siamaksade / tekton-cd-demo

CI/CD demo with Tekton on OpenShift
62 stars 93 forks source link

task: build-image, step-build fails: there might not be enough IDs available in the namespace #10

Open rbaumgar opened 3 years ago

rbaumgar commented 3 years ago

output:

step-gen-env-file
Generated Env file
------------------------------
MAVEN_CLEAR_REPO=false
MAVEN_MIRROR_URL=http://nexus:8081/repository/maven-public/
------------------------------

step-generate
Application dockerfile generated in /gen-source/Dockerfile.gen

step-build
STEP 1: FROM image-registry.openshift-image-registry.svc:5000/openshift/java:11
Getting image source signatures
Copying blob sha256:522d9d05816a63661e850202de4da07e0871c23dec7132069458651f57e96188
Copying blob sha256:9605c76aba31e1dc1b56d2a08a06eab3019a6465d804a91f300747058cf72d57
Copying blob sha256:4e63516bec61ed00680cfcc411182c82d70d16949506d03684e5b1f6cad6cb8a
Copying config sha256:07a3135ee26978eac4731a8ca6b868579d771329002b7e6a6cc42a7283218aef
Writing manifest to image destination
Storing signatures
level=error msg="Error while applying layer: ApplyLayer exit status 1 stdout:  stderr: there might not be enough IDs available in the namespace (requested 192:192 for /run/systemd/netif): lchown /run/systemd/netif: invalid argument"
Getting image source signatures

solution update task s2i-java-11, step build, line 177 with securityContect: privileged: true

      name: build
      resources: {}
      securityContext:
        privileged: true
      volumeMounts:

see https://access.redhat.com/solutions/5163281 Environment: OpenShift 4.7.3, OpenShift Pipelines 1.2.3

fabianschwab commented 3 years ago

I also encountered this while using a private repository and therefore added a service account to the pipeline-run.yaml. But this will replace the pipeline service account which is somehow not mentioned in the yaml but is needed. So there are two solutions for that if this error occurs in context of cloning a private repo at the beginning.

  1. Add authentication credentials secret to the pipeline service account and don't use a SA in the pipeline run
  2. or define the SA exactly to the task in the pipeline-run.yaml
serviceAccountNames:
  - taskName: clone-repository
       serviceAccountName: github-clone-bot