nsenter: Permission denied on K8s containerd w/ Gitlab Runners #350
Description
Hello,
I'm actually trying to run img on a Gitlab Runners chart (0.34.0) deployed with Helm on a Kubernetes 1.22.3 cluster w/ Containerd.
img:
version : v0.5.11
git hash : 3667c6a0
go version : go1.13.15
go compiler : gc
platform : linux/amd64
runc:
version : 1.0.0-rc10+dev
commit : 56aca5aa50d07548d5db8fd33e9dc562f70f3208
spec : 1.0.2
When I do an img pull, I got the following error :
nsenter: cannot change root filesystem propagation: Permission denied
I saw issues #115 #266 #284 and also the Running with Kubernetes part in the Readme.md.
In the Gitlab Runner Helm Chart, I have set the following settings as suggested :
# Run all containers with the privileged flag enabled
# This will allow the docker:dind image to run if you need to run Docker
# commands. Please read the docs before turning this on:
# ref: https://docs.gitlab.com/runner/executors/kubernetes.html#using-dockerdind
runners:
privileged: true
## Specify pod labels for CI job pods
## Even if deprecated, it's still working
## DEPRECATED: See https://docs.gitlab.com/runner/install/kubernetes.html#additional-configuration
podLabels:
container.apparmor.security.beta.kubernetes.io/img: unconfined
container.seccomp.security.alpha.kubernetes.io/img: unconfined
## Configure securitycontext
## ref: http://kubernetes.io/docs/user-guide/security-context/
##
securityContext:
runAsUser: 100
# runAsGroup: 65533
fsGroup: 65533
# supplementalGroups: [65533]
privileged: true
procMount: UnmaskedBut I still got this Permission denied error when I'm trying to pull a Docker image.