I’m able to build, test and run my dockerized app through a single buildkite agent. Right now, I’m working on setting up an app server (including installing ssl and nginx conf) which requires root (or sudo) level permissions. If I’m going to do it over buildkite, I maybe should create a second agent, authorize it with sudo and create another pipeline targeting this agent. Because I don’t want to increase the permissions of the existing agent, it’s doing its job well. Maybe I’m thinking against buildkite pipelining concepts? Would like to hear if there is a recommended approach for this kind of jobs that require higher auth.
Your reasoning is correct, to have another agent that has the sudo level permissions. You should be able to run sudo but the only drawback with the permissions the agent will be able to do anything all the time which is not good.