Is this a BUG REPORT or FEATURE REQUEST?:

Uncomment only one, leave it on its own line:

/kind bug

/kind enhancement

What happened:

Specifying parameter templateAnnotations has no effect when running modify-vm-template task.

What you expected to happen:

templateAnnotations get applied to Template when runinng modify-vm-template task.

How to reproduce it (as minimally and precisely as possible):

Run modify-vm-template task and specify templateAnnotations.

Anything else we need to know?:

setValuesToTemplate() is using the wrong getters here:

getTemplateLabels() and getTemplateAnnotations() should be used.

Is this a BUG REPORT or FEATURE REQUEST?:
/kind enhancement

ClusterTasks are deprecated and replaced with Tasks - https://tekton.dev/docs/pipelines/tasks/#task-vs-clustertask.
We will have make sure clusterTasks are replaced with tasks.

Is this a BUG REPORT or FEATURE REQUEST?:

Uncomment only one, leave it on its own line:

/kind bug

/kind enhancement

What happened:

copy-template Task failed because the template it tried to create already existed. After that the Pipeline stayed in state Running.

What you expected to happen:

The Pipeline switches to state Failed when copy-template Task failed.

How to reproduce it (as minimally and precisely as possible):

• Create template (e.g. with name testtemplate)
• Run copy-template Task with parameter targetTemplateName set to testtemplate

https://github.com/kubevirt/kubevirt-tekton-tasks/blame/main/README.md#L24-L34

We should not maintain downstream documentation

Is this a BUG REPORT or FEATURE REQUEST?:
/kind enhancement

Align kubevirt tekton tasks with instance types.
Common templates will be deprecated in some future version and we should make sure, kubevirt tekton tasks should work with https://github.com/kubevirt/common-instancetypes

Is this a BUG REPORT or FEATURE REQUEST?:

Uncomment only one, leave it on its own line:

/kind bug
/kind enhancement

What happened:
I would like to use the create-vm-from-manifest task to create a VM while providing a remote manifest instead of having to supply the manifest content directly.

What you expected to happen:

Supply a remote url to a manifest instead of having to provide the YAML to the task directly.

How to reproduce it (as minimally and precisely as possible):
See above

Anything else we need to know?:
N/A

Environment:

• KubeVirt version (use virtctl version):
• Kubernetes version (use kubectl version):
• tekton-pipelines version:
• kubevirt-tekton-tasks version:
• Pipeline/Taskrun specification:
• PipelineRun/TaskRun specification:
• CDI version if applicable:
• Cloud provider or hardware configuration:

Is this a BUG REPORT or FEATURE REQUEST?:
/kind enhancement

What happened:
Enable loading of pipelines from yaml files in e2e tests, so user doesn't have to specify it in code

• add early detection of failed datavolume imports

per #31 (comment) discussion, it should be possible to specify the sshPublicKey secret name in task parameters and the secret will be used by the VM to inject authorized keys

could be implemented either by

• specifying the accessCredentials in the VM manifest/template and then just injecting the secret name
• specifying accessCredentials API (propagationMethod, users, secretName) in the task parameters

The disadvantage of the later one is that it bloats the number of task parameters

Even though this feature is usable through the VM manifest in create-vm-from-manifest (see unit-tester-pipeline.yaml) we should probably make the feature set compatible with create-vm-from-template regarding this issue.

two options

• pass disk/volume definitions in task params - this would be probably too difficult to use
• specify the disk/volume definitions in the VM/Template yaml and replace a stub pvc/dv name with the real one
  • persistentVolumeClaims could be specified either standalone or with diskName selector, eg.

  - name: persistentVolumeClaims
    value:
      - "generated-pvc-1"
      - "disk-a:generated-pvc-2"
  

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update all dependencies (main) (fedora, github.com/onsi/ginkgo/v2, github.com/onsi/gomega, github.com/openshift/api, github.com/openshift/client-go, github.com/tektoncd/pipeline, k8s.io/api, k8s.io/apimachinery, k8s.io/cli-runtime, k8s.io/client-go, k8s.io/kube-openapi, k8s.io/kubectl, knative.dev/pkg, kubevirt.io/api, kubevirt.io/client-go, kubevirt.io/containerized-data-importer, kubevirt.io/containerized-data-importer-api, kubevirt.io/kubevirt, quay.io/kubevirt/libguestfs-tools)

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• chore(deps): update module kubevirt.io/kubevirt to v1.2.1 [security] (release-v0.17)
• chore(deps): update module kubevirt.io/kubevirt to v1.2.1 [security] (release-v0.15)

Detected dependencies

Is this a BUG REPORT or FEATURE REQUEST?:

/kind enhancement

What happened:

If a pipelines tries to update an existing PV, the pipeline fails

What you expected to happen:

The pipeline can explicitly allow to overwrite or replace the DV

How to reproduce it (as minimally and precisely as possible):

run https://github.com/kubevirt/tekton-tasks-operator/blob/main/data/tekton-pipelines/okd/windows10-installer.yaml twice.

Replace spec.running with spec.runStrategy because spec.running will be deprecated later. Similar issue was opened in common-templates repository, kubevirt/common-templates#581.

/kind bug

What happened:

I was trying to run example pipelines, but windows10-customize pipeline fails on create-data-object task with Failed to wait for success of data object: resource name may not be empty

What you expected to happen:

Succesfully run pipeline

How to reproduce it (as minimally and precisely as possible):

Running the TTO example pipelines

KubeVirt Tekton Tasks currently requires SSH credentials to be stored as an "Opaque" secret type with its own, project-specific fields. This means one cannot reuse SSH credentials from other contexts.

How about defaulting to (or at least allowing) Kubernetes's built-in "kubernetes.io/ssh-auth" type [1], meaning to allow secrets to be specified as:

apiVersion: v1
kind: Secret
metadata:
  name: secret-ssh-auth
type: kubernetes.io/ssh-auth
data:
  ssh-privatekey: |
    LS0tLS1CRUdJTiBPUEVOU1NI ...
  ssh-publickey: |
    U0bVBRUk82dUs5Y2ZWRWhDZU ...

[1] https://kubernetes.io/docs/concepts/configuration/secret/#ssh-authentication-secrets

/kind bug

What happened:
Got

error: unable to read URL "https://github.com/kubevirt/kubevirt-tekton-tasks/releases/download//kubevirt-tekton-tasks-okd.yaml", server reported 404 Not Found, status code=404

because curl -s https://github.com/kubevirt/kubevirt-tekton-tasks/releases/latest returns an empty string

because there is no release tagged "latest"

What you expected to happen:
Example instructions in the repo's base README.md should work as expected.

How to reproduce it (as minimally and precisely as possible):

VERSION=$(curl -s https://github.com/kubevirt/kubevirt-tekton-tasks/releases/latest | grep -o "v[0-9]\.[0-9]*\.[0-9]*")
kubectl apply -n default -f "https://github.com/kubevirt/kubevirt-tekton-tasks/releases/download/${VERSION}/kubevirt-tekton-tasks-okd.yaml"

Anything else we need to know?:

Should be straight-forward...

Environment:

not applicable, this is before k8s gets involved.

What happened:
Enable artifacthub linter once artifacthub/hub#3691 is resolved

We should consume https://github.com/kubevirt/libguestfs-appliance as the base image for this.

Reasoning is that somebody is taking care of the appliance, we can benefit from this

/kind bug

What happened:

When I was trying to start pipelineRuns in example folder error occured:
admission webhook "webhook.pipeline.tekton.dev" denied the request: mutation failed: cannot decode incoming new object: json: unknown field "serviceAccountNames"

What you expected to happen:

Start the pipeline

How to reproduce it (as minimally and precisely as possible):

Follow example instructions at https://github.com/kubevirt/kubevirt-tekton-tasks/tree/main/examples/pipelines/windows10-installer

/kind bug

What happened:
Trying to use windows10-installer example from repo in OCP 4.10 fails in task create-vm-from-manifest with:

could not add owner reference to windows10-source-4wl8x DataVolume: datavolumes.cdi.kubevirt.io "windows10-source-4wl8x" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>

What you expected to happen:

Creation of VM

How to reproduce it (as minimally and precisely as possible):

Follow example instructions at https://github.com/kubevirt/kubevirt-tekton-tasks/tree/main/examples/pipelines/windows10-installer

Anything else we need to know?:

Environment:

• KubeVirt version (use virtctl version):

Client Version: version.Info{GitVersion:"v0.44.3-5-gaa60cafdd", GitCommit:"aa60cafddc1040b434f5b7ca40fa49c8174adb61", GitTreeState:"clean", BuildDate:"2021-10-30T17:55:57Z", GoVersion:"go1.16.6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{GitVersion:"v0.49.0-163-gb0553b0f5", GitCommit:"b0553b0f5e5c7c091e7107382073bba7d9be3f43", GitTreeState:"clean", BuildDate:"2022-05-19T18:19:30Z", GoVersion:"go1.16.12", Compiler:"gc", Platform:"linux/amd64"}

• Kubernetes version (use kubectl version):

$ oc version
Client Version: 4.10.18
Server Version: 4.10.18
Kubernetes Version: v1.23.5+3afdacb

• tekton-pipelines version:

$ tkn version
Client version: 0.23.1
Pipeline version: v0.33.2
Triggers version: v0.19.0
Operator version: v0.55.1

• kubevirt-tekton-tasks version: current main

• Pipeline/Taskrun specification:

• PipelineRun/TaskRun specification:

• CDI version if applicable:

• Cloud provider or hardware configuration:

Is this a BUG REPORT or FEATURE REQUEST?:

/kind bug

What happened:

In recent CI e2e tests I saw a lot of the following warnings:

   Begin Captured StdOut/StdErr Output >>
    W0907 16:46:20.074423   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.098179   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.138689   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.177835   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.216410   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.255660   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.294724   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.338697   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.384938   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.423593   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.462486   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.501779   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.541326   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.687683   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:28.888890   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:29.089729   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:29.288497   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:29.488375   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:29.687316   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:29.887855   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:30.088860   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:30.290910   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:30.496281   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
    W0907 16:46:30.695252   14888 warnings.go:70] kubevirt.io/v1alpha3 is now deprecated and will be removed in a future release.
  << End Captured StdOut/StdErr Output 

This should be investigated. Perhaps the tests are using an outdated kubevirt client version?

What you expected to happen:

The e2e tests should use the kubevirt.io/v1 API.

add new test to the CI

• will use latest published images (instead of the ones compiled on the spot from the PR like the other tests)
• simple smoke tests (one negative + one positive use case for each task/image ? )
• could be periodic and not tied to the PR (eg once a week?)
• could test example pipelines

create an example pipeline which use concepts explained in https://github.com/kubevirt/kubevirt-tekton-tasks/blob/main/docs/tasks-rbac-permissions.md

• the pipeline should access/create resources in different namespaces
• the pipeline should explain on how to deploy and setup the tasks/namespaces for this pipeline

Is this a BUG REPORT or FEATURE REQUEST?:
/kind bug

What happened:
virt-sysprep ClusterTask fails if an edit command is passed in. virt-sysprep and virt-customize allow for non-interactive editing of a file like so and requires perl to be installed:

 edit /some/file:s/^OPT=.*/OPT=ok/

https://github.com/rwmjones/guestfs-tools/blob/3a498512f58bc431db490e96cdb712b19389bda4/customize/perl_edit-c.c#L42
https://github.com/rwmjones/guestfs-tools/blob/3a498512f58bc431db490e96cdb712b19389bda4/customize/perl_edit.ml#L22-L30

Should the perl binary be included in kubevirt/libguestfs-tools? I can't seem to find where this image lives.

What you expected to happen:
success :)

How to reproduce it (as minimally and precisely as possible):

---
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: kmi-pipeline
spec:
  tasks:
    - name: create-datavolume-from-manifest
      taskRef:
        kind: ClusterTask
        name: create-datavolume-from-manifest
      params:
        - name: waitForSuccess
          value: 'true'
        - name: manifest
          value: |
            apiVersion: cdi.kubevirt.io/v1beta1
            kind: DataVolume
            metadata:
              generateName: fedora-35-
            spec:
              pvc:
                accessModes:
                  - ReadWriteOnce
                resources:
                  requests:
                    storage: 10Gi
                volumeMode: Filesystem
              source:
                http:
                  url: https://download.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2

    - name: disk-virt-sysprep
      params:
        - name: pvc
          value: "$(tasks.create-datavolume-from-manifest.results.name)"
        - name: sysprepCommands
          value: |
            run-command dnf -y --best upgrade --exclude=kernel*
            edit /etc/selinux/config:s/^SELINUX=enforcing/SELINUX=permissive/
            install vim,tmux
            run-command dnf clean all
            delete /var/cache/dnf
        - name: additionalOptions
          value: "--network"
      taskRef:
        kind: ClusterTask
        name: disk-virt-sysprep
      runAfter:
        - create-datavolume-from-manifest
---
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  generateName: kmi-pipelinerun-
spec:
  pipelineRef:
    name: kmi-pipeline
  serviceAccountNames:
    - taskName: create-datavolume-from-manifest
      serviceAccountName: create-datavolume-from-manifest-task

...
[disk-virt-sysprep : run-virt-sysprep] [   5.2] Performing "utmp" ...
[disk-virt-sysprep : run-virt-sysprep] [   5.2] Performing "yum-uuid" ...
[disk-virt-sysprep : run-virt-sysprep] [   5.2] Performing "customize" ...
[disk-virt-sysprep : run-virt-sysprep] [   5.2] Setting a random seed
[disk-virt-sysprep : run-virt-sysprep] [   5.2] Setting the machine ID in /etc/machine-id
[disk-virt-sysprep : run-virt-sysprep] [   5.2] Running: dnf -y --best upgrade --exclude=kernel*
[disk-virt-sysprep : run-virt-sysprep] [  50.0] Editing: /etc/selinux/config
[disk-virt-sysprep : run-virt-sysprep] sh: perl: command not found
[disk-virt-sysprep : run-virt-sysprep] virt-sysprep: error: failure: rm: /var/run/utmp: No such file or directory
[disk-virt-sysprep : run-virt-sysprep]
[disk-virt-sysprep : run-virt-sysprep] If reporting bugs, run virt-sysprep with debugging enabled and include the
[disk-virt-sysprep : run-virt-sysprep] complete output:
[disk-virt-sysprep : run-virt-sysprep]
[disk-virt-sysprep : run-virt-sysprep]   virt-sysprep -v -x [...]

failed to get logs for task disk-virt-sysprep : container step-run-virt-sysprep has failed  : [{"key":"StartedAt","value":"2022-02-18T20:54:20.324Z","type":3}]

Anything else we need to know?:

Environment:

• KubeVirt version (use virtctl version):

Client Version: version.Info{GitVersion:"v0.49.0", GitCommit:"f8160a0b5eac2acafab74fd7916bfcaf0c39a6a3", GitTreeState:"clean", BuildDate:"2022-01-11T17:37:26Z", GoVersion:"go1.16.6", Compiler:"gc", Platfo
rm:"linux/amd64"}
Server Version: version.Info{GitVersion:"v0.46.0-dirty", GitCommit:"3ebb0a03fde639ea9afb5ee83ac7ac72dbeb4a9d", GitTreeState:"dirty", BuildDate:"2021-10-08T21:39:28Z", GoVersion:"go1.16.6", Compiler:"gc",
Platform:"linux/amd64"}

• Kubernetes version (use kubectl version):

Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.3", GitCommit:"816c97ab8cff8a1c72eccca1026f7820e93e0d25", GitTreeState:"archive", BuildDate:"2022-01-27T18:26:18Z", GoVersion:"go1.17.
6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.6", GitCommit:"d921bc6d1810da51177fbd0ed61dc811c5228097", GitTreeState:"clean", BuildDate:"2021-10-27T17:44:26Z", GoVersion:"go1.16.9"
, Compiler:"gc", Platform:"linux/amd64"}
WARNING: version difference between client (1.23) and server (1.21) exceeds the supported minor version skew of +/-1

• tekton-pipelines version:

Client version: 0.21.0
Pipeline version: v0.33.0

• kubevirt-tekton-tasks version: v0.4.0
• CDI version if applicable: v1.42.1

caused by improper secret creation

We should add it if we detect it is missing

error:

Warning: Permanently added '10.116.1.229' (ECDSA) to the list of known hosts.
Load key "/tekton/home/.ssh/id_rsa": invalid format
Permission denied, please try again.
Permission denied, please try again.
[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

What happened:
I want to install and use the tekton tasks to run the example pipeline,
Windows EFI Installer Pipeline
When instantiating the pipelinerun as part of,
https://github.com/kubevirt/kubevirt-tekton-tasks/blob/main/release/pipelines/windows-efi-installer/pipelineruns/pipelineruns.yaml

The task "modify-windows-iso-file" fails.
Log output states permission denied

What you expected to happen:
I expect the pipeline to complete and having a working Windows Template.

How to reproduce it (as minimally and precisely as possible):
Follow the install section on the main Readme.
Create the pipeline,
kubevirt-tekton-tasks/release/pipelines/windows-efi-installer
and instanciate a pipelinerun

Additional context:
I believe the problem is because the pipelinerun defines some values to the podtemplate,
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
See,
https://github.com/kubevirt/kubevirt-tekton-tasks/blob/main/release/pipelines/windows-efi-installer/pipelineruns/pipelineruns.yaml

Changing this to
taskRunSpecs:
- pipelineTaskName: "modify-windows-iso-file"
podTemplate:
securityContext:
runAsUser: 107
runAsGroup: 1001
fsGroup: 107

Makes the pipeline work.
Environment:

• KubeVirt version (use virtctl version): N/A
  Client Version: version.Info{GitVersion:"v1.1.1-110-g359e3f5ed", GitCommit:"359e3f5eda4ad2c77958b98924ed9a1e53c91d06", GitTreeState:"clean", BuildDate:"2024-05-29T01:45:44Z", GoVersion:"go1.20.12 X:strictfipsruntime", Compiler:"gc", Platform:"linux/amd64"}
  Server Version: version.Info{GitVersion:"v1.1.1-110-g359e3f5ed", GitCommit:"359e3f5eda4ad2c77958b98924ed9a1e53c91d06", GitTreeState:"clean", BuildDate:"2024-06-07T04:25:34Z", GoVersion:"go1.20.12 X:strictfipsruntime", Compiler:"gc", Platform:"linux/amd64"}

• Kubernetes version (use kubectl version): N/A
  Client Version: 4.15.2
  Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
  Kubernetes Version: v1.28.6+6216ea1

• VM or VMI specifications: N/A

• Cloud provider or hardware configuration: N/A

• OS (e.g. from /etc/os-release): N/A

• Kernel (e.g. uname -a): N/A

• Install tools: N/A

• Others: N/A

Is this a BUG REPORT or FEATURE REQUEST?:
/kind enhancement

What happened:
It would be easier to discover these tasks if they were available on the Tekton Hub (hub.tekton.dev) and may even drive the creation of additional tasks

What you expected to happen:
Search for KubeVirt tekton tasks on the tekton hub and see that they exist.

How to reproduce it (as minimally and precisely as possible):
N/A

Anything else we need to know?:
N/A

/kind enhancement

What happened:
Currently, the kubevirt-tekton-tasks are only tested in OpenShift. The project would benefit from also having a testing line in plain Kubernetes, increasing the amount of corner cases tested.

What you expected to happen:
To test kubevirt-tekton-taks in a plain kubernetes scenarios.