Merge pull request #654 from SaschaSchwarze0/sascha-kaniko-kill-capab…

…ility Add KILL capability for Kaniko executor to allow it to kill non-root processes
shipwright-io · Mar 10, 2021 · f5ddd1e · f5ddd1e
2 parents d0293ee + cceafe8
commit f5ddd1e
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 0 deletions.
diff --git a/docs/buildstrategies.md b/docs/buildstrategies.md
@@ -213,6 +213,7 @@ spec:
             - SETGID
             - SETUID
             - SETFCAP
+            - KILL
       env:
         - name: DOCKER_CONFIG
           value: /tekton/home/.docker
@@ -257,6 +258,7 @@ spec:
             - SETGID
             - SETUID
             - SETFCAP
+            - KILL
       env:
         - name: DOCKER_CONFIG
           value: /tekton/home/.docker

diff --git a/pkg/reconciler/buildrun/resources/runtime_image.go b/pkg/reconciler/buildrun/resources/runtime_image.go
@@ -202,6 +202,7 @@ func runtimeBuildAndPushStep(b *buildv1alpha1.Build, kanikoImage string) *v1beta
 					v1.Capability("SETGID"),
 					v1.Capability("SETUID"),
 					v1.Capability("SETFCAP"),
+					v1.Capability("KILL"),
 				},
 			},
 		},

diff --git a/samples/buildstrategy/kaniko/buildstrategy_kaniko_cr.yaml b/samples/buildstrategy/kaniko/buildstrategy_kaniko_cr.yaml
@@ -18,6 +18,7 @@ spec:
             - SETGID
             - SETUID
             - SETFCAP
+            - KILL
       env:
         - name: DOCKER_CONFIG
           value: /tekton/home/.docker

diff --git a/samples/buildstrategy/source-to-image/buildstrategy_source-to-image_cr.yaml b/samples/buildstrategy/source-to-image/buildstrategy_source-to-image_cr.yaml
@@ -43,6 +43,7 @@ spec:
             - SETGID
             - SETUID
             - SETFCAP
+            - KILL
       volumeMounts:
         - mountPath: /gen-source
           name: gen-source

diff --git a/test/clusterbuildstrategy_samples.go b/test/clusterbuildstrategy_samples.go
@@ -135,6 +135,7 @@ spec:
             - SETGID
             - SETUID
             - SETFCAP
+            - KILL
       env:
         - name: DOCKER_CONFIG
           value: /tekton/home/.docker
@@ -184,6 +185,7 @@ spec:
             - SETGID
             - SETUID
             - SETFCAP
+            - KILL
       env:
         - name: DOCKER_CONFIG
           value: /tekton/home/.docker
@@ -231,6 +233,7 @@ spec:
         - SETGID
         - SETUID
         - SETFCAP
+        - KILL
     env:
     - name: DOCKER_CONFIG
       value: /tekton/home/.docker
@@ -297,6 +300,7 @@ spec:
             - SETGID
             - SETUID
             - SETFCAP
+            - KILL
       env:
         - name: DOCKER_CONFIG
           value: /tekton/home/.docker