Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42851

secretVolume not created read only

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • kubernetes-plugin
    • None

      use case:

      pipeline
      podTemplate(label: 'jenkpod', containers: [
    containerTemplate(name: 'golang', image: 'golang:1.8', ttyEnabled: true, command: 'cat')
], volumes: [
    secretVolume(secretName: 'jenkins-key-secret', mountPath: '/root/.ssh')
]) {
    node ('jenkpod') { container('golang') {
        stage('Pre-Build') {
            sh 'ls -al /root/.ssh'
            sh 'ssh -vT -i /root/.ssh/ssh-publickey -o "StrictHostKeyChecking=no" git@github.com'
        }
    } }
}
      snippet of generated yaml
      - apiVersion: v1
  kind: Pod
  metadata:
  spec:
    containers:
    - command:
      - cat
      env:
      - name: JENKINS_LOCATION_URL
        value: http://
      - name: HOME
        value: /home/jenkins
      image: golang:1.8
      name: golang
      tty: true
      volumeMounts:
      - mountPath: /root/.ssh
        name: volume-0
      - mountPath: /home/jenkins
        name: workspace-volume
      - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
        name: default-token
        readOnly: true
      workingDir: /home/jenkins
    volumes:
    - name: volume-0
      secret:
        defaultMode: 420
        secretName: jenkins-key-secret
    - emptyDir: {}
      name: workspace-volume
    - name: default-token
      secret:
        defaultMode: 420
        secretName: default-token

      NOTE: at the moment, I think becuase of this bug, the keys are also too open, and so I need to run this before using the key:
      sh 'find /root/.ssh -type f -exec chmod 400 {} \;'

            csanchez Carlos Sanchez
            jknurek J Knurek
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: