Loading...

This issue is archived. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Type: New Feature
Resolution: Fixed
Priority: Major
Component/s: kubernetes-plugin
Labels:
- issue-exported-to-github
Environment:
kubernetes 1.7.3
kubernetes-plugin 1.1
jenkins 2.83

Released As:
Fixed

Currently, the kubernetes plugin can't run jobs in containers that have unpriveleged users baked into their image metadata.

Supporting jobs running as unpriveleged users is a more difficult task. Maybe a minimal solution to this is to allow the user to override the user. Kubernetes supports this, so it should be reasonably straight forward to add a "user" field to the containerTemplate() call.

When a job is run as an unpriveleged user, we see the following error:

// running a job as any user other than root
sh: 1: cannot create /home/jenkins/workspace/CS-Core-Speedy@tmp/durable-b7e7d045/pid: Permission denied
sh: 1: cannot create /home/jenkins/workspace/CS-Core-Speedy@tmp/durable-b7e7d045/jenkins-log.txt: Permission denied
sh: 1: cannot create /home/jenkins/workspace/CS-Core-Speedy@tmp/durable-b7e7d045/jenkins-result.txt: Permission denied

causes

JENKINS-59937 Container and Pod template runAsGroup and runAsUser default to root on config roundtrip

Resolved

is duplicated by

JENKINS-47389 sh step within container step does not work when user is non-root

Resolved

is related to

JENKINS-41418 Permission denied while accessing workspace

Closed

Assignee:: elhay efrat
Reporter:: Morgan Jones

Created:: 2017-11-04 18:05
Updated:: 2025-12-02 22:16
Resolved:: 2019-08-27 10:11
Archived:: 2025-12-02 22:16

Details

Description

Attachments

Issue Links

Activity

People

Dates