Agola in k3s, start run service executor failed

I have same problem. i used latest version of k3s k3s version v1.0.0 (18bd921c)

docker image:sorintlab/agola:latest

But the logs tell me is executor error. it’s haven’t permission .

2019-12-30T02:50:43.484Z FATAL cmd/serve.go:60 err: failed to start run service executor: failed to create kubernetes driver: configmaps “agola-executors-group” is forbidden: User “system:serviceaccount:agola:default” cannot get resource “configmaps” in API group “” in the namespace “agola”

anyone help me ?

YAML file :


kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: agola-vol
  namespace: agola
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: local-path

---

# The client service. It's a node port for easier testing on minikube. Change
# it to become a LoadBalancer if needed.
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: agola
  namespace: agola
  annotations:
    kubernetes.io/ingress.class: 'traefik'
    ingress.kubernetes.io/ssl-redirect: "false" 
spec:
  rules:
  - host: agola.influx.io
    http:
      paths:
      - path: /
        backend:
          serviceName: agola
          servicePort: 30002
---

# The service for internal components communication.
# We are using an headless service since some k8s deployment doesn't have
# hairpin mode enabled and pods cannot communicate with themself via a
# service
apiVersion: v1
kind: Service
metadata:
  name: agola-internal
  namespace: agola
spec:
  ports:
    - port: 8000
      name: api
    - port: 4000
      name: runservice
    - port: 4002
      name: configstore
    - port: 4003
      name: gitserver
  selector:
    app: agola
  clusterIP: None

---

# The agola config

apiVersion: v1
kind: ConfigMap
metadata:
  name: agola
  namespace: agola
data:
  config.yml: |
    gateway:
      # The api url that clients will call
      # Change this to the exposed "agola" service IP
      apiExposedURL: "http://192.168.10.110:30002"
      # The web interface url that clients will use
      # Change this to the exposed "agola" service IP
      webExposedURL: "http://192.168.10.110:30002"
      runserviceURL: "http://agola-internal:4000"
      configstoreURL: "http://agola-internal:4002"
      gitserverURL: "http://agola-internal:4003"

      web:
        listenAddress: ":8000"
      tokenSigning:
        # hmac or rsa (it possible use rsa)
        method: hmac
        # key to use when signing with hmac
        key: supersecretsigningkey
        # paths to the private and public keys in pem encoding when using rsa signing
        #privateKeyPath: /path/to/privatekey.pem
        #publicKeyPath: /path/to/public.pem
      adminToken: "admintoken"

    scheduler:
      runserviceURL: "http://agola-internal:4000"

    notification:
      webExposedURL: "http://192.168.10.110:30002"
      runserviceURL: "http://agola-internal:4000"
      configstoreURL: "http://agola-internal:4002"
      etcd:
        endpoints: "http://localhost:2379"

    configstore:
      dataDir: /mnt/agola/local/configstore
      etcd:
        endpoints: "http://localhost:2379"
      objectStorage:
        type: posix
        path: /mnt/agola/objectstorage/configstore/ost
      web:
        listenAddress: ":4002"

    runservice:
      #debug: true
      dataDir: /mnt/agola/local/runservice
      etcd:
        endpoints: "http://localhost:2379"
      objectStorage:
        type: posix
        path: /mnt/agola/objectstorage/runservice/ost
      web:
        listenAddress: ":4000"

    executor:
      dataDir: /mnt/agola/local/executor
      # The directory containing the toolbox compiled for the various supported architectures
      toolboxPath: ./bin
      runserviceURL: "http://agola-internal:4000"
      web:
        listenAddress: ":4001"
      activeTasksLimit: 2
      driver:
        type: kubernetes

    gitserver:
      dataDir: /mnt/agola/local/gitserver
      gatewayURL: "http://agola-internal:8000"
      web:
        listenAddress: ":4003"
---


apiVersion: apps/v1
kind: Deployment
metadata:
  name: agola
  namespace: agola
spec:
  # Do not increase replica count or everything will break since every pod will
  # have its own etcd instance
  replicas: 1
  selector:
    matchLabels:
      app: agola
  template:
    metadata:
      labels:
        app: agola
    spec:
      containers:
      - name: agola
        image: sorintlab/agola
        command:
          - /bin/agola
          - serve
          - --embedded-etcd
          - "--config"
          - /mnt/agola/config/config.yml
          - "--components"
          - all-base,executor
        env:
        ports:
          - containerPort: 8000
          - containerPort: 4000
          - containerPort: 4002
          - containerPort: 4003
        volumeMounts:
          - name: config-volume
            mountPath: /mnt/agola/config
          - name: agola-localdata
            mountPath: /mnt/agola/local
          - name: agola-objectstorage
            mountPath: /mnt/agola/objectstorage
      volumes:
          - name: config-volume
            configMap:
              name: agola
          - name: agola-localdata
            emptyDir: {}
          - name: agola-objectstorage
            persistentVolumeClaim:
              claimName: agola-vol

@sgotti could you help me ?

@ty4z2008 you should investigate why the pod service account isn’t able to create a configmap. This looks really strange. There’s probably something different in your k3s setup than in standard k8s.

thanks buddy.
But isn’t still working.
What something debug config to help me debug in Agola?

@ty4z2008 There’s nothing to debug inside agola. Have you created the required rbac roles and rolebindings like in the documented example?