-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tekton pipeline deploy step fails - can't create directory: './chart/some-folder' permission denied #135
Comments
Someone has the same issue at ticket#131 and there are 12 other people I know with the same issue - I think this issue is critical. Can this be resolved? |
There is issues with v2.7.1 deploy task: permission denied. can you please help fix it? |
@schijioke-uche What version of OpenShift? and does the user have admin or restricted access? |
@triceam : v4.7.16 and the user have admin rights on the cluster.
Thank you. |
@triceam - any update? |
@schijioke-uche still have not been able to recreate it yet. A few of us are trying to reproduce it |
@lsteck : - any update about fixing this bug? |
@schijioke-uche FYI @triceam @csantanapr OK, I found root cause. GIT-CLONE step is running as I've found 2 ways to fix on 4.7. I need to test/verify these on 4.6 so until I can do that and push the fix to get you going you can edit the
To the git-clone step
FYI you will have to make the same change to |
After testing on OCP 4.6 I believe it is best to put the securityContext on BOTH steps in deploy task (git-clone & deploy) and helm-release task(git-clone & package-helm). TL;DR On ocp 4.6 it looks like a random UID is selected and both steps in the task are ran as the same UID. That is why it currently works. On ocp 4.7 the git-clone step is running as root and the deploy and package-helm steps are running as user devops as defined in the image: quay.io/ibmgaragecloud/ibmcloud-dev |
Wow 😯 Interesting find @lsteck In OpenShift the default scc is to not run as root, did you added privilege scc to the pipeline service account ? |
@lsteck Option 1: The user id in container 2 has write permissions to /source but not to /source/$gitrepofokderhelm so it should work If this doesn't work then I will have the git-clone task do a chmod -R on /source to give read and write access to anyone so any following task can write files inside the git repo folder |
@schijioke-uche I fix the issue can you verify the fix using the release https://github.com/IBM/ibm-garage-tekton-tasks/releases/tag/v2.7.2 |
++ cat ./chart/base/Chart.yaml
++ yq r - name
CHART_NAME: base
Renaming chart from base to four-metrics-app
cp: can't create directory './chart/four-metrics-app': Permission denied
The text was updated successfully, but these errors were encountered: