search

runabol / tork

A distributed workflow engine
https://tork.run
MIT License
509 stars 24 forks source link

Feature: Sandbox Mode (Experimental) #416

Closed runabol closed 2 weeks ago

runabol commented 2 weeks ago

This PR adds experimental support for "Sandbox Mode". What this means:

  1. When turned on (TORK_RUNTIME_DOCKER_SANDBOX=true) for a given worker, docker images will be automatically added a tork user.
  2. Tasks using volume mounts will automatically be granted permissions to these volumes.
  3. Use of this feature assumes the worker has access to the busybox:stable image (either locally or by means of a pull).
  4. Assuming the existence of the useradd/adduser binary on the image.