# Deploying Sourcegraph executors on Kubernetes (docker-in-docker)

<Callout type="note">This feature is in Beta stage.</Callout>

[Kubernetes manifests](https://github.com/sourcegraph/deploy-sourcegraph-k8s) are provided to deploy Sourcegraph Executors on a running Kubernetes cluster. If you are deploying Sourcegraph with helm, charts are available [here](https://github.com/sourcegraph/deploy-sourcegraph-helm).

## Deployment

Executors on kubernetes machines require privileged access to a container runtime daemon in order to operate correctly. In order to ensure maximum capability across Kubernetes versions and container runtimes, a [Docker in Docker](https://www.docker.com/blog/docker-can-now-run-within-docker/) sidecar is deployed with each executor pod to avoid accessing the host container runtime directly.

### Step-by-step Guide

Ensure you have the following tools installed:

-   [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
-   [Helm](https://helm.sh/) if you're installing Sourcegraph with `helm`.

#### Deployment via Kustomize

Please refer to the [Sourcegraph Kustomize docs](/self-hosted/deploy/kubernetes/kustomize) for the latest instructions.

To include Executors dind, see [configure Sourcegraph with Kustomize](/self-hosted/deploy/kubernetes/configure) on how to specify the component.

#### Deployment via Helm

Please refer to the [Sourcegraph Helm docs](/self-hosted/deploy/kubernetes#quickstart) for the latest instructions.

To specifically deploy Executors,

1. Create an overrides file, `override.yaml`, with any other customizations you may require.

    1. See [details on configurations](/self-hosted/deploy/kubernetes#configuration)
    2. See [here](/self-hosted/executors/executors-config) for a full list of executor environment variables

2. Run the following command:
    ```bash
    helm upgrade --install --values ./override.yaml --version <your Sourcegraph Version> sg-executor sourcegraph/sourcegraph-executor-dind
    ```
3. Confirm executors are working by checking the _Executors_ page under **Site admin > Executors > Instances** .

## Note

Executors deployed in kubernetes do not use [Firecracker](/admin/executors/#how-it-works), meaning they require [privileged access](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) to the docker daemon running in a sidecar alongside the executor pod.

If you have security concerns, consider deploying via [terraform](/self-hosted/executors/deploy-executors-terraform) or [installing the binary](/self-hosted/executors/deploy-executors-binary) directly.