From e8e5d1bf616bc73b4f4d37430fe5d68ec8c9338c Mon Sep 17 00:00:00 2001 From: Paul Watts Date: Fri, 10 Jan 2025 12:31:13 -0800 Subject: [PATCH] docs: Volumes aren't required in >= v3.3 and runAsNonRoot I'm hoping this will save other developers a couple of hours of going down an unnecessary path. Signed-off-by: Paul Watts --- docs/workflow-pod-security-context.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/workflow-pod-security-context.md b/docs/workflow-pod-security-context.md index 722406ce51ad..f32765a5f52c 100644 --- a/docs/workflow-pod-security-context.md +++ b/docs/workflow-pod-security-context.md @@ -24,5 +24,7 @@ You can configure this globally using [workflow defaults](default-workflow-specs !!! Warning "It is easy to make a workflow need root unintentionally" You may find that user's workflows have been written to require root with seemingly innocuous code. E.g. `mkdir /my-dir` would require root. -!!! Note "You must use volumes for output artifacts" - If you use `runAsNonRoot` - you cannot have output artifacts on base layer (e.g. `/tmp`). You must use a volume (e.g. [empty dir](empty-dir.md)). +!!! Note "You must use volumes for output artifacts (v3.3 or earlier)" + If you use `runAsNonRoot` in versions v3.3 or earlier, you cannot have output artifacts on base layer (e.g. `/tmp`). You must use a volume (e.g. [empty dir](empty-dir.md)). + In versions later than v3.3, the [Emissary executor](https://argo-workflows.readthedocs.io/en/latest/workflow-executors/#emissary-emissary) + allows artifacts on the base layer with `runAsNonRoot`.