Open devtech0101 opened 3 years ago
cgruver
commented
3 years ago Need to apply in this order:
oc apply -f 00-release.yaml
oc apply -f 01-clusterrole.yaml
oc apply -f 02-rolebinding.yaml
oc apply -f tektoncd-triggers-v0.8.1.yaml
for i in $(find addons | grep yaml)
do
oc apply -f ${i}
doneWIP documentation for the disconnected install is here: https://github.com/cgruver/tekton-pipeline-okd4/blob/master/docs/pages/disconnected-install.md
devtech0101
commented
3 years ago Hi @cgruver thanks for reply. I did apply them in order as per this doc - https://cgruver.github.io/tekton-pipeline-okd4/pages/disconnected-install.html I'm getting error for the first command.
oc apply -f 00-release.yaml
[root@hostname-p01 disconnected-install]# oc apply -f 00-release.yaml namespace/openshift-pipelines configured podsecuritypolicy.policy/tekton-pipelines configured clusterrole.rbac.authorization.k8s.io/tekton-pipelines-controller-cluster-access configured clusterrole.rbac.authorization.k8s.io/tekton-pipelines-controller-tenant-access configured clusterrole.rbac.authorization.k8s.io/tekton-pipelines-webhook-cluster-access configured clusterrole.rbac.authorization.k8s.io/tekton-pipelines-leader-election configured role.rbac.authorization.k8s.io/tekton-pipelines-controller configured role.rbac.authorization.k8s.io/tekton-pipelines-webhook configured serviceaccount/tekton-pipelines-controller configured serviceaccount/tekton-pipelines-webhook configured clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-cluster-access configured clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-leaderelection configured clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller-tenant-access configured clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook-cluster-access configured clusterrolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook-leaderelection configured rolebinding.rbac.authorization.k8s.io/tekton-pipelines-controller unchanged rolebinding.rbac.authorization.k8s.io/tekton-pipelines-webhook unchanged customresourcedefinition.apiextensions.k8s.io/clustertasks.tekton.dev configured customresourcedefinition.apiextensions.k8s.io/conditions.tekton.dev configured customresourcedefinition.apiextensions.k8s.io/images.caching.internal.knative.dev configured customresourcedefinition.apiextensions.k8s.io/pipelineruns.tekton.dev configured customresourcedefinition.apiextensions.k8s.io/pipelines.tekton.dev configured customresourcedefinition.apiextensions.k8s.io/pipelineresources.tekton.dev configured customresourcedefinition.apiextensions.k8s.io/runs.tekton.dev configured customresourcedefinition.apiextensions.k8s.io/taskruns.tekton.dev configured customresourcedefinition.apiextensions.k8s.io/tasks.tekton.dev configured secret/webhook-certs configured validatingwebhookconfiguration.admissionregistration.k8s.io/validation.webhook.pipeline.tekton.dev configured mutatingwebhookconfiguration.admissionregistration.k8s.io/webhook.pipeline.tekton.dev configured validatingwebhookconfiguration.admissionregistration.k8s.io/config.webhook.pipeline.tekton.dev configured clusterrole.rbac.authorization.k8s.io/tekton-aggregate-edit configured clusterrole.rbac.authorization.k8s.io/tekton-aggregate-view configured deployment.apps/tekton-pipelines-controller configured service/tekton-pipelines-controller unchanged deployment.apps/tekton-pipelines-webhook configured service/tekton-pipelines-webhook unchanged role.rbac.authorization.k8s.io/openshift-pipelines-read unchanged rolebinding.rbac.authorization.k8s.io/openshift-pipelines-prometheus-k8s-read-binding unchanged servicemonitor.monitoring.coreos.com/openshift-pipelines-monitor unchanged Error from server (InternalError): error when creating "00-release.yaml": Internal error occurred: failed calling webhook "config.webhook.pipeline.tekton.dev": Post https://tekton-pipelines-webhook.openshift-pipelines.svc:443/config-validation?timeout=30s: no endpoints available for service "tekton-pipelines-webhook"
cgruver
commented
3 years ago Try backing out the install. It looks like there are some pre-existing objects.
role.rbac.authorization.k8s.io/openshift-pipelines-read unchanged
rolebinding.rbac.authorization.k8s.io/openshift-pipelines-prometheus-k8s-read-binding unchanged
servicemonitor.monitoring.coreos.com/openshift-pipelines-monitor unchangedOk, i completely reinstalled pipeline codes as per you instructions now getting this error in one of the pod
tekton-pipelines:tekton-pipelines-webhook" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
E1101 21:19:09.680832 1 reflector.go:153] runtime/asm_amd64.s:1373: Failed to list *v1.MutatingWebhookConfiguration: mutatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:tekton-pipelines:tekton-pipelines-webhook" cannot list resource "mutatingwebhookconfigurations" in API group " admissionregistration.k8s.io" at the cluster scope
E1101 21:19:09.946236 1 reflector.go:153] runtime/asm_amd64.s:1373: Failed to list *v1.ValidatingWebhookConfiguration: validatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:tekton-pipelines:tekton-pipelines-webhook" cannot list resource "validatingwebhookconfigurations" in API group " admissionregistration.k8s.io" at the cluster scope
E1101 21:19:10.680769 1 reflector.go:153] runtime/asm_amd64.s:1373: Failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:tekton-pipelines:tekton-pipelines-webhook" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
E1101 21:19:10.682419 1 reflector.go:153] runtime/asm_amd64.s:1373: Failed to list *v1.MutatingWebhookConfiguration: mutatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:tekton-pipelines:tekton-pipelines-webhook" cannot list resource "mutatingwebhookconfigurations" in API group " admissionregistration.k8s.io" at the cluster scope
E1101 21:19:10.948018 1 reflector.go:153] runtime/asm_amd64.s:1373: Failed to list *v1.ValidatingWebhookConfiguration: validatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:tekton-pipelines:tekton-pipelines-webhook" cannot list resource "validatingwebhookconfigurations" in API group " admissionregistration.k8s.io" at the cluster scope
E1101 21:19:11.683224 1 reflector.go:153] runtime/asm_amd64.s:1373: Failed to list *v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:tekton-pipelines:tekton-pipelines-webhook" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
On Sat, Oct 31, 2020 at 7:21 AM Charro Gruver notifications@github.com wrote:
- What version of OpenShift are you running on?
- Are pods failing to start?
Try backing out the install. It looks like there are some pre-existing objects.
role.rbac.authorization.k8s.io/openshift-pipelines-read unchangedrolebinding.rbac.authorization.k8s.io/openshift-pipelines-prometheus-k8s-read-binding unchangedservicemonitor.monitoring.coreos.com/openshift-pipelines-monitor unchanged
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/cgruver/tekton-pipeline-okd4/issues/1#issuecomment-719920137, or unsubscribe https://github.com/notifications/unsubscribe-auth/APJFHLIK6Y4RSVFFYTJOARDSNPXLZANCNFSM4TFGEYYA .
-- Thank you, Devarshi(Dev) Pathak
Adjunct Assistant Professor (CyberSecurity/Computer Networks), UMUC.edu CompTIA Linux+ SME
devtech0101
commented
3 years ago Ok, i completely reinstalled pipeline codes as per you instructions now getting this error in one of the pod tekton-pipelines:tekton-pipelines-webhook" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scopeE1101 21:19:09.680832 1 reflector.go:153] runtime/asm_amd64.s:1373: Failed to list v1.MutatingWebhookConfiguration: mutatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:tekton-pipelines:tekton-pipelines-webhook" cannot list resource "mutatingwebhookconfigurations" in API group "admissionregistration.k8s.io" at the cluster scopeE1101 21:19:09.946236 1 reflector.go:153] runtime/asm_amd64.s:1373: Failed to list v1.ValidatingWebhookConfiguration: validatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:tekton-pipelines:tekton-pipelines-webhook" cannot list resource "validatingwebhookconfigurations" in API group "admissionregistration.k8s.io" at the cluster scopeE1101 21:19:10.680769 1 reflector.go:153] runtime/asm_amd64.s:1373: Failed to list v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:tekton-pipelines:tekton-pipelines-webhook" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scopeE1101 21:19:10.682419 1 reflector.go:153] runtime/asm_amd64.s:1373: Failed to list v1.MutatingWebhookConfiguration: mutatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:tekton-pipelines:tekton-pipelines-webhook" cannot list resource "mutatingwebhookconfigurations" in API group "admissionregistration.k8s.io" at the cluster scopeE1101 21:19:10.948018 1 reflector.go:153] runtime/asm_amd64.s:1373: Failed to list v1.ValidatingWebhookConfiguration: validatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:tekton-pipelines:tekton-pipelines-webhook" cannot list resource "validatingwebhookconfigurations" in API group "admissionregistration.k8s.io" at the cluster scopeE1101 21:19:11.683224 1 reflector.go:153] runtime/asm_amd64.s:1373: Failed to list v1.CustomResourceDefinition: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:tekton-pipelines:tekton-pipelines-webhook" cannot list resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
cgruver
commented
3 years ago Hmm... I will check my working clusters against the deploy files. That sounds like a Role or RoleBinding issue for one of the service accounts.
The documentation is pretty bare bones at this point, I got it just good enough to help a friend with an install.
devtech0101
commented
3 years ago Absolutely good documentation so far. I could not find anything that explains how to get tketon pipelines going on OKD 4.x so no worries. I think I am almost there just a couple more things to fix.
thanks again.
On Mon, Nov 2, 2020 at 6:45 AM Charro Gruver notifications@github.com wrote:
Hmm... I will check my working clusters against the deploy files. That sounds like a Role or RoleBinding issue for one of the service accounts.
The documentation is pretty bare bones at this point, I got it just good enough to help a friend with an install.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/cgruver/tekton-pipeline-okd4/issues/1#issuecomment-720422268, or unsubscribe https://github.com/notifications/unsubscribe-auth/APJFHLOL26JQLNXBOSTF7XDSN2LVTANCNFSM4TFGEYYA .
-- Thank you, Devarshi(Dev) Pathak
Adjunct Assistant Professor (CyberSecurity/Computer Networks), UMUC.edu CompTIA Linux+ SME
cgruver
commented
3 years ago Hey, These resources should be deploying into a namespace called openshift-pipelines. From the errors that you posted, it looks like the web hook components are in tekton-pipelines. The role bindings, however should be for the tekton-pipelines service account in openshift-pipelines.
That may be the issue. I would have expected to see: system:serviceaccount:openshift-pipelines:tekton-pipelines-webhook instead of: system:serviceaccount:tekton-pipelines:tekton-pipelines-webhook
Hi I'm getting error during following commands:
oc apply -f 00-release.yaml for i in $(find addons | grep yaml) do oc apply -f ${i} done
Error from server (InternalError): error when creating "addons/01-clustertriggerbindings/github.yaml": Internal error occurred: failed calling webhook "webhook.triggers.tekton.dev": Post https://tekton-triggers-webhook.openshift-pipelines.svc:443/defaulting?timeout=30s: no endpoints available for service "tekton-triggers-webhook"