Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Task should fail if Container fails to mount #3897

Closed
Homopatrol opened this issue Apr 23, 2021 · 5 comments
Closed

Task should fail if Container fails to mount #3897

Homopatrol opened this issue Apr 23, 2021 · 5 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.

Comments

@Homopatrol
Copy link

Feature request

I recently ran into this bug where I was purposely providing incorrect secret into a task .

volumeMounts:
        - mountPath: /home/.docker/
          name: registry-creds
  volumes:
    - name: registry-creds
      secret:
        items:
          - key: .dockerconfigjson
            path: config.json
        secretName: $(params.reg-secret-name)

However instead of the task failing it instead hanged and I had to go into the console in order to check this had failed as expected.

Normal   Scheduled    46s                default-scheduler  
Successfully assigned tekton-pipelines/simple-page-pipeline-run-9bzv5-vuln-scan-build-q92vl-pod-c2jcf
 to 10.112.78.7 Warning  FailedMount  14s (x7 over 46s)  kubelet   MountVolume.SetUp failed for volume "registry-creds" : secret 
"sbu-pipeline2" not found

My request is that if the a Container fails to spin up, we should output an error message and the task should fail instead of hanging.
In addition to this could there be a way to check if the credentials provided are correct and provide that feedback to the user?

Use case

This would allow for easy and friendly debugging if something were to fail and the task could not start the user would be able to notice and take action rather than waiting and having to go to the cli.

@Homopatrol Homopatrol added the kind/feature Categorizes issue or PR as related to a new feature. label Apr 23, 2021
@kitty-catt
Copy link

The Tekton pod fails somewhere down the line CreateContainerConfigError

customer-security-pipeline-ibm-prevail-2021-kztvh-sonar-s-m58tm 2/3 CreateContainerConfigError 0 2m26s

with oc describe po
Error: secret "sonarqube-access" not found

In the Tekton Task it is possible to set the parameter to being not optional.

    - name: SONARQUBE_LOGIN
      valueFrom:
        secretKeyRef:
          name: sonarqube-access
          key: SONARQUBE_LOGIN
          optional: false

Tekton starts to execute all Tekton Tasks in the pipeline, ... then somewhat later in the pipeline it starts the SonarQube Tekton task, which then fails because of the missing configmap and missing secret.

It would be an improvement to check for the presence of not optional configmaps and secrets as a preflight check before starting up anything in the pipeline.

@tekton-robot
Copy link
Collaborator

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale with a justification.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

@tekton-robot tekton-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 15, 2021
@tekton-robot
Copy link
Collaborator

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

@tekton-robot tekton-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Nov 14, 2021
@tekton-robot
Copy link
Collaborator

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen with a justification.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

@tekton-robot
Copy link
Collaborator

@tekton-robot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen with a justification.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.
Projects
None yet
Development

No branches or pull requests

3 participants