gl_git_credential_store.sh should have executable permission for all users

MR: Grant executable permission on file contents of... (!190244 - closed) • Ashvin Sharma • 18.1

Description

In the RFH https://gitlab.com/gitlab-com/request-for-help/-/issues/2668, it was found that a customer has been having issues running a sysbox enabled workspace in a GKE cluster. On investigation it was found that the Kernel changes the ownership of all the files in a mounted directory to user nobody in a sysbox container.

The ownership issue is fixed in the later versions of the Kernel. This issue aims to give support to Kernel versions <5.19.

Acceptance criteria

Files in the secret should have executable permission for "others"
Corresponding change in the spec fixtures
Workspaces with and without sysbox should work

Implementation plan

DefaultMode field in Volumes in a PodSpec is sets the permission on created files by default. We are using it here. Change this value to 0o555.

Make sure to test this on two separate node pools. One which should have sysbox enabled and other without. Repo to create K8S cluster on GKE- https://gitlab.com/gitlab-org/workspaces/testing/workspaces-infrastructure-setup-gcp-fork-ashvin-s

Edited May 07, 2025 by Ashvin Sharma