Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document bug with sidecar usage of nop image #1464

Merged
merged 1 commit into from Oct 25, 2019
Merged

Document bug with sidecar usage of nop image #1464

merged 1 commit into from Oct 25, 2019

Conversation

ghost
Copy link

@ghost ghost commented Oct 24, 2019

Changes

Sidecars are stopped by having their Image field swapped out to the nop image. When the nop image starts up in the sidecar container it is supposed to immediately exit because nop doesn't include the sidecar's command. However, when the nop image does contain the command that the sidecar is running, the sidecar container will actually never stop and the Task will eventually timeout.

For most sidecars this issue will not manifest - the nop container that Tekton provides out of the box includes only a very limited set of commands. However, if a Tekton operator overrides the nop image when deploying the tekton controller (for example, because their organization requires images configured for Tekton to be built on their org's own base image) then there is a risk that nop will start offering more commands and therefore introduce a higher risk that a sidecar's command will be runnable by the nop image, finally increasing the likelihood of Tasks with sidecars running forever until timeout.

This issue is a known bug with the way sidecars operate at the moment and is being tracked in #1347 but should be documented clearly.

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

Reviewer Notes

If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.

@googlebot googlebot added the cla: yes Trying to make the CLA bot happy with ppl from different companies work on one commit label Oct 24, 2019
@tekton-robot tekton-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Oct 24, 2019
Document bug with sidecar usage of nop container
fdb2744 
Sidecars are stopped by having their Image field swapped out to the
`nop` image. When the nop image starts up in the sidecar container it is
supposed to immediately exit because `nop` doesn't include the sidecar's
command. However, when the `nop` image *does* contain the command that
the sidecar is running, the sidecar container will actually never stop
and the Task will eventually timeout.

For most sidecars this issue will not manifest - the `nop` container
that Tekton provides out of the box includes only a very limited set of
commands. However, if a Tekton operator overrides the `nop` image when
deploying the tekton controller (for example, because their organization
requires images configured for Tekton to be built on their org's own base
image) then there is a risk that `nop` will start offering more commands
and therefore introduce a higher risk that a sidecar's command will be
runnable by the `nop` image finally increasing the likelihood of Tasks
with sidecars running until timeout.

This issue is a known bug with the way sidecars operate at the moment
and is being tracked in #1347
but should be documented clearly.
@ghost ghost mentioned this pull request Oct 24, 2019
Closed
vdemeester
vdemeester approved these changes Oct 24, 2019
View reviewed changes
Copy link
Member

@vdemeester vdemeester left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/cc @chmouel

@tekton-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vdemeester

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 24, 2019
@bobcatfish
Copy link
Collaborator

Documenting this until we get a fix in place makes sense to me!

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 25, 2019
@tekton-robot tekton-robot merged commit 6c132b9 into tektoncd:master Oct 25, 2019
@bahetiamit bahetiamit mentioned this pull request Oct 9, 2020
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@afrittoli afrittoli Awaiting requested review from afrittoli

@dlorenc dlorenc Awaiting requested review from dlorenc

@chmouel chmouel Awaiting requested review from chmouel

Assignees

@bobcatfish bobcatfish

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cla: yes Trying to make the CLA bot happy with ppl from different companies work on one commit lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tekton-robot @bobcatfish @vdemeester @googlebot