-
Type:
Improvement
-
Status: Resolved
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 1.9.0
-
Component/s: containerization
-
Labels:
-
Target Version/s:
-
Sprint:Containerization: RI-17 52
-
Story Points:5
Currently, docker volume is always mounted as root, which is not accessible by non-root task users. For security concerns, there are use cases that operator may only allow non-root users to run as container user and docker volume needs to be supported for those non-root users.
A new agent flag is needed to make this support configurable, because chown-ing a docker volume may be limited to some use case - e.g., multiple non-root users on different hosts sharing the same docker volume simultaneously. Operators are expected to turn on this flag if their cluster's docker volume is not shared by multiple non-root users.