What does this MR do?
Prevent kubernetes executor failure when the image does not run as
Why was this MR needed?
The user problem is described in #2570 (closed)
The problem is that stages running with the
Predefined command run as
root and if a variable is dumped to the disk, like
CI_SERVER_TLS_CA_FILE, it will be root owned on the following stages.
Are there points in the code the reviewer needs to double check?
Personally I don't like this solution, but it's a fast and general fix to the problem.
In case of
CI_SERVER_TLS_KEY_FILE we will end up exposing a key file with global readability, which may not be a problem with docker and kubernetes but it's very dangerous with the shell runner.
Does this MR meet the acceptance criteria?
Added for this feature/bug
All builds are passing
Branch has no merge conflicts with
master(if you do - rebase it please)
What are the relevant issue numbers?
Closes #2570 (closed)