-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Artifact input file permission problems #9651
Comments
@chr-b Can you try on v3.3.9? |
Hi @sarabala1979 , The workflow |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this is a mentoring request, please provide an update here. Thank you for your contributions. |
This problem still exists with Argo |
Can confirm we have the same issue, this is really blocking us |
same issue with v3.4.3 |
I also confirm the issue with v3.4.3, I cannot use any artifact input directory with a non-root user. |
This is impacting us as well, with v 3.4.3 |
@aneja-arun1 @PacoDu can you uncomment the below lines and try? mode: 0644
recurseMode: true |
Hi @sarabala1979 , |
Hi all, I have made a test changing the directory permission to 0o755 and it's working now. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this is a mentoring request, please provide an update here. Thank you for your contributions. |
Bump. This is still a blocker issure for us. |
We have the same problem, we are still waiting a fix to update our environment. |
Just ran into this as well when trying to read from /src as nonroot user
|
Same problem here. |
Same problem here , we did version bump from 3.3.8 to 3.4.4, it's blocking us, may need to go back to 3.3.8 |
Had the same problem upgrading to 3.4.5. For now I'm setting the
Hope it helps |
v3.4.4 did some testing, Using above example, i tried few (only) modes 700, 755, 644 and without mode (default). Finally i used |
Thanks @graillus and @dcd000 your comments were helpful in my tests. After trying all methods, below one worked for me. Got it worked by making two changes
|
…10664) Signed-off-by: Sandeep Vagulapuram <sandeeppuram7@gmail.com>
Pre-requisites
:latest
What happened/what you expected to happen?
The high level problem is as follows:
The problem can be reproduced with the two workflows below.
Note: I have added
securityContext
only for the reproducible workflow. In my original workflows there is nosecurityContext
. But the container images define a non-root user in theDockerfile
.Additional context:
Deployed Argo Workflows from the official Helm Chart version
0.19.0
. Therefore using version3.4.0
by default. Problem remains when settingimages.tag
tolatest
in the Helmvalues.yaml
file.The artifact repository is GCP GCS. The workflows are executed with a service account that has the required permissions to access GCS.
Version
v3.4.0
Paste a small workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.
The following workflow fails:
The text was updated successfully, but these errors were encountered: