docs: Volumes aren't required in >= v3.3 and runAsNonRoot

I'm hoping this will save other developers a couple of hours of going down an unnecessary path. Signed-off-by: Paul Watts <[email protected]>
argoproj · Jan 10, 2025 · e8e5d1b · e8e5d1b
1 parent a7a72e7
commit e8e5d1b
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/docs/workflow-pod-security-context.md b/docs/workflow-pod-security-context.md
@@ -24,5 +24,7 @@ You can configure this globally using [workflow defaults](default-workflow-specs
 !!! Warning "It is easy to make a workflow need root unintentionally"
     You may find that user's workflows have been written to require root with seemingly innocuous code. E.g. `mkdir /my-dir` would require root.
 
-!!! Note "You must use volumes for output artifacts"
-    If you use `runAsNonRoot` - you cannot have output artifacts on base layer (e.g. `/tmp`). You must use a volume (e.g. [empty dir](empty-dir.md)).
+!!! Note "You must use volumes for output artifacts (v3.3 or earlier)"
+    If you use `runAsNonRoot` in versions v3.3 or earlier, you cannot have output artifacts on base layer (e.g. `/tmp`). You must use a volume (e.g. [empty dir](empty-dir.md)).
+    In versions later than v3.3, the [Emissary executor](https://argo-workflows.readthedocs.io/en/latest/workflow-executors/#emissary-emissary)
+    allows artifacts on the base layer with `runAsNonRoot`.