mumoshu
commented
2 years ago Try sysbox!
https://github.com/actions-runner-controller/actions-runner-controller/discussions/977
actions/runner runs containers by calling the docker command for various things, like creating docker networks and containers for service containers, steps, and docker-based actions.
So we need to use either dind or /var/run/docker.sock mount to give the runner pod access to the host dockerd. I don't think the latter is more secure than the former so the only supported option is dind today.
You'd better raise a feature request to GitHub, so that e.g. actions/runner could speak K8s API for containers required to execute workflow jobs.
The current SummerWind image used for this actions runner controller leverages "Docker DIND" (docker in docker) for dependency management. There do not appear to be other options made available in repository to remediate this concern. Would it be possible for an alternative option to also be created in this repository for organizations with concerns regarding root permission proliferation?
https://github.com/actions-runner-controller/actions-runner-controller/blob/master/charts/actions-runner-controller/values.yaml#L57