From b165ccaba19d7141c66308fedd62eb21ffe484d5 Mon Sep 17 00:00:00 2001 From: Jason Hall Date: Fri, 6 Dec 2019 15:22:09 -0500 Subject: [PATCH] Reserve /tekton/ paths and "tekton-internal-" volume names This prevents collisions between user-specified volumes and Tekton-internal volumes used to support execution. Some validation changes: - volume names starting with "tekton-internal-" are not valid - volumeMounts that mount at /tekton/* are not valid Tekton's own internal volume mounts are already mounted at /tekton/*, and now all volume names start with "tekton-internal-" Some Tekton-internal volume names were previously randomized to prevent collisions, which is no longer necessary, so they're no longer randomized. creds-init mounts annotated K8s secrets into the creds-init process. Previously those were mounted at /var/build-secrets/* (a relic of knative/build times). Now those are mounted at /tekton/creds-secrets/* Some init container names were also randomly generated, which is unnecessary, so that's gone too. --- cmd/entrypoint/README.md | 10 +- docs/developers/README.md | 3 +- pkg/apis/pipeline/v1alpha1/task_validation.go | 29 ++++- .../pipeline/v1alpha1/task_validation_test.go | 45 ++++++- pkg/credentials/initialize.go | 2 +- pkg/pod/creds_init.go | 5 +- pkg/pod/creds_init_test.go | 6 +- pkg/pod/entrypoint.go | 4 +- pkg/pod/pod.go | 16 ++- pkg/pod/pod_test.go | 28 ++-- pkg/pod/script.go | 5 +- pkg/pod/script_test.go | 28 ++-- pkg/pod/workingdir_init.go | 7 +- pkg/pod/workingdir_init_test.go | 11 +- pkg/reconciler/taskrun/taskrun_test.go | 120 +++++++++--------- 15 files changed, 183 insertions(+), 136 deletions(-) diff --git a/cmd/entrypoint/README.md b/cmd/entrypoint/README.md index 29f7eb5f3f3..0df4be613c7 100644 --- a/cmd/entrypoint/README.md +++ b/cmd/entrypoint/README.md @@ -20,15 +20,15 @@ The following flags are available : content. The following example of usage for `entrypoint`, wait's for -`/builder/downward/ready` file to exists and have some content before +`/tekton/downward/ready` file to exists and have some content before executing `/ko-app/bash -- -args mkdir -p /workspace/git-resource`, -and will write to `/builder/tools/0` in casse of succes, or -`/builder/tools/0.err` in case of failure. +and will write to `/tekton/tools/0` in casse of succes, or +`/tekton/tools/0.err` in case of failure. ``` entrypoint \ - -wait_file /builder/downward/ready \ - -post_file /builder/tools/0" \ + -wait_file /tekton/downward/ready \ + -post_file /tekton/tools/0" \ -wait_file_content \ -entrypoint /ko-app/bash -- -args mkdir -p /workspace/git-resource ``` diff --git a/docs/developers/README.md b/docs/developers/README.md index 7dcde0b35f6..4db81961d49 100644 --- a/docs/developers/README.md +++ b/docs/developers/README.md @@ -144,12 +144,11 @@ If the image is a private registry, the service account should include an ## Builder namespace on containers -The `/builder/` namespace is reserved on containers for various system tools, +The `/tekton/` namespace is reserved on containers for various system tools, such as the following: - The environment variable HOME is set to `/tekton/home`, used by the builder tools and injected on into all of the step containers -- Default location for output-images `/builder/output-images` ## Handling of injected sidecars diff --git a/pkg/apis/pipeline/v1alpha1/task_validation.go b/pkg/apis/pipeline/v1alpha1/task_validation.go index 0ced3df1d3b..b3de508302b 100644 --- a/pkg/apis/pipeline/v1alpha1/task_validation.go +++ b/pkg/apis/pipeline/v1alpha1/task_validation.go @@ -126,7 +126,7 @@ func ValidateVolumes(volumes []corev1.Volume) *apis.FieldError { func validateSteps(steps []Step) *apis.FieldError { // Task must not have duplicate step names. names := map[string]struct{}{} - for _, s := range steps { + for idx, s := range steps { if s.Image == "" { return apis.ErrMissingField("Image") } @@ -134,19 +134,34 @@ func validateSteps(steps []Step) *apis.FieldError { if s.Script != "" { if len(s.Command) > 0 { return &apis.FieldError{ - Message: "script cannot be used with command", + Message: fmt.Sprintf("step %d script cannot be used with command", idx), Paths: []string{"script"}, } } } - if s.Name == "" { - continue + if s.Name != "" { + if _, ok := names[s.Name]; ok { + return apis.ErrInvalidValue(s.Name, "name") + } + names[s.Name] = struct{}{} } - if _, ok := names[s.Name]; ok { - return apis.ErrInvalidValue(s.Name, "name") + + for _, vm := range s.VolumeMounts { + if strings.HasPrefix(vm.MountPath, "/tekton/") && + !strings.HasPrefix(vm.MountPath, "/tekton/home") { + return &apis.FieldError{ + Message: fmt.Sprintf("step %d volumeMount cannot be mounted under /tekton/ (volumeMount %q mounted at %q)", idx, vm.Name, vm.MountPath), + Paths: []string{"volumeMounts.mountPath"}, + } + } + if strings.HasPrefix(vm.Name, "tekton-internal-") { + return &apis.FieldError{ + Message: fmt.Sprintf(`step %d volumeMount name %q cannot start with "tekton-internal-"`, idx, vm.Name), + Paths: []string{"volumeMounts.name"}, + } + } } - names[s.Name] = struct{}{} } return nil } diff --git a/pkg/apis/pipeline/v1alpha1/task_validation_test.go b/pkg/apis/pipeline/v1alpha1/task_validation_test.go index 7b8b8447489..8f940c13c0c 100644 --- a/pkg/apis/pipeline/v1alpha1/task_validation_test.go +++ b/pkg/apis/pipeline/v1alpha1/task_validation_test.go @@ -205,7 +205,7 @@ func TestTaskSpecValidate(t *testing.T) { }}, }, }, { - name: "valid step with script and args", + name: "valid step with script and args", fields: fields{ Steps: []v1alpha1.Step{{ Container: corev1.Container{ @@ -217,6 +217,17 @@ func TestTaskSpecValidate(t *testing.T) { hello $1`, }}, }, + }, { + name: "valid step with volumeMount under /tekton/home", + fields: fields{ + Steps: []v1alpha1.Step{{Container: corev1.Container{ + Image: "myimage", + VolumeMounts: []corev1.VolumeMount{{ + Name: "foo", + MountPath: "/tekton/home", + }}, + }}}, + }, }} for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -643,9 +654,39 @@ func TestTaskSpecValidateError(t *testing.T) { }}, }, expectedError: apis.FieldError{ - Message: "script cannot be used with command", + Message: "step 0 script cannot be used with command", Paths: []string{"steps.script"}, }, + }, { + name: "step volume mounts under /tekton/", + fields: fields{ + Steps: []v1alpha1.Step{{Container: corev1.Container{ + Image: "myimage", + VolumeMounts: []corev1.VolumeMount{{ + Name: "foo", + MountPath: "/tekton/foo", + }}, + }}}, + }, + expectedError: apis.FieldError{ + Message: `step 0 volumeMount cannot be mounted under /tekton/ (volumeMount "foo" mounted at "/tekton/foo")`, + Paths: []string{"steps.volumeMounts.mountPath"}, + }, + }, { + name: "step volume mount name starts with tekton-internal-", + fields: fields{ + Steps: []v1alpha1.Step{{Container: corev1.Container{ + Image: "myimage", + VolumeMounts: []corev1.VolumeMount{{ + Name: "tekton-internal-foo", + MountPath: "/this/is/fine", + }}, + }}}, + }, + expectedError: apis.FieldError{ + Message: `step 0 volumeMount name "tekton-internal-foo" cannot start with "tekton-internal-"`, + Paths: []string{"steps.volumeMounts.name"}, + }, }} for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/pkg/credentials/initialize.go b/pkg/credentials/initialize.go index 30825466c07..49ad7951f6a 100644 --- a/pkg/credentials/initialize.go +++ b/pkg/credentials/initialize.go @@ -26,7 +26,7 @@ import ( // VolumePath is the path where build secrets are written. // It is mutable and exported for testing. -var VolumePath = "/var/build-secrets" +var VolumePath = "/tekton/creds-secrets" // Builder is the interface for a credential initializer of any type. type Builder interface { diff --git a/pkg/pod/creds_init.go b/pkg/pod/creds_init.go index f37658d00ad..dd4c7c2be98 100644 --- a/pkg/pod/creds_init.go +++ b/pkg/pod/creds_init.go @@ -22,7 +22,6 @@ import ( "github.com/tektoncd/pipeline/pkg/credentials" "github.com/tektoncd/pipeline/pkg/credentials/dockercreds" "github.com/tektoncd/pipeline/pkg/credentials/gitcreds" - "github.com/tektoncd/pipeline/pkg/names" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" @@ -65,7 +64,7 @@ func credsInit(credsImage string, serviceAccountName, namespace string, kubeclie } if matched { - name := names.SimpleNameGenerator.RestrictLengthWithRandomSuffix(fmt.Sprintf("secret-volume-%s", secret.Name)) + name := fmt.Sprintf("tekton-internal-secret-volume-%s", secret.Name) volumeMounts = append(volumeMounts, corev1.VolumeMount{ Name: name, MountPath: credentials.VolumeName(secret.Name), @@ -87,7 +86,7 @@ func credsInit(credsImage string, serviceAccountName, namespace string, kubeclie } return &corev1.Container{ - Name: names.SimpleNameGenerator.RestrictLengthWithRandomSuffix("credential-initializer"), + Name: "credential-initializer", Image: credsImage, Command: []string{"/ko-app/creds-init"}, Args: args, diff --git a/pkg/pod/creds_init_test.go b/pkg/pod/creds_init_test.go index 36a03518124..22fa8ad53cd 100644 --- a/pkg/pod/creds_init_test.go +++ b/pkg/pod/creds_init_test.go @@ -99,7 +99,7 @@ func TestCredsInit(t *testing.T) { }, }, want: &corev1.Container{ - Name: "credential-initializer-mz4c7", + Name: "credential-initializer", Image: images.CredsImage, Command: []string{"/ko-app/creds-init"}, Args: []string{ @@ -110,8 +110,8 @@ func TestCredsInit(t *testing.T) { }, Env: envVars, VolumeMounts: append(volumeMounts, corev1.VolumeMount{ - Name: "secret-volume-my-creds-9l9zj", - MountPath: "/var/build-secrets/my-creds", + Name: "tekton-internal-secret-volume-my-creds", + MountPath: "/tekton/creds-secrets/my-creds", }), }, }} { diff --git a/pkg/pod/entrypoint.go b/pkg/pod/entrypoint.go index cc05a34253b..20e286b1408 100644 --- a/pkg/pod/entrypoint.go +++ b/pkg/pod/entrypoint.go @@ -28,11 +28,11 @@ import ( ) const ( - toolsVolumeName = "tools" + toolsVolumeName = "tekton-internal-tools" mountPoint = "/tekton/tools" entrypointBinary = mountPoint + "/entrypoint" - downwardVolumeName = "downward" + downwardVolumeName = "tekton-internal-downward" downwardMountPoint = "/tekton/downward" downwardMountReadyFile = "ready" readyAnnotation = "tekton.dev/ready" diff --git a/pkg/pod/pod.go b/pkg/pod/pod.go index f9080410f03..0455968a9be 100644 --- a/pkg/pod/pod.go +++ b/pkg/pod/pod.go @@ -30,8 +30,10 @@ import ( ) const ( - workspaceDir = "/workspace" - homeDir = "/tekton/home" + workspaceVolumeName = "tekton-internal-workspace" + homeVolumeName = "tekton-internal-home" + workspaceDir = "/workspace" + homeDir = "/tekton/home" taskRunLabelKey = pipeline.GroupName + pipeline.TaskRunLabelKey ManagedByLabelKey = "app.kubernetes.io/managed-by" @@ -51,17 +53,17 @@ var ( Value: homeDir, }} implicitVolumeMounts = []corev1.VolumeMount{{ - Name: "workspace", + Name: "tekton-internal-workspace", MountPath: workspaceDir, }, { - Name: "tekton-home", + Name: "tekton-internal-home", MountPath: homeDir, }} implicitVolumes = []corev1.Volume{{ - Name: "workspace", + Name: "tekton-internal-workspace", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}, }, { - Name: "tekton-home", + Name: "tekton-internal-home", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}, }} ) @@ -99,7 +101,7 @@ func MakePod(images pipeline.Images, taskRun *v1alpha1.TaskRun, taskSpec v1alpha } // Initialize any workingDirs under /workspace. - if workingDirInit := workingDirInit(images.ShellImage, stepContainers, implicitVolumeMounts); workingDirInit != nil { + if workingDirInit := workingDirInit(images.ShellImage, stepContainers); workingDirInit != nil { initContainers = append(initContainers, *workingDirInit) } diff --git a/pkg/pod/pod_test.go b/pkg/pod/pod_test.go index 649187b0216..78bf091578a 100644 --- a/pkg/pod/pod_test.go +++ b/pkg/pod/pod_test.go @@ -44,11 +44,11 @@ func TestMakePod(t *testing.T) { names.TestingSeed() secretsVolumeMount := corev1.VolumeMount{ - Name: "secret-volume-multi-creds-9l9zj", - MountPath: "/var/build-secrets/multi-creds", + Name: "tekton-internal-secret-volume-multi-creds", + MountPath: "/tekton/creds-secrets/multi-creds", } secretsVolume := corev1.Volume{ - Name: "secret-volume-multi-creds-9l9zj", + Name: "tekton-internal-secret-volume-multi-creds", VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{SecretName: "multi-creds"}}, } @@ -116,7 +116,7 @@ func TestMakePod(t *testing.T) { ServiceAccountName: "service-account", RestartPolicy: corev1.RestartPolicyNever, InitContainers: []corev1.Container{{ - Name: "credential-initializer-mz4c7", + Name: "credential-initializer", Image: images.CredsImage, Command: []string{"/ko-app/creds-init"}, Args: []string{ @@ -279,7 +279,7 @@ func TestMakePod(t *testing.T) { want: &corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyNever, InitContainers: []corev1.Container{{ - Name: "working-dir-initializer-mz4c7", + Name: "working-dir-initializer", Image: images.ShellImage, Command: []string{"sh"}, Args: []string{"-c", fmt.Sprintf("mkdir -p %s", filepath.Join(workspaceDir, "test"))}, @@ -455,22 +455,22 @@ print("Hello from Python")`, want: &corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyNever, InitContainers: []corev1.Container{{ - Name: "place-scripts-9l9zj", + Name: "place-scripts", Image: images.ShellImage, Command: []string{"sh"}, TTY: true, - Args: []string{"-c", `tmpfile="/tekton/scripts/script-0-mz4c7" + Args: []string{"-c", `tmpfile="/tekton/scripts/script-0-9l9zj" touch ${tmpfile} && chmod +x ${tmpfile} -cat > ${tmpfile} << 'script-heredoc-randomly-generated-mssqb' +cat > ${tmpfile} << 'script-heredoc-randomly-generated-mz4c7' #!/bin/sh echo hello from step one -script-heredoc-randomly-generated-mssqb -tmpfile="/tekton/scripts/script-1-78c5n" +script-heredoc-randomly-generated-mz4c7 +tmpfile="/tekton/scripts/script-1-mssqb" touch ${tmpfile} && chmod +x ${tmpfile} -cat > ${tmpfile} << 'script-heredoc-randomly-generated-6nl7g' +cat > ${tmpfile} << 'script-heredoc-randomly-generated-78c5n' #!/usr/bin/env python print("Hello from Python") -script-heredoc-randomly-generated-6nl7g +script-heredoc-randomly-generated-78c5n `}, VolumeMounts: []corev1.VolumeMount{scriptsVolumeMount}, }, { @@ -490,7 +490,7 @@ script-heredoc-randomly-generated-6nl7g "-post_file", "/tekton/tools/0", "-entrypoint", - "/tekton/scripts/script-0-mz4c7", + "/tekton/scripts/script-0-9l9zj", "--", "template", "args", @@ -509,7 +509,7 @@ script-heredoc-randomly-generated-6nl7g "-post_file", "/tekton/tools/1", "-entrypoint", - "/tekton/scripts/script-1-78c5n", + "/tekton/scripts/script-1-mssqb", "--", "template", "args", diff --git a/pkg/pod/script.go b/pkg/pod/script.go index 27ae7d10104..a0a10536b5c 100644 --- a/pkg/pod/script.go +++ b/pkg/pod/script.go @@ -27,7 +27,7 @@ import ( ) const ( - scriptsVolumeName = "scripts" + scriptsVolumeName = "tekton-internal-scripts" scriptsDir = "/tekton/scripts" defaultShebang = "#!/bin/sh\n" ) @@ -35,7 +35,6 @@ const ( var ( // Volume definition attached to Pods generated from TaskRuns that have // steps that specify a Script. - // TODO(#1605): Generate volumeMount names, to avoid collisions. scriptsVolume = corev1.Volume{ Name: scriptsVolumeName, VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}, @@ -54,7 +53,7 @@ var ( func convertScripts(shellImage string, steps []v1alpha1.Step) (*corev1.Container, []corev1.Container) { placeScripts := false placeScriptsInit := corev1.Container{ - Name: names.SimpleNameGenerator.RestrictLengthWithRandomSuffix("place-scripts"), + Name: "place-scripts", Image: shellImage, TTY: true, Command: []string{"sh"}, diff --git a/pkg/pod/script_test.go b/pkg/pod/script_test.go index 3c16e75b0a3..e32c6ca49fb 100644 --- a/pkg/pod/script_test.go +++ b/pkg/pod/script_test.go @@ -80,51 +80,51 @@ script-3`, }, }}) wantInit := &corev1.Container{ - Name: "place-scripts-9l9zj", + Name: "place-scripts", Image: images.ShellImage, TTY: true, Command: []string{"sh"}, - Args: []string{"-c", `tmpfile="/tekton/scripts/script-0-mz4c7" + Args: []string{"-c", `tmpfile="/tekton/scripts/script-0-9l9zj" touch ${tmpfile} && chmod +x ${tmpfile} -cat > ${tmpfile} << 'script-heredoc-randomly-generated-mssqb' +cat > ${tmpfile} << 'script-heredoc-randomly-generated-mz4c7' #!/bin/sh script-1 -script-heredoc-randomly-generated-mssqb -tmpfile="/tekton/scripts/script-2-78c5n" +script-heredoc-randomly-generated-mz4c7 +tmpfile="/tekton/scripts/script-2-mssqb" touch ${tmpfile} && chmod +x ${tmpfile} -cat > ${tmpfile} << 'script-heredoc-randomly-generated-6nl7g' +cat > ${tmpfile} << 'script-heredoc-randomly-generated-78c5n' #!/bin/sh script-3 -script-heredoc-randomly-generated-6nl7g -tmpfile="/tekton/scripts/script-3-j2tds" +script-heredoc-randomly-generated-78c5n +tmpfile="/tekton/scripts/script-3-6nl7g" touch ${tmpfile} && chmod +x ${tmpfile} -cat > ${tmpfile} << 'script-heredoc-randomly-generated-vr6ds' +cat > ${tmpfile} << 'script-heredoc-randomly-generated-j2tds' #!/bin/sh no-shebang -script-heredoc-randomly-generated-vr6ds +script-heredoc-randomly-generated-j2tds `}, VolumeMounts: []corev1.VolumeMount{scriptsVolumeMount}, } want := []corev1.Container{{ Image: "step-1", - Command: []string{"/tekton/scripts/script-0-mz4c7"}, + Command: []string{"/tekton/scripts/script-0-9l9zj"}, VolumeMounts: []corev1.VolumeMount{scriptsVolumeMount}, }, { Image: "step-2", }, { Image: "step-3", - Command: []string{"/tekton/scripts/script-2-78c5n"}, + Command: []string{"/tekton/scripts/script-2-mssqb"}, Args: []string{"my", "args"}, VolumeMounts: append(preExistingVolumeMounts, scriptsVolumeMount), }, { Image: "step-3", - Command: []string{"/tekton/scripts/script-3-j2tds"}, + Command: []string{"/tekton/scripts/script-3-6nl7g"}, Args: []string{"my", "args"}, VolumeMounts: []corev1.VolumeMount{ {Name: "pre-existing-volume-mount", MountPath: "/mount/path"}, {Name: "another-one", MountPath: "/another/one"}, - {Name: "scripts", MountPath: "/tekton/scripts"}, + scriptsVolumeMount, }, }} if d := cmp.Diff(wantInit, gotInit); d != "" { diff --git a/pkg/pod/workingdir_init.go b/pkg/pod/workingdir_init.go index e8234f588bc..dcadf335272 100644 --- a/pkg/pod/workingdir_init.go +++ b/pkg/pod/workingdir_init.go @@ -21,7 +21,6 @@ import ( "sort" "strings" - "github.com/tektoncd/pipeline/pkg/names" corev1 "k8s.io/api/core/v1" ) @@ -31,7 +30,7 @@ import ( // // If no such directories need to be created (i.e., no relative workingDirs // are specified), this method returns nil, as no init container is necessary. -func workingDirInit(shellImage string, stepContainers []corev1.Container, volumeMounts []corev1.VolumeMount) *corev1.Container { +func workingDirInit(shellImage string, stepContainers []corev1.Container) *corev1.Container { // Gather all unique workingDirs. workingDirs := map[string]struct{}{} for _, step := range stepContainers { @@ -65,11 +64,11 @@ func workingDirInit(shellImage string, stepContainers []corev1.Container, volume } return &corev1.Container{ - Name: names.SimpleNameGenerator.RestrictLengthWithRandomSuffix("working-dir-initializer"), + Name: "working-dir-initializer", Image: shellImage, Command: []string{"sh"}, Args: []string{"-c", "mkdir -p " + strings.Join(relativeDirs, " ")}, WorkingDir: workspaceDir, - VolumeMounts: volumeMounts, + VolumeMounts: implicitVolumeMounts, } } diff --git a/pkg/pod/workingdir_init_test.go b/pkg/pod/workingdir_init_test.go index 5bc2672d7df..21fb2586e1b 100644 --- a/pkg/pod/workingdir_init_test.go +++ b/pkg/pod/workingdir_init_test.go @@ -25,11 +25,6 @@ import ( ) func TestWorkingDirInit(t *testing.T) { - volumeMounts := []corev1.VolumeMount{{ - Name: "my-volume-mount", - MountPath: "/blah", - }} - names.TestingSeed() for _, c := range []struct { desc string @@ -59,16 +54,16 @@ func TestWorkingDirInit(t *testing.T) { WorkingDir: "/workspace/bbb", }}, want: &corev1.Container{ - Name: "working-dir-initializer-9l9zj", + Name: "working-dir-initializer", Image: images.ShellImage, Command: []string{"sh"}, Args: []string{"-c", "mkdir -p /workspace/bbb aaa zzz"}, WorkingDir: workspaceDir, - VolumeMounts: volumeMounts, + VolumeMounts: implicitVolumeMounts, }, }} { t.Run(c.desc, func(t *testing.T) { - got := workingDirInit(images.ShellImage, c.stepContainers, volumeMounts) + got := workingDirInit(images.ShellImage, c.stepContainers) if d := cmp.Diff(c.want, got); d != "" { t.Fatalf("Diff (-want, +got): %s", d) } diff --git a/pkg/reconciler/taskrun/taskrun_test.go b/pkg/reconciler/taskrun/taskrun_test.go index 5754e9733c4..83204ad0601 100644 --- a/pkg/reconciler/taskrun/taskrun_test.go +++ b/pkg/reconciler/taskrun/taskrun_test.go @@ -159,25 +159,25 @@ var ( )) toolsVolume = corev1.Volume{ - Name: "tools", + Name: "tekton-internal-tools", VolumeSource: corev1.VolumeSource{ EmptyDir: &corev1.EmptyDirVolumeSource{}, }, } workspaceVolume = corev1.Volume{ - Name: "workspace", + Name: "tekton-internal-workspace", VolumeSource: corev1.VolumeSource{ EmptyDir: &corev1.EmptyDirVolumeSource{}, }, } homeVolume = corev1.Volume{ - Name: "tekton-home", + Name: "tekton-internal-home", VolumeSource: corev1.VolumeSource{ EmptyDir: &corev1.EmptyDirVolumeSource{}, }, } downwardVolume = corev1.Volume{ - Name: "downward", + Name: "tekton-internal-downward", VolumeSource: corev1.VolumeSource{ DownwardAPI: &corev1.DownwardAPIVolumeSource{ Items: []corev1.DownwardAPIVolumeFile{{ @@ -205,10 +205,10 @@ var ( dir), tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("downward", "/tekton/downward"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-downward", "/tekton/downward"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), } actualOps = append(actualOps, ops...) @@ -219,12 +219,10 @@ var ( getPlaceToolsInitContainer = func(ops ...tb.ContainerOp) tb.PodSpecOp { actualOps := []tb.ContainerOp{ tb.Command("cp", "/ko-app/entrypoint", entrypointLocation), - tb.VolumeMount("tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), tb.Args(), } - actualOps = append(actualOps, ops...) - return tb.PodInitContainer("place-tools", "override-with-entrypoint:latest", actualOps...) } ) @@ -303,10 +301,10 @@ func TestReconcile_ExplicitDefaultSA(t *testing.T) { ), tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("downward", "/tekton/downward"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-downward", "/tekton/downward"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), ), ), ), @@ -337,10 +335,10 @@ func TestReconcile_ExplicitDefaultSA(t *testing.T) { ), tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("downward", "/tekton/downward"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-downward", "/tekton/downward"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), ), ), ), @@ -554,10 +552,10 @@ func TestReconcile(t *testing.T) { ), tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("downward", "/tekton/downward"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-downward", "/tekton/downward"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), ), ), ), @@ -588,10 +586,10 @@ func TestReconcile(t *testing.T) { ), tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("downward", "/tekton/downward"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-downward", "/tekton/downward"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), ), ), ), @@ -628,9 +626,9 @@ func TestReconcile(t *testing.T) { tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), tb.EnvVar("TEKTON_RESOURCE_NAME", "git-resource"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), ), tb.PodContainer("step-mycontainer", "myimage", tb.Command(entrypointLocation), @@ -639,9 +637,9 @@ func TestReconcile(t *testing.T) { "--my-additional-arg=gcr.io/kristoff/sven"), tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), ), tb.PodContainer("step-myothercontainer", "myotherimage", tb.Command(entrypointLocation), @@ -649,9 +647,9 @@ func TestReconcile(t *testing.T) { "--my-other-arg=https://foo.git"), tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), ), tb.PodContainer("step-image-digest-exporter-9l9zj", "override-with-imagedigest-exporter-image:latest", tb.Command(entrypointLocation), @@ -659,9 +657,9 @@ func TestReconcile(t *testing.T) { "-images", "[{\"name\":\"image-resource\",\"type\":\"image\",\"url\":\"gcr.io/kristoff/sven\",\"digest\":\"\",\"OutputImageDir\":\"/workspace/output/myimage\"}]"), tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), tb.TerminationMessagePolicy(corev1.TerminationMessageFallbackToLogsOnError), ), ), @@ -698,10 +696,10 @@ func TestReconcile(t *testing.T) { tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), tb.EnvVar("TEKTON_RESOURCE_NAME", "git-resource"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("downward", "/tekton/downward"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-downward", "/tekton/downward"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), ), tb.PodContainer("step-mycontainer", "myimage", tb.Command(entrypointLocation), @@ -709,9 +707,9 @@ func TestReconcile(t *testing.T) { tb.Args("-wait_file", "/tekton/tools/0", "-post_file", "/tekton/tools/1", "-entrypoint", "/mycmd", "--", "--my-arg=foo"), tb.EnvVar("HOME", "/tekton/home"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), ), ), ), @@ -741,10 +739,10 @@ func TestReconcile(t *testing.T) { ), tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("downward", "/tekton/downward"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-downward", "/tekton/downward"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), ), ), ), @@ -779,19 +777,19 @@ func TestReconcile(t *testing.T) { tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), tb.EnvVar("TEKTON_RESOURCE_NAME", "workspace"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("downward", "/tekton/downward"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-downward", "/tekton/downward"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), ), tb.PodContainer("step-mystep", "ubuntu", tb.Command(entrypointLocation), tb.Args("-wait_file", "/tekton/tools/0", "-post_file", "/tekton/tools/1", "-entrypoint", "/mycmd", "--"), tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), ), ), ), @@ -820,10 +818,10 @@ func TestReconcile(t *testing.T) { "--"), tb.WorkingDir(workspaceDir), tb.EnvVar("HOME", "/tekton/home"), - tb.VolumeMount("tools", "/tekton/tools"), - tb.VolumeMount("downward", "/tekton/downward"), - tb.VolumeMount("workspace", workspaceDir), - tb.VolumeMount("tekton-home", "/tekton/home"), + tb.VolumeMount("tekton-internal-tools", "/tekton/tools"), + tb.VolumeMount("tekton-internal-downward", "/tekton/downward"), + tb.VolumeMount("tekton-internal-workspace", workspaceDir), + tb.VolumeMount("tekton-internal-home", "/tekton/home"), ), ), ),