What does this MR do?
Prevent kubernetes executor failure when the image does not run as root.
Why was this MR needed?
The user problem is described in #2570 (closed)
The problem is that stages running with the Predefined command run as root and if a variable is dumped to the disk, like CI_SERVER_TLS_CA_FILE, it will be root owned on the following stages.
Are there points in the code the reviewer needs to double check?
Personally I don't like this solution, but it's a fast and general fix to the problem.
In case of CI_SERVER_TLS_KEY_FILE we will end up exposing a key file with global readability, which may not be a problem with docker and kubernetes but it's very dangerous with the shell runner.
Does this MR meet the acceptance criteria?
-
Documentation created/updated - Tests
-
Added for this feature/bug -
All builds are passing
-
-
Branch has no merge conflicts with master(if you do - rebase it please)
What are the relevant issue numbers?
Closes #2570 (closed)