-
New Feature
-
Resolution: Fixed
-
Major
-
None
-
kubernetes 1.7.3
kubernetes-plugin 1.1
jenkins 2.83
-
-
Fixed
Currently, the kubernetes plugin can't run jobs in containers that have unpriveleged users baked into their image metadata.
Supporting jobs running as unpriveleged users is a more difficult task. Maybe a minimal solution to this is to allow the user to override the user. Kubernetes supports this, so it should be reasonably straight forward to add a "user" field to the containerTemplate() call.
When a job is run as an unpriveleged user, we see the following error:
// running a job as any user other than root
sh: 1: cannot create /home/jenkins/workspace/CS-Core-Speedy@tmp/durable-b7e7d045/pid: Permission denied
sh: 1: cannot create /home/jenkins/workspace/CS-Core-Speedy@tmp/durable-b7e7d045/jenkins-log.txt: Permission denied
sh: 1: cannot create /home/jenkins/workspace/CS-Core-Speedy@tmp/durable-b7e7d045/jenkins-result.txt: Permission denied
- causes
-
JENKINS-59937 Container and Pod template runAsGroup and runAsUser default to root on config roundtrip
-
- Resolved
-
- is duplicated by
-
-
- Resolved
-
- is related to
-
-
- Closed
-
