Allow setting sidecar ready annotation early

This commit adds an option to a new `config-features` ConfigMap called
`running-in-environment-with-injected-sidecars`.

Enabling this option will decrease the time it takes for a TaskRun to start
running(when no sidecars are present). However, for clusters that use injected
sidecars e.g. istio enabling this option can lead to unexpected behavior.By
default, the option is set to "true" for backwards compatibility.

When no sidercars are present and the cluster does not use injected sidecars,
the pipeline controller can optimize the TaskRun Pod creation process by
setting the `tekton.dev/ready` annotation during pod creation itself instead of
setting it after pod creation.

Fixes #2080

Signed-off-by: Dibyo Mukherjee <[email protected]>

Author: dibyom

config/config-feature-flags.yaml

@@ -28,8 +28,7 @@ data:
   # $HOME environment variable but this will change in an upcoming
   # release.
   #
-  # See https://github.com/tektoncd/pipeline/issues/2013 for more
-  # info.
+  # See https://github.com/tektoncd/pipeline/issues/2013 for more info.
   disable-home-env-overwrite: "false"
   # Setting this flag to "true" will prevent Tekton overriding your
   # Task container's working directory.
@@ -38,6 +37,15 @@ data:
   # working directory if not set by the user but this will change
   # in an upcoming release.
   #
-  # See https://github.com/tektoncd/pipeline/issues/1836 for more
-  # info.
+  # See https://github.com/tektoncd/pipeline/issues/1836 for more info.
   disable-working-directory-overwrite: "false"
+
+  # Setting this flag to "true" will set the `tekton.dev/ready` annotation
+  # at pod creation time for Taskruns without sidecars.
+  #
+  # Enabling this option should decrease the time it takes for a TaskRun to
+  # start running. However, for clusters that use injected sidecars e.g. istio
+  # enabling this option can lead to unexpected behavior.
+  #
+  # See https://github.com/tektoncd/pipeline/issues/2080 for more info.
+  enable-ready-annotation-on-pod-create: "false"

config/config-features.yaml

@@ -0,0 +1,30 @@
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config-features
+  namespace: tekton-pipelines
+  labels:
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-pipelines
+data:
+
+  # This option should be set to false when Pipelines is running in a cluster
+  # that does not use injected sidecars such as Istio. Setting it to false should decrease the time it takes for a TaskRun to
+  # start running. For clusters that use injected sidecars, setting this option to false can lead to unexpected behavior.
+  #
+  # See https://github.com/tektoncd/pipeline/issues/2080 for more info.
+  running-in-environment-with-injected-sidecars: "true"

config/controller.yaml

@@ -97,6 +97,8 @@ spec:
           value: feature-flags
         - name: CONFIG_LEADERELECTION_NAME
           value: config-leader-election
+        - name: CONFIG_FEATURES_NAME
+          value: config-features
         - name: METRICS_DOMAIN
           value: tekton.dev/pipeline
       volumes:

docs/install.md

@@ -278,6 +278,12 @@ The default value is `false`, which causes Tekton to override the working direct
 for each `Step` that does not have its working directory explicitly set with `/workspace`.
 For more information, see the [associated issue](https://github.com/tektoncd/pipeline/issues/1836).
 
+- `enable-ready-annotation-on-pod-create`: set this flag to `"true"` to allow the
+Tekton controller to set the `tekon.dev/ready` annotation at pod creation time for 
+TaskRuns with no Sidecars specified. Enabling this option should decrease the time it takes for a TaskRun to
+start running. However, for clusters that use injected sidecars e.g. istio
+enabling this option can lead to unexpected behavior.
+
 For example:
 
 ```yaml

pkg/pod/pod.go

@@ -45,8 +45,11 @@ const (
 	// ResultsDir is the folder used by default to create the results file
 	ResultsDir = "/tekton/results"
 
-	featureFlagDisableHomeEnvKey    = "disable-home-env-overwrite"
-	featureFlagDisableWorkingDirKey = "disable-working-directory-overwrite"
+	featureInjectedSidecar                   = "running-in-environment-with-injected-sidecars"
+	featureFlagDisableHomeEnvKey             = "disable-home-env-overwrite"
+	featureFlagDisableWorkingDirKey          = "disable-working-directory-overwrite"
+	featureFlagConfigMapName                 = "feature-flags"
+	featureFlagSetReadyAnnotationOnPodCreate = "enable-ready-annotation-on-pod-create"
 
 	taskRunLabelKey = pipeline.GroupName + pipeline.TaskRunLabelKey
 )
@@ -238,6 +241,10 @@ func MakePod(images pipeline.Images, taskRun *v1beta1.TaskRun, taskSpec v1beta1.
 	podAnnotations := taskRun.Annotations
 	podAnnotations[ReleaseAnnotation] = ReleaseAnnotationValue
 
+	if shouldAddReadyAnnotationOnPodCreate(taskSpec.Sidecars, kubeclient) {
+		podAnnotations[readyAnnotation] = readyAnnotationValue
+	}
+
 	return &corev1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
 			// We execute the build's pod in the same namespace as where the build was
@@ -351,3 +358,30 @@ func shouldOverrideWorkingDir(kubeclient kubernetes.Interface) bool {
 	}
 	return true
 }
+
+// shouldAddReadyAnnotationonPodCreate returns a bool indicating whether the
+// controller should add the `Ready` annotation when creating the Pod. We cannot
+// add the annotation if Tekton is running in a cluster with injected sidecars
+// or if the Task specifies any sidecars.
+func shouldAddReadyAnnotationOnPodCreate(sidecars []v1beta1.Sidecar, kubeclient kubernetes.Interface) bool {
+	// If the TaskRun has sidecars, we cannot set the READY annotation early
+	if len(sidecars) > 0 {
+		return false
+	}
+	// If the TaskRun has no sidecars, check if we are running in a cluster where sidecars can be injected by other
+	// controllers.
+	configMap, err := kubeclient.CoreV1().ConfigMaps(system.GetNamespace()).Get(getFeaturesConfigName(), metav1.GetOptions{})
+	if err == nil && configMap != nil && configMap.Data != nil && configMap.Data[featureInjectedSidecar] == "false" {
+		return true
+	}
+	return false
+}
+
+// getFeaturesConfigName returns the name of the configmap containing all
+// customizations for the feature flags.
+func getFeaturesConfigName() string {
+	if e := os.Getenv("CONFIG_FEATURES_NAME"); e != "" {
+		return e
+	}
+	return "config-features"
+}