Skip to content

Commit

Permalink
Point $HOME to /tekton/home
Browse files Browse the repository at this point in the history
/builder/home is still mounted, backed by the same volume, to allow
users some time to move over before we move /builder/home in v0.10 and
beta.
  • Loading branch information
imjasonh committed Nov 27, 2019
1 parent 93f1933 commit 138db46
Show file tree
Hide file tree
Showing 17 changed files with 119 additions and 70 deletions.
10 changes: 5 additions & 5 deletions cmd/creds-init/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,13 +36,13 @@ data:
```
The flag `-ssh-git=ssh-key=github.com` (with the environment variable
`HOME=/builder/home`) would result with the following files:
`HOME=/tekton/home`) would result with the following files:

- `~/.ssh/config`

```
HostName github.com
IdentityFile /builder/home/.ssh/id_foo
IdentityFile /tekton/home/.ssh/id_foo
Port 22
```
- `~/.ssh/id_rsa` with the content of `ssh-privatekey` decoded
Expand Down Expand Up @@ -71,9 +71,9 @@ stringData:
```

The flag `-basic-git=foo=github.com` (with the environment variable
`HOME=/builder/home`) would result of the following files:
`HOME=/tekton/home`) would result of the following files:

- `/builder/home/.gitconfig`
- `/tekton/home/.gitconfig`

```
[credential]
Expand All @@ -82,7 +82,7 @@ The flag `-basic-git=foo=github.com` (with the environment variable
username = <username>
```

- `/builder/home/.git-credentials`
- `/tekton/home/.git-credentials`

```
https://<username>:<password>@github.com
Expand Down
2 changes: 1 addition & 1 deletion docs/auth.md
Original file line number Diff line number Diff line change
Expand Up @@ -431,7 +431,7 @@ Note: Because `known_hosts` is a non-standard extension of
### Least privilege

The secrets as outlined here will be stored into `$HOME` (by convention the
volume: `/builder/home`), and will be available to `Source` and all `Steps`.
volume: `/tekton/home`), and will be available to `Source` and all `Steps`.

For sensitive credentials that should not be made available to some steps, do
not use the mechanisms outlined here. Instead, the user should declare an
Expand Down
2 changes: 1 addition & 1 deletion docs/developers/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ If the image is a private registry, the service account should include an
The `/builder/` namespace is reserved on containers for various system tools,
such as the following:

- The environment variable HOME is set to `/builder/home`, used by the builder
- The environment variable HOME is set to `/tekton/home`, used by the builder
tools and injected on into all of the step containers
- Default location for output-images `/builder/output-images`

Expand Down
4 changes: 2 additions & 2 deletions docs/taskruns.md
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ spec:
# specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
env:
- name: "DOCKER_CONFIG"
value: "/builder/home/.docker/"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
Expand Down Expand Up @@ -377,7 +377,7 @@ spec:
# specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
env:
- name: "DOCKER_CONFIG"
value: "/builder/home/.docker/"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
Expand Down
2 changes: 1 addition & 1 deletion docs/tutorial.md
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ spec:
# specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
env:
- name: "DOCKER_CONFIG"
value: "/builder/home/.docker/"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
Expand Down
2 changes: 1 addition & 1 deletion examples/pipelineruns/pipelinerun.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ spec:
# specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
env:
- name: "DOCKER_CONFIG"
value: "/builder/home/.docker/"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
Expand Down
2 changes: 1 addition & 1 deletion examples/taskruns/build-push-kaniko.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ spec:
# specifying DOCKER_CONFIG is required to allow kaniko to detect docker credential
env:
- name: "DOCKER_CONFIG"
value: "/builder/home/.docker/"
value: "/tekton/home/.docker/"
command:
- /kaniko/executor
args:
Expand Down
2 changes: 1 addition & 1 deletion examples/taskruns/home-is-set.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,4 @@ spec:
command: ['bash']
args:
- '-c'
- '[[ $HOME == /builder/home ]]'
- '[[ $HOME == /tekton/home ]]'
11 changes: 6 additions & 5 deletions examples/taskruns/home-volume.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,19 +8,20 @@ spec:
- name: write
image: ubuntu
command: ['bash']
args: ['-c', 'echo some stuff > /builder/home/stuff']
args: ['-c', 'echo some stuff > /tekton/home/stuff']
- name: read
image: ubuntu
command: ['cat']
args: ['/builder/home/stuff']
args: ['/tekton/home/stuff']
- name: override-homevol
image: ubuntu
command: ['bash']
# /builder/home/stuff *doesn't* exist.
args: ['-c', '[[ ! -f /builder/home/stuff ]]']
# /tekton/home/stuff *doesn't* exist, because the specified volumeMount
# conflicts with it, and the user's explicit declaration wins the tie.
args: ['-c', '[[ ! -f /tekton/home/stuff ]]']
volumeMounts:
- name: empty
mountPath: /builder/home
mountPath: /tekton/home
volumes:
- name: empty
emptyDir: {}
27 changes: 27 additions & 0 deletions examples/taskruns/old-home-volume.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
generateName: old-home-volume-
spec:
taskSpec:
steps:
- name: write
image: ubuntu
command: ['bash']
args: ['-c', 'echo some stuff > /builder/home/stuff']
- name: read
image: ubuntu
command: ['cat']
args: ['/builder/home/stuff']
- name: override-homevol
image: ubuntu
command: ['bash']
# /tekton/home/stuff *doesn't* exist, because the specified volumeMount
# conflicts with it, and the user's explicit declaration wins the tie.
args: ['-c', '[[ ! -f /builder/home/stuff ]]']
volumeMounts:
- name: empty
mountPath: /builder/home
volumes:
- name: empty
emptyDir: {}
8 changes: 4 additions & 4 deletions examples/taskruns/task-multiple-output-image.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -73,8 +73,8 @@ spec:
- -ce
- |
set -ex
mkdir -p /builder/home/image-outputs/builtImage1
cat <<EOF > /builder/home/image-outputs/builtImage1/index.json
mkdir -p /tekton/home/image-outputs/builtImage1
cat <<EOF > /tekton/home/image-outputs/builtImage1/index.json
{
"schemaVersion": 2,
"manifests": [
Expand All @@ -94,8 +94,8 @@ spec:
- -ce
- |
set -e
mkdir -p /builder/home/image-outputs/builtImage2
cat <<EOF > /builder/home/image-outputs/builtImage2/index.json
mkdir -p /tekton/home/image-outputs/builtImage2
cat <<EOF > /tekton/home/image-outputs/builtImage2/index.json
{
"schemaVersion": 2,
"manifests": [
Expand Down
13 changes: 10 additions & 3 deletions pkg/pod/pod.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,8 @@ import (

const (
workspaceDir = "/workspace"
homeDir = "/builder/home"
homeDir = "/tekton/home"
oldHomeDir = "/builder/home"

taskRunLabelKey = pipeline.GroupName + pipeline.TaskRunLabelKey
ManagedByLabelKey = "app.kubernetes.io/managed-by"
Expand All @@ -59,14 +60,20 @@ var (
Name: "workspace",
MountPath: workspaceDir,
}, {
Name: "home",
Name: "tekton-home",
MountPath: homeDir,
}, {
// Mount the home Volume to both /tekton/home and (old,
// deprecated) /builder/home.
// TODO(#1633): After v0.10, we can remove this old path.
Name: "tekton-home",
MountPath: oldHomeDir,
}}
implicitVolumes = []corev1.Volume{{
Name: "workspace",
VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}},
}, {
Name: "home",
Name: "tekton-home",
VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}},
}}

Expand Down
7 changes: 2 additions & 5 deletions pkg/pod/workingdir_init_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,8 @@ import (

func TestWorkingDirInit(t *testing.T) {
volumeMounts := []corev1.VolumeMount{{
Name: "workspace",
MountPath: "/workspace",
}, {
Name: "home",
MountPath: "/builder/home",
Name: "my-volume-mount",
MountPath: "/blah",
}}

names.TestingSeed()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1412,12 +1412,14 @@ func TestResolveConditionChecks(t *testing.T) {
{
name: "conditionCheck exists",
getTaskRun: func(name string) (*v1alpha1.TaskRun, error) {
if name == "pipelinerun-mytask1-9l9zj-always-true-mz4c7" {
switch name {
case "pipelinerun-mytask1-9l9zj-always-true-mz4c7":
return cc, nil
} else if name == "pipelinerun-mytask1-9l9zj" {
case "pipelinerun-mytask1-9l9zj":
return &trs[0], nil
default:
return nil, xerrors.Errorf("getTaskRun called with unexpected name %s", name)
}
return nil, xerrors.Errorf("getTaskRun called with unexpected name %s", name)
},
expectedConditionCheck: TaskConditionCheckState{{
ConditionCheckName: "pipelinerun-mytask1-9l9zj-always-true-mz4c7",
Expand Down
Loading

0 comments on commit 138db46

Please sign in to comment.