Alauda DevOps Pipelines Docs

Result Limit Exceeded When Writing Tekton Task Results

TOC

Problem Description

When a Task step writes relatively large content into a Task result, the output may fail due to size limits.

Error Manifestation

  • Pod logs show termination message overflow (result too large for default 4 KB cap):

    2025/10/15 03:22:24 ERROR Error while substituting step artifacts: error="Termination message is above max allowed size 4096, caused by large task result."
2025/10/15 03:22:24 Termination message is above max allowed size 4096, caused by large task result.

Root Cause Analysis

By default, Tekton Pipelines captures Task results through the container termination message, which Kubernetes limits to 4 KB. This effectively caps a single Task's usable result size to 4096 bytes.

To lift that ceiling, Tekton supports reading results from sidecar logs, where a configurable max-result-size is applied per result.

Troubleshooting

TIP

The following instructions assume that you have installed Tekton Pipeline into the tekton-pipelines namespace by default.

If you have installed it into a different namespace, please replace tekton-pipelines with your namespace.

Following are the steps to configure the result size limit:

  1. Edit the TektonConfig resource by setting spec.pipeline.results-from and spec.pipeline.max-result-size as shown below:

    apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
  name: config
spec:
  pipeline:
    # Use sidecar logs instead of termination messages
    results-from: sidecar-logs
    # Result size in bytes (example: 64 KiB). Max is 1,572,863 bytes.
    max-result-size: 65536

  2. The feature-flags ConfigMap will be updated automatically.

    apiVersion: v1
kind: ConfigMap
metadata:
  name: feature-flags
  namespace: tekton-pipelines
data:
  results-from: sidecar-logs
  max-result-size: "65536"

  3. Since the results-from: sidecar-logs feature is enabled, you need to configure log access permissions for the controller:

    Technical Note: This configuration allows the controller to retrieve results information from pod logs. For detailed information, please refer to the Tekton official documentation.

    kubectl apply -f - <<EOF
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: tekton-pipelines-controller-pod-log-access
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: default
    app.kubernetes.io/part-of: tekton-pipelines
rules:
  - apiGroups: [""]
    resources: ["pods/log"]
    verbs: ["get"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: tekton-pipelines-controller-pod-log-access
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: default
    app.kubernetes.io/part-of: tekton-pipelines
subjects:
  - kind: ServiceAccount
    name: tekton-pipelines-controller
    namespace: tekton-pipelines
roleRef:
  kind: ClusterRole
  name: tekton-pipelines-controller-pod-log-access
  apiGroup: rbac.authorization.k8s.io
EOF

  4. No manual component restarts are required, changes will take effect automatically.

Related Content