Open gbenhaim opened 1 month ago
So I used the above configuration for chains you mentioned in the issue and tested the upgrade from Operator version: v0.70.x to v0.71.x, i.e.
chain:
artifacts.oci.storage: oci
artifacts.pipelinerun.format: in-toto
artifacts.pipelinerun.storage: oci
artifacts.taskrun.format: in-toto
artifacts.taskrun.storage: ""
transparency.enabled: "false"
With these values I have tested, it works fine and all the values and fields are preserved
Only if you add this one field artifacts.pipelinerun.enable-deep-inspection
then it gets override with the default, that is a known bug and it is addressed in this pr https://github.com/tektoncd/operator/pull/2179/
Expected Behavior
User provided configuration for Tekton Chains should be preserved.
Actual Behavior
When creating a TektonConfig with user provided configurations for chains, the operator overrides the values in the TektonConfig.
Example config the gets overriden:
Steps to Reproduce the Problem
Additional Info
Kubernetes version:
Output of
kubectl version
:Tekton Pipeline version:
Output of
tkn version
orkubectl get pods -n tekton-pipelines -l app=tekton-pipelines-controller -o=jsonpath='{.items[0].metadata.labels.version}'
I think that the issue is that the pipelines operator runs its pre-upgrade logic after the tetkon config is created, but before it creates the TektonChains CR (https://github.com/tektoncd/operator/blob/main/pkg/reconciler/shared/tektonconfig/upgrade/pre_upgrade.go#L33), because of that the default values of chains configuration are written to the tekton config. I saw the the pre-upgrade logic is running by turning on debug logging:
https://github.com/tektoncd/operator/blob/main/pkg/reconciler/shared/tektonconfig/upgrade/upgrade.go#L34 https://github.com/tektoncd/operator/blob/main/pkg/reconciler/shared/tektonconfig/upgrade/upgrade.go#L89