2

I have installed Tekton on private kubernetes cluster. After that I wanted to create first resource but got exception:

Internal error occurred: failed calling webhook "webhook.tekton.dev": Post https://tekton-pipelines-webhook.tekton-pipelines.svc:443/?timeout=30s: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

As far as I know it is because of restriction on private cluster. My question is if it is possible to change Port in POST url to use 8443 instead of 433?

Maciej Marczuk
  • 3,593
  • 29
  • 28
andi
  • 240
  • 1
  • 2
  • 10
  • Yes but you would need to probably recompile the webhook app with port option set in [this code](https://github.com/tektoncd/pipeline/blob/f4c53fce4fe6e4be1d219ab7a2c43d303088910e/vendor/knative.dev/pkg/webhook/resource_admission_controller.go#L150-L154) – Matt Dec 24 '19 at 09:18
  • Thx @HelloWorld for answer. Problem was on GCP. I had to add firewall rule to allow communication on port 8443 between master nodes and worker node. Which is strange because service "listen" on port 443 – andi Dec 24 '19 at 10:15

1 Answers1

3

You need to manually define firewall rule to handle your Tekton webhook requests. For example: enter image description here

Assuming that 10.44.0.0/14 is your endpoints network:

Name:              test
Namespace:         tekton-pipelines
Labels:            app.kubernetes.io/component=webhook-controller
                   app.kubernetes.io/name=tekton-pipelines
Annotations:       <none>
Selector:          app=tekton-pipelines-webhook
Type:              ClusterIP
IP:                10.0.3.240
Port:              <unset>  8443/TCP
TargetPort:        8443/TCP
Endpoints:         10.44.2.76:8443
Session Affinity:  None
Events:            <none>

You can find full problem explanation here:

https://github.com/kubernetes/kubernetes/issues/79739

Maciej Marczuk
  • 3,593
  • 29
  • 28