TaskRun failures dued to k8s PodSecurity

[Allure996]

Expected Behavior

I can run the tutorial pipeline to clone a repo

Actual Behavior

The pipeline fails for PodSecurity configurations

Steps to Reproduce the Problem

1.Copy the files here
2. Apply them to k8s cluster (I'm using kubectl v1.25.1 on minikube)
3. watch as the pipelinerun fails

Additional Info

• Kubernetes version:
  v1.25.1

• Tekton Pipeline version:

  v.0.41.0

[Allure996]

Quick update:
I succeded in making the PipelineRun running but I had to modify the labels on my namespace with

k label --overwrite ns tekton-pipelines \
  pod-security.kubernetes.io/audit=privileged \
  pod-security.kubernetes.io/warn=privileged pod-security.kubernetes.io/enforce=privileged 

[AlanGreene]

Have you tried applying the files in another namespace, e.g. default as in the tutorial? This should not be subject to the same restrictions.

I believe it's good practice not to run your pipelines in the tekton-pipelines namespace, it is intended for the Tekton controllers only.

[Allure996]

Hi @AlanGreene thanks for your response, I've tried to change namespace into default and it worked as expected.
In general which is a good namespace in which I can run my Pipelines? Let's say I'm trying to deploy a project (so many k8s manifests):is the namespace the same in which I want to deploy? Or should I plan to create an ad hoc namespace for the Tekton resources to run?

[AlanGreene]

In general I would use different namespaces for different purposes. So I would have my application deployed in one namespace and run my CI/CD pipelines in another (possibly multiple), in fact I may even use different clusters depending on the level of isolation required. It depends on your particular circumstances and requirements.

[Allure996]

Crystal clear! Thank you for the explanation

[lbernick]

Looks like a duplicate of #5896