Task should fail if Container fails to mount

[Homopatrol]

Feature request

I recently ran into this bug where I was purposely providing incorrect secret into a task .

volumeMounts:
        - mountPath: /home/.docker/
          name: registry-creds
  volumes:
    - name: registry-creds
      secret:
        items:
          - key: .dockerconfigjson
            path: config.json
        secretName: $(params.reg-secret-name)

However instead of the task failing it instead hanged and I had to go into the console in order to check this had failed as expected.

Normal   Scheduled    46s                default-scheduler  
Successfully assigned tekton-pipelines/simple-page-pipeline-run-9bzv5-vuln-scan-build-q92vl-pod-c2jcf
 to 10.112.78.7 Warning  FailedMount  14s (x7 over 46s)  kubelet   MountVolume.SetUp failed for volume "registry-creds" : secret 
"sbu-pipeline2" not found

My request is that if the a Container fails to spin up, we should output an error message and the task should fail instead of hanging.
In addition to this could there be a way to check if the credentials provided are correct and provide that feedback to the user?

Use case

This would allow for easy and friendly debugging if something were to fail and the task could not start the user would be able to notice and take action rather than waiting and having to go to the cli.

[kitty-catt]

The Tekton pod fails somewhere down the line CreateContainerConfigError

customer-security-pipeline-ibm-prevail-2021-kztvh-sonar-s-m58tm 2/3 CreateContainerConfigError 0 2m26s

with oc describe po
Error: secret "sonarqube-access" not found

In the Tekton Task it is possible to set the parameter to being not optional.

    - name: SONARQUBE_LOGIN
      valueFrom:
        secretKeyRef:
          name: sonarqube-access
          key: SONARQUBE_LOGIN
          optional: false

Tekton starts to execute all Tekton Tasks in the pipeline, ... then somewhat later in the pipeline it starts the SonarQube Tekton task, which then fails because of the missing configmap and missing secret.

It would be an improvement to check for the presence of not optional configmaps and secrets as a preflight check before starting up anything in the pipeline.

[tekton-robot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale with a justification.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

[tekton-robot]

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

[tekton-robot]

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen with a justification.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

[tekton-robot]

@tekton-robot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen with a justification.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.