Kubernetes | Docker: Add support for rootless images (#4151)

2025-09-03 01:39:43 +00:00 · 2024-11-02 18:07:27 +01:00
parent 0b4654586f
commit 560eab96f0
13 changed files with 135 additions and 114 deletions
--- a/pipeline/backend/kubernetes/kubernetes.go
+++ b/pipeline/backend/kubernetes/kubernetes.go
@@ -70,6 +70,7 @@ type config struct {
 }
 type SecurityContextConfig struct {
 	RunAsNonRoot bool
+	FSGroup      *int64
 }

 func newDefaultDeleteOptions() meta_v1.DeleteOptions {
@@ -98,6 +99,7 @@ func configFromCliContext(ctx context.Context) (*config, error) {
 				ImagePullSecretNames:        c.StringSlice("backend-k8s-pod-image-pull-secret-names"),
 				SecurityContext: SecurityContextConfig{
 					RunAsNonRoot: c.Bool("backend-k8s-secctx-nonroot"), // cspell:words secctx nonroot
+					FSGroup:      newInt64(defaultFSGroup),
 				},
 				NativeSecretsAllowFromStep: c.Bool("backend-k8s-allow-native-secrets"),
 			}