Skip to content

Tekton Results broken on dogfooding cluster (postgres image gone) — temporarily disabled #3427

Description

@vdemeester

Summary

Tekton Results has been fully broken on the oci-ci-cd dogfooding cluster for 45+ days and is being temporarily disabled until it can be fixed properly.

Symptoms (as of 2026-06-08)

tekton-results-postgres-0                      0/1  ImageInspectError   (32d)
tekton-results-api-...                         0/1  CrashLoopBackOff    (45d, 15728 restarts)
tekton-results-watcher-...                     0/1  CrashLoopBackOff    (47d)
tekton-results-retention-policy-agent-...      0/1  CrashLoopBackOff    (45d)

Root cause

The postgres image pinned in the overlay is no longer pullable:

docker.io/bitnami/postgresql@sha256:ac8dd0d6512c4c5fb146c16b1c5f05862bd5f600d73348506ab4252587e7fcc6

Bitnami deprecated their free Docker Hub catalog in 2025, so the digest can no longer be inspected/pulled (ImageInspectError). With no DB, the api/watcher/retention-agent crashloop.

Impact: PipelineRun / PVC pileup

The results-watcher adds a results.tekton.dev/pipelinerun finalizer to PipelineRuns so it can store the record before deletion. While Results is broken, the finalizer is added but never removed, so completed PipelineRuns get stuck in Terminating forever. This previously trapped ~33 PipelineRuns (some since February) and blocked cascade-deletion of their PVCs, contributing to block-storage sprawl (~1.5 TB of orphaned 50Gi PVCs were manually reclaimed on 2026-06-08).

Temporary mitigation (this issue's PR)

Scale all Results workloads (api, watcher, retention-policy-agent, postgres) to replicas: 0 via a kustomize patch in tekton/cd/results/overlays/oci-ci-cd. This stops the crashloops and prevents the finalizer pileup. Manifests and the postgres PVC are kept intact so re-enabling is a trivial revert.

Proper fix (follow-up)

Replace the unavailable Bitnami image with a maintained postgres option, e.g.:

  • bitnamilegacy/postgresql (stopgap), or
  • official postgres image (needs to match Results' expected env/initdb), or
  • CloudNativePG operator-managed Postgres.

Then re-enable Results (revert the disable patch) and verify the watcher removes finalizers cleanly.

Related

Metadata

Metadata

Assignees

Labels

area/dogfoodingIndicates an issue on dogfooding (aka using Pipeline to test Pipeline)kind/bugCategorizes issue or PR as related to a bug.

Type

Fields

No fields configured for Bug.

Projects

Status
No status

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions