From 0e5426bb85ce2100dbc9a3dd3f3317ef0f0d544a Mon Sep 17 00:00:00 2001 From: Shubham Choudhary Date: Wed, 17 Mar 2021 20:42:40 +0530 Subject: [PATCH 1/7] Add GIT_SYNC_ROOT change for non-root user in docs/ssh https://github.com/kubernetes/git-sync/pull/97\#issuecomment-800606819 --- docs/ssh.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ssh.md b/docs/ssh.md index a19183416..38d938acf 100644 --- a/docs/ssh.md +++ b/docs/ssh.md @@ -106,7 +106,7 @@ that this is a Pod-wide setting, unlike the container `securityContext` above. If you want git-sync to run as a different (non-root) UID and GID, you can change these last blocks to any UID/GID you like. SSH demands that the current UID be present in /etc/passwd, so in this case you will need to add the -`--add-user` flag to git-sync's args array. +`--add-user` flag to git-sync's args array. Also, you need to change `GIT_SYNC_ROOT` to some other location, say `/workspace`, instead of `$HOME/git` as the `$HOME` will be `/` for the user and, `GIT_SYNC_ROOT` will end up in `//tmp` which do not exist. **Note:** Kubernetes mounts the Secret with permissions 0444 by default (not restrictive enough to be used as an SSH key), so make sure you set the From c4a78d63fca73c88710cf9f3baf38ab2073afa5d Mon Sep 17 00:00:00 2001 From: Shubham Choudhary Date: Wed, 17 Mar 2021 23:32:56 +0530 Subject: [PATCH 2/7] linewrap --- docs/ssh.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/ssh.md b/docs/ssh.md index 38d938acf..561b721d3 100644 --- a/docs/ssh.md +++ b/docs/ssh.md @@ -106,7 +106,10 @@ that this is a Pod-wide setting, unlike the container `securityContext` above. If you want git-sync to run as a different (non-root) UID and GID, you can change these last blocks to any UID/GID you like. SSH demands that the current UID be present in /etc/passwd, so in this case you will need to add the -`--add-user` flag to git-sync's args array. Also, you need to change `GIT_SYNC_ROOT` to some other location, say `/workspace`, instead of `$HOME/git` as the `$HOME` will be `/` for the user and, `GIT_SYNC_ROOT` will end up in `//tmp` which do not exist. +`--add-user` flag to git-sync's args array. Also, you need to change +`GIT_SYNC_ROOT` to some other location, say `/workspace`, instead of +`$HOME/git` as the `$HOME` will be `/` for the user and, `GIT_SYNC_ROOT` will +end up in `//git` which do not exist. **Note:** Kubernetes mounts the Secret with permissions 0444 by default (not restrictive enough to be used as an SSH key), so make sure you set the From 35f1f184827f4f50f1893936903a0b86cb4d4cb2 Mon Sep 17 00:00:00 2001 From: Shubham Choudhary Date: Wed, 17 Mar 2021 23:40:51 +0530 Subject: [PATCH 3/7] minor --- docs/ssh.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ssh.md b/docs/ssh.md index 561b721d3..7f4290ab7 100644 --- a/docs/ssh.md +++ b/docs/ssh.md @@ -109,7 +109,7 @@ UID be present in /etc/passwd, so in this case you will need to add the `--add-user` flag to git-sync's args array. Also, you need to change `GIT_SYNC_ROOT` to some other location, say `/workspace`, instead of `$HOME/git` as the `$HOME` will be `/` for the user and, `GIT_SYNC_ROOT` will -end up in `//git` which do not exist. +end up in `//git` which which the non-root user can't create. **Note:** Kubernetes mounts the Secret with permissions 0444 by default (not restrictive enough to be used as an SSH key), so make sure you set the From b6bed089920376517c91a3ea37d93d1d7beb2214 Mon Sep 17 00:00:00 2001 From: shubhamc183 Date: Wed, 17 Mar 2021 20:42:40 +0530 Subject: [PATCH 4/7] Add GIT_SYNC_ROOT change for non-root user in docs/ssh https://github.com/kubernetes/git-sync/pull/97\#issuecomment-800606819 --- docs/ssh.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ssh.md b/docs/ssh.md index a19183416..38d938acf 100644 --- a/docs/ssh.md +++ b/docs/ssh.md @@ -106,7 +106,7 @@ that this is a Pod-wide setting, unlike the container `securityContext` above. If you want git-sync to run as a different (non-root) UID and GID, you can change these last blocks to any UID/GID you like. SSH demands that the current UID be present in /etc/passwd, so in this case you will need to add the -`--add-user` flag to git-sync's args array. +`--add-user` flag to git-sync's args array. Also, you need to change `GIT_SYNC_ROOT` to some other location, say `/workspace`, instead of `$HOME/git` as the `$HOME` will be `/` for the user and, `GIT_SYNC_ROOT` will end up in `//tmp` which do not exist. **Note:** Kubernetes mounts the Secret with permissions 0444 by default (not restrictive enough to be used as an SSH key), so make sure you set the From 24be40d32d4b3f0de5c642b00220b1cc76c038b2 Mon Sep 17 00:00:00 2001 From: shubhamc183 Date: Wed, 17 Mar 2021 23:32:56 +0530 Subject: [PATCH 5/7] linewrap --- docs/ssh.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/ssh.md b/docs/ssh.md index 38d938acf..561b721d3 100644 --- a/docs/ssh.md +++ b/docs/ssh.md @@ -106,7 +106,10 @@ that this is a Pod-wide setting, unlike the container `securityContext` above. If you want git-sync to run as a different (non-root) UID and GID, you can change these last blocks to any UID/GID you like. SSH demands that the current UID be present in /etc/passwd, so in this case you will need to add the -`--add-user` flag to git-sync's args array. Also, you need to change `GIT_SYNC_ROOT` to some other location, say `/workspace`, instead of `$HOME/git` as the `$HOME` will be `/` for the user and, `GIT_SYNC_ROOT` will end up in `//tmp` which do not exist. +`--add-user` flag to git-sync's args array. Also, you need to change +`GIT_SYNC_ROOT` to some other location, say `/workspace`, instead of +`$HOME/git` as the `$HOME` will be `/` for the user and, `GIT_SYNC_ROOT` will +end up in `//git` which do not exist. **Note:** Kubernetes mounts the Secret with permissions 0444 by default (not restrictive enough to be used as an SSH key), so make sure you set the From 5310a223cbc22f6566f05566f979ed2b12bcd1ed Mon Sep 17 00:00:00 2001 From: shubhamc183 Date: Wed, 17 Mar 2021 23:51:03 +0530 Subject: [PATCH 6/7] minor --- docs/ssh.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ssh.md b/docs/ssh.md index 561b721d3..7f4290ab7 100644 --- a/docs/ssh.md +++ b/docs/ssh.md @@ -109,7 +109,7 @@ UID be present in /etc/passwd, so in this case you will need to add the `--add-user` flag to git-sync's args array. Also, you need to change `GIT_SYNC_ROOT` to some other location, say `/workspace`, instead of `$HOME/git` as the `$HOME` will be `/` for the user and, `GIT_SYNC_ROOT` will -end up in `//git` which do not exist. +end up in `//git` which which the non-root user can't create. **Note:** Kubernetes mounts the Secret with permissions 0444 by default (not restrictive enough to be used as an SSH key), so make sure you set the From 25e76a0825b824d1d9556aab3ec2c56580b439c8 Mon Sep 17 00:00:00 2001 From: shubhamc183 Date: Thu, 18 Mar 2021 23:03:07 +0530 Subject: [PATCH 7/7] minor --- docs/ssh.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ssh.md b/docs/ssh.md index 7f4290ab7..014a66b1b 100644 --- a/docs/ssh.md +++ b/docs/ssh.md @@ -108,7 +108,7 @@ change these last blocks to any UID/GID you like. SSH demands that the current UID be present in /etc/passwd, so in this case you will need to add the `--add-user` flag to git-sync's args array. Also, you need to change `GIT_SYNC_ROOT` to some other location, say `/workspace`, instead of -`$HOME/git` as the `$HOME` will be `/` for the user and, `GIT_SYNC_ROOT` will +`$HOME/git` as the `$HOME` will be `/` for the user and `GIT_SYNC_ROOT` will end up in `//git` which which the non-root user can't create. **Note:** Kubernetes mounts the Secret with permissions 0444 by default (not