pipeline: SSH Auth not correctly setting ssh credentials git pull not working.

Expected Behavior

I’m doing a test locally following the guide https://tekton.dev/docs/how-to-guides/clone-repository/

I have a git-server running inside a docker container. I’m trying to get tekton to pull the project and display it’s readme.

Actual Behavior

When I run the task this is the error that I see in the logs

task fetch-source has failed: "step-clone" exited with code 1 (image: "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init@sha256:c0b0ed1cd81090ce8eecf60b936e9345089d9dfdb6ebdd2fd7b4a0341ef4f2b9"); for logs run: kubectl -n default logs clone-read-run-cr7dx-fetch-source-pod -c step-clone

[fetch-source : clone] + '[' false '=' true ]
[fetch-source : clone] + '[' true '=' true ]
[fetch-source : clone] + cp -R /workspace/ssh-directory /tekton/home/.ssh
[fetch-source : clone] + chmod 700 /tekton/home/.ssh
[fetch-source : clone] + chmod -R 400 /tekton/home/.ssh/config /tekton/home/.ssh/id_rsa /tekton/home/.ssh/known_hosts
[fetch-source : clone] + '[' false '=' true ]
[fetch-source : clone] + CHECKOUT_DIR=/workspace/output/
[fetch-source : clone] + '[' true '=' true ]
[fetch-source : clone] + cleandir
[fetch-source : clone] + '[' -d /workspace/output/ ]
[fetch-source : clone] + rm -rf '/workspace/output//*'
[fetch-source : clone] + rm -rf '/workspace/output//.[!.]*'
[fetch-source : clone] + rm -rf '/workspace/output//..?*'
[fetch-source : clone] + test -z 
[fetch-source : clone] + test -z 
[fetch-source : clone] + test -z 
[fetch-source : clone] + /ko-app/git-init '-url=git@172.17.0.1:apps/701d7256-a8df-44ce-9bc4-5f1cd61257f4.git' '-revision=' '-refspec=' '-path=/workspace/output/' '-sslVerify=true' '-submodules=true' '-depth=1' '-sparseCheckoutDirectories='
[fetch-source : clone] {"level":"warn","ts":1665026312.839476,"caller":"git/git.go:278","msg":"URL(\"git@172.17.0.1:apps/701d7256-a8df-44ce-9bc4-5f1cd61257f4.git\") appears to need SSH authentication but no SSH credentials have been provided"}
[fetch-source : clone] {"level":"error","ts":1665026312.8842888,"caller":"git/git.go:55","msg":"Error running git [fetch --recurse-submodules=yes --depth=1 origin --update-head-ok --force HEAD]: exit status 128\nHost key verification failed.\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n","stacktrace":"github.com/tektoncd/pipeline/pkg/git.run\n\tgithub.com/tektoncd/pipeline/pkg/git/git.go:55\ngithub.com/tektoncd/pipeline/pkg/git.Fetch\n\tgithub.com/tektoncd/pipeline/pkg/git/git.go:150\nmain.main\n\tgithub.com/tektoncd/pipeline/cmd/git-init/main.go:53\nruntime.main\n\truntime/proc.go:225"}
[fetch-source : clone] {"level":"fatal","ts":1665026312.8843858,"caller":"git-init/main.go:54","msg":"Error fetching git repository: failed to fetch [HEAD]: exit status 128","stacktrace":"main.main\n\tgithub.com/tektoncd/pipeline/cmd/git-init/main.go:54\nruntime.main\n\truntime/proc.go:225"}

failed to get logs for task fetch-source : container step-clone has failed  : [{"key":"StartedAt","value":"2022-10-06T03:18:32.818Z","type":3}]
Tasks Completed: 1 (Failed: 1, Cancelled 0), Skipped: 1

Steps to Reproduce the Problem

The files pipeline.yaml and show-readme.yaml are identical to the files in the tutorial. I modified the pipelinerun.yaml slightly to put my repos git url in there

apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  generateName: clone-read-run-
spec:
  pipelineRef:
    name: clone-read
  podTemplate:
    securityContext:
      fsGroup: 65532
  workspaces:
  - name: shared-data
    volumeClaimTemplate:
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 1Gi
  - name: git-credentials
    secret: 
      secretName: git-credentials      
  params:
  - name: repo-url
    value: git@172.17.0.1:apps/701d7256-a8df-44ce-9bc4-5f1cd61257f4.git

my ssh-secret.yaml is as follow ( with my ssh key redacted)

apiVersion: v1
kind: Secret
metadata:
  name: git-credentials
data:
  id_rsa: <REDACTED>
  known_hosts: fDF8YVlMUlZ5MjdEaGZQcFpoMjdEUktxUkh1cnpZPXwvakY0QnpDL204MVdzMWtpTVZKT0FhUi8ySmc9IGVjZHNhLXNoYTItbmlzdHAyNTYgQUFBQUUyVmpaSE5oTFhOb1lUSXRibWx6ZEhBeU5UWUFBQUFJYm1semRIQXlOVFlBQUFCQkJDYW1wbjM2bm1IQUluN1NuUk1xby9zNWVNenJqQ2w0OTMxVVdraGZKbnVZOE9xSlkzblJYY0pITEZ2aHBGaThXWlY0RHp2ZmJmQm9FQmpLUWNld2VRQT0KfDF8WERXZUJUcUtKR21RSE1naFNqV3lETzk2ZTY4PXx6ZHJ1NmNydzhUd0h0QVJRZ3RGMkE4SnBVcTA9IHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQzlvbGtSUXpYdW9mT1VXVDJRejg0QnE0QVlTYmRPTW5zNDhBcVJkMmJKdHRwMFB2ZXJTbTVINGpFaFJVS1F5UVlpTkJmcVRDaWdNNWFFZHBMYjg5ZHNCdTlmS1hqMmdVMWVFMkt1NHFqTUZpV3UvU1pJcVpjN1hoUWJiUHNUMFlyN2NxQnllRUZsQ3UyN0dzUzk1Y3V1VEp2SFJmL21DOE5aWG9zb3I3d09EV3VvOXVXQjM1TGtOaUtxKzZZWHAzWEVsSElOUTY0WjBJWXBid1B6THIwU1JIV3VyOWVpM09DMGRqa1p0NkN5QkJacWxRaUNaNmVTY09YaUt1RnJmMHRCcm81ZlhEcmozWWRwTjlpVnBMUkVhRzE3a0tzd1VLSnhTNjJReUlSaHZQaEpwVS9JUWtPeFkvdWU0Z3VMbHJROXR1NGsyNGo5d2pjM3E1eWc4OS9uCnwxfEMvMUh0aWFmRXEzd1YzQ3hVQWNaYjE1MUpZcz18WHBEZUU3MDg1M28zT3FMRDlXY2l2QmJuckRNPSBzc2gtZWQyNTUxOSBBQUFBQzNOemFDMWxaREkxTlRFNUFBQUFJRE1KM1N0THg0U3dUcmRDaE1kMUJGamxqamd0VHJ1OEtBM1pxdDJ6MHlxLwo=
  config: SG9zdCAqCiAgVXNlciBnaXQKICBJZGVudGl0eUZpbGUgL3Rla3Rvbi9ob21lLy5zc2gvaWRfcnNhCiAgSWRlbnRpdGllc09ubHkgeWVzICMgc2VlIGNvbW1lbnQgaW4gYW5zd2VyIGJlbG93Cg==

my ssh config is like this

Steps to reproduce

  1. tkn hub install task git-clone
  2. kubectl apply -f show-readme.yaml , kubectl apply -f pipeline.yaml and ssh-secret.yaml
  3. k create -f pipelinerun.yaml

Then this problem occurs. I am really stumped with this problem can somebody please help me or give me some hints ? I also tried removing the config entirely from ssh-secret.yaml , same error.

Additional Info

  • Kubernetes version:

    Output of kubectl version:

Client Version: version.Info{Major:“1”, Minor:“22”, GitVersion:“v1.22.2”, GitCommit:“8b5a19147530eaac9476b0ab82980b4088bbc1b2”, GitTreeState:“clean”, BuildDate:“2021-09-15T21:38:50Z”, GoVersion:“go1.16.8”, Compiler:“gc”, Platform:“linux/amd64”} Server Version: version.Info{Major:“1”, Minor:“25”, GitVersion:“v1.25.2”, GitCommit:“5835544ca568b757a8ecae5c153f317e5736700e”, GitTreeState:“clean”, BuildDate:“2022-09-22T05:25:21Z”, GoVersion:“go1.19.1”, Compiler:“gc”, Platform:“linux/amd64”}


- Tekton Pipeline version:

Client version: 0.26.0 Pipeline version: v0.40.2 Triggers version: v0.21.0

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Reactions: 1
  • Comments: 18 (2 by maintainers)

Most upvoted comments

totally same error and procedure. same as org sample yaml but I use GitHub. Do you figure it out?

+1
Wang-kk714 on Oct 8, 2022
Read more comments on GitHub
← pipeline: Solve chicken and egg problem of Tekton config-as-code
pipeline: .ssh configs etc are not available when running manual git commands in other steps. →