Permission denied when using Kubernetes executor and a non-root docker image

Summary

If you are using Kubernetes executor with a docker image that runs as a non-root user, you'll get permission denied.

Steps to reproduce

Just add a job with a docker image having

USER someone

specified in the Dockerfile to .gitlab-ci.yml

For example:

test:
  image: fuww/docker-meteor:build
  script:
    - echo ok

Reproduction repository:

https://gitlab.com/fuww/gitlab-ci-kubernetes-non-root-docker-bug

Actual behavior

Before running the script of the job, it fails with permission denied.

Expected behavior

It should just run the script fine, just as with the docker executor.

Relevant logs and/or screenshots

Cloning repository...
Checking out abcdef01 as master...
Skipping Git submodules setup
/bin/bash: line 6: /namespace/project.tmp/CI_SERVER_TLS_CA_FILE: Permission denied
ERROR: Job failed: error executing remote command: command terminated with non-zero exit code: Error executing in Docker Container: 1

https://gitlab.com/fuww/gitlab-ci-kubernetes-non-root-docker-bug/-/jobs/21046305

Environment description

Using a runner with Kubernetes executor (gitlab/gitlab-runner:latest). Version: 9.3.0

Configuration:

concurrent = 16
check_interval = 0

[[runners]]
  name = "..."
  url = "https://gitlab.com/"
  token = "..."
  executor = "kubernetes"
[runners.cache]
  Insecure = false
[runners.kubernetes]
  namespace = "default"
  privileged = true
  image = "docker:latest"
  disable_cache = true
  image_pull_secrets = ["regsecret"]

Used GitLab Runner version

Version:      9.3.0
Git revision: 3df822b
Git branch:   9-3-stable
GO version:   go1.7.5
Built:        Thu, 22 Jun 2017 10:57:22 +0000
OS/Arch:      linux/amd64

Edited Jul 04, 2017 by Peter Pal Koszta