Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes RBAC permissions for task and pipeline runs for openshift #583

Merged
merged 1 commit into from
Mar 6, 2019
Merged

Fixes RBAC permissions for task and pipeline runs for openshift #583

merged 1 commit into from
Mar 6, 2019

Conversation

hrishin
Copy link
Member

@hrishin hrishin commented Mar 5, 2019
edited
Loading

When taskruns or pipelineruns instance is created, build pod creation
fails with the following error using tekton-pipelines-controller service account.

'pods "hello-task-64f24-r9sgt" is forbidden: cannot set blockOwnerDeletion
if an ownerReference refers to a resource you can't set finalizers on: no RBAC
policy matched, <nil>'

This patch fixes the required permission for tekton-pipelines-admin role,
so controller could set required metadata/attributes on build pod.

Changes

Added more permissions to tekton-pipelines-admin role on TaskRuns and PipelineRuns resources.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

See the contribution guide
for more details.

@hrishin
fixes RBAC permissions for task and pipeline runs for openshift
8bfd82f 
When `taskruns` or  `pipelineruns` instance is created, build pod creation
fails with following error `tekton-pipelines-controller` service account.

```
'pods "hello-task-64f24-r9sgt" is forbidden: cannot set blockOwnerDeletion
if an ownerReference refers to a resource you can't set finalizers on: no RBAC
policy matched, <nil>'
```

This patch fixes the required permission for `tekton-pipelines-admin` role,
so controller could set required metadata on build pod.

Fixes
 - knative/build#523
@googlebot googlebot added the cla: yes Trying to make the CLA bot happy with ppl from different companies work on one commit label Mar 5, 2019
@knative-prow-robot knative-prow-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Mar 5, 2019
@hrishin hrishin changed the title fixes RBAC permissions for task and pipeline runs for openshift Fixes RBAC permissions for task and pipeline runs for openshift Mar 5, 2019
@knative-prow-robot knative-prow-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Mar 5, 2019
@vdemeester
Copy link
Member

/ok-to-test

@knative-prow-robot knative-prow-robot removed the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Mar 5, 2019
vdemeester
vdemeester approved these changes Mar 6, 2019
View reviewed changes
Copy link
Member

@vdemeester vdemeester left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@knative-prow-robot knative-prow-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 6, 2019
@knative-prow-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hrishin, vdemeester

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow-robot knative-prow-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 6, 2019
@knative-prow-robot knative-prow-robot merged commit 1f42004 into tektoncd:master Mar 6, 2019
savitaashture pushed a commit to savitaashture/pipeline that referenced this pull request Jan 22, 2021
@openshift-merge-robot
Merge pull request tektoncd#583 from openshift/0_19_0_release
20dd996 
Add release-v0.19 yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vdemeester vdemeester vdemeester approved these changes

@dlorenc dlorenc Awaiting requested review from dlorenc

@shashwathi shashwathi Awaiting requested review from shashwathi

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cla: yes Trying to make the CLA bot happy with ppl from different companies work on one commit lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hrishin @vdemeester @knative-prow-robot @googlebot