0

GCP Kubernetes with tekton pipeline for GitClone task

Bind the service account to the cluster role

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: file-system-access-binding
subjects:
  - kind: ServiceAccount
    name: gcp-service-account
    apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: file-system-access
  apiGroup: rbac.authorization.k8s.io

ClusterRole

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  namespace: fetebird-tekton
  name: file-system-access
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs: ["get", "list", "exec"]

Service-Account

apiVersion: v1
kind: ServiceAccount
metadata:
  name: gcp-service-account
  namespace: fetebird-tekton
secrets:
  - name: gcp-secret

When running the tekton pipeline-run

apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  name: ft-common-run
  namespace: fetebird-tekton
spec:
  pipelineRef:
    name: ft-common
  workspaces:
    - name: shared-data
      persistentVolumeClaim:
        claimName: fetebird-common-pvc
  params:
    - name: repo-url
      value: git@bitbucket.org:anandjaisy/common.git
    - name: GRADLE_IMAGE
      value: docker.io/library/gradle:jdk17-alpine@sha256:e80d3108c319eaeef966eefdfd075fdaa44201c8fb6730532a16555426c61dbd
  taskRunSpecs:
    - pipelineTaskName: git-clone
      taskServiceAccountName: git-service-account
    - pipelineTaskName: clean-build-publish
      taskServiceAccountName: gcp-service-account

Exception

AttachVolume.Attach failed for volume "pvc-43582035-26e7-4445-9d6a-aecabb5ff3d9" : rpc error: code = Internal desc = Failed to Attach: failed when waiting for zonal op: rpc error: code = Internal desc = operation operation-1693482096842-6043686d0d6bc-22ff6e1f-02d71dbf failed (EXTERNAL_RESOURCE_NOT_FOUND): The resource '81048365118-compute@developer.gserviceaccount.com' of type 'serviceAccount' was not found.

In the tekton dashboard, the pipeline keeps running, however from the gcp kubernetes logs getting the above exception

enter image description here

The error indicate 81048365118-compute@developer.gserviceaccount.com not found, however when I download the key the account is not present, not sure from where service account taking that

enter image description here

enter image description here

San Jaisy
  • 15,327
  • 34
  • 171
  • 290

0 Answers0