Pipeline: Enterprise Git clone fails in tekton taskrun
Issue: The enterprise git (github.xxx.com) clone step fails when running the taskrun in tekton.
Platform: OpenShift: 3.11
Tekton Pipeline version: v0.12.1
Step name: step-git-source-clone
Error log:
{"level":"error","ts":1590679054.7200413,"caller":"git/git.go:41","msg":"Error running git [fetch --recurse-submodules=yes --depth=1 origin --update-head-ok --force master]: exit status 128\nfatal: could not read Username for 'https://github.xxx.com': No such device or address\n","stacktrace":"github.com/tektoncd/pipeline/pkg/git.run\n\tgithub.com/tektoncd/pipeline/pkg/git/git.go:41\ngithub.com/tektoncd/pipeline/pkg/git.Fetch\n\tgithub.com/tektoncd/pipeline/pkg/git/git.go:116\nmain.main\n\tgithub.com/tektoncd/pipeline/cmd/git-init/main.go:53\nruntime.main\n\truntime/proc.go:203"}
I'm not sure why this step is trying to look for a username when the enterprise git authentication should happen via ssh. Please find the config of the secrets and serviceaccount. Note that the ssh keys are in base64 encoded format.
apiVersion: v1
kind: Secret
type: kubernetes.io/ssh-auth
metadata:
name: ssh-key
annotations:
tekton.dev/git-0: github.xxx.com
data:
ssh-privatekey: "xxxxx\
xxxxx\
xxxxxxx"
known_hosts: "xxxxx\
xxxxx\
xxxxx"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-bot
secrets:
- name: ssh-key
- name: regcred
Note - The secret is added to service account for taskrun. Reference link for configuring ssh git: https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#ssh-authentication-git
Any help to fix this issue?
--
(edited by sbwsg to restore the indentation to the YAML snippets)
soumochak83
All 6 comments
Could you post a sanitized copy of the Pod YAML that ran for this TaskRun? You can get the Pod's name by checking the podName field on the TaskRun and then run
kubectl get -o yaml pod <name of pod>
I'm interested to take a look at the args that were passed to the creds-init initContainer and the volumes that were provided to it.
Also, just to confirm: your ssh-privatekey appears to span multiple lines - is the base64 string split like this? I wonder if that could be a factor.
sbwsg
on 28 May 2020
@sbwsg : I have generated a base64 encoded output of the ssh-privatekey and known_hosts, have aligned them in a single line but that also failed with similar error as mentioned in my original post. Then I tried to put them in separate line for UI convenience as the string is too long.
pod.txt
The sanitized copy of pod yaml is attached.
Please help!
soumochak83
on 28 May 2020
Ah, it looks like maybe you're passing an https URL in your git PipelineResource? I think it should be a git@ ssh-style URL instead (e.g. [email protected]:tektoncd/pipeline.git)?
sbwsg
on 28 May 2020
@sbwsg : The following example says to use the URL - https://github.com/tektoncd/pipeline/blob/master/docs/tutorial.md#specifying-task-inputs-and-outputs
However let me try with the one you suggesting and let you know
soumochak83
on 28 May 2020
@sbwsg : I replaced the URL to git@ ssh-style URL and it worked like a charm. Thanks a ton! (I had spent almost 2 days in this issue and finally now fixed)
Note: I have a separate issue now with image push to OCP registry, do I open a separate issue or continue in this issue thread?
soumochak83
on 28 May 2020
Note: I have a separate issue now with image push to OCP registry, do I open a separate issue or continue in this issue thread?
Sure, a new issue would be great, thanks!
sbwsg
on 28 May 2020
Related issues
nader-ziada
路
4Comments
sbwsg
路
3Comments
sujithjoseph
路
3Comments
bobcatfish
路
4Comments
andydude
路
3Comments
Most helpful comment
@sbwsg : I replaced the URL to git@ ssh-style URL and it worked like a charm. Thanks a ton! (I had spent almost 2 days in this issue and finally now fixed)
Note: I have a separate issue now with image push to OCP registry, do I open a separate issue or continue in this issue thread?