Add workspace types for Task and TaskRun with validation #1639
Conversation
tekton-robot
added
the
do-not-merge/work-in-progress
googlebot
added
the
cla: yes
tekton-robot
added
the
size/XL
docs/taskruns.md
Outdated
| - name: myworkspace | ||
| persistentVolumeClaim: | ||
| claimName: mypvc | ||
| volumeSubPath: my-subdir |
There was a problem hiding this comment.
should be just subPath to match api
There was a problem hiding this comment.
whoops, thanks for catching this!
There was a problem hiding this comment.
Nice 👼
Any reason to use StepTemplates for this ? "Add validation to ensure that the mountPaths don't clash with any explicitly declared volumeMounts" might be a valid reason 🤔
Randomize the volume name + volumeMount names so we don't have to worry about clashing with existing volumeMounts + volume names
This would mean the user has to use the variable substitution to get the name of the mountpoint right ? I think that's fair though 👼
Add support for ConfigMaps (and secrets?)
That would make sense, but we certainly can do that in follow-ups 😉
Basically just b/c it was convenient! 😅 maybe one way to make this a bit cleaner would be to create a new "step template" just for this, merge it with the user provided step template, and pass the result into the pod creation function - not sure how much different that'd be tho 🤔 |
sgtm! |
bobcatfish
force-pushed
the
volumes_are_awesome
branch
from
f9b302e
to
268a69d
Compare
tekton-robot
added
size/XXL
|
The following is the coverage report on pkg/.
|
|
One question... is there a particular concern and reason why the WorkspaceBinding embeds a PVCSource / EmptyDir instead of just a volume name? I already have cases where I would really like to embed Secrets and ConfigMaps as volumes and this would be helpful. Is there some concern about supporting some kinds of volume types? Also... could we consider adding a |
Initially I thought "to be able to get the correct type of volume", but we don't really have to. So I'm now asking myself the same question 😝
👍 |
|
Here I've taken the example workspace taskrun yaml from this PR and added a volume to the podTemplate in the taskrun: apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
resources:
requests:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
---
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
generateName: custom-volume-
spec:
workspaces:
- name: custom
volumeName: mypd
subPath: my-subdir
- name: custom2
volumeName: mypd
podTemplate:
volumes:
- name: mypd
persistentVolumeClaim:
claimName: my-pvc
taskSpec:
steps:
- name: write
image: ubuntu
command: ["/bin/bash"]
args: ["-c", "echo stuff > /workspace/custom/foo"]
- name: read
image: ubuntu
command: ["/bin/bash"]
args: ["-c", "cat /workspace/custom/foo | grep stuff"]
- name: write2
image: ubuntu
command: ["/bin/bash"]
args: ["-c", "echo stuffs > /workspace/custom2/foo"]
- name: read2
image: ubuntu
command: ["/bin/bash"]
args: ["-c", "cat /workspace/custom2/foo | grep stuffs"]
workspaces:
- name: custom
- name: custom2Is this about what you'd expect @skaegi , @vdemeester ? |
|
In regards support for configmaps and secrets - we have plans to implement those as part of this (it's in the TODOs section at the top). Is there any other reason to separate them out like this rather than just having the volume type embedded in the workspace binding? |
|
Also - readOnly is definitely on the roadmap for workspaces! whether or not it's part of this PR. |
|
(for a bit of context - @bobcatfish and I wrote it initially to use the podTemplate volumes but it felt like extra yaml when we could make it part of the binding spec and leave the podTemplate out of things completely) |
Oh, ok, I would maybe prefer the following (but 😛) to reduce a bit the verbosity of the thing. # […]
spec:
workspaces:
- name: custom
persistentVolumeClaim:
claimName: my-pvc
subPath: my-subdir
- name: custom2
persistentVolumeClaim:
claimName: my-pvc
# […] |
|
Thanks for the example @sbwsg -- that helps. I forgot that taskruns don't directly have volumes and agree the extra podSpec stuff just doesn't look great and does not enhance readability. |
|
I went back through our current usage to verify and can confirm that if we had... all of our cases are covered. We also on occasion might use @bobcatfish a while back we had wondered about removing |
ghost
mentioned this pull request
Each test case for parameter substitution application was being given a totally separate test case, with the variables being used being declared in different places across the file. For tektoncd#1639 I came along and wanted to start adding more tests for workspace substitution and found it hard to tell where to start so I: * Combined most of the test cases for param subsitution into one test so you can easily see everything that is being tested (none of the test cases conflicted with each other and can easily be applied together) * I kept the array param test cases separate cuz they seemd to be testing distinct test cases * The Volume test cases were a bit odd b/c they were trying to make sure substitution was _applied_ to volumes, but there is no volume specific function so they were calling an internal function and passing in dummy values that are not representative of the actual values you'd substitute for volumes so instead I folded these test cases into the param application test. Probably the resource application test case should be made quite similar to the param test but it seemed like some of the resource stuff was distinct and had to be tested in isolateion (e.g. just outputs, just inputs, etc.) Also removed some depreated (and duplicated!) volume tests: in tektoncd#1311 I removed support for ${} but instead of removing these tests I just updated them, making them duplicates of the above test cases.
bobcatfish
force-pushed
the
volumes_are_awesome
branch
from
268a69d
to
86f73be
Compare
tekton-robot
removed
the
do-not-merge/work-in-progress
|
This should be ready for a real review @skaegi @vdemeester @sbwsg ! 🎉 |
|
The following is the coverage report on pkg/.
|
@bobcatfish Did you forget to commit something ? 🤔 |
bobcatfish
force-pushed
the
volumes_are_awesome
branch
from
cee110f
to
bf2ad87
Compare
|
Thanks @vdemeester ! @skaegi you said you this approach looks like it'll work for you, @sbwsg mentioned you wanted to try this out a bit and give us some more feedback. Since we still have to do the |
|
The following is the coverage report on pkg/.
|
whoops |
bobcatfish
force-pushed
the
volumes_are_awesome
branch
from
bf2ad87
to
60ef850
Compare
|
The following is the coverage report on pkg/.
|
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vdemeester The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tekton-robot
added
the
approved
vdemeester
added
the
needs-rebase
|
/hold cancel |
tekton-robot
removed
the
do-not-merge/hold
This allows users to use Volumes with Tasks such that: - The actual volumes to use (or subdirectories on those volumes) are provided at runtime, not at Task authoring time - At Task authoring time you can declare that you expect a volume to be provided and control what path that volume should end up at - Validation will be provided that the volumes (workspaces) are actually provided at runtime Before this change, there were two ways to use Volumes with Tasks: - VolumeMounts were explicitly declared at the level of a step - Volumes were declared in Tasks, meaning the Task author controlled the name of the volume being used and it wasn't possible at runtime to use a subdir of the volume - Or the Volume could be provided via the podTemplate, if the user realized this was possible None of this was validated and could cause unexpected and hard to diagnose errors at runtime. It's possible folks might be specifying volumes already in the Task or via the stepTemplate that might collide with the names we are using for the workspaces; instead of validating this and making the Task author change these, we can instead randomize them! We have also limited (at least initially) the types of volume source being supported instead of expanding to all volume sources, tho we can expand it later if we want to and if users need it. This would reduce the API surface that a Tekton compliant system would need to conform to (once we actually define what conformance means!). Part of tektoncd#1438 In future commits we will add support for workspaces to Pipelines and PipelineRuns as well; for now if a user tries to use a Pipeline with a Task that requires a Workspace, it will fail at runtime because it is not (yet) possible for the Pipeline and PipelineRun to provide workspaces. Co-authored-by: Scott <sbws@google.com>
bobcatfish
force-pushed
the
volumes_are_awesome
branch
from
60ef850
to
eb23ad7
Compare
|
/lgtm |
|
The following is the coverage report on pkg/.
|
vdemeester
removed
the
needs-rebase
Changes
This allows users to use Volumes with Tasks such that:
provided at runtime, not at Task authoring time
be provided and control what path that volume should end up at
provided at runtime
Before this change, there were two ways to use Volumes with Tasks:
name of the volume being used and it wasn't possible at runtime to use
a subdir of the volume
realized this was possible
None of this was validated and could cause unexpected and hard to
diagnose errors at runtime.
We have also limited (at least initially) the types of volume source
being supported instead of expanding to all volume sources, tho we can
expand it later if we want to and if users need it. This would reduce
the API surface that a Tekton compliant system would need to conform to
(once we actually define what conformance means!).
Part of #1438
In future commits we will add support for workspaces to Pipelines and
PipelineRuns as well; for now if a user tries to use a Pipeline with a
Task that requires a Workspace, it will fail at runtime because it is
not (yet) possible for the Pipeline and PipelineRun to provide
workspaces.
Future work:
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide for more details.
Double check this list of stuff that's easy to miss:
cmddir, please updatethe release Task to build and release this image.
Reviewer Notes
If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.
Release Notes