Open dgolja opened 1 month ago
Changing the runAsUser
from 65534
to 1000
in the plugin.yaml
executor_plugins documentation fixed the issue.
I will create an PR with the updated documentation and add some more noes about the RBAC expectations for the SA running those tasks.
Hopefully this will save some time to the next one trying the examples from the documentation.
Also it's odd that the logs are complaining about
system:serviceaccount:argo:argo
permissions, even If I am not setting the service account toargo
in the Workflow. Based on the documentation it should usedefault
.
In the code it seems to use whatever SA the Workflow has set. You haven't set it in your Workflow (or workflowDefaults
I assume), so it should indeed use default
🤔
In the code it seems to use whatever SA the Workflow has set. You haven't set it in your Workflow (or workflowDefaults I assume), so it should indeed use default 🤔
Yes, I thought the same, so I'm not sure why I encountered that error. I will investigate it further when I have more time.
Pre-requisites
:latest
image tag (i.e.quay.io/argoproj/workflow-controller:latest
) and can confirm the issue still exists on:latest
. If not, I have explained why, in detail, in my description below.What happened/what did you expect to happen?
Executor_plugins example provided in the documentation does not work even after adjusting the default service account permissions.
To setup the initial environment I followed the quick guide steps and updated
default
service account RBAC permissions.Also it's odd that the logs are complaining about
system:serviceaccount:argo:argo
permissions, even If I am not setting the service account toargo
in the Workflow. Based on the documentation it should usedefault
.Version
latest
Paste a small workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.
Logs from the workflow controller
Logs from in your workflow's wait container