Commits on Mar 23, 2020

1. Creds-init writes to fixed location when HOME override is disabled …

   When the disable-home-env-overwrite flag is set to "true" each Step in a
   Task can conceivably have its own HOME directory. The concept of "HOME"
   is further muddied in systems that randomize the UID of containers.
   
   So now creds-init will write to a shared volumeMount, /tekton/creds,
   when the disable-home-env-overwrite flag is "true". When the flag is
   "false" creds-init will behave exactly the same as before, writing the
   credentials to /tekton/home, and no extra volume mount will be needed.
   
   This change should be mostly transparent to users: the entrypoint
   binary in each Step will now try and copy credentials out of
   /tekton/creds into $HOME/. The net result is the same as before the
   flag was introduced, it's just that entrypoint does the final copy into
   $HOME instead of creds-init.
   
   To support users who were in some way depending on the location of
   credentials, the path to where creds-init writes is now exposed for Tasks
   via the $(credentials.path) variable. This will be replaced with the
   directory that creds-init writes to: either "/tekton/home" or "/tekton/creds"
   depending on the state of the disable-home-env-overwrite flag.

   Scott committed Mar 23, 2020
   Configuration menu

   • View commit details
   • Copy full SHA for 49d50d7
   • Browse repository at this point

   Copy the full SHA

   49d50d7 View commit details

   Browse the repository at this point in the history