Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Pipe failing when run pipe with kustomize flag with permission denied issue


pipe version: 2.2.0

After downloading artifacts from the previous step I try to run apply command with -k flag and I get an error:

(I've added ls command to show file permissions)

+ echo "Skipping git clone"
Skipping git clone

Artifact "deploy/**": Downloading
Artifact "deploy/**": Downloaded 609 B in 0 seconds
Artifact "deploy/**": Extracting
Artifact "deploy/**": Extracted in 0 seconds

Images used:
build :
+ ls -l deploy
total 8
-rw-r--r--. 1 root root 735 Dec 14 21:00 cronjob.yaml
-rw-r--r--. 1 root root 207 Dec 14 21:00 kustomization.yaml

+ docker container run \
--volume=/opt/atlassian/pipelines/agent/build:/opt/atlassian/pipelines/agent/build \
--volume=/opt/atlassian/pipelines/agent/ssh:/opt/atlassian/pipelines/agent/ssh:ro \
--volume=/usr/local/bin/docker:/usr/local/bin/docker:ro \
--volume=/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes:/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes \
--volume=/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/atlassian/aws-eks-kubectl-run:/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/atlassian/aws-eks-kubectl-run \
--workdir=$(pwd) \
--label=org.bitbucket.pipelines.system=true \
--env=CI="$CI" \
--env=DOCKER_HOST="tcp://host.docker.internal:2375" \
--env=BITBUCKET_PIPE_SHARED_STORAGE_DIR="/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes" \
--env=BITBUCKET_PIPE_STORAGE_DIR="/opt/atlassian/pipelines/agent/build/.bitbucket/pipelines/generated/pipeline/pipes/atlassian/aws-eks-kubectl-run" \
--env=CLUSTER_NAME="dev1-eks-cluster" \
--env=KUBECTL_COMMAND="apply" \
--env=RESOURCE_PATH="./deploy" \
--env=WITH_DEFAULT_LABELS="true" \
--add-host="host.docker.internal:$BITBUCKET_DOCKER_HOST_INTERNAL" \
Unable to find image 'bitbucketpipelines/aws-eks-kubectl-run:2.2.0' locally
2.2.0: Pulling from bitbucketpipelines/aws-eks-kubectl-run
07aded7c29c6: Pulling fs layer
1242903d2b23: Pulling fs layer
6feb96d3e4f9: Pulling fs layer
36bf03acdc50: Pulling fs layer
366f5e2f7043: Pulling fs layer
2efba0da2be9: Pulling fs layer
3a7c21493639: Pulling fs layer
d92dcd533b57: Pulling fs layer
50cf76112433: Pulling fs layer
c5f0bcebca98: Pulling fs layer
6a3894d8edd4: Pulling fs layer
72b74681051b: Pulling fs layer
2efba0da2be9: Waiting
d92dcd533b57: Waiting
3a7c21493639: Waiting
50cf76112433: Waiting
c5f0bcebca98: Waiting
72b74681051b: Waiting
6a3894d8edd4: Waiting
36bf03acdc50: Waiting
366f5e2f7043: Waiting
1242903d2b23: Verifying Checksum
1242903d2b23: Download complete
6feb96d3e4f9: Verifying Checksum
6feb96d3e4f9: Download complete
36bf03acdc50: Download complete
366f5e2f7043: Verifying Checksum
366f5e2f7043: Download complete
07aded7c29c6: Verifying Checksum
07aded7c29c6: Download complete
2efba0da2be9: Verifying Checksum
2efba0da2be9: Download complete
50cf76112433: Verifying Checksum
50cf76112433: Download complete
3a7c21493639: Verifying Checksum
3a7c21493639: Download complete
c5f0bcebca98: Verifying Checksum
c5f0bcebca98: Download complete
6a3894d8edd4: Verifying Checksum
6a3894d8edd4: Download complete
72b74681051b: Verifying Checksum
72b74681051b: Download complete
07aded7c29c6: Pull complete
1242903d2b23: Pull complete
d92dcd533b57: Verifying Checksum
d92dcd533b57: Download complete
6feb96d3e4f9: Pull complete
36bf03acdc50: Pull complete
366f5e2f7043: Pull complete
2efba0da2be9: Pull complete
3a7c21493639: Pull complete
d92dcd533b57: Pull complete
50cf76112433: Pull complete
c5f0bcebca98: Pull complete
6a3894d8edd4: Pull complete
72b74681051b: Pull complete
Digest: sha256:4a9e431a82bb96676ba3ae38c24e2e49b38d5ada4925fa973622ee4ee6ad7dfa
Status: Downloaded newer image for bitbucketpipelines/aws-eks-kubectl-run:2.2.0
INFO: Configuring kubeconfig...
Added new context arn:aws:eks:us-east-1:<aws-account-id>:cluster/eks-cluster to /root/.kube/config
INFO: Successfully updated the kube config.
WARNING: "/" is not allowed in kubernetes labels. Slashes will be replaced by a dash "-" in the "" label value.For more information you can check the official kubernetes docs
Traceback (most recent call last):
File "/", line 47, in <module>
File "/root/.local/lib/python3.8/site-packages/kubectl_run/", line 157, in run
File "/root/.local/lib/python3.8/site-packages/kubectl_run/", line 114, in handle_apply
self.update_labels_in_metadata(template_file, labels)
File "/root/.local/lib/python3.8/site-packages/kubectl_run/", line 39, in update_labels_in_metadata
with open(template, 'w') as template_file:
PermissionError: [Errno 13] Permission denied: './deploy/cronjob.yaml'
Searching for files matching artifact pattern .bitbucket/pipelines/generated/pipeline/pipes/**

Searching for test report files in directories named [test-results, failsafe-reports, test-reports, TestResults, surefire-reports] down to a depth of 4
Finished scanning for test reports. Found 0 test report files.
Merged test suites, total number tests is 0, with 0 failures and 0 errors.


Repro steps:

- Artifacts with some k8s manifest and customization file

- pipe: atlassian/aws-eks-kubectl-run:2.2.0
      CLUSTER_NAME: "eks-cluster"
      KUBECTL_COMMAND: "apply"
      RESOURCE_PATH: "./deploy"

1 answer

1 accepted

0 votes
Answer accepted
Patrik S Atlassian Team Dec 15, 2021

Hello @Anton Patronov ,

Welcome to the Atlassian Community!

From the pipeline logs you've shared with us, I see that the deploy folder is an artifact, and looks like the artifacts default permissions ( -rw-r--r-- ) is not enough for your use case.

That being said could you please trying to add the following command in the same step as your pipe, right before the pipe is executed ?

chmod -R 777 <path to the folder>

This will set full permissions for the files within the provided folder. Your YAML file would like like the following : 

- chmod -R 777 <path to the folder>

- pipe: atlassian/aws-eks-kubectl-run:2.2.0
      CLUSTER_NAME: "eks-cluster"
      KUBECTL_COMMAND: "apply"
      RESOURCE_PATH: "./deploy"

Let me know if that works for you and if you have any other questions, we'll be glad to help :)

Thanks @Anton Patronov !

Kind regards,

Patrik S

Yes, that is what I've done. But I thought that this pipe should work as root. Seems like it doesn't.

Patrik S Atlassian Team Dec 15, 2021

Hello @Anton Patronov  ,

Great to know that using chmod to set the permissions did work.

Just to give you a background, artifacts are downloaded by root user and have their default permission as -rw-r--r-- , but Pipe itself is run by non root user. The non root user running Pipe didn't have the enough privileges to run the commands of your use case and thus you were getting the error.

Do let us know if you have any questions.

Thanks, @Anton Patronov !

Kind regards,

Patrik S

but Pipe itself is run by non root user.

That's what I thought. Maybe this behavior should be described somewhere in the documentation. Because I run the pipeline on the cloud agents and use the default docker image provided by Atlassian and I don't do any changes with the file permissions during the previous steps and I expected that this pipe should work out of the box in my case...

Patrik S Atlassian Team Dec 15, 2021

Hello @Anton Patronov ,

I understand your point and will make sure the suggestion to include these details on our public documentation is shared internally with the concerned teams :)

Kind regards,

Patrik S

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket

⭐ Calling all Bitbucket and DevOps experts: Special showcase opportunity ⭐

Hi, Bitbucket community! Are you a DevOps practitioner (or know one in your network)? Do you have DevOps tips, tricks, or learnings you'd like to share with the community? If so, we'd love to hea...

1,523 views 4 8
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you