Azure Devops private build agent on Kubernetes - is it possible without mounting to docker socket?

9/12/2021

This is a guide for running a private build agent on docker.

https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/docker?view=azure-devops

And this is a sample yaml file. Line 37 is mounting to docker.sock, https://github.com/ghoshasish99/AzureDevOps-SelfHostedAgents-AKS/blob/main/ReplicationController.yml#L37

Unfortunately this won't work on Kubernetes as stated in the article:

Caution

Doing this has serious security implications. The code inside the container can now run as root on your Docker host.

So, how else do you run a private build agent on Kubernetes?

-- cfbd
azure-devops
docker
kubernetes

0 Answers