Jib-gradle not working on OpenShift

[piyush-garg]

Expected Behavior

It should run as successful

Actual Behavior

Its failing.

Steps to Reproduce the Problem

1. Use the steps mentioned in readme

Logs

{"level":"info","ts":1582729480.7104826,"logger":"fallback-logger","caller":"logging/config.go:69","msg":"Fetch GitHub commit ID from kodata failed: \"KO_DATA_PATH\" does not exist or is empty"}
FAILURE: Build failed with an exception.
* What went wrong:
Failed to load native library 'libnative-platform.so' for Linux amd64.
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
{"level":"info","ts":1582729480.8973973,"logger":"fallback-logger","caller":"logging/config.go:69","msg":"Fetch GitHub commit ID from kodata failed: \"KO_DATA_PATH\" does not exist or is empty"}
2020/02/26 15:04:49 Skipping step because a previous step failed
time="2020-02-26T15:04:41.41110257Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.11.2 instance.id=fb6b0671-f43e-4b15-973f-9ed5ed6d8529 service=registry version=v2.7.1 
time="2020-02-26T15:04:41.411179603Z" level=info msg="redis not configured" go.version=go1.11.2 instance.id=fb6b0671-f43e-4b15-973f-9ed5ed6d8529 service=registry version=v2.7.1 
time="2020-02-26T15:04:41.411334605Z" level=info msg="Starting upload purge in 26m0s" go.version=go1.11.2 instance.id=fb6b0671-f43e-4b15-973f-9ed5ed6d8529 service=registry version=v2.7.1 
time="2020-02-26T15:04:41.420766785Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.11.2 instance.id=fb6b0671-f43e-4b15-973f-9ed5ed6d8529 service=registry version=v2.7.1 
time="2020-02-26T15:04:41.421131829Z" level=info msg="listening on [::]:5000" go.version=go1.11.2 instance.id=fb6b0671-f43e-4b15-973f-9ed5ed6d8529 service=registry version=v2.7.1 

Additional Info

[vdemeester]

We need to test this task (and overall all) with non-root, and be able to flag those that needs to be executed as root and those that do not.

One easy fix to this one would be to add a securityContext to runAsRoot 😓

/cc @loosebazooka @chanseokoh

[chanseokoh]

I'd like to understand the root cause and why something breaks. Java applications (Maven, Gradle, and Jib) depend heavily on the user home directory, which changes as the user running the image changes. Note that we currently force /home/tekton as a "home" directory in the JVM due to tektoncd/pipeline#2013 (comment) (which is going to be fixed soon), but once tektoncd/pipeline#2013 is fixed, the genuine user home directly will be determined based on the image. That's why we really need a proper fix.

[piyush-garg]

It again failed on our CI

FAILURE: Build failed with an exception.
* What went wrong:
Failed to load native library 'libnative-platform.so' for Linux amd64.
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org

Is it possible to have something working on the non-root environment like OpenShift because the flag is not the right fix as you said and tests are failing on our CI which uses OpenShift? Sorry, I don't have much idea about Gradle and Jib, can we do something else to get it fixed, above are the log?

The above issue you are mentioning will be fixed by 0.12 hopefully.

[chanseokoh]

@piyush-garg for now, I think you can plug in a writable volume for CACHE.

[piyush-garg]

@chanseokoh I tried a RwadWriteOnce volume and it still fails

[piyush-garg]

I tried ReadWriteMany and that also fails with the same error @chanseokoh @vdemeester

[chanseokoh]

I think the underlying issue is a permission problem. That is, Gradle tries to create ~/.gradle (which I believe is /home/tekton/.gradle for the time being), but perhaps it cannot create the directory as it is running as a non-root. (Or the directory exists, but you cannot write anything inside it.)

Given that, what would be an option you can think of to make this work on the OpenShift side?

[chanseokoh]

In the meantime, I will do some experiments, but this issue is heavily related to the Tekton HOME issue (tektoncd/pipeline#2013 and tektoncd/pipeline#2165). It may take some time for the Tekton devs and me to sort this out. I'll keep looking into it.

[piyush-garg]

We can run the pod as root that can be done @vdemeester WDYT?

[piyush-garg]

@chanseokoh @vdemeester I have raised #214 please have a look.