Changing build steps from initContainers to Containers #564
Conversation
googlebot
added
the
cla: yes
knative-prow-robot
added
size/XXL
nader-ziada
force-pushed
the
realcontainers
branch
3 times, most recently
from
7d9546e
to
d3a0b6e
Compare
There was a problem hiding this comment.
This PR is my favorite PR that I've ever seen, and I'm excited to see it's this close to finally happening! 🎉 Thanks @pivotal-nader-ziada!
Can you add a YAML test that ensures that a build with two steps has those steps execute sequentially? We used to just be able to trust init containers to do that for us, but now we need something to ensure it's working. Even something as simple as:
steps:
- image: busybox
entrypoint: bash
args: ['-c', 'sleep 3 && touch foo']
- image: busybox
args: ['ls', 'foo']This would fail if steps are swapped or if they're run concurrently due to a future bug.
| @@ -3,4 +3,5 @@ baseImageOverrides: | |||
| github.com/knative/build-pipeline/cmd/creds-init: gcr.io/knative-nightly/github.com/knative/build/build-base:latest | |||
| github.com/knative/build-pipeline/cmd/git-init: gcr.io/knative-nightly/github.com/knative/build/build-base:latest | |||
| github.com/knative/build-pipeline/cmd/bash: busybox # image should have shell in $PATH | |||
| github.com/knative/build-pipeline/cmd/entrypoint: busybox # image should have shell in $PATH | |||
There was a problem hiding this comment.
What does this image need a shell for?
There was a problem hiding this comment.
thinking about it now again I guess it doesn't really need a shell. Will try it again without this
There was a problem hiding this comment.
I wanted to have a shell because we are using this same image for the step to copy the binary to the tools/entrypoint location
| args: []string{"hello", "world"}, | ||
| expectedArgs: []string{ | ||
| "-wait_file", "", | ||
| "-post_file", "/tools/0", |
There was a problem hiding this comment.
We should put this in /builder/tools/, since it's not unreasonable to expect a user's process already uses a /tools directory. Namespacing things in /builder helps since we can just sort of "reserve" the whole directory.
There was a problem hiding this comment.
used /tools because it was already there from the log writing entrypoint that got removed. Is builder created anyway, or just as part of a git resource?
There was a problem hiding this comment.
moved tools to /builder/tools
|
@imjasonh sure, will create the yaml test. Thanks |
|
the |
|
/test pull-knative-build-pipeline-integration-tests |
docs/container-contract.md
Outdated
| overwritten with a custom binary that redirects the logs to a separate location | ||
| for aggregating the log output (this currently does nothing but is to support | ||
| future work, see [#107](https://github.com/knative/build-pipeline/issues/107)). | ||
| overwritten with a custom binary that ensures the containers within the `Task`pod |
| args: ['-c', 'sleep 3 && touch foo'] | ||
| - image: busybox | ||
| cmd: bash | ||
| args: ['-c', 'ls', 'foo'] |
There was a problem hiding this comment.
this is a total nitpick and feel free to ignore me, but id personally rather see this as an end to end test than an example. to me the distinction is:
- examples: things ppl look at when they want to know how to do something
- end to end tests: things ppl dont need to look at which test our actual machinery
In knative/build everything was a yaml test since we didnt have the distinction 🤷♀️
There was a problem hiding this comment.
yes, makes sense, will do that
| Name: InitContainerName, | ||
| Image: *entrypointImage, | ||
| Command: []string{"/bin/sh"}, | ||
| // based on the ko version, the binary could be in one of two different locations |
| var err error | ||
| step.Command, err = GetRemoteEntrypoint(cache, step.Image, kubeclient, build) | ||
| if err != nil { | ||
| logger.Errorf("**ALERT**: Error getting entry point image", err.Error()) |
There was a problem hiding this comment.
does this error mean:
- the controller has a problem <-- this is what the message currently implies
- the user may have made an error (problem with image, problem with credentials)
if it's more likely the second, i dont think we should log something at all - if we do, i think it should be a bit less urgent looking
There was a problem hiding this comment.
I'll remove the alert part of the message, but I think its useful to log something when we couldn't get the remote image, wdyt?
| img, err := remote.Image(ref, remote.WithAuthFromKeychain(authn.DefaultKeychain)) | ||
| // this will first try to authenticate using the k8schain, | ||
| // then fall back to the google keychain, | ||
| // then fall back to anonymous |
There was a problem hiding this comment.
i think the docs are a bit light on how this works, could we add a bit more? (i think right now they just say you should provide a serviceaccount that has the right credentials, but this logic looks like it'll do a bit more)
| with the binary and file(s) is mounted. | ||
|
|
||
| If the image is a private registry, the service account should include an | ||
| [ImagePullSecret](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account) |
examples/taskruns/taskrun-order.yaml
Outdated
| taskSpec: | ||
| steps: | ||
| - image: busybox | ||
| cmd: bash |
There was a problem hiding this comment.
thanks, will fix that
examples/taskruns/taskrun-order.yaml
Outdated
| cmd: bash | ||
| args: ['-c', 'sleep 3 && touch foo'] | ||
| - image: busybox | ||
| cmd: bash |
- Replace log-writer entrypoint with waiting entrypoint - Remove configmap for entrypoint image - Update docs to describe entrypoint function
- use service account in task - fallback to default service account - add vendor dependencies for k8schain Signed-off-by: Nader Ziada <[email protected]>
- based on the version of ko used, the binary could be in /ko-app or in /ko-app/entrypoint
now with entrypoint, steps should specify the command in the command field and not in the args
nader-ziada
force-pushed
the
realcontainers
branch
from
981a767
to
d22f5eb
Compare
- add e2e test to ensure entrypoint runs in the specified order - move entrypoint mount folder to /builder/tools since the /builder folder is already used by other parts of the controller - fix the taskrun order yaml - add more docs about pulling images
|
addressed comments and rebased, ready for review |
nader-ziada
force-pushed
the
realcontainers
branch
from
d22f5eb
to
71f6659
Compare
- add e2e test to ensure entrypoint runs in the specified order - move entrypoint mount folder to /builder/tools since the /builder folder is already used by other parts of the controller - fix the taskrun order yaml - add more docs about pulling images Signed-off-by: Nader Ziada <[email protected]>
|
@pivotal-nader-ziada : In e2e yaml test logs one of the test is failing. Primary problem is the e2e yaml script not catching the error 🤦♀️ |
nader-ziada
force-pushed
the
realcontainers
branch
from
71f6659
to
c8a4751
Compare
- add e2e test to ensure entrypoint runs in the specified order - move entrypoint mount folder to /builder/tools since the /builder folder is already used by other parts of the controller - fix the taskrun order yaml - add more docs about pulling images Signed-off-by: Nader Ziada <[email protected]>
- add e2e test to ensure entrypoint runs in the specified order - move entrypoint mount folder to /builder/tools since the /builder folder is already used by other parts of the controller - fix the taskrun order yaml - add more docs about pulling images Signed-off-by: Nader Ziada <[email protected]>
nader-ziada
force-pushed
the
realcontainers
branch
from
c8a4751
to
8a506cc
Compare
|
The following is the coverage report on pkg/.
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: pivotal-nader-ziada, shashwathi The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
The yaml tests are fixed now, the service account was missing |
|
/lgtm |
Changes
Fixes: #224
Co-authored by @bobcatfish
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
tests
(if functionality changed/added)
docs
(if user facing)
practices
See the contribution guide
for more details.
Release Notes