Add docker rootless feature flag for using this plugin in docker rootless environment
kimsehwan96 opened this issue · 0 comments
Is there an existing issue for this?
- I have searched existing issues, it hasn't been reported yet
Use case description
In my usecase. I run jenkins in my K8s cluster (EKS).
And our pipeline should run in the jenkins with k8s environment, but EKS can't use Docker out of Docker
usecase.
So I decided to use docker in docker in EKS cluster and it should be run docker without root privilege.
serverless-python-requirements/lib/pip.js
Lines 330 to 340 in 1b0faae
above lib/pip.js change files permission with current process's gid/uid
pipCmds.push([
'chown',
'-R',
`${process.getuid()}:${process.getgid()}`,
'/var/task',
]);
} else {
// Use same user so --cache-dir works
dockerCmd.push('-u', await getDockerUid(bindPath, pluginInstance));
}
In docker rootless environment it occurs unexpected gid/uid file ownership.
If this plugin was run in Docker with root privilege environment. Then above line do chown
with current docker container process's gid/uid and its okay.
But in docker rootless environment, Docker engine(daemon) is running without root privilege (example uid/gid 1000:1000
/ 1001:1001
) and doing ${process.getuid()}:${process.getgid()}
line change files ownership with strange gid/uid like 101000:101000
So it occurs side effects for any other CI/CD pipeline and its host machine file management because of wrong gid/uid.
Proposed solution (optional)
Add docker rootless feature flag and if it set then do not change file/directory ownership.