Tekton pipelinerun can not access private git hub
Environment
- Azure Red Hat OpenShift 4 (ARO)
- Red Hat OpenShift Container Platform (RHOCP)
- 4.11
Issue
- When running pipelinerun of Tekton got the following error at git-clone
+ '[' false = true ']'
+ '[' false = true ']'
+ '[' false = true ']'
+ CHECKOUT_DIR=/workspace/output/
+ '[' true = true ']'
+ cleandir
+ '[' -d /workspace/output/ ']'
+ rm -rf /workspace/output//lost+found
+ rm -rf '/workspace/output//.[!.]*'
+ rm -rf '/workspace/output//..?*'
+ test -z ''
+ test -z ''
+ test -z ''
+ /ko-app/git-init -url=https://github.com/sodoityu/test.git -revision= -refspec= -path=/workspace/output/ -sslVerify=true -submodules=true -depth=1 -sparseCheckoutDirectories=
{"level":"error","ts":1679543423.3757885,"caller":"git/git.go:53","msg":"Error running git [fetch --recurse-submodules=yes --depth=1 origin --update-head-ok --force ]: exit status 128\nfatal: could not read Username for 'https://github.com': No such device or address
Resolution
- Create a secret with basic authentication for Git
apiVersion: v1
kind: Secret
metadata:
name: basic-user-pass
annotations:
tekton.dev/git-0: https://github.com
type: kubernetes.io/basic-auth
stringData:
username: <username>
password: <password>
- associate the secret with the appropriate service account
(for pipeline SA , you can add the secret by not delete the original one)
kind: ServiceAccount
apiVersion: v1
metadata:
name: pipeline
namespace: testpraiate
secrets:
- name: basic-user-pass <========add the secret here
- name: pipeline-dockercfg-zcclg
imagePullSecrets:
- name: pipeline-dockercfg-zcclg
- using pipeline service account in pipelinerun
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: test-pipeline-run
spec:
pipelineRef:
name: test-pipeline
serviceAccountName: pipeline <====add this line to be let pipeline service account provide related credential
params:
- name: url
value: 'git url' <====== your private git hub address
- name: SONAR_HOST_URL
value: 'http://sonarqube:9000'
- name: SONAR_PROJECT_KEY
value: 'test-project'
- name: IMAGE
value: 'image url'
workspaces:
- name: shared-workspace
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- name: sonar-settings
emptyDir: {}
Root Cause
-
need to setup github secret in related service account for access private github
Diagnostic Steps
Reproduced issue using an pipeline service account (which have no github related secret in it )
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments