Skip to content

executor plugins example from documentation does not work #13015

New issue
New issue
Open
Bug
#13019
#15111
Open
executor plugins example from documentation does not work#13015
Bug
#13019
#15111
Labels
P2Important. All bugs with >=3 thumbs up that aren’t P0 or P1, plus: Any other bugs deemed importantarea/agentArgo Agent that runs for HTTP and Plugin templatesarea/docsIncorrect, missing, or mistakes in docsarea/executorarea/pluginssolution/workaroundThere's a workaround, might not be great, but exists
@dgolja

Description

@dgolja
dgolja
opened on May 7, 2024

Pre-requisites

  • I have double-checked my configuration
  • I have tested with the :latest image tag (i.e. quay.io/argoproj/workflow-controller:latest) and can confirm the issue still exists on :latest. If not, I have explained why, in detail, in my description below.
  • I have searched existing issues and could not find a match for this bug
  • I'd like to contribute the fix myself (see contributing guide)

What happened/what did you expect to happen?

Executor_plugins example provided in the documentation does not work even after adjusting the default service account permissions.

To setup the initial environment I followed the quick guide steps and updated default service account RBAC permissions.

kubectl -n argo apply -f - <<EOF
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: agent
rules:
- apiGroups:
  - argoproj.io
  resources:
  - workflowtasksets
  verbs:
  - list
  - watch
- apiGroups:
  - argoproj.io
  resources:
  - workflowtasksets/status
  verbs:
  - patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: argo-binding-agent
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: agent
subjects:
- kind: ServiceAccount
  name: default
  namespace: argo
---
apiVersion: v1
kind: Secret
metadata:
  name: default.service-account-token
  annotations:
    kubernetes.io/service-account.name: default
type: kubernetes.io/service-account-token
EOF

Also it's odd that the logs are complaining about system:serviceaccount:argo:argo permissions, even If I am not setting the service account to argo in the Workflow. Based on the documentation it should use default.

Version

latest

Paste a small workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  generateName: hello-executor-plugin-example-
spec:
  entrypoint: main
  templates:
    - name: main
      plugin:
        hello: { }

Logs from the workflow controller

time="2024-05-07T12:38:18.038Z" level=info msg="Processing workflow" Phase= ResourceVersion=3690 namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:18.040Z" level=info msg="Task-result reconciliation" namespace=argo numObjs=0 workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:18.040Z" level=info msg="Updated phase  -> Running" namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:18.040Z" level=warning msg="Node was nil, will be initialized as type Skipped" namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:18.041Z" level=warning msg="[DEBUG] boundaryID was nil" namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:18.041Z" level=info msg="was unable to obtain node for , letting display name to be nodeName" namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:18.041Z" level=info msg="Plugin node hello-executor-plugin-example-7b72f initialized Pending" namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:18.041Z" level=info msg="TaskSet Reconciliation" namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:18.041Z" level=info msg="Creating TaskSet" namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:18.045Z" level=info msg=reconcileAgentPod namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:18.056Z" level=info msg="Created Agent pod" namespace=argo podName=hello-executor-plugin-example-7b72f-1340600742-agent workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:18.056Z" level=info msg=updateAgentPodStatus namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:18.056Z" level=info msg=assessAgentPodStatus namespace=argo podName=hello-executor-plugin-example-7b72f-1340600742-agent
time="2024-05-07T12:38:18.057Z" level=warning msg="error updating taskset" error="failed patching taskset: workflowtasksets.argoproj.io \"hello-executor-plugin-example-7b72f\" is forbidden: User \"system:serviceaccount:argo:argo\" cannot patch resource \"workflowtasksets/status\" in API group \"argoproj.io\" in the namespace \"argo\"" namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:18.064Z" level=info msg="Workflow update successful" namespace=argo phase=Running resourceVersion=3695 workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:23.182Z" level=info msg="insignificant pod change" key=argo/hello-executor-plugin-example-7b72f-1340600742-agent
time="2024-05-07T12:38:28.056Z" level=info msg="Processing workflow" Phase=Running ResourceVersion=3695 namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:28.056Z" level=info msg="Task-result reconciliation" namespace=argo numObjs=0 workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:28.056Z" level=info msg=updateAgentPodStatus namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:28.056Z" level=info msg=assessAgentPodStatus namespace=argo podName=hello-executor-plugin-example-7b72f-1340600742-agent
time="2024-05-07T12:38:28.057Z" level=error msg="was unable to obtain node for hello-executor-plugin-example-7b72f-2166136261" namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:28.057Z" level=info msg="TaskSet Reconciliation" namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:28.057Z" level=info msg="Creating TaskSet" namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:28.075Z" level=info msg=reconcileAgentPod namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:28.075Z" level=info msg=updateAgentPodStatus namespace=argo workflow=hello-executor-plugin-example-7b72f
time="2024-05-07T12:38:28.075Z" level=info msg=assessAgentPodStatus namespace=argo podName=hello-executor-plugin-example-7b72f-1340600742-agent

Logs from in your workflow's wait container

error: container wait is not valid for pod hello-executor-plugin-example-7b72f-1340600742-agent

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2Important. All bugs with >=3 thumbs up that aren’t P0 or P1, plus: Any other bugs deemed importantarea/agentArgo Agent that runs for HTTP and Plugin templatesarea/docsIncorrect, missing, or mistakes in docsarea/executorarea/pluginssolution/workaroundThere's a workaround, might not be great, but exists

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions