[JIRA] (JENKINS-47827) Support passing a user/uid into containerTemplate

[jenkins-ci@carlossanchez.eu (JIRA)]

Carlos Sanchez commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate isn't this possible now with the yaml syntax? Add Comment

This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)

[ifernandezcalvo@cloudbees.com (JIRA)]

Ivan Fernandez Calvo commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate

The issue is because the JNLP agent container uses UID 10000 and the jenkins uses the UID 1000 and both try to use the same user on the same folders with different UID def label = "mypod-${UUID.randomUUID().toString()}" def name = 'jenkins' timestamps { podTemplate( label: label, containers: [ containerTemplate(name: name, image: "jenkins/jenkins", ttyEnabled: true) ]){ node(label) { stage('Run on k8s'){ sh 'id' container('jnlp') { sh 'id' } container(name) { sh 'id' } } } } }

Add Comment

[ifernandezcalvo@cloudbees.com (JIRA)]

Ivan Fernandez Calvo edited a comment on JENKINS-47827

Re: Support passing a user/uid into containerTemplate

The issue is because the JNLP agent container uses UID 10000 and , in this example, the jenkins  container uses the UID 1000 and both try to use the same user on the same folders with different UID {code:java}

def label = "mypod-${UUID.randomUUID().toString()}" def name = 'jenkins' timestamps {   podTemplate(     label: label,     containers: [       containerTemplate(name: name, image: "jenkins/jenkins", ttyEnabled: true)     ]){       node(label) {         stage('Run on k8s'){           sh 'id'           container('jnlp') {             sh 'id'           }           container(name) {             sh 'id'           }         }       }     }

}{code}

Add Comment

[jenkins-ci@carlossanchez.eu (JIRA)]

Carlos Sanchez commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate

you can configure the user id using the yaml syntax https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container apiVersion: v1 kind: Pod metadata: name: security-context-demo-2 spec: securityContext: runAsUser: 1000 containers: - name: sec-ctx-demo-2 image: gcr.io/google-samples/node-hello:1.0 securityContext: runAsUser: 2000 allowPrivilegeEscalation: false

Add Comment

[jenkins-ci@carlossanchez.eu (JIRA)]

Carlos Sanchez resolved as Not A Defect

Jenkins / JENKINS-47827

Support passing a user/uid into containerTemplate

Change By: Carlos Sanchez Status: Open Resolved Resolution: Not A Defect

Add Comment

[ifernandezcalvo@cloudbees.com (JIRA)]

Ivan Fernandez Calvo commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate   The only solution it is to force the UID to 1000 and there is not conflict to access to the share filesystem

def label = "mypod-${UUID.randomUUID().toString()}"

def workspace = "/tmp/jenkins-${UUID.randomUUID().toString()}" def name = 'jenkins' def yaml = """ apiVersion: v1 kind: Pod metadata: generateName: jnlp- labels: name: jnlp label: jnlp spec: containers: - name: jnlp image: jenkins/jnlp-slave tty: true securityContext: runAsUser: 1000 allowPrivilegeEscalation: false - name: jenkins image: jenkins/jenkins tty: true securityContext: runAsUser: 1000 allowPrivilegeEscalation: false """ timestamps { podTemplate(label: label, yaml: yaml){ node(label) { sh 'id' stage('Run on k8s'){ container('jnlp') { sh 'id' } container(name) { sh 'id' } } } } }   Add Comment

[llibicpep@gmail.com (JIRA)]

Dmytro Kryvenko reopened an issue

Why is this resolved? Maybe not a bug but definitely sounds like a feature request. Jenkins official slave docker image use jenkins user with uid 10000, where most of the alpine based images on the market use root with uid 1000, which means anything created in Jenkinsfile by directives such as `writeFile` becomes unusable by other containers in the pod. Sounds pretty serious to me. It's good to have an ability to fall back to the yml and have a workaround there, but more fundamental and transparent to the users solution is a must.

Jenkins / JENKINS-47827

Support passing a user/uid into containerTemplate

Change By: Dmytro Kryvenko Resolution: Not A Defect Status: Resolved Reopened

Add Comment

This message was sent by Atlassian JIRA (v7.10.1#710002-sha1:6efc396)

[jenkins-ci@carlossanchez.eu (JIRA)]

Carlos Sanchez updated JENKINS-47827

Support passing a user/uid into containerTemplate => it is supported using yaml syntax, will not add new features to containerTemplate

Jenkins / JENKINS-47827 Support passing a user/uid into containerTemplate

Change By: Carlos Sanchez Status: Reopened Fixed but Unreleased Resolution: Won't Do

Add Comment

[jenkins-ci@carlossanchez.eu (JIRA)]

Carlos Sanchez updated JENKINS-47827

Jenkins / JENKINS-47827 Support passing a user/uid into containerTemplate

Change By: Carlos Sanchez Status: Fixed but Unreleased Resolved

Add Comment

[jonesbusy@gmail.com (JIRA)]

Valentin Delaye commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate Why not supporting passing the runAsUser throught the containerTemplate ? It would be very useful for many and easier to maintain instead of YAML files..

Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[jenkins-ci@carlossanchez.eu (JIRA)]

Carlos Sanchez commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate

Feel free to open a PR

Add Comment

[ivan.martinez.rodriguez@ericsson.com (JIRA)]

Ivan Martinez commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate

I agree with other users it would be quite helpful to add support through containerTemplate.

Add Comment

[cochise.ruhulessin@wizardsofindustry.com (JIRA)]

Cochise Ruhulessin commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate

The suggested solution does not work for Pod templates that are created through Groovy init scripts.

Add Comment

[cochise.ruhulessin@wizardsofindustry.com (JIRA)]

Cochise Ruhulessin updated an issue

Jenkins / JENKINS-47827

Support passing a user/uid into containerTemplate

Change By: Cochise Ruhulessin Comment:

The suggested solution does not work for Pod templates that are created through Groovy init scripts.

Add Comment

[cochise.ruhulessin@wizardsofindustry.com (JIRA)]

Cochise Ruhulessin updated JENKINS-47827

Jenkins / JENKINS-47827 Support passing a user/uid into containerTemplate

Change By: Cochise Ruhulessin Resolution: Won't Do Status: Resolved In Review

Add Comment

[cochise.ruhulessin@wizardsofindustry.com (JIRA)]

Cochise Ruhulessin updated JENKINS-47827

Jenkins / JENKINS-47827 Support passing a user/uid into containerTemplate

Change By: Cochise Ruhulessin Status: In Review Progress

Add Comment

[ashok.mohanty@oracle.com (JIRA)]

ASHOK MOHANTY commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate Thanks, any update when can we expect the fix !!

Add Comment

[jonesbusy@gmail.com (JIRA)]

Valentin Delaye commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate

Ohhh so cool to see it's in progress

Add Comment

[elhayefrat@gmail.com (JIRA)]

elhay efrat commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate

Guys can you please approve [JENKINS-47827 ] adding support Support passing a user/uid into containerTemplate

Add Comment

[jenkins-ci@carlossanchez.eu (JIRA)]

Carlos Sanchez assigned an issue to Unassigned

Jenkins / JENKINS-47827

Support passing a user/uid into containerTemplate

Change By: Carlos Sanchez Assignee: Carlos Sanchez

Add Comment

[jglick@cloudbees.com (JIRA)]

Jesse Glick assigned an issue to elhay efrat

Jenkins / JENKINS-47827 Support passing a user/uid into containerTemplate

Change By: Jesse Glick Assignee: elhay efrat

Add Comment

[jglick@cloudbees.com (JIRA)]

Jesse Glick updated JENKINS-47827

Jenkins / JENKINS-47827 Support passing a user/uid into containerTemplate

Change By: Jesse Glick Status: In Progress Review

Add Comment

[elhayefrat@gmail.com (JIRA)]

elhay efrat updated JENKINS-47827

Waiting for code review and merge no conflicts and test covered and pass

Jenkins / JENKINS-47827 Support passing a user/uid into containerTemplate

Change By: elhay efrat Status: In Review Resolved Resolution: Fixed Released As: Fixed

Add Comment

[elhayefrat@gmail.com (JIRA)]

elhay efrat commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate Guys, should I close it and close the PR? I see that there is a lot of people that resist this change adding this functionality, I have added it locally in our Jenkins because I have no time for endless conversions

Add Comment

[jonesbusy@gmail.com (JIRA)]

Valentin Delaye commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate

Oh no, what a shame really... Waiting for this feature since long time.

Add Comment

[elhayefrat@gmail.com (JIRA)]

elhay efrat commented on JENKINS-47827

Re: Support passing a user/uid into containerTemplate

Valentin Delaye i finished adding it , only test not finished yet , but as i understand i got blocked

Add Comment