fix apache#915: set right permissions on kaniko workspace

nicolaferraro · Oct 3, 2019 · ea15c5c · ea15c5c
1 parent c6fe990
commit ea15c5c
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 5 deletions.
diff --git a/pkg/controller/build/schedule_pod.go b/pkg/controller/build/schedule_pod.go
@@ -170,6 +170,21 @@ func newBuildPod(build *v1alpha1.Build, operatorImage string) *corev1.Pod {
 			},
 		}
 
+		// In case the kaniko cache has not run, the /workspace dir needs to have the right permissions set
+		pod.Spec.InitContainers = append(pod.Spec.InitContainers, corev1.Container{
+			Name:            "prepare-kaniko-workspace",
+			Image:           "busybox",
+			ImagePullPolicy: corev1.PullIfNotPresent,
+			Command:         []string{"/bin/sh", "-c"},
+			Args:            []string{"chmod -R a+rwx /workspace"},
+			VolumeMounts: []corev1.VolumeMount{
+				{
+					Name:      "camel-k-builder",
+					MountPath: "/workspace",
+				},
+			},
+		})
+
 		// Use affinity only when the operator is present in the namespaced
 		if build.Namespace == platform.GetOperatorNamespace() {
 			// Co-locate with the builder pod for sharing the host path volume as the current

diff --git a/pkg/controller/integrationplatform/kaniko_cache.go b/pkg/controller/integrationplatform/kaniko_cache.go
@@ -72,11 +72,8 @@ func createKanikoCacheWarmerPod(ctx context.Context, client client.Client, platf
 					Name:            "create-kaniko-cache",
 					Image:           "busybox",
 					ImagePullPolicy: corev1.PullIfNotPresent,
-					Command: []string{
-						"mkdir",
-						"-p",
-						"/workspace/cache",
-					},
+					Command:         []string{"/bin/sh", "-c"},
+					Args:            []string{"mkdir -p /workspace/cache && chmod -R a+rwx /workspace"},
 					VolumeMounts: []corev1.VolumeMount{
 						{
 							Name:      "camel-k-builder",