Ability to run builds on k8s cloud containers as non root user

odavid / my-bloody-jenkins

Self Configured Jenkins Docker image based on Jenkins-LTS

MIT License

251 stars 71 forks source link

Ability to run builds on k8s cloud containers as non root user #173

Closed gilShin closed 3 years ago

gilShin commented 3 years ago

We want to have the ability to run our builds on k8s cloud docker containers as user Jenkins. In the Jenkins cloud configuration there are these two parameters: https://ibb.co/kM4F2j6

I assume that these parameters are for changing the default user being used during the build. Am I wrong?

The images that we are using are a base of: ubuntu:xenial and on top of that we are installing our stuff.

Thanks

odavid commented 3 years ago

Hi @gilShin - Basically, in order to use the right UID/GID, you will need your agent docker image to support it. If you take a look at this image, you will find that it is using the UID/GID 1000 username: jenkins The way it is able to use the jenkins user instead of root, is by having the jenkins user be part of the docker group...

In order to achieve that, the image starts with root, but does exec gosu jenkins $@ - here

The image is able to build docker in 2 ways:

Mount /var/run/docker.sock and use the docker host on the node.
Use DinD (I prefer running it that way) In both ways, the jenkins user is the one who runs the build...

gilShin commented 3 years ago

Hi @odavid,

I understand that and our image does have user jenkins as 1000:1000 uid:gid

What I still do not understand is how can I force the build to run as user jenkins without the runAsUser and runAsGroup parameters? I want to supply them the value of 1000 but you currently do not have it in the code.

odavid commented 3 years ago

@gilShin - I believe this is what u needed...

gilShin commented 3 years ago

Indeed.

Thanks!