Closed kwohlfahrt closed 1 month ago
Hello! Thank you for filing an issue.
The maintainers will triage your issue shortly.
In the meantime, please take a look at the troubleshooting guide for bug reports.
If this is a feature request, please review our contribution guidelines.
Hey @kwohlfahrt,
This issue is not related to ARC. ARC is responsible for spinning up the runner and making sure it scales with the demand. Now, if you feel like this is a runner issue (because file permissions should be set to rw on the group as well), please submit it to the runner repository. As for the UID problem that fails after you are able to build an image, I don't have a good answer for you, unfortunately :disappointed:. Please raise this issue to the runner repository.
Checks
Controller Version
0.9.0
Deployment Method
Helm
Checks
To Reproduce
Describe the bug
The worker fails, with this error:
EACCES: permission denied, open '/__w/_temp/_runner_file_commands/set_env_8e7dea0f-bec9-4fd6-9b11-824b0bb16a6c'
When running
id
in the workflow pod, the container user is correctly added to the group1001
. The issue seems to be that the runner pod creates the files, but they are not writable by the runner group, only the runner user (note the mode is-rw-r--r--
, not-rw-rw-r--
:Describe the expected behavior
I expect the container to be able to run, as long as it has the correct
fsGroup
applied. If I set insteadsecurityContext.runAsUser: 1001
, it gets further, but later fails because our functionality expects the UID to match what the image was built with.Additional Context
Runner
values.yaml
:templates
ConfigMap:This the same error message as #3505, except the container
fsGroup
is set using the hook.Controller Logs
https://gist.github.com/kwohlfahrt/1d45d62aa963e4a4eec2ca6b04c2cc19
Runner Pod Logs
https://gist.github.com/kwohlfahrt/1d45d62aa963e4a4eec2ca6b04c2cc19 (note the runner logs are from a different run, I didn't manage to capture both at the same time).