Uploaded image for project: 'OpenShift Pipelines'
  1. OpenShift Pipelines
  2. SRVKP-7889

Multiple security context entry when passed via args

XMLWordPrintable

    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      Included in 1.21: https://github.com/openshift/openshift-docs/pull/100818

      Fix: Prevent duplicate container args when using TektonConfig.spec.*.options.deployments.*.spec.template.spec.containers[].args. Flags are now replaced by key, ["-key", "value"] pairs are normalized to "-key=value", and duplicates are removed. This eliminates repeated entries such as -el-security-context=true in tekton-triggers-controller.
      Show
      Included in 1.21: https://github.com/openshift/openshift-docs/pull/100818 Fix: Prevent duplicate container args when using TektonConfig.spec.*.options.deployments.*.spec.template.spec.containers[].args. Flags are now replaced by key, ["-key", "value"] pairs are normalized to "-key=value", and duplicates are removed. This eliminates repeated entries such as -el-security-context=true in tekton-triggers-controller.
    • Bug Fix
    • Proposed
    • 3
    • Pipelines Sprint Pioneers 36, Pipelines Sprint Pioneers 37

      Description of problem:

      While verifying this issue , passed the el-security-context as args in tektonconfig. 

      There are two entries of el-security-context are added to tekton-triggers-controller deployment. removed the args from tektonconfig(timestamps shows null.) after checking the tekton-triggers-controller again it shows 6 more new entries of el-security-context added. Not able to remove the args passed even after editing tektonconfig and deployments.

      Prerequisites (if any, like setup, operators/versions):

      1.19.0

      Steps to Reproduce

       1. while verifying this issue . Updated the tektonconfig to add the below value

        trigger:
    default-service-account: pipeline
    enable-api-fields: stable
    options:   
      deployments:                   
        tekton-triggers-controller:
          spec:
            template:
              spec:
                containers:
                  - name: tekton-triggers-controller
                    args: ["-el-security-context=true"]

      2. Wait for tekton-triggers-controller pod to reconcile

      3. oc get deploy tekton-triggers-controller -n openshift-pipelines -oyaml, shows two entries of -el-security-context=true.

      spec:
      containers:
      - args:
        - -logtostderr
        - -stderrthreshold
        - INFO
        - -el-image
        - quay.io/openshift-pipeline/pipelines-triggers-eventlistenersink-rhel9@sha256:ae421
        - -el-port
        - "8080"
        - -el-security-context=true
        - -el-read-only-root-filesystem=true
        - -el-events
        - enable
        - -el-readtimeout
        - "5"
        - -el-writetimeout
        - "40"
        - -el-idletimeout
        - "120"
        - -el-timeouthandler
        - "30"
        - -el-httpclient-readtimeout
        - "30"
        - -el-httpclient-keep-alive
        - "30"
        - -el-httpclient-tlshandshaketimeout
        - "10"
        - -el-httpclient-responseheadertimeout
        - "10"
        - -el-httpclient-expectcontinuetimeout
        - "1"
        - -period-seconds
        - "10"
        - -failure-threshold
        - "3"
        - -el-security-context=true

      4. Now go to tektonconfig and remove the -el-security-context=true  (timestamps in tektonconfig shows as null)

        trigger:
    default-service-account: pipeline
    enable-api-fields: stable
    options:
      deployments:
        tekton-triggers-controller:
          metadata:
            creationTimestamp: null
          spec:
            selector: null
            strategy: {}
            template:
              metadata:
                creationTimestamp: null
              spec:
                containers:
                - name: tekton-triggers-controller
                  args: ["-el-security-context=true"]
                  resources: {}
          status: {}

      5. check the tekton-triggers-controller deployment again

      Actual results:

              - -el-security-context=true
        - -el-read-only-root-filesystem=true
        - -el-events
        - enable
        - -el-readtimeout
        - "5"
        - -el-writetimeout
        - "40"
        - -el-idletimeout
        - "120"
        - -el-timeouthandler
        - "30"
        - -el-httpclient-readtimeout
        - "30"
        - -el-httpclient-keep-alive
        - "30"
        - -el-httpclient-tlshandshaketimeout
        - "10"
        - -el-httpclient-responseheadertimeout
        - "10"
        - -el-httpclient-expectcontinuetimeout
        - "1"
        - -period-seconds
        - "10"
        - -failure-threshold
        - "3"
        - -el-security-context=true
        - -el-security-context=true
        - -el-security-context=true
        - -el-security-context=true
        - -el-security-context=true
        - -el-security-context=true
        - -el-security-context=true

      Expected results:

      el-security-context=true should to present as single entry

      Reproducibility (Always/Intermittent/Only Once):

      Always

       

      Additional Issue:

      1. Timestamp is set to null post controller reconcile
      2. Multiple args entries updated to tekton-triggers-controller
      3. when -el-security-context=false, In tekton-triggers-controller deployment there are entries with both true and false.
      4. After removing the args value multiple entries are listed.

       

            -el-security-context=true
      -el-read-only-root-filesystem=true
      -el-events
      enable
      -el-readtimeout
      5
      -el-writetimeout
      40
      -el-idletimeout
      120
      -el-timeouthandler
      30
      -el-httpclient-readtimeout
      30
      -el-httpclient-keep-alive
      30
      -el-httpclient-tlshandshaketimeout
      10
      -el-httpclient-responseheadertimeout
      10
      -el-httpclient-expectcontinuetimeout
      1
      -period-seconds
      10
      -failure-threshold
      3
      -el-security-context=true
      -el-security-context=true
      -el-security-context=true
      -el-security-context=true
      -el-security-context=true
      -el-security-context=true
      -el-security-context=true
      -el-security-context=true
      -el-security-context=true
      -el-security-context=true
      -el-security-context=false
      -el-security-context=false
      -el-security-context=false
      -el-security-context=false
      -el-security-context=false
      -el-security-context=false
      -el-security-context=false
      -el-read-only-root-filesystem=true

       

       

       

        1. triggers.log
          9 kB

              jkhelil abdeljawed khelil
              rhn-support-sselvan Sri Vignesh Selvan
              Sri Vignesh Selvan Sri Vignesh Selvan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: