I've been playing about with this and it seems to work quite well. Startup latency is quite high, and it's one pod-per-job (I think), but seems pretty flexible.
I've been eyeing this for a while. My biggest hangup is that CI/CD is a major attack (e.g. supply chain) vector. If you use CI/CD for deploys, then a lot of highly privileged creds are in play.
I'd really prefer if GH made and managed the K8s operator (e.g. the most popular infra provisioning tool) themselves.
I'd really prefer if GH made and managed the K8s operator (e.g. the most popular infra provisioning tool) themselves.