coreos-assembler icon indicating copy to clipboard operation
coreos-assembler copied to clipboard
verified publisher icon coreos

Start using gangplank to build cloud artifacts

Open ravanelli opened this issue 4 years ago • 8 comments

Signed-off-by: Renata Ravanelli [email protected]

ravanelli avatar May 11 '21 16:05 ravanelli

/hold Checking: 14:42:03 time="2021-05-11T17:42:03Z" level=fatal msg="failed to define builder pod: failed setting in-cluster options: pods \"pod-9f110ac1-fc9c-438f-ad93-a5a7589b7020-b6pd3-lfmj6\" is forbidden: User \"system:serviceaccount:coreos-ci:default\" cannot get resource \"pods\" in API group \"\" in the namespace \"coreos-ci\""

ravanelli avatar May 12 '21 13:05 ravanelli

/hold Checking: `14:42:03 time="2021-05-11T17:42:03Z" level=fatal msg="failed to define builder pod: failed setting in-cluster options: pods "pod-9f110ac1-fc9c-438f-ad93-a5a7589b7020-b6pd3-lfmj6" is forbidden: User "system:serviceaccount:coreos-ci:default" cannot get resource "pods" in API group "" in the namespace "coreos-ci""

I'd recommend that we use the jenkins service account for agent pods (it has sufficient perms). I think adding serviceAccount: "jenkins" near https://github.com/coreos/coreos-ci-lib/blob/main/resources/com/github/coreos/pod.json#L8 would do the trick.

The reason -a jenkins isn't working is because the default service account in the pod doesn't have the ability to create pods. We have a chicken-and-egg problem: we need a user that has the ability to create a pod and then -a jenkins would work.

darkmuggle avatar May 12 '21 14:05 darkmuggle

I'd recommend that we use the jenkins service account for agent pods (it has sufficient perms). I think adding serviceAccount: "jenkins" near https://github.com/coreos/coreos-ci-lib/blob/main/resources/com/github/coreos/pod.json#L8 would do the trick.

Indeed I had to use that for testing as well. I just create this PR to allow it

ravanelli avatar May 13 '21 13:05 ravanelli

/unhold

ravanelli avatar May 14 '21 12:05 ravanelli

Gangplank is failing now.

ravanelli avatar May 14 '21 12:05 ravanelli

The failure is not in Gangplank so much as in the tar command. I spend hours debugging this, and AFAIK this is a issue with NFS mount/umount changing under the pod which triggers a "file changed" error under Tar.

darkmuggle avatar May 24 '21 20:05 darkmuggle

/retest

ravanelli avatar Aug 25 '21 19:08 ravanelli

@ravanelli: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci[bot] avatar Apr 15 '22 09:04 openshift-ci[bot]