Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47827

Support passing a user/uid into containerTemplate

XMLWordPrintable

    • Icon: New Feature New Feature
    • Resolution: Fixed
    • Icon: Major Major
    • kubernetes-plugin
    • None
    • kubernetes 1.7.3
      kubernetes-plugin 1.1
      jenkins 2.83
    • Fixed

      Currently, the kubernetes plugin can't run jobs in containers that have unpriveleged users baked into their image metadata. 

      Supporting jobs running as unpriveleged users is a more difficult task. Maybe a minimal solution to this is to allow the user to override the user. Kubernetes supports this, so it should be reasonably straight forward to add a "user" field to the containerTemplate() call.

       

      When a job is run as an unpriveleged user, we see the following error:

       

      // running a job as any user other than root
sh: 1: cannot create /home/jenkins/workspace/CS-Core-Speedy@tmp/durable-b7e7d045/pid: Permission denied
sh: 1: cannot create /home/jenkins/workspace/CS-Core-Speedy@tmp/durable-b7e7d045/jenkins-log.txt: Permission denied
sh: 1: cannot create /home/jenkins/workspace/CS-Core-Speedy@tmp/durable-b7e7d045/jenkins-result.txt: Permission denied

       

          [JENKINS-47827] Support passing a user/uid into containerTemplate

          Morgan Jones created issue -
          Morgan Jones made changes -
          Summary Original: Support containers that run as unpriveleged users New: Support passing the container user into containerTemplate
          Morgan Jones made changes -
          Summary Original: Support passing the container user into containerTemplate New: Support passing a user/uid into containerTemplate
          Ivan Fernandez Calvo made changes -
          Link New: This issue is related to JENKINS-41418 [ JENKINS-41418 ]
          Carlos Sanchez made changes -
          Resolution New: Not A Defect [ 7 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          Dee Kryvenko made changes -
          Resolution Original: Not A Defect [ 7 ]
          Status Original: Resolved [ 5 ] New: Reopened [ 4 ]
          Carlos Sanchez made changes -
          Resolution New: Won't Do [ 10001 ]
          Status Original: Reopened [ 4 ] New: Fixed but Unreleased [ 10203 ]
          Carlos Sanchez made changes -
          Status Original: Fixed but Unreleased [ 10203 ] New: Resolved [ 5 ]
          Cochise Ruhulessin made changes -
          Comment [ The suggested solution does not work for Pod templates that are created through Groovy init scripts. ]
          Cochise Ruhulessin made changes -
          Resolution Original: Won't Do [ 10001 ]
          Status Original: Resolved [ 5 ] New: In Review [ 10005 ]
          Cochise Ruhulessin made changes -
          Status Original: In Review [ 10005 ] New: In Progress [ 3 ]

            elhay elhay efrat
            mogthesprog Morgan Jones
            Votes:
            5 Vote for this issue
            Watchers:
            16 Start watching this issue

              Created:
              Updated:
              Resolved: