your own images.
Are you sure that providing sudo privileges is the way to go, though? Why not build custom images (possibly based on the GoCD-provided agent images) that already include the required packages instead of installing them at run time?
Cheers,
Jason Smyth
Reply all
Reply to author
Forward
0 new messages