Expected Behavior
When following the air Gap documentation we expect ALL image deployed/used by tekton operator to be overwritten by the registry specified on this value :
apiVersion: apps/v1
kind: Deployment
metadata:
name: tekton-operator
namespace: tekton-operator
spec:
template:
spec:
containers:
- name: tekton-operator-lifecycle
env:
# Optional: globally rewrite registry host for all images
- name: TEKTON_REGISTRY_OVERRIDE
value: my-internal-registry.io/my-tekton-folder <-------------------------------------------- HereActual Behavior
It seems that only the images declared on the release.yml :
# [...]
1204 - name: OPERATOR_NAME
1205 value: tekton-operator
1206 - name: IMAGE_PIPELINES_PROXY
1207 value: ghcr.io/tektoncd/operator/proxy-webhook-f6167da7bc41b96a27c5529f850e63d1:v0.78.1@sha256:cdbd01b0305088ef9e741b28347fa87de6663e043815ef8c94f6911a44d2a6fe
1208 - name: IMAGE_JOB_PRUNER_TKN
1209 value: ghcr.io/tektoncd/plumbing/tkn@sha256:233de6c8b8583a34c2379fa98d42dba739146c9336e8d41b66030484357481ed
1210 - name: METRICS_DOMAIN
1211 value: tekton.dev/operator
# [...]
Are the only one that are correctly overwritten by this variable :
apiVersion: apps/v1
kind: Deployment
metadata:
name: tekton-operator
spec:
template:
spec:
containers:
- name: tekton-operator-lifecycle
env:
- name: TEKTON_REGISTRY_OVERRIDE
value: my-custom-registryAs you can see here :
ghcr.io/tektoncd/dashboard/dashboard-9623576a202fe86c8b7d1bc489905f86:v0.63.1@sha256:16eca97b649f6f27dfbab2be167be0afc34bab43af9d3304f64bf7f04d44e606
ghcr.io/tektoncd/dashboard/dashboard-9623576a202fe86c8b7d1bc489905f86@sha256:16eca97b649f6f27dfbab2be167be0afc34bab43af9d3304f64bf7f04d44e606
ghcr.io/tektoncd/pipeline/events-a9042f7efb0cbade2a868a1ee5ddd52c:v1.6.0@sha256:a601df6f1ef7f031b004b108eb2d7c215577b3b5231a43fa6b0ae6bf5af31025
ghcr.io/tektoncd/pipeline/events-a9042f7efb0cbade2a868a1ee5ddd52c@sha256:a601df6f1ef7f031b004b108eb2d7c215577b3b5231a43fa6b0ae6bf5af31025
# --> Here
my-custom-registry/tektoncd/operator/proxy-webhook-f6167da7bc41b96a27c5529f850e63d1:v0.78.1@sha256:cdbd01b0305088ef9e741b28347fa87de6663e043815ef8c94f6911a44d2a6fe
my-custom-registry/tektoncd/operator/proxy-webhook-f6167da7bc41b96a27c5529f850e63d1@sha256:cdbd01b0305088ef9e741b28347fa87de6663e043815ef8c94f6911a44d2a6fe
# <-- Here
ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36:v1.6.0@sha256:84efabe03a5e5441379171d5c071bc28612aa7656ec4f508b01d89ee431e4141
ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36@sha256:84efabe03a5e5441379171d5c071bc28612aa7656ec4f508b01d89ee431e4141
ghcr.io/tektoncd/pipeline/resolvers-ff86b24f130c42b88983d3c13993056d:v1.6.0@sha256:e77cc55c6e507c393be029335c765c6c34238ee48b49379428da3d01713e9293
ghcr.io/tektoncd/pipeline/resolvers-ff86b24f130c42b88983d3c13993056d@sha256:e77cc55c6e507c393be029335c765c6c34238ee48b49379428da3d01713e9293
ghcr.io/tektoncd/pipeline/webhook-d4749e605405422fd87700164e31b2d1:v1.6.0@sha256:c326a2f5c4988abcfd67b5a8edd5525da2110f2b8d3f6c50c27f8d25a721e566
ghcr.io/tektoncd/pipeline/webhook-d4749e605405422fd87700164e31b2d1@sha256:c326a2f5c4988abcfd67b5a8edd5525da2110f2b8d3f6c50c27f8d25a721e566
# --> Here
my-custom-registry/tektoncd/plumbing/tkn:v20250709-7c1b62c275
my-custom-registry/tektoncd/plumbing/tkn:v20250709-7c1b62c275
# <-- Here
ghcr.io/tektoncd/results/api-b1b7ffa9ba32f7c3020c3b68830b30a8:v0.17.1@sha256:74d09ec29a0382c0ddd2e116375eef984297304190f1516ae35ccbc748fac5b2
ghcr.io/tektoncd/results/api-b1b7ffa9ba32f7c3020c3b68830b30a8@sha256:74d09ec29a0382c0ddd2e116375eef984297304190f1516ae35ccbc748fac5b2
bitnami/postgresql@sha256:ac8dd0d6512c4c5fb146c16b1c5f05862bd5f600d73348506ab4252587e7fcc
ghcr.io/tektoncd/results/retention-policy-agent-07427b345034d96a9a27896ebb138518:v0.17.1@sha256:bd9a8ebf5b15297fceffb7265fd031a3185f4e28cdd91973b5d1ef252bdcd3f4
ghcr.io/tektoncd/results/retention-policy-agent-07427b345034d96a9a27896ebb138518@sha256:bd9a8ebf5b15297fceffb7265fd031a3185f4e28cdd91973b5d1ef252bdcd3f4
ghcr.io/tektoncd/results/watcher-83f971ea227fb24157c0c699b824a628:v0.17.1@sha256:20e4c10c56d32d33f59c38276ae80fae844b79ca6339cfed901c51c10200ecc6
ghcr.io/tektoncd/results/watcher-83f971ea227fb24157c0c699b824a628@sha256:20e4c10c56d32d33f59c38276ae80fae844b79ca6339cfed901c51c10200ecc6
ghcr.io/tektoncd/triggers/controller-f656ca31de179ab913fa76abc255c315:v0.34.0@sha256:472ed3311309a9ac066afd8be2ae435cb6cc5bc73240a5f82a9b04ee5c6f77eb
ghcr.io/tektoncd/triggers/controller-f656ca31de179ab913fa76abc255c315@sha256:472ed3311309a9ac066afd8be2ae435cb6cc5bc73240a5f82a9b04ee5c6f77eb
ghcr.io/tektoncd/triggers/interceptors-3176d6a3f314c3655b30bfd36e421dd5:v0.34.0@sha256:b7858bddaa29c376c1f79f87c96ccdf9588f320a547950638f51e0c84303fd69
ghcr.io/tektoncd/triggers/interceptors-3176d6a3f314c3655b30bfd36e421dd5@sha256:b7858bddaa29c376c1f79f87c96ccdf9588f320a547950638f51e0c84303fd69
ghcr.io/tektoncd/triggers/webhook-dd1edc925ee1772a9f76e2c1bc291ef6:v0.34.0@sha256:71ef9c830240870c76496f1858abc350d08be93365fc8bea17853aa94f64adcd
ghcr.io/tektoncd/triggers/webhook-dd1edc925ee1772a9f76e2c1bc291ef6@sha256:71ef9c830240870c76496f1858abc350d08be93365fc8bea17853aa94f64adcd
Steps to Reproduce the Problem
- Deploy the release.yml
- Patch the
tekton-operator deployment with this ENV variable
apiVersion: apps/v1
kind: Deployment
metadata:
name: tekton-operator
spec:
template:
spec:
containers:
- name: tekton-operator-lifecycle
env:
- name: TEKTON_REGISTRY_OVERRIDE
value: my-custom-registry
- Then check all the image from the whole cluster related to tekton (with something like this
kubectl get po -o yaml -n A | grep -i tekton |grep -i "image:"
Additional Info
Because the air Gap documentation doesn't seems to work, I tried to overwrite each image manually as it is said on Rewrite image one by one.
Sadly, there is still some images that are not overwritten properly with the env variable :
- IMAGE_TRIGGERS_ARG__EL_IMAGE
- IMAGE_PIPELINES_ARG__WORKINGDIRINIT_IMAGE
When declaring it on the patch of the deployment tekton operator the image are still not pulled from my custom registry (even after deleting the tektoninstallerset to force the "restart").
Client Version: v1.31.7
Kustomize Version: v5.4.2
Server Version: v1.32.12
Expected Behavior
When following the air Gap documentation we expect ALL image deployed/used by tekton operator to be overwritten by the registry specified on this value :
Actual Behavior
It seems that only the images declared on the release.yml :
Are the only one that are correctly overwritten by this variable :
apiVersion: apps/v1 kind: Deployment metadata: name: tekton-operator spec: template: spec: containers: - name: tekton-operator-lifecycle env: - name: TEKTON_REGISTRY_OVERRIDE value: my-custom-registryAs you can see here :
Steps to Reproduce the Problem
tekton-operatordeployment with thisENV variableapiVersion: apps/v1 kind: Deployment metadata: name: tekton-operator spec: template: spec: containers: - name: tekton-operator-lifecycle env: - name: TEKTON_REGISTRY_OVERRIDE value: my-custom-registrykubectl get po -o yaml -n A | grep -i tekton |grep -i "image:"Additional Info
Because the air Gap documentation doesn't seems to work, I tried to overwrite each image manually as it is said on Rewrite image one by one.
Sadly, there is still some images that are not overwritten properly with the env variable :
When declaring it on the patch of the deployment
tekton operatorthe image are still not pulled from my custom registry (even after deleting thetektoninstallersetto force the "restart").Kubernetes version:
1.32.12Output of
kubectl version:Tekton Pipeline version: v1.6.0
Output of
tkn versionorkubectl get pods -n tekton-pipelines -l app=tekton-pipelines-controller -o=jsonpath='{.items[0].metadata.labels.version}'