So I would like to bring this up. My use case is very simple: I need to provide a short-lived, low-privilege docker daemon into a pipeline. I want to be able to have full control how dockerd is started, so that build repos don’t have to be trusted (privileged).
@bradrydzewski I am going to have to ping you on this. I am open to ideas and happy to talk more about this. I will have some time that I could dedicate to this and help build it. Thanks in advance.
We are actively working on integrating a new runtime engine into the project. The runtime engine supports plugins, which means you can more easily customize the default behavior. The runtime engine will land in master before kubecon (Dec 6).
This is an example of a simple plugin that wraps the existing docker engine. You would implement the wrapEngine function to wrap the default engine and override behavior.
type engine struct {
engine.Engine
}
func wrapEngine(e engine.Engine) engine.Engine {
return &engine{e}
}
Setup(context.Context, *Config) error{
//
// execute custom code here that will create and start the
// docker container. You can also modify the pipeline config
// and individual step configuration if you need to tweek
// networking, volumes, etc.
//
return e.Engine.Setup(ctx, conf)
}
func (e *engine) Destroy(ctx context.Context, conf *Config) error {
//
// execute custom code here that will stop and remove the
// docker container
//
return e.Engine.Destroy(ctx, conf)
}
I assume you’re utilizing native go plugins for this?
Yep. You can actually try out the new runtime engine today, with custom plugins, from the command line. Check out the README at https://github.com/drone/drone-runtime
Anything I can help with - let me know
Thanks. I recommend subscribing to this issue where we will discuss progress and likely ask for help testing once we have something merged, which should be very soon.