img icon indicating copy to clipboard operation
img copied to clipboard
verified publisher icon genuinetools

nsenter bug when running inside of a Jenkins-Slave

Open frankvHoof93 opened this issue 5 years ago • 1 comments

When trying to build a container inside of a jenkins-slave on a k8s-cluster I get the following error: nsenter: cannot change root filesystem propagation: Permission denied

I'm also not sure what the 'securityannotations' in the readme mean. When I set these annotations (under the container-template in Jenkins) the slave never spins up

DockerFile for slave:

# Jenkins Base Slave Image. Latest is NOT used to prevent updates from breaking this Image
FROM jenkins/jnlp-slave:4.0.1-1 
# Many of the commands in this file will not run as the Jenkins user. Thus, we switch to the Root-User here
USER root
# Versions of Tooling to Download
ENV NODE_VERSION=12.x 
# Version 12.16.1 is the latest LTS-version at this time
# Get base dependencies
RUN apt-get update				&& \
  apt-get install -y curl
	
# Get the Node Install
RUN curl -sL https://deb.nodesource.com/setup_${NODE_VERSION} | bash
 
# Install Node and npm
RUN apt-get update				&& \
    apt-get install -y nodejs

# Install apt-transport-https for Yarn repository
RUN apt-get install apt-transport-https -y

# Add Yarn repository
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -	&& \
	echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list

# Install Yarn
RUN apt-get update				&& \
	apt-get install -y yarn
	
# Install dependencies for IMG
RUN apt-get update -y			&& \
	apt-get install -y uidmap && \
	apt-get install -y seccomp

# Add GenuineTools IMG (for executing Docker commands)
RUN export IMG_SHA256="41aa98ab28be55ba3d383cb4e8f86dceac6d6e92102ee4410a6b43514f4da1fa" && \
    curl -fSL "https://github.com/genuinetools/img/releases/download/v0.5.7/img-linux-amd64" -o "/usr/local/bin/img" && \
	echo "${IMG_SHA256}  /usr/local/bin/img" | sha256sum -c - && \
	chmod a+x "/usr/local/bin/img"

# Set User to Jenkins
USER jenkins

ENV USER jenkins

In my slave (Jenkinsfile) I'm trying to run: sh "img build -t dockerregistry:5000/${name}:latest ." (I'm running a private registry within the same namespace

frankvHoof93 avatar Mar 30 '20 11:03 frankvHoof93

Can you fix the formatting of that Dockerfile? Use triple backticks (```) to wrap the code instead of quote.

kekoav avatar Apr 23 '20 06:04 kekoav