Allow admins to override image:kubernetes:user value

Description

Recently !5469 (merged) was merged that allows users to define a uid and gid for a container being run in kubernetes. From the MR, the user setting overrides the value configured by administrators. Instead, administrators should be able to supersede any user-defined options.

Proposal

Reverse the order of precedence for the image:kubernetes:user and image:kubernetes:group values so that administrators can lock the jobs being run to a single user namespace.

From customer feedback:

Ideally we want a setting like:

allowed_users = [">1", "1000-2000"]
allowed_groups ["0", ">1000"]

Links to related issues and merge requests / references

!5469 (merged)

Edited Jun 25, 2025 by Matthew Badeau