From bd9873084549635a7d988ab8a4a6a96f57f19c8c Mon Sep 17 00:00:00 2001 From: Billy Lynch Date: Tue, 5 Oct 2021 16:31:21 -0400 Subject: [PATCH] Split /tekton/run directories into separate volumes. This changes splits each `/tekton/run` volume into separate volumes so that steps can only mutate their own runtime information. This prevents steps from unexpectedly interfering with other step execution. To do this, we repurpose the `/tekton/run/#` path into a step-specific directory. Since this was previously used by the entrypoint for the post/wait files, we now use `/tekton/run/#/out` as the post/wait filepath instead. This does not change behavior of the directory, it enforces expected behavior of steps. `/tekton/run` is considered an internal implementation detail and is not covered by the API compatibility policy, so it is safe to make changes to the behavior of these files/paths. This does not stop user execution from writing the step's own `/tekton/run/#` folder. This needs more discussion/design - additional changes (if needed) will be made in another commit. This change is only focused on `/tekton/run` to reduce PR complexity. We will likely want to make a similar change to /tekton/steps in another commit. We may also look to consolidate all per-step volumes into a single source (i.e. creds-init does something similar as well). AFAICT, Ephemeral Volumes (i.e. EmptyDir) are exempt from Node Volume limits (https://kubernetes.io/docs/concepts/storage/storage-limits/) - spot checked this with a TaskRun with 100+ steps on both kind and GKE. --- cmd/entrypoint/README.md | 16 +- docs/developers/README.md | 1 + .../taskruns/readonly-internal-dir.yaml | 21 ++ pkg/pod/entrypoint.go | 17 +- pkg/pod/entrypoint_test.go | 51 ++--- pkg/pod/pod.go | 28 ++- pkg/pod/pod_test.go | 215 +++++++++++------- pkg/reconciler/taskrun/taskrun_test.go | 49 ++-- 8 files changed, 248 insertions(+), 150 deletions(-) create mode 100644 examples/v1beta1/taskruns/readonly-internal-dir.yaml diff --git a/cmd/entrypoint/README.md b/cmd/entrypoint/README.md index 2b1fce2f2be..80b278ad35c 100644 --- a/cmd/entrypoint/README.md +++ b/cmd/entrypoint/README.md @@ -29,14 +29,14 @@ Any extra positional arguments are passed to the original entrypoint command. ## Example The following example of usage for `entrypoint` waits for -`/tekton/run/3` file to exist and executes the command `bash` with args -`echo` and `hello`, then writes the file `/tekton/run/4`, or -`/tekton/run/4.err` in case the command fails. +`/tekton/run/3/out` file to exist and executes the command `bash` with args +`echo` and `hello`, then writes the file `/tekton/run/4/out`, or +`/tekton/run/4/out.err` in case the command fails. ```shell entrypoint \ - -wait_file /tekton/run/3 \ - -post_file /tekton/run/4 \ + -wait_file /tekton/run/3/out \ + -post_file /tekton/run/4/out \ -entrypoint bash -- \ echo hello ``` @@ -64,14 +64,14 @@ to contain contents before proceeding. The following example of usage for `entrypoint` waits for `/tekton/downward/ready` file to exist and contain actual contents (`-wait_file_contents`), and executes the command `bash` with args -`echo` and `hello`, then writes the file `/tekton/run/1`, or -`/tekton/run/1.err` in case the command fails. +`echo` and `hello`, then writes the file `/tekton/run/1/out`, or +`/tekton/run/1/out.err` in case the command fails. ```shell entrypoint \ -wait_file /tekton/downward/ready \ -wait_file_contents \ - -post_file /tekton/run/1 \ + -post_file /tekton/run/1/out \ -entrypoint bash -- \ echo hello ``` diff --git a/docs/developers/README.md b/docs/developers/README.md index 5b5e3881a91..a44c7d52dbd 100644 --- a/docs/developers/README.md +++ b/docs/developers/README.md @@ -166,6 +166,7 @@ Here is an example of a directory layout for a simple Task with 2 script steps: |-- results |-- run `-- 0 + `-- out |-- scripts | |-- script-0-t4jd8 | `-- script-1-4pjwp diff --git a/examples/v1beta1/taskruns/readonly-internal-dir.yaml b/examples/v1beta1/taskruns/readonly-internal-dir.yaml new file mode 100644 index 00000000000..24bf1a75386 --- /dev/null +++ b/examples/v1beta1/taskruns/readonly-internal-dir.yaml @@ -0,0 +1,21 @@ +# This file is primarily used for test validation of internal Tekton +# directories. This is not a useful example of typical user config. +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + generateName: readonly-internal-dir- +spec: + taskSpec: + steps: + - image: ubuntu + script: exit 0 + - image: ubuntu + script: | + set +e # dont fail the script on error + + # Steps should not be able to write to other step's run directories. + echo "hello world" > /tekton/run/0/out + if [ $? -eq 0 ] ; then + echo "able to write to run directory of non-current step" + exit 1 + fi diff --git a/pkg/pod/entrypoint.go b/pkg/pod/entrypoint.go index 836670c73a4..ca0e48b3768 100644 --- a/pkg/pod/entrypoint.go +++ b/pkg/pod/entrypoint.go @@ -23,6 +23,7 @@ import ( "fmt" "log" "path/filepath" + "strconv" "strings" "github.com/tektoncd/pipeline/pkg/apis/pipeline" @@ -72,15 +73,6 @@ var ( VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}, } - runMount = corev1.VolumeMount{ - Name: runVolumeName, - MountPath: runDir, - } - runVolume = corev1.Volume{ - Name: runVolumeName, - VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}, - } - // TODO(#1605): Signal sidecar readiness by injecting entrypoint, // remove dependency on Downward API. downwardVolume = corev1.Volume{ @@ -127,7 +119,7 @@ func orderContainers(commonExtraEntrypointArgs []string, steps []corev1.Containe "-wait_file", filepath.Join(downwardMountPoint, downwardMountReadyFile), "-wait_file_content", // Wait for file contents, not just an empty file. // Start next step. - "-post_file", filepath.Join(runDir, fmt.Sprintf("%d", i)), + "-post_file", filepath.Join(runDir, strconv.Itoa(i), "out"), "-termination_path", terminationPath, "-step_metadata_dir", filepath.Join(pipeline.StepsDir, name), "-step_metadata_dir_link", filepath.Join(pipeline.StepsDir, fmt.Sprintf("%d", i)), @@ -135,8 +127,8 @@ func orderContainers(commonExtraEntrypointArgs []string, steps []corev1.Containe default: // All other steps wait for previous file, write next file. argsForEntrypoint = []string{ - "-wait_file", filepath.Join(runDir, fmt.Sprintf("%d", i-1)), - "-post_file", filepath.Join(runDir, fmt.Sprintf("%d", i)), + "-wait_file", filepath.Join(runDir, strconv.Itoa(i-1), "out"), + "-post_file", filepath.Join(runDir, strconv.Itoa(i), "out"), "-termination_path", terminationPath, "-step_metadata_dir", filepath.Join(pipeline.StepsDir, name), "-step_metadata_dir_link", filepath.Join(pipeline.StepsDir, fmt.Sprintf("%d", i)), @@ -179,7 +171,6 @@ func orderContainers(commonExtraEntrypointArgs []string, steps []corev1.Containe steps[i].Command = []string{entrypointBinary} steps[i].Args = argsForEntrypoint - steps[i].VolumeMounts = append(steps[i].VolumeMounts, binROMount, runMount) steps[i].TerminationMessagePath = terminationPath } // Mount the Downward volume into the first step container. diff --git a/pkg/pod/entrypoint_test.go b/pkg/pod/entrypoint_test.go index cd912edfe21..f41544261ed 100644 --- a/pkg/pod/entrypoint_test.go +++ b/pkg/pod/entrypoint_test.go @@ -56,21 +56,21 @@ func TestOrderContainers(t *testing.T) { Args: []string{ "-wait_file", "/tekton/downward/ready", "-wait_file_content", - "-post_file", "/tekton/run/0", + "-post_file", "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", "/tekton/steps/step-unnamed-0", "-step_metadata_dir_link", "/tekton/steps/0", "-entrypoint", "cmd", "--", "arg1", "arg2", }, - VolumeMounts: []corev1.VolumeMount{binROMount, runMount, downwardMount}, + VolumeMounts: []corev1.VolumeMount{downwardMount}, TerminationMessagePath: "/tekton/termination", }, { Image: "step-2", Command: []string{entrypointBinary}, Args: []string{ - "-wait_file", "/tekton/run/0", - "-post_file", "/tekton/run/1", + "-wait_file", "/tekton/run/0/out", + "-post_file", "/tekton/run/1/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", "/tekton/steps/step-unnamed-1", "-step_metadata_dir_link", "/tekton/steps/1", @@ -78,21 +78,20 @@ func TestOrderContainers(t *testing.T) { "cmd2", "cmd3", "arg1", "arg2", }, - VolumeMounts: []corev1.VolumeMount{volumeMount, binROMount, runMount}, + VolumeMounts: []corev1.VolumeMount{volumeMount}, TerminationMessagePath: "/tekton/termination", }, { Image: "step-3", Command: []string{entrypointBinary}, Args: []string{ - "-wait_file", "/tekton/run/1", - "-post_file", "/tekton/run/2", + "-wait_file", "/tekton/run/1/out", + "-post_file", "/tekton/run/2/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", "/tekton/steps/step-unnamed-2", "-step_metadata_dir_link", "/tekton/steps/2", "-entrypoint", "cmd", "--", "arg1", "arg2", }, - VolumeMounts: []corev1.VolumeMount{binROMount, runMount}, TerminationMessagePath: "/tekton/termination", }} got, err := orderContainers([]string{}, steps, nil, nil) @@ -116,7 +115,7 @@ func TestOrderContainersWithDebugOnFailure(t *testing.T) { Args: []string{ "-wait_file", "/tekton/downward/ready", "-wait_file_content", - "-post_file", "/tekton/run/0", + "-post_file", "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", "/tekton/steps/step-unnamed-0", "-step_metadata_dir_link", "/tekton/steps/0", @@ -124,7 +123,7 @@ func TestOrderContainersWithDebugOnFailure(t *testing.T) { "-entrypoint", "cmd", "--", "arg1", "arg2", }, - VolumeMounts: []corev1.VolumeMount{binROMount, runMount, downwardMount}, + VolumeMounts: []corev1.VolumeMount{downwardMount}, TerminationMessagePath: "/tekton/termination", }} taskRunDebugConfig := &v1beta1.TaskRunDebug{ @@ -170,7 +169,7 @@ func TestEntryPointResults(t *testing.T) { Args: []string{ "-wait_file", "/tekton/downward/ready", "-wait_file_content", - "-post_file", "/tekton/run/0", + "-post_file", "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", "/tekton/steps/step-unnamed-0", "-step_metadata_dir_link", "/tekton/steps/0", @@ -178,14 +177,14 @@ func TestEntryPointResults(t *testing.T) { "-entrypoint", "cmd", "--", "arg1", "arg2", }, - VolumeMounts: []corev1.VolumeMount{binROMount, runMount, downwardMount}, + VolumeMounts: []corev1.VolumeMount{downwardMount}, TerminationMessagePath: "/tekton/termination", }, { Image: "step-2", Command: []string{entrypointBinary}, Args: []string{ - "-wait_file", "/tekton/run/0", - "-post_file", "/tekton/run/1", + "-wait_file", "/tekton/run/0/out", + "-post_file", "/tekton/run/1/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", "/tekton/steps/step-unnamed-1", "-step_metadata_dir_link", "/tekton/steps/1", @@ -194,14 +193,14 @@ func TestEntryPointResults(t *testing.T) { "cmd2", "cmd3", "arg1", "arg2", }, - VolumeMounts: []corev1.VolumeMount{volumeMount, binROMount, runMount}, + VolumeMounts: []corev1.VolumeMount{volumeMount}, TerminationMessagePath: "/tekton/termination", }, { Image: "step-3", Command: []string{entrypointBinary}, Args: []string{ - "-wait_file", "/tekton/run/1", - "-post_file", "/tekton/run/2", + "-wait_file", "/tekton/run/1/out", + "-post_file", "/tekton/run/2/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", "/tekton/steps/step-unnamed-2", "-step_metadata_dir_link", "/tekton/steps/2", @@ -209,7 +208,6 @@ func TestEntryPointResults(t *testing.T) { "-entrypoint", "cmd", "--", "arg1", "arg2", }, - VolumeMounts: []corev1.VolumeMount{binROMount, runMount}, TerminationMessagePath: "/tekton/termination", }} got, err := orderContainers([]string{}, steps, &taskSpec, nil) @@ -243,7 +241,7 @@ func TestEntryPointResultsSingleStep(t *testing.T) { Args: []string{ "-wait_file", "/tekton/downward/ready", "-wait_file_content", - "-post_file", "/tekton/run/0", + "-post_file", "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", "/tekton/steps/step-unnamed-0", "-step_metadata_dir_link", "/tekton/steps/0", @@ -251,7 +249,7 @@ func TestEntryPointResultsSingleStep(t *testing.T) { "-entrypoint", "cmd", "--", "arg1", "arg2", }, - VolumeMounts: []corev1.VolumeMount{binROMount, runMount, downwardMount}, + VolumeMounts: []corev1.VolumeMount{downwardMount}, TerminationMessagePath: "/tekton/termination", }} got, err := orderContainers([]string{}, steps, &taskSpec, nil) @@ -281,7 +279,7 @@ func TestEntryPointSingleResultsSingleStep(t *testing.T) { Args: []string{ "-wait_file", "/tekton/downward/ready", "-wait_file_content", - "-post_file", "/tekton/run/0", + "-post_file", "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", "/tekton/steps/step-unnamed-0", "-step_metadata_dir_link", "/tekton/steps/0", @@ -289,7 +287,7 @@ func TestEntryPointSingleResultsSingleStep(t *testing.T) { "-entrypoint", "cmd", "--", "arg1", "arg2", }, - VolumeMounts: []corev1.VolumeMount{binROMount, runMount, downwardMount}, + VolumeMounts: []corev1.VolumeMount{downwardMount}, TerminationMessagePath: "/tekton/termination", }} got, err := orderContainers([]string{}, steps, &taskSpec, nil) @@ -327,29 +325,28 @@ func TestEntryPointOnError(t *testing.T) { Args: []string{ "-wait_file", "/tekton/downward/ready", "-wait_file_content", - "-post_file", "/tekton/run/0", + "-post_file", "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", "/tekton/steps/step-failing-step", "-step_metadata_dir_link", "/tekton/steps/0", "-on_error", "continue", "-entrypoint", "cmd", "--", }, - VolumeMounts: []corev1.VolumeMount{binROMount, runMount, downwardMount}, + VolumeMounts: []corev1.VolumeMount{downwardMount}, TerminationMessagePath: "/tekton/termination", }, { Name: "passing-step", Image: "step-2", Command: []string{entrypointBinary}, Args: []string{ - "-wait_file", "/tekton/run/0", - "-post_file", "/tekton/run/1", + "-wait_file", "/tekton/run/0/out", + "-post_file", "/tekton/run/1/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", "/tekton/steps/step-passing-step", "-step_metadata_dir_link", "/tekton/steps/1", "-on_error", "stopAndFail", "-entrypoint", "cmd", "--", }, - VolumeMounts: []corev1.VolumeMount{binROMount, runMount}, TerminationMessagePath: "/tekton/termination", }} got, err := orderContainers([]string{}, steps, &taskSpec, nil) diff --git a/pkg/pod/pod.go b/pkg/pod/pod.go index a7f621d675b..86abf51f541 100644 --- a/pkg/pod/pod.go +++ b/pkg/pod/pod.go @@ -20,6 +20,7 @@ import ( "context" "fmt" "path/filepath" + "strconv" "github.com/tektoncd/pipeline/pkg/apis/config" "github.com/tektoncd/pipeline/pkg/apis/pipeline" @@ -105,8 +106,8 @@ func (b *Builder) Build(ctx context.Context, taskRun *v1beta1.TaskRun, taskSpec scriptsInit *corev1.Container initContainers, stepContainers, sidecarContainers []corev1.Container volumes []corev1.Volume - volumeMounts []corev1.VolumeMount ) + volumeMounts := []corev1.VolumeMount{binROMount} implicitEnvVars := []corev1.EnvVar{} alphaAPIEnabled := config.FromContextOrDefaults(ctx).FeatureFlags.EnableAPIFields == config.AlphaAPIFields @@ -185,7 +186,7 @@ func (b *Builder) Build(ctx context.Context, taskRun *v1beta1.TaskRun, taskSpec // place the entrypoint first in case other init containers rely on its // features (e.g. decode-script). initContainers = append([]corev1.Container{entrypointInit}, initContainers...) - volumes = append(volumes, binVolume, runVolume, downwardVolume) + volumes = append(volumes, binVolume, downwardVolume) // Add implicit env vars. // They're prepended to the list, so that if the user specified any @@ -220,6 +221,14 @@ func (b *Builder) Build(ctx context.Context, taskRun *v1beta1.TaskRun, taskSpec s.VolumeMounts = append(s.VolumeMounts, *vm) } + // Add /tekton/run state volumes. + // Each step should only mount their own volume as RW, + // all other steps should be mounted RO. + volumes = append(volumes, runVolume(i)) + for j := 0; j < len(stepContainers); j++ { + s.VolumeMounts = append(s.VolumeMounts, runMount(j, i != j)) + } + requestedVolumeMounts := map[string]bool{} for _, vm := range s.VolumeMounts { requestedVolumeMounts[filepath.Clean(vm.MountPath)] = true @@ -369,3 +378,18 @@ func shouldAddReadyAnnotationOnPodCreate(ctx context.Context, sidecars []v1beta1 cfg := config.FromContextOrDefaults(ctx) return !cfg.FeatureFlags.RunningInEnvWithInjectedSidecars } + +func runMount(i int, ro bool) corev1.VolumeMount { + return corev1.VolumeMount{ + Name: fmt.Sprintf("%s-%d", runVolumeName, i), + MountPath: filepath.Join(runDir, strconv.Itoa(i)), + ReadOnly: ro, + } +} + +func runVolume(i int) corev1.Volume { + return corev1.Volume{ + Name: fmt.Sprintf("%s-%d", runVolumeName, i), + VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}}, + } +} diff --git a/pkg/pod/pod_test.go b/pkg/pod/pod_test.go index 917953072db..872438b7374 100644 --- a/pkg/pod/pod_test.go +++ b/pkg/pod/pod_test.go @@ -63,6 +63,8 @@ var ( resourceQuantityCmp = cmp.Comparer(func(x, y resource.Quantity) bool { return x.Cmp(y) == 0 }) + volumeSort = cmpopts.SortSlices(func(i, j corev1.Volume) bool { return i.Name < j.Name }) + volumeMountSort = cmpopts.SortSlices(func(i, j corev1.VolumeMount) bool { return i.Name < j.Name }) ) func init() { @@ -122,7 +124,7 @@ func TestPodBuild(t *testing.T) { "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -133,16 +135,16 @@ func TestPodBuild(t *testing.T) { "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", - }}, implicitVolumeMounts...), + }, runMount(0, false), binROMount}, implicitVolumeMounts...), TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, - }), + }, runVolume(0)), ActiveDeadlineSeconds: &defaultActiveDeadlineSeconds, }, }, { @@ -171,7 +173,7 @@ func TestPodBuild(t *testing.T) { "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -182,13 +184,13 @@ func TestPodBuild(t *testing.T) { "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -218,7 +220,7 @@ func TestPodBuild(t *testing.T) { "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -229,13 +231,13 @@ func TestPodBuild(t *testing.T) { "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -244,6 +246,55 @@ func TestPodBuild(t *testing.T) { wantAnnotations: map[string]string{ readyAnnotation: readyAnnotationValue, }, + }, { + desc: "simple-with-home-overwrite-flag", + ts: v1beta1.TaskSpec{ + Steps: []v1beta1.Step{{Container: corev1.Container{ + Name: "name", + Image: "image", + Command: []string{"cmd"}, // avoid entrypoint lookup. + }}}, + }, + featureFlags: map[string]string{ + // Providing this flag will make the test set the pod builder's + // OverrideHomeEnv setting. + "disable-home-env-overwrite": "true", + }, + want: &corev1.PodSpec{ + RestartPolicy: corev1.RestartPolicyNever, + InitContainers: []corev1.Container{placeToolsInit}, + Containers: []corev1.Container{{ + Name: "step-name", + Image: "image", + Command: []string{"/tekton/bin/entrypoint"}, + Args: []string{ + "-wait_file", + "/tekton/downward/ready", + "-wait_file_content", + "-post_file", + "/tekton/run/0/out", + "-termination_path", + "/tekton/termination", + "-step_metadata_dir", + "/tekton/steps/step-name", + "-step_metadata_dir_link", + "/tekton/steps/0", + "-entrypoint", + "cmd", + "--", + }, + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { + Name: "tekton-creds-init-home-0", + MountPath: "/tekton/creds", + }}, implicitVolumeMounts...), + TerminationMessagePath: "/tekton/termination", + }}, + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ + Name: "tekton-creds-init-home-0", + VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, + }), + ActiveDeadlineSeconds: &defaultActiveDeadlineSeconds, + }, }, { desc: "with service account", ts: v1beta1.TaskSpec{ @@ -269,7 +320,7 @@ func TestPodBuild(t *testing.T) { "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -284,7 +335,7 @@ func TestPodBuild(t *testing.T) { "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, append(append([]corev1.VolumeMount{}, implicitVolumeMounts...), corev1.VolumeMount{ @@ -293,7 +344,7 @@ func TestPodBuild(t *testing.T) { })...), TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, secretsVolume, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, secretsVolume, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -338,7 +389,7 @@ func TestPodBuild(t *testing.T) { "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -350,13 +401,13 @@ func TestPodBuild(t *testing.T) { "--", }, VolumeMounts: append([]corev1.VolumeMount{ - binROMount, runMount, + binROMount, runMount(0, false), downwardMount, {Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds"}, }, implicitVolumeMounts...), TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -397,7 +448,7 @@ func TestPodBuild(t *testing.T) { "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -408,13 +459,13 @@ func TestPodBuild(t *testing.T) { "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -441,7 +492,7 @@ func TestPodBuild(t *testing.T) { "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -452,13 +503,13 @@ func TestPodBuild(t *testing.T) { "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -496,7 +547,7 @@ func TestPodBuild(t *testing.T) { "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -507,14 +558,14 @@ func TestPodBuild(t *testing.T) { "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), WorkingDir: filepath.Join(pipeline.WorkspaceDir, "test"), TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -548,7 +599,7 @@ func TestPodBuild(t *testing.T) { "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -559,7 +610,7 @@ func TestPodBuild(t *testing.T) { "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), @@ -571,7 +622,7 @@ func TestPodBuild(t *testing.T) { Requests: nil, }, }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -621,7 +672,7 @@ _EOF_ "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -632,7 +683,7 @@ _EOF_ "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), @@ -643,7 +694,7 @@ _EOF_ Command: []string{"/tekton/scripts/sidecar-script-0-9l9zj"}, VolumeMounts: []corev1.VolumeMount{scriptsVolumeMount}, }}, - Volumes: append(implicitVolumes, scriptsVolume, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, scriptsVolume, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -680,7 +731,7 @@ _EOF_ "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -691,7 +742,7 @@ _EOF_ "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), @@ -700,7 +751,7 @@ _EOF_ Name: "sidecar-sc-name", Image: "sidecar-image", }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -741,7 +792,7 @@ _EOF_ "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -752,7 +803,7 @@ _EOF_ "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), runMount(1, true), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), @@ -769,9 +820,9 @@ _EOF_ Command: []string{"/tekton/bin/entrypoint"}, Args: []string{ "-wait_file", - "/tekton/run/0", + "/tekton/run/0/out", "-post_file", - "/tekton/run/1", + "/tekton/run/1/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -782,7 +833,7 @@ _EOF_ "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, true), runMount(1, false), { Name: "tekton-creds-init-home-1", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), @@ -794,7 +845,7 @@ _EOF_ }, TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), runVolume(1), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }, corev1.Volume{ @@ -865,7 +916,7 @@ _EOF_ "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -879,7 +930,7 @@ _EOF_ "args", }, Env: []corev1.EnvVar{{Name: "FOO", Value: "bar"}}, - VolumeMounts: append([]corev1.VolumeMount{scriptsVolumeMount, binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{scriptsVolumeMount, binROMount, runMount(0, false), runMount(1, true), runMount(2, true), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), @@ -890,9 +941,9 @@ _EOF_ Command: []string{"/tekton/bin/entrypoint"}, Args: []string{ "-wait_file", - "/tekton/run/0", + "/tekton/run/0/out", "-post_file", - "/tekton/run/1", + "/tekton/run/1/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -906,7 +957,7 @@ _EOF_ "args", }, Env: []corev1.EnvVar{{Name: "FOO", Value: "bar"}}, - VolumeMounts: append([]corev1.VolumeMount{{Name: "i-have-a-volume-mount"}, scriptsVolumeMount, binROMount, runMount, { + VolumeMounts: append([]corev1.VolumeMount{{Name: "i-have-a-volume-mount"}, scriptsVolumeMount, binROMount, runMount(0, true), runMount(1, false), runMount(2, true), { Name: "tekton-creds-init-home-1", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), @@ -917,9 +968,9 @@ _EOF_ Command: []string{"/tekton/bin/entrypoint"}, Args: []string{ "-wait_file", - "/tekton/run/1", + "/tekton/run/1/out", "-post_file", - "/tekton/run/2", + "/tekton/run/2/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -934,13 +985,13 @@ _EOF_ "args", }, Env: []corev1.EnvVar{{Name: "FOO", Value: "bar"}}, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, true), runMount(1, true), runMount(2, false), { Name: "tekton-creds-init-home-2", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, scriptsVolume, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, scriptsVolume, binVolume, runVolume(0), runVolume(1), runVolume(2), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }, corev1.Volume{ @@ -987,7 +1038,7 @@ _EOF_ "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -998,13 +1049,13 @@ _EOF_ "/tekton/scripts/script-0-9l9zj", "--", }, - VolumeMounts: append([]corev1.VolumeMount{scriptsVolumeMount, binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{scriptsVolumeMount, binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, scriptsVolume, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, scriptsVolume, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -1032,7 +1083,7 @@ _EOF_ RestartPolicy: corev1.RestartPolicyNever, InitContainers: []corev1.Container{placeToolsInit}, SchedulerName: "there-scheduler", - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -1045,7 +1096,7 @@ _EOF_ "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -1056,7 +1107,7 @@ _EOF_ "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), @@ -1086,7 +1137,7 @@ _EOF_ want: &corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyNever, InitContainers: []corev1.Container{placeToolsInit}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -1099,7 +1150,7 @@ _EOF_ "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -1110,7 +1161,7 @@ _EOF_ "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), @@ -1141,7 +1192,7 @@ _EOF_ want: &corev1.PodSpec{ RestartPolicy: corev1.RestartPolicyNever, InitContainers: []corev1.Container{placeToolsInit}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -1154,7 +1205,7 @@ _EOF_ "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -1165,7 +1216,7 @@ _EOF_ "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), @@ -1195,7 +1246,7 @@ _EOF_ RestartPolicy: corev1.RestartPolicyNever, InitContainers: []corev1.Container{placeToolsInit}, HostNetwork: true, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -1208,7 +1259,7 @@ _EOF_ "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -1219,7 +1270,7 @@ _EOF_ "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), @@ -1250,7 +1301,7 @@ _EOF_ "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -1263,13 +1314,13 @@ _EOF_ "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -1299,7 +1350,7 @@ _EOF_ "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -1310,10 +1361,10 @@ _EOF_ "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount}, implicitVolumeMounts...), + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount}, implicitVolumeMounts...), TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume), + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume), ActiveDeadlineSeconds: &defaultActiveDeadlineSeconds, }, }, { @@ -1341,7 +1392,7 @@ _EOF_ "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -1352,7 +1403,7 @@ _EOF_ "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), @@ -1361,7 +1412,7 @@ _EOF_ {Name: "TEKTON_HERMETIC", Value: "1"}, }, }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -1393,7 +1444,7 @@ _EOF_ "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -1404,7 +1455,7 @@ _EOF_ "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), @@ -1415,7 +1466,7 @@ _EOF_ {Name: "TEKTON_HERMETIC", Value: "1"}, }, }}, - Volumes: append(implicitVolumes, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -1490,7 +1541,7 @@ _EOF_ t.Errorf("Pod name %q should have prefix 'taskrun-name-pod-'", got.Name) } - if d := cmp.Diff(c.want, &got.Spec, resourceQuantityCmp); d != "" { + if d := cmp.Diff(c.want, &got.Spec, resourceQuantityCmp, volumeSort, volumeMountSort); d != "" { t.Errorf("Diff %s", diff.PrintWantGot(d)) } @@ -1546,7 +1597,7 @@ func TestPodBuildwithAlphaAPIEnabled(t *testing.T) { "/tekton/downward/ready", "-wait_file_content", "-post_file", - "/tekton/run/0", + "/tekton/run/0/out", "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -1558,13 +1609,13 @@ func TestPodBuildwithAlphaAPIEnabled(t *testing.T) { "cmd", "--", }, - VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount, downwardMount, { + VolumeMounts: append([]corev1.VolumeMount{binROMount, runMount(0, false), downwardMount, { Name: "tekton-creds-init-home-0", MountPath: "/tekton/creds", }}, implicitVolumeMounts...), TerminationMessagePath: "/tekton/termination", }}, - Volumes: append(implicitVolumes, debugScriptsVolume, debugInfoVolume, binVolume, runVolume, downwardVolume, corev1.Volume{ + Volumes: append(implicitVolumes, debugScriptsVolume, debugInfoVolume, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }), @@ -1642,7 +1693,7 @@ func TestPodBuildwithAlphaAPIEnabled(t *testing.T) { t.Errorf("Pod name %q should have prefix 'taskrun-name-pod-'", got.Name) } - if d := cmp.Diff(c.want, &got.Spec, resourceQuantityCmp); d != "" { + if d := cmp.Diff(c.want, &got.Spec, resourceQuantityCmp, volumeSort, volumeMountSort); d != "" { t.Errorf("Diff %s", diff.PrintWantGot(d)) } diff --git a/pkg/reconciler/taskrun/taskrun_test.go b/pkg/reconciler/taskrun/taskrun_test.go index d419c4db962..b9f4baed34b 100644 --- a/pkg/reconciler/taskrun/taskrun_test.go +++ b/pkg/reconciler/taskrun/taskrun_test.go @@ -23,7 +23,9 @@ import ( "net/http/httptest" "net/url" "os" + "path/filepath" "regexp" + "strconv" "strings" "testing" "time" @@ -99,7 +101,10 @@ var ( resourceQuantityCmp = cmp.Comparer(func(x, y resource.Quantity) bool { return x.Cmp(y) == 0 }) + ignoreEnvVarOrdering = cmpopts.SortSlices(func(x, y corev1.EnvVar) bool { return x.Name < y.Name }) + volumeSort = cmpopts.SortSlices(func(i, j corev1.Volume) bool { return i.Name < j.Name }) + volumeMountSort = cmpopts.SortSlices(func(i, j corev1.VolumeMount) bool { return i.Name < j.Name }) cloudEventTarget1 = "https://foo" cloudEventTarget2 = "https://bar" @@ -412,12 +417,7 @@ var ( EmptyDir: &corev1.EmptyDirVolumeSource{}, }, } - runVolume = corev1.Volume{ - Name: "tekton-internal-run", - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, - }, - } + workspaceVolume = corev1.Volume{ Name: "tekton-internal-workspace", VolumeSource: corev1.VolumeSource{ @@ -469,6 +469,15 @@ var ( fakeVersion string ) +func runVolume(i int) corev1.Volume { + return corev1.Volume{ + Name: fmt.Sprintf("tekton-internal-run-%d", i), + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + } +} + func init() { os.Setenv("KO_DATA_PATH", "./testdata/") commit, err := changeset.Get() @@ -766,7 +775,7 @@ func TestReconcile_ExplicitDefaultSA(t *testing.T) { t.Errorf("Pod metadata doesn't match %s", diff.PrintWantGot(d)) } - if d := cmp.Diff(tc.wantPod.Spec, pod.Spec, resourceQuantityCmp, ignoreEnvVarOrdering); d != "" { + if d := cmp.Diff(tc.wantPod.Spec, pod.Spec, resourceQuantityCmp, volumeSort, volumeMountSort, ignoreEnvVarOrdering); d != "" { t.Errorf("Pod spec doesn't match, %s", diff.PrintWantGot(d)) } if len(clients.Kube.Actions()) == 0 { @@ -901,7 +910,7 @@ func TestReconcile_FeatureFlags(t *testing.T) { t.Errorf("Pod metadata doesn't match %s", diff.PrintWantGot(d)) } - if d := cmp.Diff(tc.wantPod.Spec, pod.Spec, resourceQuantityCmp, ignoreEnvVarOrdering); d != "" { + if d := cmp.Diff(tc.wantPod.Spec, pod.Spec, resourceQuantityCmp, volumeSort, volumeMountSort, ignoreEnvVarOrdering); d != "" { t.Errorf("Pod spec doesn't match, %s", diff.PrintWantGot(d)) } if len(clients.Kube.Actions()) == 0 { @@ -1541,7 +1550,7 @@ func TestReconcile(t *testing.T) { } pod.Name = tc.wantPod.Name // Ignore pod name differences, the pod name is generated and tested in pod_test.go - if d := cmp.Diff(tc.wantPod.Spec, pod.Spec, resourceQuantityCmp, ignoreEnvVarOrdering); d != "" { + if d := cmp.Diff(tc.wantPod.Spec, pod.Spec, resourceQuantityCmp, volumeSort, volumeMountSort, ignoreEnvVarOrdering); d != "" { t.Errorf("Pod spec doesn't match %s", diff.PrintWantGot(d)) } if len(clients.Kube.Actions()) == 0 { @@ -4477,17 +4486,20 @@ func TestDisableResolutionFlag_ProceedsWithStatusTaskSpec(t *testing.T) { } } -func podVolumeMounts(idx int) []corev1.VolumeMount { +func podVolumeMounts(idx, totalSteps int) []corev1.VolumeMount { var mnts []corev1.VolumeMount mnts = append(mnts, corev1.VolumeMount{ Name: "tekton-internal-bin", MountPath: "/tekton/bin", ReadOnly: true, }) - mnts = append(mnts, corev1.VolumeMount{ - Name: "tekton-internal-run", - MountPath: "/tekton/run", - }) + for i := 0; i < totalSteps; i++ { + mnts = append(mnts, corev1.VolumeMount{ + Name: fmt.Sprintf("tekton-internal-run-%d", i), + MountPath: filepath.Join("/tekton/run", strconv.Itoa(i)), + ReadOnly: i != idx, + }) + } if idx == 0 { mnts = append(mnts, corev1.VolumeMount{ Name: "tekton-internal-downward", @@ -4526,11 +4538,11 @@ func podArgs(stepName string, cmd string, additionalArgs []string, idx int) []st if idx == 0 { args = append(args, "/tekton/downward/ready", "-wait_file_content") } else { - args = append(args, fmt.Sprintf("/tekton/run/%d", idx-1)) + args = append(args, fmt.Sprintf("/tekton/run/%d/out", idx-1)) } args = append(args, "-post_file", - fmt.Sprintf("/tekton/run/%d", idx), + fmt.Sprintf("/tekton/run/%d/out", idx), "-termination_path", "/tekton/termination", "-step_metadata_dir", @@ -4599,7 +4611,6 @@ func expectedPod(podName, taskName, taskRunName, ns, saName string, isClusterTas resultsVolume, stepsVolume, binVolume, - runVolume, downwardVolume, }, InitContainers: []corev1.Container{placeToolsInitContainer}, @@ -4614,11 +4625,13 @@ func expectedPod(podName, taskName, taskRunName, ns, saName string, isClusterTas Name: fmt.Sprintf("tekton-creds-init-home-%d", idx), VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{Medium: corev1.StorageMediumMemory}}, }) + p.Spec.Volumes = append(p.Spec.Volumes, runVolume(idx)) + stepContainer := corev1.Container{ Image: s.image, Name: fmt.Sprintf("step-%s", s.name), Command: []string{entrypointLocation}, - VolumeMounts: podVolumeMounts(idx), + VolumeMounts: podVolumeMounts(idx, len(steps)), TerminationMessagePath: "/tekton/termination", } stepContainer.Args = podArgs(s.name, s.cmd, s.args, idx)