Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Add --user flag to enforce a specific user (i.e. me, not root) #573

Open
zepatrik opened this issue Apr 26, 2021 · 2 comments
Open

[FEATURE] Add --user flag to enforce a specific user (i.e. me, not root) #573

zepatrik opened this issue Apr 26, 2021 · 2 comments
Labels
enhancement New feature or request
Milestone
Backlog

Comments

@zepatrik
Copy link

Is your feature request related to a problem or a Pull Request

I have a setup where we use --volume on create cluster to mount some directories. On Linux, the files and directories in the volume are owned by root, which means we have to use sudo in scripts and make tasks, but only on Linux.
moby/moby#3124 (comment) explains the key points pretty good, and suggests that you pass your current user through the --user flag: https://docs.docker.com/engine/reference/run/#user
I'd like to expose that flag through k3d to ensure the permissions and owner of the volumes can be myself, and therefore also have the same behavior on Linux and OSX.

Scope of your request

  • add flag to k3d cluster create (and possibly others)

Describe the solution you'd like

Add --user flag to k3d cluster create (and possibly others) that is passed down to docker without any modification.

Describe alternatives you've considered

Use complicated scripts with OS checks together with sudo/chmod/chown to make volumes work on all systems.
@zepatrik zepatrik added the enhancement New feature or request label Apr 26, 2021
@iwilltry42 iwilltry42 added this to the Backlog milestone May 6, 2021
@iwilltry42
Copy link
Member

iwilltry42 commented May 6, 2021
edited
Loading

Hi @zepatrik , thanks for opening this issue!
This is a valid use-case indeed.
However, the k3s image doesn't provider user management and k3s must run as root unless you disable the agent component (or possibly use the experimental rootless mode):
docker run --rm --privileged --user 1000 xyz/k3s:dev-20210427.1 servertime="2021-05-06T16:57:22.311675640Z" level=fatal msg="must run as root unless --disable-agent is specified"

If you can figure out an easy way to do this, I'm more than happy to implement it (or accept a PR) :)

UPDATE:

Ref:

I guess once rootless is stable enough, we can simply add a --rootless flag that runs as non-root and enables k3s' rootless mode on the fly: https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootlesskit-experimental

@zepatrik zepatrik changed the title [FEATURE] Add --user flag to enforce a special user [FEATURE] Add --user flag to enforce a specific user (i.e. me, not root) Aug 3, 2021
@Legolas91
Copy link

Hi

i also enter the same issue. User namesapece is set on my dev PC without the possibility to bypass.
so to workaround the error, i rebuild k3d using a little modif in "/pkg/runtimes/docker/translate.go" file (line 128):
/* They have to run in privileged mode */
// TODO: can we replace this by a reduced set of capabilities?
hostConfig.Privileged = true
hostConfig.UsernsMode = "host"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@zepatrik @iwilltry42 @Legolas91