Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ServiceAccount without ImagePullSecrets should not fail to fetch #585

Merged
merged 1 commit into from
Mar 5, 2019
Merged

ServiceAccount without ImagePullSecrets should not fail to fetch #585

merged 1 commit into from
Mar 5, 2019

Conversation

abayer
Copy link
Contributor

@abayer abayer commented Mar 5, 2019

Changes

While ImagePullSecrets would still be needed for any private
registry, not having any on the specified service account shouldn't
cause a failure to even try to fetch the image.

Fixes #584

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

Release Notes

n/a

@googlebot googlebot added the cla: yes Trying to make the CLA bot happy with ppl from different companies work on one commit label Mar 5, 2019
@knative-prow-robot knative-prow-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Mar 5, 2019
@abayer
Copy link
Contributor Author

abayer commented Mar 5, 2019

/assign @pivotal-nader-ziada

@abayer abayer mentioned this pull request Mar 5, 2019
Merged
2 tasks
@nader-ziada
Copy link
Member

actually @abayer I think if you remove all that code and just have k8schain.New while passing the serviceaccount the library will do everything for you.
Check this here https://github.com/google/go-containerregistry/blob/master/pkg/authn/k8schain/k8schain.go#L55

what do you think?

@abayer
Copy link
Contributor Author

abayer commented Mar 5, 2019

@pivotal-nader-ziada Nice! Switching now.

@abayer abayer force-pushed the sa-without-imagepullsecret-getremoteimage branch from 2915bb8 to b4243ea Compare March 5, 2019 21:24
@knative-prow-robot knative-prow-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Mar 5, 2019
@abayer
Copy link
Contributor Author

abayer commented Mar 5, 2019

ha, this will also deal with cases of multiple ImagePullSecrets on a non-default service account, which currently would result in just the last one encountered being used.

shashwathi
shashwathi reviewed Mar 5, 2019
View reviewed changes
pkg/reconciler/v1alpha1/taskrun/entrypoint/entrypoint.go Outdated
if err != nil {
return nil, fmt.Errorf("Failed to create k8schain: %v", err)
}
if serviceAccountName == "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Library does this piece of code as well. Pass the serviceAccountName (empty or not) to k8schain library

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whoops, I actually had that thought and then it slipped my mind. Updated.

@abayer
ServiceAccount without ImagePullSecrets should not fail to fetch
db60cf7 
While `ImagePullSecret`s would still be needed for any private
registry, not having any on the specified service account shouldn't
cause a failure to even try to fetch the image.

Fixes tektoncd#584
@abayer abayer force-pushed the sa-without-imagepullsecret-getremoteimage branch from b4243ea to db60cf7 Compare March 5, 2019 21:37
shashwathi
shashwathi approved these changes Mar 5, 2019
View reviewed changes
Copy link
Contributor

@shashwathi shashwathi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@knative-prow-robot knative-prow-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 5, 2019
@knative-prow-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abayer, shashwathi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow-robot knative-prow-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 5, 2019
@knative-metrics-robot
Copy link

The following is the coverage report on pkg/.
Say /test pull-knative-build-pipeline-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/v1alpha1/taskrun/entrypoint/entrypoint.go 63.4% 75.0% 11.6

@nader-ziada
Copy link
Member

Thanks @abayer and @shashwathi for the quick fix

@abayer
Copy link
Contributor Author

abayer commented Mar 5, 2019

@pivotal-nader-ziada Happy to help! I'm glad I started work on switching Jenkins X over as early as I did, or who knows when we would have found this.

@knative-prow-robot knative-prow-robot merged commit eee89b0 into tektoncd:master Mar 5, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shashwathi shashwathi shashwathi approved these changes

@tejal29 tejal29 Awaiting requested review from tejal29

@vdemeester vdemeester Awaiting requested review from vdemeester

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cla: yes Trying to make the CLA bot happy with ppl from different companies work on one commit lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@abayer @nader-ziada @knative-prow-robot @knative-metrics-robot @shashwathi @googlebot