Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pull in upstream changes #5

Merged
merged 21 commits into from
Feb 17, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions cmd/entrypoint/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,10 @@ func main() {
if err := json.Unmarshal([]byte(env), &cmds); err != nil {
log.Fatal(err)
}
// NB: This value contains OS/architecture and maybe variant.
// It doesn't include osversion, which is necessary to
// disambiguate two images both for e.g., Windows, that only
// differ by osversion.
plat := platforms.DefaultString()
var err error
cmd, err = selectCommandForPlatform(cmds, plat)
Expand Down
12 changes: 0 additions & 12 deletions config/config-feature-flags.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,18 +30,6 @@ data:
# https://github.com/tektoncd/pipeline/blob/main/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline
# or https://github.com/tektoncd/pipeline/pull/2630 for more info.
disable-affinity-assistant: "false"
# Setting this flag to "false" will allow Tekton to override your
# Task container's $HOME environment variable.
#
# See https://github.com/tektoncd/pipeline/issues/2013 for more
# info.
disable-home-env-overwrite: "true"
# Setting this flag to "false" will allow Tekton to override your
# Task container's working directory.
#
# See https://github.com/tektoncd/pipeline/issues/1836 for more
# info.
disable-working-directory-overwrite: "true"
# Setting this flag to "true" will prevent Tekton scanning attached
# service accounts and injecting any credentials it finds into your
# Steps.
Expand Down
4 changes: 2 additions & 2 deletions config/controller.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,9 @@ spec:
# This is gcr.io/google.com/cloudsdktool/cloud-sdk:302.0.0-slim
"-gsutil-image", "gcr.io/google.com/cloudsdktool/cloud-sdk@sha256:27b2c22bf259d9bc1a291e99c63791ba0c27a04d2db0a43241ba0f1f20f4067f",
# The shell image must be root in order to create directories and copy files to PVCs.
# gcr.io/distroless/base:debug as of October 21, 2021
# gcr.io/distroless/base:debug as of February 17, 2022
# image shall not contains tag, so it will be supported on a runtime like cri-o
"-shell-image", "gcr.io/distroless/base@sha256:cfdc553400d41b47fd231b028403469811fcdbc0e69d66ea8030c5a0b5fbac2b",
"-shell-image", "gcr.io/distroless/base@sha256:3cebc059e7e52a4f5a389aa6788ac2b582227d7953933194764ea434f4d70d64",
# for script mode to work with windows we need a powershell image
# pinning to nanoserver tag as of July 15 2021
"-shell-image-win", "mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6",
Expand Down
3 changes: 3 additions & 0 deletions docs/debug.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ weight: 11
`Debug` spec is used for troubleshooting and breakpointing runtime resources. This doc helps understand the inner
workings of debug in Tekton. Currently only the `TaskRun` resource is supported.

This is an alpha feature. The `enable-api-fields` feature flag [must be set to `"alpha"`](./install.md)
to specify `debug` in a `taskRun`.

## Debugging TaskRuns

The following provides explanation on how Debugging TaskRuns is possible through Tekton. To understand how to use
Expand Down
4 changes: 0 additions & 4 deletions docs/deprecations.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,8 @@ being deprecated.

| Feature Being Deprecated | Deprecation Announcement | [API Compatibility Policy](https://github.com/tektoncd/pipeline/tree/main/api_compatibility_policy.md) | Earliest Date or Release of Removal |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ----------------------------------- |
| [`tekton.dev/task` label on ClusterTasks](https://github.com/tektoncd/pipeline/issues/2533) | [v0.12.0](https://github.com/tektoncd/pipeline/releases/tag/v0.12.0) | Beta | January 30 2021 |
| [The `TaskRun.Status.ResourceResults.ResourceRef` field is deprecated and will be removed.](https://github.com/tektoncd/pipeline/issues/2694) | [v0.14.0](https://github.com/tektoncd/pipeline/releases/tag/v0.14.0) | Beta | April 30 2021 |
| [The `PipelineRun.Spec.ServiceAccountNames` field is deprecated and will be removed.](https://github.com/tektoncd/pipeline/issues/2614) | [v0.15.0](https://github.com/tektoncd/pipeline/releases/tag/v0.15.0) | Beta | May 15 2021 |
| [`Conditions` CRD is deprecated and will be removed. Use `when` expressions instead.](https://github.com/tektoncd/community/blob/main/teps/0007-conditions-beta.md) | [v0.16.0](https://github.com/tektoncd/pipeline/releases/tag/v0.16.0) | Alpha | Nov 02 2020 |
| [The `disable-home-env-overwrite` flag will be removed](https://github.com/tektoncd/pipeline/issues/2013) | [v0.24.0](https://github.com/tektoncd/pipeline/releases/tag/v0.24.0) | Beta | February 10 2022 |
| [The `disable-working-dir-overwrite` flag will be removed](https://github.com/tektoncd/pipeline/issues/1836) | [v0.24.0](https://github.com/tektoncd/pipeline/releases/tag/v0.24.0) | Beta | February 10 2022 |
| [The `scope-when-expressions-to-task` flag will be flipped from "false" to "true"](https://github.com/tektoncd/pipeline/issues/4461) | [v0.27.0](https://github.com/tektoncd/pipeline/releases/tag/v0.27.0) | Beta | February 10 2022 |
| [The `scope-when-expressions-to-task` flag will be removed](https://github.com/tektoncd/pipeline/issues/4461) | [v0.27.0](https://github.com/tektoncd/pipeline/releases/tag/v0.27.0) | Beta | March 10 2022 |
| [`PipelineResources` are deprecated.](https://github.com/tektoncd/community/blob/main/teps/0074-deprecate-pipelineresources.md) | [v0.30.0](https://github.com/tektoncd/pipeline/releases/tag/v0.30.0) | Alpha | Dec 20 2021 |
14 changes: 3 additions & 11 deletions docs/install.md
Original file line number Diff line number Diff line change
Expand Up @@ -338,14 +338,6 @@ To customize the behavior of the Pipelines Controller, modify the ConfigMap `fea
node in the cluster must have an appropriate label matching `topologyKey`. If some or all nodes
are missing the specified `topologyKey` label, it can lead to unintended behavior.

- `disable-home-env-overwrite` - set this flag to `false` to allow Tekton
to override the `$HOME` environment variable for the containers executing your `Steps`.
The default is `true`. For more information, see the [associated issue](https://github.com/tektoncd/pipeline/issues/2013).

- `disable-working-directory-overwrite` - set this flag to `false` to allow Tekton
to override the working directory for the containers executing your `Steps`.
The default value is `true`. For more information, see the [associated issue](https://github.com/tektoncd/pipeline/issues/1836).

- `running-in-environment-with-injected-sidecars`: set this flag to `"true"` to allow the
Tekton controller to set the `tekton.dev/ready` annotation at pod creation time for
TaskRuns with no Sidecars specified. Enabling this option should decrease the time it takes for a TaskRun to
Expand Down Expand Up @@ -378,7 +370,7 @@ most stable features to be used. Set it to "alpha" to allow [alpha
features](#alpha-features) to be used.

- `scope-when-expressions-to-task`: set this flag to "true" to scope `when` expressions to guard a `Task` only. Set it
to "false" to guard a `Task` and its dependent `Tasks`. It defaults to "false". For more information, see [guarding
to "false" to guard a `Task` and its dependent `Tasks`. It defaults to "true". For more information, see [guarding
`Task` execution using `when` expressions](pipelines.md#guard-task-execution-using-whenexpressions).

For example:
Expand All @@ -389,8 +381,6 @@ kind: ConfigMap
metadata:
name: feature-flags
data:
disable-home-env-overwrite: "true" # Tekton will not override the $HOME variable for individual Steps.
disable-working-directory-overwrite: "true" # Tekton will not override the working directory for individual Steps.
enable-api-fields: "alpha" # Allow alpha fields to be used in Tasks and Pipelines.
```

Expand All @@ -413,6 +403,8 @@ Features currently in "alpha" are:
| [Implicit `Parameters`](./taskruns.md#implicit-parameters) | [TEP-0023](https://github.com/tektoncd/community/blob/main/teps/0023-implicit-mapping.md) | [v0.28.0](https://github.com/tektoncd/pipeline/releases/tag/v0.28.0) | |
| [Windows Scripts](./tasks.md#windows-scripts) | [TEP-0057](https://github.com/tektoncd/community/blob/main/teps/0057-windows-support.md) | [v0.28.0](https://github.com/tektoncd/pipeline/releases/tag/v0.28.0) | |
| [Remote Tasks](./taskruns.md#remote-tasks) and [Remote Pipelines](./pipelineruns.md#remote-pipelines) | [TEP-0060](https://github.com/tektoncd/community/blob/main/teps/0060-remote-resolutiond.md) | | |
| [Debug](./debug.md) | [TEP-0042](https://github.com/tektoncd/community/blob/main/teps/0042-taskrun-breakpoint-on-failure.md) | [v0.26.0](https://github.com/tektoncd/pipeline/releases/tag/v0.26.0) | |
| [Step and Sidecar Overrides](./taskruns.md#overriding-task-steps-and-sidecars)| [TEP-0094](https://github.com/tektoncd/community/blob/main/teps/0094-specifying-resource-requirements-at-runtime.md) | | |

## Configuring High Availability

Expand Down
2 changes: 1 addition & 1 deletion docs/migrating-v1alpha1-to-v1beta1.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ Since then, **`PipelineResources` have been deprecated**. We encourage users to
features instead of `PipelineResources`. Read more about the deprecation in [TEP-0074](https://github.com/tektoncd/community/blob/main/teps/0074-deprecate-pipelineresources.md).

_More on the reasoning and what's left to do in
[Why aren't PipelineResources in Beta?](resources.md#why-arent-pipelineresources-in-beta)._
[Why aren't PipelineResources in Beta?](resources.md#why-aren-t-pipelineresources-in-beta)._

To ease migration away from `PipelineResources`
[some types have an equivalent `Task` in the Catalog](#replacing-pipelineresources-with-tasks).
Expand Down
2 changes: 2 additions & 0 deletions docs/pipelineruns.md
Original file line number Diff line number Diff line change
Expand Up @@ -472,6 +472,8 @@ spec:
```

If used with this `Pipeline`, `build-task` will use the task specific `PodTemplate` (where `nodeSelector` has `disktype` equal to `ssd`).
`PipelineTaskRunSpec` may also contain `StepOverrides` and `SidecarOverrides`; see
[Overriding `Task` `Steps` and `Sidecars`](./taskruns.md#overriding-task-steps-and-sidecars) for more information.

### Specifying `Workspaces`

Expand Down
30 changes: 20 additions & 10 deletions docs/pipelines.md
Original file line number Diff line number Diff line change
Expand Up @@ -496,14 +496,24 @@ There are a lot of scenarios where `when` expressions can be really useful. Some

#### Guarding a `Task` and its dependent `Tasks`

When `when` expressions evaluate to `False`, the `Task` and its dependent `Tasks` will be skipped by default while the
rest of the `Pipeline` will execute. Dependencies between `Tasks` can be either ordering ([`runAfter`](https://github.com/tektoncd/pipeline/blob/main/docs/pipelines.md#using-the-runafter-parameter))
> :warning: **Scoping `when` expressions to a `Task` and its dependent `Tasks` is deprecated.**
>
> Consider migrating to scoping `when` expressions to the guarded `Task` only instead.
> Read more in the [documentation](#guarding-a-task-only) and [TEP-0059: Skipping Strategies][tep-0059].
>
[tep-0059]: https://github.com/tektoncd/community/blob/main/teps/0059-skipping-strategies.md

To guard a `Task` and its dependent `Tasks`, set the global default scope of `when` expressions to `Task` using the
`scope-when-expressions-to-task` field in [`config/config-feature-flags.yaml`](install.md#customizing-the-pipelines-controller-behavior)
by changing it to "false".

When `when` expressions evaluate to `False`, and `scope-when-expressions-to-task` is set to "false", the `Task` and
its dependent `Tasks` will be skipped while the rest of the `Pipeline` will execute. Dependencies between `Tasks` can
be either ordering ([`runAfter`](https://github.com/tektoncd/pipeline/blob/main/docs/pipelines.md#using-the-runafter-parameter))
or resource (e.g. [`Results`](https://github.com/tektoncd/pipeline/blob/main/docs/pipelines.md#using-results))
dependencies, as further described in [configuring execution order](#configuring-the-task-execution-order). The global
default scope of `when` expressions is set to a `Task` and its dependent`Tasks`; `scope-when-expressions-to-task` field
in [`config/config-feature-flags.yaml`](install.md#customizing-the-pipelines-controller-behavior) defaults to "false".

**Note:** Scoping `when` expressions to a `Task` and its dependent `Tasks` is deprecated
default scope of `when` expressions is set to a `Task` only; `scope-when-expressions-to-task` field in
[`config/config-feature-flags.yaml`](install.md#customizing-the-pipelines-controller-behavior) defaults to "true".

To guard a `Task` and its dependent Tasks:
- cascade the `when` expressions to the specific dependent `Tasks` to be guarded as well
Expand Down Expand Up @@ -646,9 +656,7 @@ tasks:

#### Guarding a `Task` only

To guard a `Task` only and unblock execution of its dependent `Tasks`, set the global default scope of `when` expressions
to `Task` using the `scope-when-expressions-to-task` field in [`config/config-feature-flags.yaml`](install.md#customizing-the-pipelines-controller-behavior)
by changing it to "true"
When `when` expressions evaluate to `False`, the `Task` will be skipped and:
- The ordering-dependent `Tasks` will be executed
- The resource-dependent `Tasks` (and their dependencies) will be skipped because of missing `Results` from the skipped
parent `Task`. When we add support for [default `Results`](https://github.com/tektoncd/community/pull/240), then the
Expand All @@ -657,6 +665,8 @@ by changing it to "true"
to handle the execution of the child `Task` in case the expected file is missing from the `Workspace` because the
guarded parent `Task` is skipped.

On the other hand, the rest of the `Pipeline` will continue executing.

```
tests
|
Expand Down Expand Up @@ -706,7 +716,7 @@ tasks:
name: slack-msg
```

With `when` expressions scoped to `Task`, if `manual-approval` is skipped, execution of it's dependent `Tasks`
With `when` expressions scoped to `Task`, if `manual-approval` is skipped, execution of its dependent `Tasks`
(`slack-msg`, `build-image` and `deploy-image`) would be unblocked regardless:
- `build-image` and `deploy-image` should be executed successfully
- `slack-msg` will be skipped because it is missing the `approver` `Result` from `manual-approval`
Expand Down
34 changes: 34 additions & 0 deletions docs/podtemplates.md
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,40 @@ Pod templates support fields listed in the table below.
</tbody>
</table>

## Use `imagePullSecrets` to lookup entrypoint

If no command is configured in `task` and `imagePullSecrets` is configured in `podTemplate`, the Tekton Controller will look up the entrypoint of image with `imagePullSecrets`. The Tekton controller's service account is given access to secrets by default. See [this](https://github.com/tektoncd/pipeline/blob/main/config/200-clusterrole.yaml) for reference. If the Tekton controller's service account is not granted the access to secrets in different namespace, you need to grant the access via `RoleBinding`:

```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: creds-getter
namespace: my-ns
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["creds"]
verbs: ["get"]
```

```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: creds-getter-binding
namespace: my-ns
subjects:
- kind: ServiceAccount
name: tekton-pipelines-controller
namespace: tekton-pipelines
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: creds-getter
apiGroup: rbac.authorization.k8s.io
```

---

Except as otherwise noted, the content of this page is licensed under the
Expand Down
4 changes: 2 additions & 2 deletions docs/resources.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ For example:
> which lists each PipelineResource type and a suggested option for replacing it.
>
> For more information on why PipelineResources are remaining alpha [see the description
> of their problems, along with next steps, below](#why-arent-pipelineresources-in-beta).
> of their problems, along with next steps, below](#why-aren-t-pipelineresources-in-beta).

--------------------------------------------------------------------------------

Expand All @@ -52,7 +52,7 @@ For example:
- [Storage Resource](#storage-resource)
- [GCS Storage Resource](#gcs-storage-resource)
- [Cloud Event Resource](#cloud-event-resource)
- [Why Aren't PipelineResources in Beta?](#why-arent-pipelineresources-in-beta)
- [Why Aren't PipelineResources in Beta?](#why-aren-t-pipelineresources-in-beta)

## Syntax

Expand Down
Loading