[JENKINS-47827] Support passing a user/uid into containerTemplate

Type: New Feature
Resolution: Fixed
Priority: Major
Component/s: kubernetes-plugin
Labels:
None
Environment:
kubernetes 1.7.3
kubernetes-plugin 1.1
jenkins 2.83

Similar Issues:
Powered by SuggestiMate

Show
Released As:
Fixed

Currently, the kubernetes plugin can't run jobs in containers that have unpriveleged users baked into their image metadata.

Supporting jobs running as unpriveleged users is a more difficult task. Maybe a minimal solution to this is to allow the user to override the user. Kubernetes supports this, so it should be reasonably straight forward to add a "user" field to the containerTemplate() call.

When a job is run as an unpriveleged user, we see the following error:

// running a job as any user other than root
sh: 1: cannot create /home/jenkins/workspace/CS-Core-Speedy@tmp/durable-b7e7d045/pid: Permission denied
sh: 1: cannot create /home/jenkins/workspace/CS-Core-Speedy@tmp/durable-b7e7d045/jenkins-log.txt: Permission denied
sh: 1: cannot create /home/jenkins/workspace/CS-Core-Speedy@tmp/durable-b7e7d045/jenkins-result.txt: Permission denied

causes

JENKINS-59937 Container and Pod template runAsGroup and runAsUser default to root on config roundtrip

Resolved

is duplicated by

JENKINS-47389 sh step within container step does not work when user is non-root

Resolved

is related to

JENKINS-41418 Permission denied while accessing workspace

Closed

Valentin Delaye added a comment - 2019-02-09 12:58

Why not supporting passing the runAsUser throught the containerTemplate ? It would be very useful for many and easier to maintain instead of YAML files..

Valentin Delaye added a comment - 2019-02-09 12:58 Why not supporting passing the runAsUser throught the containerTemplate ? It would be very useful for many and easier to maintain instead of YAML files..

Carlos Sanchez added a comment - 2019-02-11 10:08

Feel free to open a PR

Carlos Sanchez added a comment - 2019-02-11 10:08 Feel free to open a PR

Ivan Martinez added a comment - 2019-03-28 17:10

I agree with other users it would be quite helpful to add support through containerTemplate.

Ivan Martinez added a comment - 2019-03-28 17:10 I agree with other users it would be quite helpful to add support through containerTemplate.

ASHOK MOHANTY added a comment - 2019-07-10 10:44

Thanks, any update when can we expect the fix !!

ASHOK MOHANTY added a comment - 2019-07-10 10:44 Thanks, any update when can we expect the fix !!

Valentin Delaye added a comment - 2019-07-12 10:11

Ohhh so cool to see it's in progress

Valentin Delaye added a comment - 2019-07-12 10:11 Ohhh so cool to see it's in progress

elhay efrat added a comment - 2019-08-25 13:55

Guys can you please approve [JENKINS-47827 ] adding support Support passing a user/uid into containerTemplate

elhay efrat added a comment - 2019-08-25 13:55 Guys can you please approve [JENKINS-47827 ] adding support Support passing a user/uid into containerTemplate

elhay efrat added a comment - 2019-08-27 10:11

Waiting for code review and merge no conflicts and test covered and pass

elhay efrat added a comment - 2019-08-27 10:11 Waiting for code review and merge no conflicts and test covered and pass

elhay efrat added a comment - 2019-08-28 06:01

Guys, should I close it and close the PR? I see that there is a lot of people that resist this change adding this functionality, I have added it locally in our Jenkins because I have no time for endless conversions

elhay efrat added a comment - 2019-08-28 06:01 Guys, should I close it and close the PR? I see that there is a lot of people that resist this change adding this functionality, I have added it locally in our Jenkins because I have no time for endless conversions

Valentin Delaye added a comment - 2019-08-28 06:54

Oh no, what a shame really... Waiting for this feature since long time.

Valentin Delaye added a comment - 2019-08-28 06:54 Oh no, what a shame really... Waiting for this feature since long time.

elhay efrat added a comment - 2019-08-28 11:34

jonesbusy i finished adding it , only test not finished yet , but as i understand i got blocked

elhay efrat added a comment - 2019-08-28 11:34 jonesbusy i finished adding it , only test not finished yet , but as i understand i got blocked

Assignee:: elhay efrat

Reporter:: Morgan Jones

Votes:: 5 Vote for this issue

Watchers:: 16 Start watching this issue

Created:: 2017-11-04 18:05

Updated:: 2021-01-07 21:06

Resolved:: 2019-08-27 10:11

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Valentin Delaye added a comment - 2019-02-09 12:58

Expand comment: Valentin Delaye added a comment - 2019-02-09 12:58

Collapse comment: Carlos Sanchez added a comment - 2019-02-11 10:08

Expand comment: Carlos Sanchez added a comment - 2019-02-11 10:08

Collapse comment: Ivan Martinez added a comment - 2019-03-28 17:10

Expand comment: Ivan Martinez added a comment - 2019-03-28 17:10

Collapse comment: ASHOK MOHANTY added a comment - 2019-07-10 10:44

Expand comment: ASHOK MOHANTY added a comment - 2019-07-10 10:44

Collapse comment: Valentin Delaye added a comment - 2019-07-12 10:11

Expand comment: Valentin Delaye added a comment - 2019-07-12 10:11

Collapse comment: elhay efrat added a comment - 2019-08-25 13:55

Expand comment: elhay efrat added a comment - 2019-08-25 13:55

Collapse comment: elhay efrat added a comment - 2019-08-27 10:11

Expand comment: elhay efrat added a comment - 2019-08-27 10:11

Collapse comment: elhay efrat added a comment - 2019-08-28 06:01

Expand comment: elhay efrat added a comment - 2019-08-28 06:01

Collapse comment: Valentin Delaye added a comment - 2019-08-28 06:54

Expand comment: Valentin Delaye added a comment - 2019-08-28 06:54

Collapse comment: elhay efrat added a comment - 2019-08-28 11:34

Expand comment: elhay efrat added a comment - 2019-08-28 11:34

People

Dates