search

tektoncd / operator

Kubernetes operator to manage installation, updation and uninstallation of tektoncd projects (pipeline, …)
Apache License 2.0
428 stars 186 forks source link

GKE workload identity #905

Open mike-serchenia opened 1 year ago

mike-serchenia commented 1 year ago

Expected Behavior

allow add annotation to ksa tekton-pipelines-controller

Actual Behavior

tekton-operator will create ksa tekton-pipelines-controller and even if you annotate it with google service account, reconciler will remove the annotation

Steps to Reproduce the Problem

  1. install tekton-pipelines with tekton-operator
  2. try to run PipelineRun with pipelineRef: bundle:
  3. get error 
    CouldntGetTask
Pipeline tekton/kubernetes-sanity can't be Run; it contains Tasks that don't exist: Couldn't retrieve Task "kustomize-lint": GET https://us-east4-docker.pkg.dev/v2/token?scope=repository%3Agcp-project%2Ftekton-catalog%2Ftask%2Fkustomize-lint%3Apull&service=us-east4-docker.pkg.dev: DENIED: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/GCP-project/locations/us-east1/repositories/tekton-catalog" (or it may not exist)

broken in releases higher then https://storage.googleapis.com/tekton-releases/operator/previous/v0.54.0/release.yaml

vdemeester commented 1 year ago

@mike-serchenia I guess this is a bit similar to https://github.com/tektoncd/operator/issues/651 but for annotation, am I right ?

mike-serchenia commented 1 year ago

@mike-serchenia I guess this is a bit similar to #651 but for annotation, am I right ?

Looks like it, correct

dibyom commented 1 year ago

We handled this in Triggers by merging existing annotations with the ones that triggers adds in the reconciler to prevent overwrites

nikhil-thomas commented 1 year ago

/help-wanted

mike-serchenia commented 1 year ago

We handled this in Triggers by merging existing annotations with the ones that triggers adds in the reconciler to prevent overwrites

could you please share details?

tekton-robot commented 1 year ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale with a justification. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

dibyom commented 1 year ago

@mike-serchenia https://github.com/tektoncd/triggers/blob/main/pkg/reconciler/eventlistener/eventlistener.go#L149-L152 is how we merge annotations in Triggers

tekton-robot commented 1 year ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale with a justification. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

tekton-robot commented 1 year ago

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten with a justification. Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

vdemeester commented 1 year ago

/lifecycle frozen