I have created a docker image for jenkins/jnlp and using that in a kubernetes cluster to spin up dynamic slaves. With this, I am able to checkout my code and run build on dynamic slaves.
However, when I mention volume(jenkins_home ie /mycom/jenkins) inside the plugin configuration as NAS persistant volume claim , I am observing the mount path permission is changing to "nobody" as opposed to "jenkins". This is failing my jenkins build as it is not able to create workspace under the same folder.
Kubernetes document states that we can pass the fsgroup details as part of security context which is part of pod definition. But I do not see that option in jenkins-kubernetes plugin . Is there any way I can pass on "RunAsUser" or "fsgroup" detail to the pod from jenkins?
The workaround I got was to give a "777" access to JENKINS_HOME in one pod in the Kubernetes Host. This persisted in all of the other pods that got created too. In this way, everytime my container runs with jenkins user , it was able to create workspace in jenkins_home dir which had nobody user access.
There is an option to specify RunAsUser and FsGroup when you install jenkins using a helm chart. You can also specify your PersistentVolumeClaim. See the values.yaml here - https://github.com/kubernetes/charts/tree/master/stable/jenkins