Jx: controllerbuild can't list config maps and so can't get git credentials

Created on 20 Jan 2020  路  4Comments  路  Source: jenkins-x/jx

With the jx-auth-config map logic added, the build controller isn't able to list config maps due to not having permissions to do so, and therefore can't actually get git credentials (via jx step git credentials), because when jx-auth-config is created, the relevant secrets aren't created. This breaks LH reporting and gh-pages log archiving.

areauth aregit arelighthouse arelogs estimatS kinbug prioritcritical-urgent
Source
picture abayer

All 4 comments

Ok, so there are more permissions needed than I thought - I'm pretty sure it needs configmaps, ingresses, and presumably bank-vaults, but...that doesn't seem to be enough. @ccojocar, help?

abayer picture abayer on 20 Jan 2020
👀1 👍1

fwiw, without any additional permissions, it just ends up with an empty file when it runs jx step git credentials. When I add configmaps, it gets messages about vault not being exposed. So I added ingresses, and got back to an empty file. Pipeline pods can run jx step git credentials just fine, but I just can't figure out what's missing for the build controller.

abayer picture abayer on 20 Jan 2020

Ah, it needs serviceaccounts too...wow, so many permissions...

abayer picture abayer on 20 Jan 2020
👀1

I think it needs serviceaccounts because it has to authenticate against vault. We should get rid of this when this issue is fixed https://github.com/jenkins-x/jx/issues/5862.

ccojocar picture ccojocar on 21 Jan 2020
👀1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mumoshu picture mumoshu  路  5Comments
ysaakpr picture ysaakpr  路  5Comments
shahnewazrifat picture shahnewazrifat  路  3Comments
rudolph9 picture rudolph9  路  3Comments
ccojocar picture ccojocar  路  3Comments