Remove runAs and fsGroup to be compatible with OpenShift (!437) · Merge requests · GitLab.org / cluster-integration / GitLab Agent for Kubernetes

Mikhail Mazurskiy requested to merge ash2k/no-run-as into master Jul 27, 2021

With this change agentk is not using the nonroot user on OpenShift and works fine:

On kind:

$ k exec gitlab-agent-7f4cb86b7f-lhpqs -- sh -c 'id'
uid=65532(nonroot) gid=65532(nonroot)

On OpenShift:

$ k exec pod/gitlab-agent-864fcf9c97-6dkzc -- sh -c 'id'            
uid=1000630000(1000630000) gid=0(root) groups=1000630000

Updating kas is out of scope here as that needs to be consistent with whatever we'll do for other containers i.e. it's part of gitlab-org/charts/gitlab#1069. Moreover, that would mean Chart changes - kas deployment is currently consistent with other deployments and I'd like it to stay that way. No point in fixing it if everything else doesn't work (?) anyway.

Edited Jul 27, 2021 by Mikhail Mazurskiy

Remove runAs and fsGroup to be compatible with OpenShift

Merge request reports