securityContext UID conflict between deployment and images

gitlab-runner:ubuntu image has a user named gitlab-runner user with uid 999

gitlab-runner:ubuntu image has a user named _apt user with uid 100

gitlab-runner:alpine image has a gitlab-runner user with uid 100

sudo docker run -it --entrypoint "/bin/bash" gitlab/gitlab-runner:ubuntu

root@433d5c100dfb:/# cat /etc/passwd
...
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
gitlab-runner:x:999:999:GitLab Runner:/home/gitlab-runner:/bin/bash

https://gitlab.com/gitlab-org/charts/gitlab-runner/blob/master/templates/deployment.yaml#L28 specifies that that security context should be uid 100. However if you attempt to use Ubuntu as your runner.image you will get permission denied failures when making files and copying over configurations.

workaround: updating deployment.yaml to have the image use uid 999 instead of 100 results in successfully deploying a new runner. however it will then presumable break the alpine image.

I believe the easiest and consistent way forward is to change the deployment.yaml SecurityContext: runasUser to be 999 and have alpine image to have gitlab-runner user == 999.

The harder way would be to change uid based on the image dynamic or make it some sort of option in the template but I have no idea if that is possible or even desirable.

Porposal

Solve gitlab-org/gitlab-runner#4695 (closed) to update the alpine image to use the same UID as ubuntu
Update the deployment to have the same UID

Edited Sep 12, 2019 by Steve Xuereb