search

tektoncd / website

Tekton Website
https://tekton.dev
Apache License 2.0
62 stars 149 forks source link

Install Tekton Pipelines #543

Closed andrejmarinic closed 9 months ago

andrejmarinic commented 1 year ago

It seems the OpenShift installation instructions don't work.

I can see the deployments created after attempting oc apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.notags.yaml

However the pods are not starting with the error:

pods "tekton-pipelines-controller-5bd45d454d-tdg29" is forbidden: unable to validate against any security context constraint: [pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/tekton-pipelines-controller: Forbidden: seccomp may not be set provider "pipelines-scc": Forbidden: not usable by user or serviceaccount provider "db2u-c-mas-inst1-masdev-manage-scc": Forbidden: not usable by user or serviceaccount provider "db2u-c-mas-inst2-mastest-manage-scc": Forbidden: not usable by user or serviceaccount spec.containers[0].securityContext.runAsUser: Invalid value: 65532: must be in the ranges: [1000880000, 1000889999] pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/tekton-pipelines-controller: Forbidden: seccomp may not be set provider "nonroot": Forbidden: not usable by user or serviceaccount provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount provider "hostnetwork": Forbidden: not usable by user or serviceaccount provider "hostaccess": Forbidden: not usable by user or serviceaccount provider "node-exporter": Forbidden: not usable by user or serviceaccount provider "privileged": Forbidden: not usable by user or serviceaccount]

Similarly for the webhook pod:

pods "tekton-pipelines-webhook-58689c7bff-ldhdn" is forbidden: unable to validate against any security context constraint: [pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/webhook: Forbidden: seccomp may not be set provider "pipelines-scc": Forbidden: not usable by user or serviceaccount provider "db2u-c-mas-inst1-masdev-manage-scc": Forbidden: not usable by user or serviceaccount provider "db2u-c-mas-inst2-mastest-manage-scc": Forbidden: not usable by user or serviceaccount spec.containers[0].securityContext.runAsUser: Invalid value: 65532: must be in the ranges: [1000880000, 1000889999] pod.metadata.annotations.container.seccomp.security.alpha.kubernetes.io/webhook: Forbidden: seccomp may not be set provider "nonroot": Forbidden: not usable by user or serviceaccount provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount provider "hostnetwork": Forbidden: not usable by user or serviceaccount provider "hostaccess": Forbidden: not usable by user or serviceaccount provider "node-exporter": Forbidden: not usable by user or serviceaccount provider "privileged": Forbidden: not usable by user or serviceaccount]

I am no OpenShift guru, but I presume runAsUser doesn't work.

tekton-robot commented 11 months ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale with a justification. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

tekton-robot commented 10 months ago

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten with a justification. Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

tekton-robot commented 9 months ago

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen with a justification. Mark the issue as fresh with /remove-lifecycle rotten with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

tekton-robot commented 9 months ago

@tekton-robot: Closing this issue.

In response to [this](https://github.com/tektoncd/website/issues/543#issuecomment-1741247665): >Rotten issues close after 30d of inactivity. >Reopen the issue with `/reopen` with a justification. >Mark the issue as fresh with `/remove-lifecycle rotten` with a justification. >If this issue should be exempted, mark the issue as frozen with `/lifecycle frozen` with a justification. > >/close > >Send feedback to [tektoncd/plumbing](https://github.com/tektoncd/plumbing). Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.