search

tektoncd / pipeline

A cloud-native Pipeline resource.
https://tekton.dev
Apache License 2.0
8.36k stars 1.76k forks source link

Separating "tekton-pipelines" and "tekton-pipelines-resolvers" manifests. #5931

Open michaelsatish opened 1 year ago

michaelsatish commented 1 year ago

Hi,

Creating this issue to request the separation of "tekton-pipelines" and "tekton-pipelines-resolvers" manifests with each release.

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.0/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.43.0/resolvers.yaml

I am using the Flux Kustomize controller to deploy Tekton Pipeline and running into kustomize namespace confliction.

Error: namespace transformation produces ID conflict

This does not work

apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
  name: tekton-pipelines
spec:
  interval: 10m0s
  prune: true
  wait: true
  force: true
  path: ./infrastructure/tekton/pipelines
  sourceRef:
    kind: GitRepository
    name: flux-system
    namespace: flux-system

The directory ./infrastructure/tekton/pipelines has the pipeline release file.

  1. release.yaml
  2. kustomization.yaml

This works

apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
  name: tekton-pipelines
spec:
  interval: 10m0s
  prune: true
  wait: true
  force: true
  path: ./infrastructure/tekton/pipelines
  sourceRef:
    kind: GitRepository
    name: flux-system
    namespace: flux-system
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
  name: tekton-pipelines-resolvers
spec:
  interval: 10m0s
  prune: true
  wait: true
  force: true
  path: ./infrastructure/tekton/pipelines-resolvers
  sourceRef:
    kind: GitRepository
    name: flux-system
    namespace: flux-system

The directory ./infrastructure/tekton/pipelines has the pipeline release file and the directory ./infrastructure/tekton/pipelines-resolvers has the resolvers file.

AlanGreene commented 1 year ago

This was originally the case but they were combined before release, see https://github.com/tektoncd/pipeline/issues/5607 for previous discussion. @abayer fyi

michaelsatish commented 1 year ago

@abayer Is it possible to revert the decision to include the resolvers with the pipeline manifest and provide pipeline and resolvers separately with future releases?

Unfortunately I cannot use the Tekton operator as there is no support to provide images from a Private repo.

vdemeester commented 1 year ago

@michaelsatish if the resolvers where to live in the same namespace as the rest of the pipeline payload (aka in tekton-pipelines), would it work ?

michaelsatish commented 1 year ago

@vdemeester Thank you. That will work for me.

vdemeester commented 1 year ago

@michaelsatish ok so the real problem is that we "ship" 2 namespaces in the same release.yaml πŸ€”

michaelsatish commented 1 year ago

I think kustomize will not handle a manifest file having 2 kind of type namespace. See this https://github.com/kubernetes-sigs/kustomize/issues/3156

samip5 commented 1 year ago

Just hit this issue with Flux and kustomize cli.

error: accumulating resources: accumulation err='accumulating resources from 'pipelines': '/home/sky/Github/k8s-cluster/cluster/apps/ci/tekton/app/pipelines' must resolve to a file': recursed accumulation of path '/home/sky/Github/k8s-cluster/cluster/apps/ci/tekton/app/pipelines': namespace transformation produces ID conflict: [{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"internal.config.kubernetes.io/previousKinds":"Namespace","internal.config.kubernetes.io/previousNames":"tekton-pipelines","internal.config.kubernetes.io/previousNamespaces":"_non_namespaceable_"},"labels":{"app.kubernetes.io/instance":"default","app.kubernetes.io/part-of":"tekton-pipelines","pod-security.kubernetes.io/enforce":"restricted"},"name":"tekton-pipelines"}} {"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"internal.config.kubernetes.io/previousKinds":"Namespace","internal.config.kubernetes.io/previousNames":"tekton-pipelines-resolvers","internal.config.kubernetes.io/previousNamespaces":"_non_namespaceable_"},"labels":{"app.kubernetes.io/component":"resolvers","app.kubernetes.io/instance":"default","app.kubernetes.io/part-of":"tekton-pipelines","pod-security.kubernetes.io/enforce":"restricted"},"name":"tekton-pipelines"}}]
danmanners commented 1 year ago

I'm running into this in my homelab as well with both ArgoCD. Having the single file breaks any GitOps tooling I've tested so far.

Genuine question: was https://github.com/tektoncd/pipeline/issues/5607 QA tested with any GitOps tools like Flux or ArgoCD? This should/would have immediately failed.

vdemeester commented 1 year ago

@michaelsatish @samip5 same question I asked @danmanners on https://github.com/tektoncd/pipeline/issues/5607#issuecomment-1437200648.

do you have an example of how one deploys Tekton Pipelines witsh Fluy or ArgoCD (aka the Application or other CRD used and the possible layout of a repo or something) ?

I want to understand how we can solve this, and if this is solvable independently of the release.yaml or not.

michaelsatish commented 1 year ago

@vdemeester

Here is a simplified repo structure. 

β”œβ”€β”€ clusters
β”‚Β Β  β”œβ”€β”€ dev
β”‚Β Β  β”‚Β Β  β”œβ”€β”€ infrastructure.yaml
β”œβ”€β”€ infrastructure
β”‚Β Β  β”œβ”€β”€ tekton
β”‚Β Β  β”‚Β Β  β”œβ”€β”€ pipelines
β”‚Β Β  β”‚Β Β  β”‚Β Β  β”œβ”€β”€ release.yaml

The path ./infrastructure/tekton/pipelines has the release.yaml file.

The file ./clusters/dev/infrastructure.yaml has the flux CRD "kustomization". The flux source and kustomization controllers reconciles any changes in path ./infrastructure/tekton/pipelines

apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
  name: tekton-pipelines
spec:
  interval: 10m0s
  prune: true
  wait: true
  force: true
  path: ./infrastructure/tekton/pipelines
  sourceRef:
    kind: GitRepository
    name: flux-system
    namespace: flux-system

Hope this helps.

vdemeester commented 1 year ago

@michaelsatish and infrastructure/tekton/pipelines can hold a kustomization.yaml or will it take any yaml from it ? πŸ€” (I should read the documentation to be fair πŸ™ƒ )

michaelsatish commented 1 year ago

@vdemeester My apologies I do have a kustomization.yaml, I was lazy. Having said that flux does auto create kustomization.yaml if it is missing.

https://fluxcd.io/flux/components/kustomize/kustomization/#generate-kustomizationyaml

If your repository contains plain Kubernetes manifests, the kustomization.yaml file is automatically generated for all the Kubernetes manifests in the directory tree specified in the spec.path field of the Flux Kustomization

vdemeester commented 1 year ago

@michaelsatish ok thanks, it should help me πŸ‘ΌπŸΌ .

jwitrick commented 1 year ago

Please either put the resolvers into the same namespace (I dont like using a bunch of different namespaces for the same tool anyway) or re-split the files.

aw185176 commented 1 year ago

Please either put the resolvers into the same namespace (I dont like using a bunch of different namespaces for the same tool anyway) or re-split the files.

Echoing. Single manifest file + multiple Namespaces = break tons of existing workflows around Kustomize.

tekton-robot commented 11 months ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale with a justification. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

tekton-robot commented 10 months ago

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten with a justification. Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

tekton-robot commented 9 months ago

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen with a justification. Mark the issue as fresh with /remove-lifecycle rotten with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/close

Send feedback to tektoncd/plumbing.

tekton-robot commented 9 months ago

@tekton-robot: Closing this issue.

In response to [this](https://github.com/tektoncd/pipeline/issues/5931#issuecomment-1752122765): >Rotten issues close after 30d of inactivity. >Reopen the issue with `/reopen` with a justification. >Mark the issue as fresh with `/remove-lifecycle rotten` with a justification. >If this issue should be exempted, mark the issue as frozen with `/lifecycle frozen` with a justification. > >/close > >Send feedback to [tektoncd/plumbing](https://github.com/tektoncd/plumbing). Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
vdemeester commented 9 months ago

/lifecycle frozen