11# entrypoint
22
33This binary is used to override the entrypoint of a container by
4- wrapping it. In ` tektoncd/pipeline ` this is used to make sure ` Task ` 's
5- steps are executed in order, or for sidecars.
4+ wrapping it and executing original entrypoint command in a subprocess.
65
7- The following flags are available :
6+ Tekton uses this to make sure ` TaskRun ` s' steps are executed in order, only
7+ after sidecars are ready and previous steps have completed successfully.
8+
9+ ## Flags
10+
11+ The following flags are available:
812
913- ` -entrypoint ` : "original" command to be executed (as
1014 entrypoint). This will be executed as a sub-process on ` entrypoint `
@@ -16,20 +20,97 @@ The following flags are available :
1620 will either execute the sub-process (in case of ` {{wait_file}} ` ) or
1721 skip the execution, write to ` {{post_file}}.err ` and return an error
1822 (` exitCode ` >= 0)
19- - ` -wait_file_content ` : excepts the ` wait_file ` to add actual
20- content . It will continue watching for ` wait_file ` until it has
23+ - ` -wait_file_content ` : expects the ` wait_file ` to contain actual
24+ contents . It will continue watching for ` wait_file ` until it has
2125 content.
2226
27+ Any extra positional arguments are passed to the original entrypoint command.
28+
29+ ## Example
30+
2331The following example of usage for ` entrypoint ` waits for
24- ` /tekton/downward/ready ` file to exist and have some content before
25- executing ` /ko-app/bash -- -args mkdir -p /workspace/git-resource ` ,
26- and will write to ` /tekton/tools/0 ` in case of success, or
27- ` /tekton/tools/0.err ` in case of failure.
32+ ` /tekton/tools/3 ` file to exist and executes the command ` bash ` with args
33+ ` echo ` and ` hello ` , then writes the file ` /tekton/tools/4 ` , or
34+ ` /tekton/tools/4.err ` in case the command fails.
2835
2936``` shell
3037entrypoint \
31- -wait_file /tekton/downward/ready \
32- -post_file /tekton/tools/0" \
33- -wait_file_content \
34- -entrypoint /ko-app/bash -- -args mkdir -p /workspace/git-resource
38+ -wait_file /tekton/tools/3 \
39+ -post_file /tekton/tools/4 \
40+ -entrypoint bash -- \
41+ echo hello
42+ ```
43+
44+ ## Waiting for Sidecars
45+
46+ In cases where the TaskRun's Pod has sidecar containers -- including, possibly,
47+ injected sidecars that Tekton itself didn't specify -- the first step should
48+ also wait until all those sidecars have reported as ready. Starting before
49+ sidecars are ready could lead to flaky errors if steps rely on the sidecar
50+ being ready to succeed.
51+
52+ To account for this, the Tekton controller starts TaskRun Pods with the first
53+ step's entrypoint binary configured to wait for a special file provided by the
54+ [ Kubernetes Downward
55+ API] ( https://kubernetes.io/docs/tasks/inject-data-application/downward-api-volume-expose-pod-information/#the-downward-api ) .
56+ This allows Tekton to write a Pod annotation when all sidecars report as ready,
57+ and for the value of that annotation to appear to the Pod as a file in a
58+ Volume. To the Pod, that file always exists, but without content until the
59+ annotation is set, so we instruct the entrypoint to wait for the ` -wait_file `
60+ to contain contents before proceeding.
61+
62+ ### Example
63+
64+ The following example of usage for ` entrypoint ` waits for
65+ ` /tekton/downward/ready ` file to exist and contain actual contents
66+ (` -wait_file_contents ` ), and executes the command ` bash ` with args
67+ ` echo ` and ` hello ` , then writes the file ` /tekton/tools/1 ` , or
68+ ` /tekton/tools/1.err ` in case the command fails.
69+
70+ ``` shell
71+ entrypoint \
72+ -wait_file /tekton/downward/ready \
73+ -wait_file_contents \
74+ -post_file /tekton/tools/1 \
75+ -entrypoint bash -- \
76+ echo hello
77+ ```
78+
79+ ## ` cp ` Mode
80+
81+ In order to make the ` entrypoint ` binary available to the user's steps, it gets
82+ copied to a Volume that's shared with all the steps' containers. This is done
83+ in an ` initContainer ` pre-step, that runs before steps start.
84+
85+ To reduce external dependencies, the ` entrypoint ` binary actually copies
86+ _ itself_ to the shared Volume. When executed with the positional args of `cp
87+ <src > <dst >` , the ` entrypoint` binary copies the ` <src >` file to ` <dst >` and
88+ exits.
89+
90+ It's executed as an ` initContainer ` in the TaskRun's Pod like:
91+
92+ ```
93+ initContainers:
94+ - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint
95+ args:
96+ - cp
97+ - /ko-app/entrypoint # <-- path to the entrypoint binary inside the image
98+ - /tekton/tools/entrypoint
99+ volumeMounts:
100+ - name: tekton-internal-tools
101+ mountPath: /tekton/tools
102+
103+ containers:
104+ - image: user-image
105+ command:
106+ - /tekton/tools/entrypoint
107+ ... args to entrypoint ...
108+ volumeMounts:
109+ - name: tekton-internal-tools
110+ mountPath: /tekton/tools
111+
112+ volumes:
113+ - name: tekton-internal-tools
114+ volumeSource:
115+ emptyDir: {}
35116```
0 commit comments