search

automatiko-io / automatiko-approval-task

Tekton Pipeline Custom task implementation to add approval capabilities into the pipelines
Apache License 2.0
42 stars 14 forks source link

Pipeline default/approval-pipeline can't be Run; it contains Tasks that don't exist: Couldn't retrieve Task "approvaltask": tasks.tekton.dev "approvaltask" not found #8

Closed rajesh-carelon closed 1 year ago

rajesh-carelon commented 1 year ago

I have followed the documentation and video but after creating pipeline when I try to run the pipeline run I am facing the below error.

Please help me resolving the issue. As per my understanding I dont require to create approval task help me understand more.

I am using latest code

Error: Pipeline default/approval-pipeline can't be Run; it contains Tasks that don't exist: Couldn't retrieve Task "approvaltask": tasks.tekton.dev "approvaltask" not found

mswiderski commented 1 year ago

looks like you haven't registered the CRD of ApprovalTask - https://github.com/automatiko-io/automatiko-approval-task#install-approval-tasks-crd

Note that this requires cluster admin rights. In addition, please provide versions of:

rajesh-carelon commented 1 year ago

Hello @mswiderski , I have created CRD of approval task, Do I need to modify anything in the CRD of approval task approvaltasks.tekton.automatiko.io 2023-04-10T08:46:28Z

1) Tekton versions:

Dashboard: v0.34.0 Pipelines: v0.46.0 Triggers: v0.22.1

2) Do I need to configure custom task ? Can you please provide me with the Yaml file.

But i have tried creating custom task for approval task but its asking for output reference to the approved task.

Not sure whats wrong, For Approval task reference do we need to create approval task or CRD will create it one for you?

3) automatiko approval task version I am using the code from latest which is tag v0.7.0

mswiderski commented 1 year ago

Can you share the pipeline file you used?

rajesh-carelon commented 1 year ago

Hello @mswiderski I am using same as pipeline file just added my email instead of yours located here : https://github.com/automatiko-io/automatiko-approval-task/blob/main/k8s/v1beta1/test/pipeline-single.yaml At present i am not using any email configuration

Please find the pipeline file below. Please ignore syntax

Let me know if you are available for a meeting, Will connect and close the issue.

apiVersion: tekton.dev/v1beta1 kind: Pipeline metadata: name: testpipeline2 spec: tasks:

mswiderski commented 1 year ago

ok, so this looks like the default test pipeline. Could it be you are creating it in different namespace? The CRD is namespaces, so you need to make sure where you create pipeline is where you created approval task CRD.

Then the same goes for deployment of the controller which will then watch only selected namespaces, by default it watches default namespace. https://github.com/automatiko-io/automatiko-approval-task/blob/main/k8s/v1beta1/kubernetes-basic.yml#L171

rajesh-carelon commented 1 year ago

All the resources are in default namespace, I haven't changed any namespace.

image

mswiderski commented 1 year ago

can you also look of custom task are enabled, see the config map https://github.com/automatiko-io/automatiko-approval-task#configure-tekton

approval task are based on Tekton's custom task so it is Tekton that transforms it to custom run and then approval task controller is triggered for the custom run.

rajesh-carelon commented 1 year ago

Yea its enabled its value as custom-task-version: v1beta1 as per the latest code

Please edit the object below. Lines beginning with a '#' will be ignored,

and an empty file will abort the edit. If an error occurs while saving this file will be

reopened with the relevant failures.

# apiVersion: v1 data: await-sidecar-readiness: "true" custom-task-version: v1beta1 disable-affinity-assistant: "true" disable-creds-init: "false" enable-api-fields: stable enable-provenance-in-status: "false" enable-tekton-oci-bundles: "false" enforce-nonfalsifiablity: none require-git-ssh-secret-known-hosts: "false" resource-verification-mode: skip running-in-environment-with-injected-sidecars: "true" send-cloudevents-for-runs: "false" kind: ConfigMap metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"v1","data":{"await-sidecar-readiness":"true","custom-task-version":"v1beta1","disable-affinity-assistant":"false","disable-creds-init":"false","enable-api-fields":"stable","enable-provenance-in-status":"false","enable-tekton-oci-bundles":"false","enforce-nonfalsifiablity":"none","require-git-ssh-secret-known-hosts":"false","resource-verification-mode":"skip","running-in-environment-with-injected-sidecars":"true","send-cloudevents-for-runs":"false"},"kind":"ConfigMap","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"default","app.kubernetes.io/part-of":"tekton-pipelines"},"name":"feature-flags","namespace":"tekton-pipelines"}} creationTimestamp: "2022-11-29T11:09:09Z" labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines managedFields:

rajesh-carelon commented 1 year ago

Hello @mswiderski Are you available for meeting ?

Can you provide your email address and available time ?

It will be helpful.

mswiderski commented 1 year ago

I won't be available during this week unfortunately, can just try to reply in between

Looking closer into the error (Couldn't retrieve Task "approvaltask": tasks.tekton.dev "approvaltask" not found) it seems like it is not recognising it as custom task and try to look at only built in tasks. Could it be a configuration of your Tekton that prevents it? Might be worth to reach out to Tekton community to ask what could be the reason why custom tasks are not recognised.

This is before approval task is even invoked or attempted to be invoked as it is missing CustomRun resource to be created.

You should see some customruns to be in the system and look like this:

k get customrun testpipeline-slack-run-1678356145684-deploy-dev-approval-task -o yaml                                              ✔  minikube ⎈
apiVersion: tekton.dev/v1beta1
kind: CustomRun
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"tekton.dev/v1beta1","kind":"Pipeline","metadata":{"annotations":{},"name":"testpipeline-slack","namespace":"default"},"spec":{"tasks":[{"name":"deploy-dev-approval-task","params":[{"name":"pipeline","value":"$(context.pipelineRun.name)"},{"name":"description","value":"Approval from pipeline $(context.pipeline.name) for development environment"},{"name":"approvers","value":["john@email.com"]},{"name":"notifyOnSlack","value":"test"}],"taskRef":{"apiVersion":"tekton.automatiko.io/v1beta1","kind":"ApprovalTask","name":"approvaltask"}},{"name":"deploy-dev-approved-task","params":[{"name":"decision","value":"APPROVED"},{"name":"comment","value":"$(tasks.deploy-dev-approval-task.results.comment)"}],"runAfter":["deploy-dev-approval-task"],"taskRef":{"name":"print-decision"},"when":[{"input":"$(tasks.deploy-dev-approval-task.results.decision)","operator":"in","values":["true"]}]},{"name":"deploy-dev-rejected-task","params":[{"name":"decision","value":"REJECTED"},{"name":"comment","value":"$(tasks.deploy-dev-approval-task.results.comment)"}],"runAfter":["deploy-dev-approval-task"],"taskRef":{"name":"print-decision"},"when":[{"input":"$(tasks.deploy-dev-approval-task.results.decision)","operator":"in","values":["false"]}]}]}}
  creationTimestamp: "2023-03-09T10:02:25Z"
  finalizers:
  - customruns.tekton.dev/finalizer
  generation: 1
  labels:
    tekton.dev/memberOf: tasks
    tekton.dev/pipeline: testpipeline-slack
    tekton.dev/pipelineRun: testpipeline-slack-run-1678356145684
    tekton.dev/pipelineTask: deploy-dev-approval-task
  name: testpipeline-slack-run-1678356145684-deploy-dev-approval-task
  namespace: default
  ownerReferences:
  - apiVersion: tekton.dev/v1beta1
    blockOwnerDeletion: true
    controller: true
    kind: PipelineRun
    name: testpipeline-slack-run-1678356145684
    uid: ca23128d-51f9-4d92-90c1-f793db85d786
  resourceVersion: "1089"
  uid: 636c0492-80cf-4502-9a12-0e22ac0c504e
spec:
  customRef:
    apiVersion: tekton.automatiko.io/v1beta1
    kind: ApprovalTask
    name: approvaltask
  params:
  - name: pipeline
    value: testpipeline-slack-run-1678356145684
  - name: description
    value: Approval from pipeline testpipeline-slack for development environment
  - name: approvers
    value:
    - john@email.com
  - name: notifyOnSlack
    value: test
  serviceAccountName: default
status:
  conditions:
  - lastTransitionTime: null
    message: Approval Task has been created
    reason: Succeeded
    status: Unknown
    type: ""
  extraFields: null
  startTime: "2023-03-09T10:02:25Z"

this means that Tekton did its part and approval is able to do its part. I suspect that this is where the issue is but unfortunately I am not that into internals of Tekton and how it creates the custom runs resources.

rajesh-carelon commented 1 year ago

Hello @mswiderski

How are you ?

Looks like I am halfway to success.

Things I did.

  1. I have updated tekton to the latest version due to some of the controller pods and webhook pods are not working.
  2. Troubleshooting says cluster version 1.22 is not compatible with it, and it requires 1.24. I have updated the cluster to 1.24
  3. Now the approval task is triggering once the pipeline run triggers, but when I go to the approval link generated by approval task its not working.
  4. I have portforwarded to 9000 and I tried accessing the manually using http://localhost:9000 its showing like below

image

  1. When enter the details like pipelinerun and taskrun and approval it shows nothing image

Please let me know what am I missing here.

mswiderski commented 1 year ago

glad to hear things moved forward, thanks for the update.

In general tasks are looked up based on approvers, meaning if you have your pipeline setting with approver or group then you need to provide this via the form or query parameters when using the direct link to task. https://github.com/automatiko-io/automatiko-approval-task#approval-forms

So in general, using the form you need:

Additionally, if you look at the approval task created in Kubernetes you will find there is approverUrl which gives you direct link to the task. then you need to append following query param:

When you integrate this with emails the link will be fully functional and will not need to add the query param.

rajesh-carelon commented 1 year ago

Great!

After appending the user i am able to approve the task

image

But I need guidance on Email approval

I have provided all the parameters Below parameters are mandatory, Do I need to create a configmap using /template folder or only approval-email file ? What is the below parameters mailer password and instance end ?

Lastly Can you tell me what all the procedure I have to follow for Email intergration ?

mswiderski commented 1 year ago

Have a look at readme for configuring emails: https://github.com/automatiko-io/automatiko-approval-task#configure-email-server

It has also section about templates but you only need it if you want to change the default templates used for email or forms. instance end is configuration to keep completed approvals in the system for as long as associated pipeline run is in the system. So this one should stay like that.

mswiderski commented 1 year ago

@rajesh-carelon have you managed to get this working?

mswiderski commented 1 year ago

closing due to no response from reporter