There was a suggestion to contact docker on the host via docker API and forgoing socket altogether. I've done that manually a few times, but I'm not sure how to setup against CoreOS on tectonic. Altogether it seems like the safest solution, but also the most involved.
-- Tim On Tue, Jan 9, 2018 at 2:28 AM, Chris Willmore <[email protected]> wrote: > Hi Tim, > > I have not run on Tectonic. However. I believe the issue is that the > podTemplate / plugin does not support "runAsUser" (afaik). Using > "runAsUser" would allow you to map the owner of the containerized build > process to the user on the underlying host with docker access. > Without "runAsUser" support, you probably could hack the jnlp-agent to run > with the same UID as needed. > > -Chris > > On Monday, January 8, 2018 at 8:37:19 PM UTC+2, Tim Zhukov wrote: >> >> Hi, >> >> Have anyone deployed a jenkins on CoreOs Tectonic? I'm experimenting with >> a docker build container and I can't figure out how to run it as jenkins >> user instead of root. I figured out that I need to give jenkins user access >> to host's docker group, but before I start sshing on the node and such, I >> was wondering if anyone has had experience with this. >> >> -- >> Best >> Tim Zhukov >> >> On Thu, Jan 4, 2018 at 1:22 PM, Vamsi krishna <[email protected]> >> wrote: >> >>> Hello all.... >>> >>> Local headers refused by remote: Authorization failure >>> Jan 04, 2018 6:13:25 PM hudson.remoting.jnlp.Main$CuiListener status >>> INFO: Protocol JNLP4-connect encountered an unexpected exception >>> >>> whats this error means... this is the logs error i am getting in my >>> pod.. can anyone have idea.. i am thinking remote jnlp-4 is not accepting >>> that container and the jnlp port issue i am guessing but not sure? any idea >>> On Wednesday, January 3, 2018 at 9:38:52 AM UTC-8, Carlos Sanchez wrote: >>>> >>>> I don't think it is possible, a volumes field would need to be added to >>>> KubernetesDeclarativeAgent >>>> https://github.com/jenkinsci/kubernetes-plugin/blob/master/s >>>> rc/main/java/org/csanchez/jenkins/plugins/kubernetes/pipelin >>>> e/KubernetesDeclarativeAgent.java >>>> >>>> On Wed, Jan 3, 2018 at 4:46 PM, Tim Zhukov <[email protected]> wrote: >>>> >>>>> Hey All, >>>>> >>>>> Is volume support still in development? I would like to use >>>>> declarative syntax with k8s plugin, but our agent containers share >>>>> persistence across pod with volume mounts. >>>>> >>>>> -- >>>>> Best >>>>> Tim Zhukov >>>>> >>>>> >>>>> On Friday, September 22, 2017 at 12:11:28 PM UTC-4, Vincent Heet wrote: >>>>>> >>>>>> Hi Chris, >>>>>> >>>>>> No I didn't. I ended up rewriting my Jenkinsfile in the >>>>>> non-declarative Groovy format which worked like a charm. >>>>>> >>>>>> Greetings, Vincent >>>>>> >>>>>> On Friday, September 22, 2017 at 11:29:40 AM UTC+2, Chris Willmore >>>>>> wrote: >>>>>>> >>>>>>> Hey Vincent - did you ever give this a try? I'm looking at doing >>>>>>> this now and was wondering if you ran into any blockers. >>>>>>> -Chris >>>>>>> >>>>>>> On Thursday, August 10, 2017 at 1:03:46 PM UTC+3, Vincent Heet wrote: >>>>>>>> >>>>>>>> Ok so maybe i'm able to add this myself next week. I looked at the >>>>>>>> class you mentioned but would adding the PodTemplate class as a >>>>>>>> property >>>>>>>> there fix my issue? And I'm not sure why you mention volumes, volumes >>>>>>>> would >>>>>>>> then be supported from the PodTemplate if I understand this correctly? >>>>>>>> >>>>>>>> >>>>>>>> On Thursday, August 10, 2017 at 10:27:14 AM UTC+2, Carlos Sanchez >>>>>>>> wrote: >>>>>>>>> >>>>>>>>> It is not yet possible. Volumes would need to be added to the >>>>>>>>> class https://github.com/jenkinsci/kubernetes-plugin/blob/ >>>>>>>>> master/src/main/java/org/csanchez/jenkins/plugins/kubernetes >>>>>>>>> /pipeline/KubernetesDeclarativeAgent.java >>>>>>>>> >>>>>>>>> On Thu, Aug 10, 2017 at 9:22 AM, Vincent Heet <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> I configured a declarative pipeline with the kubernetes-plugin to >>>>>>>>>> start a jenkins job's in a k8s cluster. This is working great but >>>>>>>>>> now I >>>>>>>>>> want to use volumes for secrets and need to specify a podTemplate. >>>>>>>>>> I'm not >>>>>>>>>> sure how to configure a podTemplate for a declarative pipeline. The >>>>>>>>>> pipeline that is working: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> pipeline { >>>>>>>>>> agent { >>>>>>>>>> kubernetes { >>>>>>>>>> label 'jenkins-demo' >>>>>>>>>> containerTemplate { >>>>>>>>>> name 'dind-jdk8-maven3' >>>>>>>>>> image 'eu.gcr.io/jenkins-demo/dind-jdk8-maven3:v4 >>>>>>>>>> ' >>>>>>>>>> ttyEnabled true >>>>>>>>>> command 'cat' >>>>>>>>>> } >>>>>>>>>> } >>>>>>>>>> } >>>>>>>>>> stages { >>>>>>>>>> } >>>>>>>>>> } >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> The above I would like to extend with a podTemplate containing >>>>>>>>>> volumes and a secretVolume. The issue is that I don't know the >>>>>>>>>> correct >>>>>>>>>> syntax for specifying a podTemplate in the declarative pipeline. So >>>>>>>>>> I came >>>>>>>>>> up with this: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> pipeline { >>>>>>>>>> agent { >>>>>>>>>> kubernetes { >>>>>>>>>> label 'jenkins-demo' >>>>>>>>>> podTemplate { >>>>>>>>>> volumes { >>>>>>>>>> secretVolume(secretName: 'some-secret', >>>>>>>>>> mountPath: '/some-secret') >>>>>>>>>> } >>>>>>>>>> containerTemplate { >>>>>>>>>> name 'dind-jdk8-maven3' >>>>>>>>>> image 'eu.gcr.io/jenkins-demo/dind-j >>>>>>>>>> dk8-maven3:v4' >>>>>>>>>> ttyEnabled true >>>>>>>>>> command 'cat' >>>>>>>>>> } >>>>>>>>>> } >>>>>>>>>> } >>>>>>>>>> } >>>>>>>>>> stages { >>>>>>>>>> } >>>>>>>>>> } >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Ofcourse this doesn't work an throws an error. Can anyone help me >>>>>>>>>> out with specifying a podTemplate so I can use k8s secrets? >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Vincent >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "Jenkins Users" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to [email protected]. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/d/msgid/jenkinsci-users/a69efdfc- >>>>>>>>>> 7c1c-4e4f-a909-0b43ad95868b%40googlegroups.com >>>>>>>>>> <https://groups.google.com/d/msgid/jenkinsci-users/a69efdfc-7c1c-4e4f-a909-0b43ad95868b%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>>> . >>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Jenkins Users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/jenkinsci-users/2be2f487- >>>>> e5db-4770-a2e1-e2ed402e1f1b%40googlegroups.com >>>>> <https://groups.google.com/d/msgid/jenkinsci-users/2be2f487-e5db-4770-a2e1-e2ed402e1f1b%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Jenkins Users" group. >>> To unsubscribe from this topic, visit https://groups.google.com/d/to >>> pic/jenkinsci-users/DEwTX-C5ct4/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ms >>> gid/jenkinsci-users/f6324704-c29a-4d1c-8bd7-6a07a7b38b38% >>> 40googlegroups.com >>> <https://groups.google.com/d/msgid/jenkinsci-users/f6324704-c29a-4d1c-8bd7-6a07a7b38b38%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to a topic in the > Google Groups "Jenkins Users" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/jenkinsci-users/DEwTX-C5ct4/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/jenkinsci-users/f825b7dc-ed98-4b99-b60a-0e6db7f74c71%40googlegroups. > com > <https://groups.google.com/d/msgid/jenkinsci-users/f825b7dc-ed98-4b99-b60a-0e6db7f74c71%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CADyTFQr5rz-ZwPfifXw_unP8yJYGactekOecZ72e3X3nprXWAA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
