operator icon indicating copy to clipboard operation
operator copied to clipboard
verified publisher icon tektoncd

GKE workload identity

Open mike-serchenia opened this issue 3 years ago • 10 comments

Expected Behavior

allow add annotation to ksa tekton-pipelines-controller

Actual Behavior

tekton-operator will create ksa tekton-pipelines-controller and even if you annotate it with google service account, reconciler will remove the annotation

Steps to Reproduce the Problem

  1. install tekton-pipelines with tekton-operator
  2. try to run PipelineRun with pipelineRef: bundle:
  3. get error
CouldntGetTask
Pipeline tekton/kubernetes-sanity can't be Run; it contains Tasks that don't exist: Couldn't retrieve Task "kustomize-lint": GET https://us-east4-docker.pkg.dev/v2/token?scope=repository%3Agcp-project%2Ftekton-catalog%2Ftask%2Fkustomize-lint%3Apull&service=us-east4-docker.pkg.dev: DENIED: Permission "artifactregistry.repositories.downloadArtifacts" denied on resource "projects/GCP-project/locations/us-east1/repositories/tekton-catalog" (or it may not exist)

broken in releases higher then https://storage.googleapis.com/tekton-releases/operator/previous/v0.54.0/release.yaml

mike-serchenia avatar Jul 12 '22 21:07 mike-serchenia

@mike-serchenia I guess this is a bit similar to https://github.com/tektoncd/operator/issues/651 but for annotation, am I right ?

vdemeester avatar Jul 13 '22 09:07 vdemeester

@mike-serchenia I guess this is a bit similar to #651 but for annotation, am I right ?

Looks like it, correct

mike-serchenia avatar Jul 13 '22 14:07 mike-serchenia

We handled this in Triggers by merging existing annotations with the ones that triggers adds in the reconciler to prevent overwrites

dibyom avatar Jul 13 '22 20:07 dibyom

/help-wanted

nikhil-thomas avatar Jul 14 '22 12:07 nikhil-thomas

We handled this in Triggers by merging existing annotations with the ones that triggers adds in the reconciler to prevent overwrites

could you please share details?

mike-serchenia avatar Aug 19 '22 17:08 mike-serchenia

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale with a justification. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

tekton-robot avatar Nov 17 '22 18:11 tekton-robot

@mike-serchenia https://github.com/tektoncd/triggers/blob/main/pkg/reconciler/eventlistener/eventlistener.go#L149-L152 is how we merge annotations in Triggers

dibyom avatar Nov 17 '22 18:11 dibyom

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale with a justification. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

tekton-robot avatar Feb 15 '23 19:02 tekton-robot

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten with a justification. Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

tekton-robot avatar Mar 17 '23 19:03 tekton-robot

/lifecycle frozen

vdemeester avatar Mar 21 '23 14:03 vdemeester