> [Pipeline] container What is your container definition? I really doubt it is the same image as what you're running through docker CLI.
Vincent Le jeu. 10 sept. 2020 à 19:59, iris Jasper Orschulko < [email protected]> a écrit : > I am trying to run a Pipeline in a Kubernetes agent, which needs to > execute commands as non-root user. So I tried setting the securityContext > of the Pod to 1000 (the default jenkins user) as described here: > https://plugins.jenkins.io/kubernetes/. However, the user does not exist > in the container within Kubernetes: > > [Pipeline] { > [Pipeline] stage > [Pipeline] { (Yocto Build) > [Pipeline] container > [Pipeline] { > [Pipeline] script > [Pipeline] { > [Pipeline] sh > > + set -ex > + cat /etc/passwd > root:x:0:0:root:/root:/bin/bash > daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin > bin:x:2:2:bin:/bin:/usr/sbin/nologin > sys:x:3:3:sys:/dev:/usr/sbin/nologin > sync:x:4:65534:sync:/bin:/bin/sync > games:x:5:60:games:/usr/games:/usr/sbin/nologin > man:x:6:12:man:/var/cache/man:/usr/sbin/nologin > lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin > mail:x:8:8:mail:/var/mail:/usr/sbin/nologin > news:x:9:9:news:/var/spool/news:/usr/sbin/nologin > uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin > proxy:x:13:13:proxy:/bin:/usr/sbin/nologin > www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin > backup:x:34:34:backup:/var/backups:/usr/sbin/nologin > list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin > irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin > gnats:x:41:41:Gnats Bug-Reporting System > (admin):/var/lib/gnats:/usr/sbin/nologin > nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin > _apt:x:100:65534::/nonexistent:/usr/sbin/nologin > > However, when running the same image (jenkins/inbound-agent:4.3-4) in > docker directly, there is a jenkins user: > > sudo docker run -it --rm jenkins/inbound-agent:4.3-4 bash > jenkins@255a3961e41e:~$ cat /etc/passwd > root:x:0:0:root:/root:/bin/bash > daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin > bin:x:2:2:bin:/bin:/usr/sbin/nologin > sys:x:3:3:sys:/dev:/usr/sbin/nologin > sync:x:4:65534:sync:/bin:/bin/sync > games:x:5:60:games:/usr/games:/usr/sbin/nologin > man:x:6:12:man:/var/cache/man:/usr/sbin/nologin > lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin > mail:x:8:8:mail:/var/mail:/usr/sbin/nologin > news:x:9:9:news:/var/spool/news:/usr/sbin/nologin > uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin > proxy:x:13:13:proxy:/bin:/usr/sbin/nologin > www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin > backup:x:34:34:backup:/var/backups:/usr/sbin/nologin > list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin > irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin > gnats:x:41:41:Gnats Bug-Reporting System > (admin):/var/lib/gnats:/usr/sbin/nologin > nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin > _apt:x:100:65534::/nonexistent:/usr/sbin/nologin > jenkins:x:1000:1000:Jenkins user:/home/jenkins:/bin/sh > > Any ideas why this might be the case? Is this intentional? If so, what > would be the right way to run the container as non-root? > > Best regards > > Mit freundlichen Grüßen > > Jasper Orschulko > Build- und Configurationsmanager > > Tel. +49 30 58 58 14 265 > Fax +49 30 58 58 14 999 > [email protected] > > • • • • • • • • • • • • • • • • • • • • • • • • • • > > iris-GmbH > infrared & intelligent sensors > Ostendstraße 1-14 | 12459 Berlin > > Geschäftsführer > M.-O. Brammann | R. Bönick | A. Thun > Amtsgericht Berlin-Charlottenburg > HRB 41 448 | USt-ID-Nr. DE 137228225 > > www.irisgmbh.de > > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/38B822B13B092D4C832A97382607EFDF07CF24E0%40ERDE.irisgmbh.local > . > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAH-zGCiznE%2Bu38q4NJ0Bj2k9PSgZ7iQvLJRemTO5c%2BbypGWYAw%40mail.gmail.com.
