[Kubernetes Plugin] specifying shell in containerTemplate() has no effect in job

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Kubernetes Plugin] specifying shell in containerTemplate() has no effect in job

Dave Schile
I'm running kubernetes plugin 1.9.2 with Jenkins 2.107.3

I specify a container template like this:
containerTemplate(name: 'kaniko', image: 'gitlab-registry.nordstrom.com/cicd/kaniko:0.0.1', shell: '/bin/busybox sh', ttyEnabled: true),

This container has no /bin/sh installed at all.  It uses busybox and cannot have the /bin/sh symlink due to limitations of Kaniko

When running a `sh` command in the pipeline, I get:
rpc error: code = 13 desc = invalid header field value "oci runtime error: exec failed: container_linux.go:247: starting container process caused \"exec: \\\"/bin/sh\\\": stat /bin/sh: no such file or directory\"\n"

Anyone know where you can modify the exec command that the plugin uses to run shell commands?  The docs at https://github.com/jenkinsci/kubernetes-plugin#specifying-a-different-shell-command-other-than-binsh seem to say this is possible.  FYI, the shell property of containerTemplate is not mentioned in the overview of containerTemplate in the docs.

Thank you,
David

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/23c96b2a-bca6-4064-a95d-96c77ea940f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Kubernetes Plugin] specifying shell in containerTemplate() has no effect in job

Carlos Sanchez
Have you seen the kaniko example ?


On Fri, Jul 6, 2018, 21:55 Dave Schile <[hidden email]> wrote:
I'm running kubernetes plugin 1.9.2 with Jenkins 2.107.3

I specify a container template like this:
containerTemplate(name: 'kaniko', image: 'gitlab-registry.nordstrom.com/cicd/kaniko:0.0.1', shell: '/bin/busybox sh', ttyEnabled: true),

This container has no /bin/sh installed at all.  It uses busybox and cannot have the /bin/sh symlink due to limitations of Kaniko

When running a `sh` command in the pipeline, I get:
rpc error: code = 13 desc = invalid header field value "oci runtime error: exec failed: container_linux.go:247: starting container process caused \"exec: \\\"/bin/sh\\\": stat /bin/sh: no such file or directory\"\n"

Anyone know where you can modify the exec command that the plugin uses to run shell commands?  The docs at https://github.com/jenkinsci/kubernetes-plugin#specifying-a-different-shell-command-other-than-binsh seem to say this is possible.  FYI, the shell property of containerTemplate is not mentioned in the overview of containerTemplate in the docs.

Thank you,
David

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/23c96b2a-bca6-4064-a95d-96c77ea940f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CALHFn6PDAC1_O75SP-xSquWTqWf5pKswDxUdOn4WG%3D9QZ40%2BaA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Kubernetes Plugin] specifying shell in containerTemplate() has no effect in job

Dave Schile
Carlos, 
Thanks for that.  I hadn't seen it, and it's a huge help.  Can you give me a little more insight RE your comment on the blog where you say "Still not secure" as a `con` of Koniko? 

David.

On Friday, July 6, 2018 at 2:49:59 PM UTC-7, Carlos Sanchez wrote:
Have you seen the kaniko example ?

<a href="https://blog.csanchez.org/2018/06/13/building-docker-images-without-docker/" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fblog.csanchez.org%2F2018%2F06%2F13%2Fbuilding-docker-images-without-docker%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGbNj1LRpB9enJXs6-hb9dHSYODWg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fblog.csanchez.org%2F2018%2F06%2F13%2Fbuilding-docker-images-without-docker%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGbNj1LRpB9enJXs6-hb9dHSYODWg&#39;;return true;">https://blog.csanchez.org/2018/06/13/building-docker-images-without-docker/


On Fri, Jul 6, 2018, 21:55 Dave Schile <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="P2sXaMoUBgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">bajac...@...> wrote:
I'm running kubernetes plugin 1.9.2 with Jenkins 2.107.3

I specify a container template like this:
containerTemplate(name: 'kaniko', image: '<a href="http://gitlab-registry.nordstrom.com/cicd/kaniko:0.0.1" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fgitlab-registry.nordstrom.com%2Fcicd%2Fkaniko%3A0.0.1\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGeGormtHGvYK2erd8G5bWWnlQUHQ&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fgitlab-registry.nordstrom.com%2Fcicd%2Fkaniko%3A0.0.1\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGeGormtHGvYK2erd8G5bWWnlQUHQ&#39;;return true;">gitlab-registry.nordstrom.com/cicd/kaniko:0.0.1', shell: '/bin/busybox sh', ttyEnabled: true),

This container has no /bin/sh installed at all.  It uses busybox and cannot have the /bin/sh symlink due to limitations of Kaniko

When running a `sh` command in the pipeline, I get:
rpc error: code = 13 desc = invalid header field value "oci runtime error: exec failed: container_linux.go:247: starting container process caused \"exec: \\\"/bin/sh\\\": stat /bin/sh: no such file or directory\"\n"

Anyone know where you can modify the exec command that the plugin uses to run shell commands?  The docs at <a href="https://github.com/jenkinsci/kubernetes-plugin#specifying-a-different-shell-command-other-than-binsh" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkinsci%2Fkubernetes-plugin%23specifying-a-different-shell-command-other-than-binsh\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEyPN6r07sWGwho1tj6FpfgE-l5ig&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkinsci%2Fkubernetes-plugin%23specifying-a-different-shell-command-other-than-binsh\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEyPN6r07sWGwho1tj6FpfgE-l5ig&#39;;return true;">https://github.com/jenkinsci/kubernetes-plugin#specifying-a-different-shell-command-other-than-binsh seem to say this is possible.  FYI, the shell property of containerTemplate is not mentioned in the overview of containerTemplate in the docs.

Thank you,
David

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="P2sXaMoUBgAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/jenkinsci-users/23c96b2a-bca6-4064-a95d-96c77ea940f7%40googlegroups.com?utm_medium=email&amp;utm_source=footer" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/23c96b2a-bca6-4064-a95d-96c77ea940f7%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/msgid/jenkinsci-users/23c96b2a-bca6-4064-a95d-96c77ea940f7%40googlegroups.com?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;">https://groups.google.com/d/msgid/jenkinsci-users/23c96b2a-bca6-4064-a95d-96c77ea940f7%40googlegroups.com.
For more options, visit <a href="https://groups.google.com/d/optout" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/d/optout&#39;;return true;">https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/464a9617-aa28-409e-b3be-84dc7a62cbed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Kubernetes Plugin] specifying shell in containerTemplate() has no effect in job

Carlos Sanchez
as noted in the blog post, just follow the link for the discussion from Jessie Frazelle

On Mon, Jul 9, 2018 at 9:59 PM Dave Schile <[hidden email]> wrote:
Carlos, 
Thanks for that.  I hadn't seen it, and it's a huge help.  Can you give me a little more insight RE your comment on the blog where you say "Still not secure" as a `con` of Koniko? 

David.

On Friday, July 6, 2018 at 2:49:59 PM UTC-7, Carlos Sanchez wrote:
Have you seen the kaniko example ?


On Fri, Jul 6, 2018, 21:55 Dave Schile <[hidden email]> wrote:
I'm running kubernetes plugin 1.9.2 with Jenkins 2.107.3

I specify a container template like this:
containerTemplate(name: 'kaniko', image: 'gitlab-registry.nordstrom.com/cicd/kaniko:0.0.1', shell: '/bin/busybox sh', ttyEnabled: true),

This container has no /bin/sh installed at all.  It uses busybox and cannot have the /bin/sh symlink due to limitations of Kaniko

When running a `sh` command in the pipeline, I get:
rpc error: code = 13 desc = invalid header field value "oci runtime error: exec failed: container_linux.go:247: starting container process caused \"exec: \\\"/bin/sh\\\": stat /bin/sh: no such file or directory\"\n"

Anyone know where you can modify the exec command that the plugin uses to run shell commands?  The docs at https://github.com/jenkinsci/kubernetes-plugin#specifying-a-different-shell-command-other-than-binsh seem to say this is possible.  FYI, the shell property of containerTemplate is not mentioned in the overview of containerTemplate in the docs.

Thank you,
David

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/23c96b2a-bca6-4064-a95d-96c77ea940f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/464a9617-aa28-409e-b3be-84dc7a62cbed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CALHFn6N8GB7Whq2wHvwekj9rBuY9HN2tVUj6ZkbUhYKnP6ZfHA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.