Deploying Sourcegraph executors on Kubernetes (docker-in-docker)
Kubernetes manifests are provided to deploy Sourcegraph Executors on a running Kubernetes cluster. If you are deploying Sourcegraph with helm, charts are available here.
Deployment
Executors on kubernetes machines require privileged access to a container runtime daemon in order to operate correctly. In order to ensure maximum capability across Kubernetes versions and container runtimes, a Docker in Docker sidecar is deployed with each executor pod to avoid accessing the host container runtime directly.
Step-by-step Guide
Ensure you have the following tools installed:
Deployment via Kustomize
Please refer to the Sourcegraph Kustomize docs for the latest instructions.
To include Executors dind, see configure Sourcegraph with Kustomize on how to specify the component.
Deployment via Helm
Please refer to the Sourcegraph Helm docs for the latest instructions.
To specifically deploy Executors,
-
Create an overrides file,
override.yaml
, with any other customizations you may require.- See details on configurations
- See here for a full list of executor environment variables
-
Run the following command:
helm upgrade --install --values ./override.yaml --version <your Sourcegraph Version> sg-executor sourcegraph/sourcegraph-executor-dind
-
Confirm executors are working by checking the Executors page under Site admin > Executors > Instances .
Note
Executors deployed in kubernetes do not use Firecracker, meaning they require privileged access to the docker daemon running in a sidecar alongside the executor pod.
If you have security concerns, consider deploying via terraform or installing the binary directly.