Skip to content
This repository was archived by the owner on Sep 5, 2019. It is now read-only.

Build object should be immutable #640

Open
Open
Build object should be immutable#640
Labels
kind/bugSomething isn't workingkind/good-first-issueGood for newcomers
@nachtmaar

Description

@nachtmaar
nachtmaar
opened on Jul 9, 2019

Expected Behavior

Build object cannot be modified after is has been created.

Actual Behavior

Build object can be modified if build is not finished (build container is still building the image). If build is finished, updates to the object are declined with the following message

# * spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`, `spec.initContainers[*].image`, `spec.activeDeadlineSeconds` or `spec.tolerations` (only additions to existing tolerations)

Modifications of the build object should be declined at any stage, e.g. with the help of a webhook.

Steps to Reproduce the Problem

1. kubectl apply -f build.yaml
2. Change e.g destination image name as long as the build is not completed yet:

  • --destination=index.docker.io/nachtmaar/http-db-service:v1 => --destination=index.docker.io/nachtmaar/http-db-service:v2
  • use command kubectl edit pod example-build-pod-0feed
  1. Check that the build did not pick up the destination change: kubectl logs example-build-pod-fa606a build-step-build-and-push|grep index.docker.io/nachtmaar/ shows destination is still index.docker.io/nachtmaar/http-db-service:v1 but should be v2

Additional Info

build.yaml:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: docker
secrets:
- name: docker-reg-credential  
---
apiVersion: v1
kind: Secret
metadata:
  name: docker-reg-credential
  annotations:
    build.knative.dev/docker-0: https://index.docker.io/v1/
type: kubernetes.io/basic-auth
data:
  # your docker.io username goes here 
  # username NOT the email
  # echo -n $USERNAME | base64 
  username: 
  # password for the account
  # echo -n $PASSWORD | base64 
  password: 
---
apiVersion: build.knative.dev/v1alpha1
kind: Build
metadata:
  name: example-build
spec:
  serviceAccountName: docker
  imagePullSecrets:
    - name: docker-reg-credential
  source:
    git:
      url: "https://github.com/kyma-project/examples.git"
      revision: "master"
  steps:
  - name: read
    image: ubuntu
    args: ['find', '/workspace/']  
  - name: build-and-push
    image: "gcr.io/kaniko-project/executor:v0.9.0"
    args:
    - "--context=/workspace/http-db-service"
    - "--dockerfile=./http-db-service/Dockerfile"
    - "--destination=index.docker.io/nachtmaar/http-db-service:v1"

Tested with knative build 0.6.1 and 0.7

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/bugSomething isn't workingkind/good-first-issueGood for newcomers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions