I have the below tekton pipeline, and trying to run on Google Cloud
我有下面的tekton管道,并尝试在Google Cloud上运行
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: ft-common-run
namespace: fetebird-tekton
spec:
pipelineRef:
name: ft-common
workspaces:
- name: shared-data
persistentVolumeClaim:
claimName: fetebird-common-pvc
params:
- name: repo-url
value: [email protected]:anandjaisy/common.git
- name: GRADLE_IMAGE
value: docker.io/library/gradle:jdk17-alpine@sha256:e80d3108c319eaeef966eefdfd075fdaa44201c8fb6730532a16555426c61dbd
taskRunSpecs:
- pipelineTaskName: git-clone
taskServiceAccountName: git-service-account
- pipelineTaskName: clean-build-publish
taskServiceAccountName: gcp-service-account
Cluster role binding
集群角色绑定
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: file-system-access-binding
subjects:
- kind: ServiceAccount
name: gcp-service-account
namespace: fetebird-tekton
- kind: ServiceAccount
name: git-service-account
namespace: fetebird-tekton
roleRef:
kind: ClusterRole
name: file-system-access
apiGroup: rbac.authorization.k8s.io
Cluster Role
集群角色
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: file-system-access
rules:
- apiGroups:
- ""
resources:
- pods
verbs: ["get", "list", "exec"]
The service account has below permission
该服务帐户具有以下权限
Exception
例外
2023-09-08T12:10:24.063826871Z + '[' false '=' true ]
2023-09-08T12:10:24.063928558Z + '[' false '=' true ]
2023-09-08T12:10:24.063935807Z + '[' false '=' true ]
2023-09-08T12:10:24.063941856Z + CHECKOUT_DIR=/workspace/output/
2023-09-08T12:10:24.063948512Z + '[' true '=' true ]
2023-09-08T12:10:24.063953410Z + cleandir
2023-09-08T12:10:24.063959000Z + '[' -d /workspace/output/ ]
2023-09-08T12:10:24.066654147Z + rm -rf /workspace/output//lost+found
2023-09-08T12:10:24.067843454Z + rm -rf '/workspace/output//.[!.]*'
2023-09-08T12:10:24.069011915Z + rm -rf '/workspace/output//..?*'
2023-09-08T12:10:24.069880010Z + test -z
2023-09-08T12:10:24.069945026Z + test -z
2023-09-08T12:10:24.069953496Z + test -z
2023-09-08T12:10:24.069960028Z + git config --global --add safe.directory /workspace/output
2023-09-08T12:10:24.071523325Z + /ko-app/git-init '[email protected]:anandjaisy/common.git' '-revision=' '-refspec=' '-path=/workspace/output/' '-sslVerify=true' '-submodules=true' '-depth=1' '-sparseCheckoutDirectories='
2023-09-08T12:10:24.090957316Z {"level":"error","ts":1694175024.0906546,"caller":"git/git.go:53","msg":"Error running git [init /workspace/output/]: exit status 1\n/workspace/output/.git: Permission denied\n","stacktrace":"github.com/tektoncd/pipeline/pkg/git.run\n\tgithub.com/tektoncd/pipeline/pkg/git/git.go:53\ngithub.com/tektoncd/pipeline/pkg/git.Fetch\n\tgithub.com/tektoncd/pipeline/pkg/git/git.go:88\nmain.main\n\tgithub.com/tektoncd/pipeline/cmd/git-init/main.go:53\nruntime.main\n\truntime/proc.go:250"}
2023-09-08T12:10:24.091295150Z {"level":"fatal","ts":1694175024.0911646,"caller":"git-init/main.go:54","msg":"Error fetching git repository: exit status 1","stacktrace":"main.main\n\tgithub.com/tektoncd/pipeline/cmd/git-init/main.go:54\nruntime.main\n\truntime/proc.go:250"}
Not sure what permission do I need to set for service account.
不确定需要为服务帐户设置什么权限。
更多回答
优秀答案推荐
I was missing, adding below code to the pipeline-run solve the issue
我错过了,将下面的代码添加到管道运行-解决了这个问题
podTemplate:
securityContext:
fsGroup: 65532
Pipeline-run
管道运行
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: ft-common-run
namespace: fetebird-tekton
spec:
pipelineRef:
name: ft-common
podTemplate:
securityContext:
fsGroup: 65532
更多回答
我是一名优秀的程序员,十分优秀!