Tekton operator AirGap EKS private cluster Image pull issue

[tppalani]

Expected Behavior

Actually I'm new to the tekton i have installed tekton all the pods are healthy but when i do git clone using default tekton catalog task git-clone when i run the pipeline i can see error image is not able pull from message: Pulling image "cgr.dev/chainguard/busybox@sha256:19f02276bf8dbdd62f069b922f10c65262cc34b710eea26ff928129a736be791".

Actual Behavior

Image should be pull from my quay repository.

Steps to Reproduce the Problem

1. According this step - https://tekton.dev/docs/operator/airgapimageconfiguration/#list-of-image-environment-variables i have added blow confiuration in my existing Kubectl edit deployment tekton-operator -n tekton-operator and then i have rolled out deployment.

Kubectl edit deployment tekton-operator -n tekton-operator

 - name: IMAGE_PIPELINES_ARG__SHELL_IMAGE
    value: quay.com/tekton/busybox:latest
 - name: IMAGE_PIPELINES_ARG__SHELL_IMAGE_WIN
    value: quay.com/tekton/busybox:latest

kubectl rollout restart deployment tekton-operator -n tekton-operator
kubectl rollout restart deployment tekton-pipelines-controller -n tekton-pipelines

after rollout also still git clone task is faling and pulling the images from chainguard busybox only

Additional Info

• Kubernetes version:

  Output of kubectl version:

  1.31
  

• Tekton Pipeline version:

  Output of tkn version or kubectl get pods -n tekton-pipelines -l app=tekton-pipelines-controller -o=jsonpath='{.items[0].metadata.labels.version}'

v0.65.2'

[jkhelil]

I have answered this on tektoncd operator slack channel, here is a copy of my answer
understand that you are running an airgapped private cluster.
You can use TektonConfig to override almost any aspect of the Tekton Pipelines controller definitions. Please take a look at this example and adjust it as needed

apiVersion: operator.tekton.dev/v1alpha1
kind: TektonConfig
metadata:
  name: config
spec:
  pipeline:
    options:
      deployments:
        tekton-pipelines-controller:
          spec:
            template:
              spec:
                containers: 
                  - name: tekton-pipelines-controller
                    args: [
             "-entrypoint-image", "ghcr.io/tektoncd/pipeline/entrypoint-bff0a22da108bc2f16c818c97641a296:v0.68.0@sha256:049c93545701656a908a6059174822ea5b4ce70ef4f38efda6d1979e1cb1e7c4", "-nop-image", "ghcr.io/tektoncd/pipeline/nop-8eac7c133edad5df719dc37b36b62482:v0.68.0@sha256:fdefc08acceff09fd6da3efb1bb2ba4bd9ef006bce9f248f6275e83faa891214", "-sidecarlogresults-image", "ghcr.io/tektoncd/pipeline/sidecarlogresults-7501c6a20d741631510a448b48ab098f:v0.68.0@sha256:f2c5ee01f7dbe94f055239f04bde72e513002d10df5ab65d48b0a9ed530a899e", "-workingdirinit-image", "ghcr.io/tektoncd/pipeline/workingdirinit-0c558922ec6a1b739e550e349f2d5fc1:v0.68.0@sha256:1ba9b3d970efc6a3d3c01b14726d053f67f36e9085566b121ecdcb1029caa987",
            # The shell image must allow root in order to create directories and copy files to PVCs.
            # cgr.dev/chainguard/busybox as of April 14 2022
            # image shall not contains tag, so it will be supported on a runtime like cri-o
            "-shell-image", "cgr.dev/chainguard/busybox@sha256:19f02276bf8dbdd62f069b922f10c65262cc34b710eea26ff928129a736be791",
            # for script mode to work with windows we need a powershell image
            # pinning to nanoserver tag as of July 15 2021
            "-shell-image-win", "mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6"]