Deploying the Docker-based runner on Kubernetes

The following example Kubernetes object spec shows how the Bitbucket Pipelines Docker-based Linux Runner can be deployed to a Kubernetes instance.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 apiVersion: v1 kind: List items: - apiVersion: v1 kind: Secret metadata: name: runner-oauth-credentials # labels: # accountUuid: # Add your account uuid without curly braces to optionally allow finding the secret for an account # repositoryUuid: # Add your repository uuid without curly braces to optionally allow finding the secret for a repository # runnerUuid: # Add your runner uuid without curly braces to optionally allow finding the secret for a particular runner data: oauthClientId: # add your base64 encoded oauth client id here oauthClientSecret: # add your base64 encoded oauth client secret here - apiVersion: batch/v1 kind: Job metadata: name: runner spec: template: # metadata: # labels: # accountUuid: # Add your account uuid without curly braces to optionally allow finding the pods for an account # repositoryUuid: # Add your repository uuid without curly braces to optionally allow finding the pods for a repository # runnerUuid: # Add your runner uuid without curly braces to optionally allow finding the pods for a particular runner spec: containers: - name: runner image: docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner env: - name: ACCOUNT_UUID value: # Add your account uuid here - name: REPOSITORY_UUID value: # Add your repository uuid here - name: RUNNER_UUID value: # Add your runner uuid here - name: OAUTH_CLIENT_ID valueFrom: secretKeyRef: name: runner-oauth-credentials key: oauthClientId - name: OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: name: runner-oauth-credentials key: oauthClientSecret - name: WORKING_DIRECTORY value: "/tmp" volumeMounts: - name: tmp mountPath: /tmp - name: docker-containers mountPath: /var/lib/docker/containers readOnly: true # the runner only needs to read these files never write to them - name: var-run mountPath: /var/run - name: docker-in-docker image: docker:20.10.5-dind securityContext: privileged: true # required to allow docker in docker to run and assumes the namespace your applying this to has a pod security policy that allows privilege escalation volumeMounts: - name: tmp mountPath: /tmp - name: docker-containers mountPath: /var/lib/docker/containers - name: var-run mountPath: /var/run restartPolicy: OnFailure # this allows the runner to restart locally if it was to crash volumes: - name: tmp # required to share a working directory between docker in docker and the runner - name: docker-containers # required to share the containers directory between docker in docker and the runner - name: var-run # required to share the docker socket between docker in docker and the runner # backoffLimit: 6 # this is the default and means it will retry upto 6 times if it crashes before it considers itself a failure with an exponential backoff between # completions: 1 # this is the default the job should ideally never complete as the runner never shuts down successfully # parallelism: 1 # this is the default their should only be one instance of this particular runner

Still need help?

The Atlassian Community is here for you.