Deploying Sourcegraph executors on Kubernetes (docker-in-docker)

Kubernetes manifests are provided to deploy Sourcegraph Executors on a running Kubernetes cluster. If you are deploying Sourcegraph with helm, charts are available here.

Deployment

Executors on kubernetes machines require privileged access to a container runtime daemon in order to operate correctly. In order to ensure maximum capability across Kubernetes versions and container runtimes, a Docker in Docker sidecar is deployed with each executor pod to avoid accessing the host container runtime directly.

Step-by-step Guide

Ensure you have the following tools installed:

• kubectl
• Helm if you're installing Sourcegraph with helm.

Deployment via Kustomize

Please refer to the Sourcegraph Kustomize docs for the latest instructions.

To include Executors dind, see configure Sourcegraph with Kustomize on how to specify the component.

Deployment via Helm

Please refer to the Sourcegraph Helm docs for the latest instructions.

To specifically deploy Executors,

1. Create an overrides file, override.yaml, with any other customizations you may require.
   1. See details on configurations.
2. Run the following command:

   helm upgrade --install --values ./override.yaml --version <your Sourcegraph Version> sg-executor sourcegraph/sourcegraph-executor-dind
   

3. Confirm executors are working by checking the Executors page under Site admin > Executors > Instances .

Note

Executors deployed in kubernetes do not use Firecracker, meaning they require privileged access to the docker daemon running in a sidecar alongside the executor pod.

If you have security concerns, consider deploying via terraform or installing the binary directly.