Introduction
Some of our customers don’t like the Harness Delegate to run as root. Due to their company restrictions and security requirements, they would like to have a functional delegate that can perform the same tasks as a root delegate. Today we can install a Delegate as Non - root and still run Delegate Profiles with them.
Solution
Harness does provide a non-root version of the delegate. In the Delegate YAML, they need to change the tag from the latest to non-root.
The team can still leverage delegate profiles, however they cannot run commands that have to be root.
For CLIs like AWS or Terraform to be installed on Non-Root Delegates,
- The developer team should be able to install Terraform or AWS CLI by using curl to a folder in the Home Directory.
- They then should move the executable to the bin folder in the Home Directory.
- The developer team has modified the Delegate yaml to add the bin directory in the Home Directory to the PATH variable, the executables should be picked up.
In the Delegate YAML change this:
spec:
containers:
- image: harness/delegate:latest <-- This Guy
imagePullPolicy: Always
name: harness-delegate-instance
to this:
spec:
containers:
- image: harness/delegate:non-root
imagePullPolicy: Always
name: harness-delegate-instance
To add the bin directory to the path:
export PATH="$HOME/bin:$PATH"
I hope this helps teams get started with their delegate installation architecture! Till next time my fellow canaries 