Search code examples
kubernetesgoogle-cloud-platformgoogle-kubernetes-enginetekton

Tekton on private Kubernetes cluster on GCP / GKE

I have installed Tekton on private kubernetes cluster. After that I wanted to create first resource but got exception:

Internal error occurred: failed calling webhook "webhook.tekton.dev": Post https://tekton-pipelines-webhook.tekton-pipelines.svc:443/?timeout=30s: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

As far as I know it is because of restriction on private cluster. My question is if it is possible to change Port in POST url to use 8443 instead of 433?

Solution

  • You need to manually define firewall rule to handle your Tekton webhook requests. For example: enter image description here

    Assuming that 10.44.0.0/14 is your endpoints network:

    Name:              test
Namespace:         tekton-pipelines
Labels:            app.kubernetes.io/component=webhook-controller
                   app.kubernetes.io/name=tekton-pipelines
Annotations:       <none>
Selector:          app=tekton-pipelines-webhook
Type:              ClusterIP
IP:                10.0.3.240
Port:              <unset>  8443/TCP
TargetPort:        8443/TCP
Endpoints:         10.44.2.76:8443
Session Affinity:  None
Events:            <none>

    You can find full problem explanation here:

    https://github.com/kubernetes/kubernetes/issues/79739