Skip to content
This repository has been archived by the owner on Sep 5, 2019. It is now read-only.

Build object should be immutable #640

Open
nachtmaar opened this issue Jul 9, 2019 · 0 comments
Open

Build object should be immutable #640

nachtmaar opened this issue Jul 9, 2019 · 0 comments
Labels
kind/bug Something isn't working kind/good-first-issue Good for newcomers

Comments

@nachtmaar
Copy link

Expected Behavior

Build object cannot be modified after is has been created.

Actual Behavior

Build object can be modified if build is not finished (build container is still building the image). If build is finished, updates to the object are declined with the following message

# * spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`, `spec.initContainers[*].image`, `spec.activeDeadlineSeconds` or `spec.tolerations` (only additions to existing tolerations)

Modifications of the build object should be declined at any stage, e.g. with the help of a webhook.

Steps to Reproduce the Problem

1. kubectl apply -f build.yaml
2. Change e.g destination image name as long as the build is not completed yet:

  • --destination=index.docker.io/nachtmaar/http-db-service:v1 => --destination=index.docker.io/nachtmaar/http-db-service:v2
  • use command kubectl edit pod example-build-pod-0feed
  1. Check that the build did not pick up the destination change: kubectl logs example-build-pod-fa606a build-step-build-and-push|grep index.docker.io/nachtmaar/ shows destination is still index.docker.io/nachtmaar/http-db-service:v1 but should be v2

Additional Info

build.yaml:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: docker
secrets:
- name: docker-reg-credential  
---
apiVersion: v1
kind: Secret
metadata:
  name: docker-reg-credential
  annotations:
    build.knative.dev/docker-0: https://index.docker.io/v1/
type: kubernetes.io/basic-auth
data:
  # your docker.io username goes here 
  # username NOT the email
  # echo -n $USERNAME | base64 
  username: 
  # password for the account
  # echo -n $PASSWORD | base64 
  password: 
---
apiVersion: build.knative.dev/v1alpha1
kind: Build
metadata:
  name: example-build
spec:
  serviceAccountName: docker
  imagePullSecrets:
    - name: docker-reg-credential
  source:
    git:
      url: "https://github.com/kyma-project/examples.git"
      revision: "master"
  steps:
  - name: read
    image: ubuntu
    args: ['find', '/workspace/']  
  - name: build-and-push
    image: "gcr.io/kaniko-project/executor:v0.9.0"
    args:
    - "--context=/workspace/http-db-service"
    - "--dockerfile=./http-db-service/Dockerfile"
    - "--destination=index.docker.io/nachtmaar/http-db-service:v1"

Tested with knative build 0.6.1 and 0.7
@knative-prow-robot knative-prow-robot added kind/bug Something isn't working kind/good-first-issue Good for newcomers labels Jul 9, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Something isn't working kind/good-first-issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nachtmaar @knative-prow-robot