Details
-
Bug
-
Status: Reopened (View Workflow)
-
Major
-
Resolution: Unresolved
-
Jenkins 2.361.1
Kubernetes 3718.ve44878b_12184
Description
on the same Kubernetes cloud I've multiple Pod Templates
- some have privileged = true
- some have privileged = false
I run the required template using its label
if I select the template having privileged = false, it runs with privileged = true
the only workaround was to set for ALL Pod Templates privileged = false
example:
I run this to get the cloud templates having one container with privileged=false:
result = true
if (Jenkins.instance.clouds) {
Jenkins.instance.clouds.each { cloud ->
cloud.templates.each { templ ->
if (templ.containers.find {it.privileged == false}) {
println "name: ${templ.label}"
templ.containers.each { cont ->
println "name: ${templ.label} - ${cont.image} - ${cont.privileged}"
}}
{\{ }}}
{\{ }}}
{\{ }}}
}
return result
result:
name: de-mx-sonar-isolated
name: de-mx-sonar-isolated - .../data-eng-docker-local/de-jenkins-slave-dind:latest - true
name: de-mx-sonar-isolated - .../data-eng-docker-local/de-jnlp-mx-sonar:latest - false
Result: true
but when I run with the label 'de-mx-sonar-isolated' I get
apiVersion: "v1"
kind: "Pod"
metadata:
labels:
jenkins: "slave"
jenkins/label-digest: "b1144c48a76fa6681d5957195ca5e6d11e3223a7"
jenkins/label: "de-mx-sonar-isolated"
name: "jnlp-dind-sonar-mf0m1"
namespace: "de-ci"
spec:
containers:
- env:
- name: "DOCKER_HOST"
value: "tcp://localhost:2375" - name: "DOCKER_TLS_CERTDIR"
value: "" - name: "HOME"
value: "/homes/sys_av_data_int"
image: ".../data-eng-docker-local/de-jenkins-slave-dind:latest"
imagePullPolicy: "Always"
name: "jnlp-dind"
resources:
limits:
memory: "8Gi"
requests:
memory: "1.5Gi"
cpu: "1"
securityContext:
privileged: true
tty: true
volumeMounts: - mountPath: "/homes/sys_av_data_int"
name: "volume-0"
readOnly: false - mountPath: "/...:shared"
name: "volume-3"
readOnly: false - mountPath: "/etc/resolv.conf"
name: "volume-1"
readOnly: false - mountPath: "/homes/swlab"
name: "volume-2"
readOnly: false - mountPath: "/home/jenkins/agent"
name: "workspace-volume"
readOnly: false
workingDir: "/home/jenkins/agent" - env:
- name: "JENKINS_SECRET"
value: "********" - name: "JENKINS_AGENT_NAME"
value: "jnlp-dind-sonar-mf0m1" - name: "DOCKER_HOST"
value: "tcp://localhost:2375" - name: "JENKINS_NAME"
value: "jnlp-dind-sonar-mf0m1" - name: "JENKINS_AGENT_WORKDIR"
value: "/home/jenkins/agent" - name: "JENKINS_URL"
value: "http://10.155.17.249/" - name: "HOME"
value: "/homes/sys_av_data_int"
image: ".../data-eng-docker-local/de-jnlp-mx-sonar:latest"
imagePullPolicy: "Always"
name: "jnlp"
resources:
limits:
memory: "8Gi"
cpu: "2.5"
requests:
memory: "1.5Gi"
cpu: "2"
securityContext:
privileged: true
runAsGroup: 1000
runAsUser: 600002
tty: true
volumeMounts: - mountPath: "/homes/sys_av_data_int"
name: "volume-0"
readOnly: false - mountPath: "/...:shared"
name: "volume-3"
readOnly: false - mountPath: "/etc/resolv.conf"
name: "volume-1"
readOnly: false - mountPath: "/homes/swlab"
name: "volume-2"
readOnly: false - mountPath: "/home/jenkins/agent"
name: "workspace-volume"
readOnly: false
workingDir: "/home/jenkins/agent"
hostNetwork: false
nodeSelector:
kubernetes.io/os: "linux"
restartPolicy: "Never"
securityContext:
supplementalGroups: - 1053
- 1065
- 1298
- 16472
- 17545
- 1055
- 1186
- 1020
- 17536
- 1187
- 1066
- 1057
- 48008
- 1016
volumes: - hostPath:
path: "/homes/sys_av_data_int"
name: "volume-0" - hostPath:
path: "/.../sw"
name: "volume-2" - hostPath:
path: "/etc/resolv.conf"
name: "volume-1" - emptyDir:
medium: ""
name: "workspace-volume" - hostPath:
path: "/..."
name: "volume-3"
There is not enough information here in order to reproduce the problem.
Please an explicit step-by-step reproducer.