-
Notifications
You must be signed in to change notification settings - Fork 416
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Installed Tekton pipelines, triggers etc. into a new OKD 4.7 cluster. #1172
Comments
I think this is happening because we are setting security context for EventListener which isn't allowed in OpenShift (and probably in OKD also). We apply a patch in downstream to fix this. https://github.com/openshift/tektoncd-triggers/blob/master/openshift/patches/0001-Change-eventlistener-flag-default-value-to-false.patch You can use this release.yaml to fix this issue: https://github.com/openshift/tektoncd-triggers/tree/release-v0.14.2/openshift/release Or change value of |
Installed tekton again in a freshly restored cluster with the following, but still seeing the same issue: oc new-project tekton-pipelines oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller oc apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.notags.yaml |
Is there anything coming in log tab or terminal tab? Can you share those log? |
|
@johnlongo Can you share the yaml for EventListener and rbac? I think issue is with RBAC and serviceaccount. Some permissions are missing. |
Attached are the yaml files I'm using (note not allowed to upload yaml files, so I changed them to txt). Note I just updated my OKD cluster to the latest version: 4.7.0-0.okd-2021-08-07-063045 |
@johnlongo, Can you try rbac file I have attached? We need to follow EL roles(tekton-triggers-eventlistener-roles and tekton-triggers-eventlistener-clusterroles) given here. |
I applied the cluster roles you supplied, then I added sa tekton-triggers-sa to the project and and added cluster roles tekton-triggers-eventlistener-roles and tekton-triggers-eventlistener-clusterroles to the new sa (tekton-triggers-sa) I created in the project. After that the listener started up without any issues (see attached). Thank you for all the help |
Installed the latest Tekton pipelines, triggers etc. into a new OKD 4.7 (4.7.0-0.okd-2021-07-03-190901) cluster using the following steps:
oc adm policy add-scc-to-user anyuid -z tekton-pipelines-controller
oc adm policy add-scc-to-user anyuid -z tekton-pipelines-webhook
oc apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.notags.yaml
oc apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.notags.yaml
oc apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.notags.yaml
oc apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/tekton-dashboard-release.yaml
After that I defined a pipeline for one of my deployments and an event listener (see attached).
trigger-openshift-alertmanager-listener.txt
When the listener starts up if goes into a crash loop (see attached)
![image](https://user-images.githubusercontent.com/23619505/127953819-915c7ec5-42da-41ff-9864-3e7fda0b8992.png)
Please let me know how to fix this issue because I really would like to use Tekton but if I cant use a listener it's going to be a manual process to start the pipeline and I would like to avoid that if possible.
Thank you in advance for any help.
The text was updated successfully, but these errors were encountered: