A HelmChart to provide a secure rootless remote dind service for other deployments.
The following example demonstrates how a gitlab-runner can access the secure-remote-dind service via mTLS certificate authorization which is provided by the cert-manager CSI Driver. Furthermore the gitlab-runner-jobs are configured to use minio-s3 as cache.
See the examples directory for the demo deployment.
We needed to have rootless docker-in-docker support for our CI/CD pipelines without giving privileged access to the runner pods.
- Create a ClusterIssuer with a CertificateRequestPolicy to allow multiple namespaces to authorize against the dind service.
- Remove PSPs.
- Metrics export for the dind service.
- Health endpoint for the dind service.