diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplate.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplate.java
index e4c3e385fb..54382ef622 100644
--- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplate.java
+++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplate.java
@@ -188,6 +188,8 @@ protected static MessageDigest getLabelDigestFunction() {
private Long terminationGracePeriodSeconds;
+ private Long fsGroup;
+
/**
* Persisted yaml fragment
*/
@@ -912,6 +914,14 @@ public void setTerminationGracePeriodSeconds(Long terminationGracePeriodSeconds)
this.terminationGracePeriodSeconds = terminationGracePeriodSeconds;
}
+ public Long getFsGroup() {
+ return fsGroup;
+ }
+
+ public void setFsGroup(Long fsGroup) {
+ this.fsGroup = fsGroup;
+ }
+
protected Object readResolve() {
if (containers == null) {
// upgrading from 0.8
@@ -1135,6 +1145,7 @@ public String toString() {
+ (!privileged ? "" : ", privileged=" + privileged)
+ (runAsUser == null ? "" : ", runAsUser=" + runAsUser)
+ (runAsGroup == null ? "" : ", runAsGroup=" + runAsGroup)
+ + (fsGroup == null ? "" : " ,fsGroup=" + fsGroup)
+ (!isHostNetwork() ? "" : ", hostNetwork=" + hostNetwork)
+ (!alwaysPullImage ? "" : ", alwaysPullImage=" + alwaysPullImage)
+ (command == null ? "" : ", command='" + command + '\'')
diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplateBuilder.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplateBuilder.java
index 9a8428631e..8448ba0e54 100644
--- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplateBuilder.java
+++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplateBuilder.java
@@ -279,7 +279,8 @@ public Pod build() {
Long runAsUser = template.getRunAsUserAsLong();
Long runAsGroup = template.getRunAsGroupAsLong();
String supplementalGroups = template.getSupplementalGroups();
- if (runAsUser != null || runAsGroup != null || supplementalGroups != null) {
+ Long fsGroup = template.getFsGroup();
+ if (runAsUser != null || runAsGroup != null || supplementalGroups != null || fsGroup != null) {
var securityContext = builder.editOrNewSecurityContext();
if (runAsUser != null) {
securityContext.withRunAsUser(runAsUser);
@@ -290,6 +291,9 @@ public Pod build() {
if (supplementalGroups != null) {
securityContext.withSupplementalGroups(parseSupplementalGroupList(supplementalGroups));
}
+ if (fsGroup != null) {
+ securityContext.withFsGroup(fsGroup);
+ }
securityContext.endSecurityContext();
}
diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplateUtils.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplateUtils.java
index 09a4064ca8..f28af416aa 100644
--- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplateUtils.java
+++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/PodTemplateUtils.java
@@ -435,6 +435,22 @@ public static Pod combine(Pod parent, Pod template) {
.getSecurityContext()
.getRunAsGroup()
: null))
+ .withFsGroup(
+ template.getSpec().getSecurityContext() != null
+ && template.getSpec()
+ .getSecurityContext()
+ .getFsGroup()
+ != null
+ ? template.getSpec().getSecurityContext().getFsGroup()
+ : (parent.getSpec().getSecurityContext() != null
+ && parent.getSpec()
+ .getSecurityContext()
+ .getFsGroup()
+ != null
+ ? parent.getSpec()
+ .getSecurityContext()
+ .getFsGroup()
+ : null))
.endSecurityContext();
}
diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStep.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStep.java
index 5a161bf45a..4500d6f9ad 100755
--- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStep.java
+++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStep.java
@@ -106,6 +106,9 @@ public class PodTemplateStep extends Step implements Serializable {
@CheckForNull
private String supplementalGroups;
+ @CheckForNull
+ private String fsGroup;
+
@DataBoundConstructor
public PodTemplateStep() {}
@@ -415,6 +418,16 @@ public void setSupplementalGroups(@CheckForNull String supplementalGroups) {
this.supplementalGroups = Util.fixEmpty(supplementalGroups);
}
+ @CheckForNull
+ public String getFsGroup() {
+ return this.fsGroup;
+ }
+
+ @DataBoundSetter
+ public void setFsGroup(String fsGroup) {
+ this.fsGroup = fsGroup;
+ }
+
@Extension
public static class DescriptorImpl extends StepDescriptor {
@@ -436,7 +449,8 @@ public static class DescriptorImpl extends StepDescriptor {
"serviceAccount",
"nodeSelector",
"workingDir",
- "workspaceVolume"
+ "workspaceVolume",
+ "fsGroup"
};
public DescriptorImpl() {
diff --git a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStepExecution.java b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStepExecution.java
index 4e2d957837..e39409fe57 100755
--- a/src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStepExecution.java
+++ b/src/main/java/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStepExecution.java
@@ -147,6 +147,10 @@ public boolean start() throws Exception {
newTemplate.setActiveDeadlineSeconds(step.getActiveDeadlineSeconds());
}
+ if (step.getFsGroup() != null) {
+ newTemplate.setFsGroup(Long.valueOf(step.getFsGroup()));
+ }
+
for (ContainerTemplate container : newTemplate.getContainers()) {
if (!PodTemplateUtils.validateContainerName(container.getName())) {
throw new AbortException(Messages.RFC1123_error(container.getName()));
diff --git a/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/PodTemplate/config.jelly b/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/PodTemplate/config.jelly
index a39c09c730..705500554d 100644
--- a/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/PodTemplate/config.jelly
+++ b/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/PodTemplate/config.jelly
@@ -130,4 +130,8 @@ THE SOFTWARE.
+
+
+
+
diff --git a/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/PodTemplate/help-fsGroup.html b/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/PodTemplate/help-fsGroup.html
new file mode 100644
index 0000000000..0efd7c38ab
--- /dev/null
+++ b/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/PodTemplate/help-fsGroup.html
@@ -0,0 +1 @@
+Specify the gid for the filesystem.
\ No newline at end of file
diff --git a/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStep/config.jelly b/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStep/config.jelly
index f751412df0..86140d2e02 100755
--- a/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStep/config.jelly
+++ b/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStep/config.jelly
@@ -83,5 +83,8 @@
+
+
+
diff --git a/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStep/help-fsGroup.html b/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStep/help-fsGroup.html
new file mode 100644
index 0000000000..0efd7c38ab
--- /dev/null
+++ b/src/main/resources/org/csanchez/jenkins/plugins/kubernetes/pipeline/PodTemplateStep/help-fsGroup.html
@@ -0,0 +1 @@
+Specify the gid for the filesystem.
\ No newline at end of file