Open nfalco79 opened 1 year ago
As suggested here the only solution is set in the raw yaml this portion of code
securityContext:
fsGroup: 1000
+1
ref https://issues.jenkins.io/plugins/servlet/mobile#issue/JENKINS-72211
or
Is this parameter related ? https://www.jenkins.io/doc/book/security/controller-isolation/jep-235/#api-compatibility
or
Is it related to this change? Do we need to upgrade helm binaries ?
in file charts/jenkins/templates/_helpers.tpl
Before : runAsUser: {{ .Values.agent.runAsUser }} runAsGroup: {{ .Values.agent.runAsGroup }}
After: {{- with .Values.agent.runAsUser }} runAsUser: {{ . }} {{- end }} {{- with .Values.agent.runAsGroup }} runAsGroup: {{ . }} {{- end }}
You could also add an init container to your yaml template as a workaround:
initContainers:
- name: workspace-permission-setter
image: busybox
command: ["sh", "-c", "chown -R 1000:1000 /home/jenkins/agent"]
securityContext:
runAsUser: 0
volumeMounts:
- name: workspace-volume
mountPath: /home/jenkins/agent
Describe the bug
Every time I'am attempting to mount in the jenkins agent a workspace dynamicPVC, persistentVolumeClaimWorkspaceVolume, ecc, ecc the JNLP sidecar container is not able to start with the following error:
The issue seems to be that every pvc mounter to the jenkins pod template has root permissions.
there is no way to instruct the pod template about the use of security specification for mounted volumes
Version of Helm and Kubernetes
Chart version
4.3.0