diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index 92cfb9d955..b7605ab255 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -85,7 +85,7 @@ dependencies: repository: https://bitnami-labs.github.io/sealed-secrets/ - name: tekton-pipeline alias: tekton-pipelines - version: 1.0.2 + version: 1.0.3 repository: https://cdfoundation.github.io/tekton-helm-chart/ - name: tempo-distributed alias: tempo diff --git a/charts/tekton-pipelines/Chart.yaml b/charts/tekton-pipelines/Chart.yaml index 0a0e7fe88d..7847e27dbd 100644 --- a/charts/tekton-pipelines/Chart.yaml +++ b/charts/tekton-pipelines/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 -appVersion: 0.42.0 +appVersion: 0.69.0 description: A Helm chart for Tekton Pipelines home: https://github.com/cdfoundation/tekton-helm-chart icon: https://avatars2.githubusercontent.com/u/47602533 name: tekton-pipeline -version: 1.0.2 +version: 1.0.3 diff --git a/charts/tekton-pipelines/templates/configmap-bundleresolver-config.yaml b/charts/tekton-pipelines/templates/bundleresolver-config-cm.yaml similarity index 96% rename from charts/tekton-pipelines/templates/configmap-bundleresolver-config.yaml rename to charts/tekton-pipelines/templates/bundleresolver-config-cm.yaml index d48372ddd1..27ccfa4df3 100644 --- a/charts/tekton-pipelines/templates/configmap-bundleresolver-config.yaml +++ b/charts/tekton-pipelines/templates/bundleresolver-config-cm.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: bundleresolver-config - namespace: tekton-pipelines-resolvers labels: app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/configmap-cluster-resolver-config.yaml b/charts/tekton-pipelines/templates/cluster-resolver-config-cm.yaml similarity index 96% rename from charts/tekton-pipelines/templates/configmap-cluster-resolver-config.yaml rename to charts/tekton-pipelines/templates/cluster-resolver-config-cm.yaml index 8f2e775abe..9d1193e524 100644 --- a/charts/tekton-pipelines/templates/configmap-cluster-resolver-config.yaml +++ b/charts/tekton-pipelines/templates/cluster-resolver-config-cm.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: cluster-resolver-config - namespace: tekton-pipelines-resolvers labels: app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/customresourcedefinition-stepactions.tekton.dev.yaml b/charts/tekton-pipelines/templates/clustertasks.tekton.dev-crd.yaml similarity index 86% rename from charts/tekton-pipelines/templates/customresourcedefinition-stepactions.tekton.dev.yaml rename to charts/tekton-pipelines/templates/clustertasks.tekton.dev-crd.yaml index 4e82fdea74..7c045499d3 100644 --- a/charts/tekton-pipelines/templates/customresourcedefinition-stepactions.tekton.dev.yaml +++ b/charts/tekton-pipelines/templates/clustertasks.tekton.dev-crd.yaml @@ -1,4 +1,4 @@ -# Copyright 2023 The Tekton Authors +# Copyright 2019 The Tekton Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,17 +15,17 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: stepactions.tekton.dev + name: clustertasks.tekton.dev labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.53.0" - version: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" + version: "v0.69.0" spec: group: tekton.dev preserveUnknownFields: false versions: - - name: v1alpha1 + - name: v1beta1 served: true storage: true schema: @@ -44,10 +44,10 @@ spec: subresources: status: {} names: - kind: StepAction - plural: stepactions - singular: stepaction + kind: ClusterTask + plural: clustertasks + singular: clustertask categories: - tekton - tekton-pipelines - scope: Namespaced + scope: Cluster diff --git a/charts/tekton-pipelines/templates/config-defaults-cm.yaml b/charts/tekton-pipelines/templates/config-defaults-cm.yaml new file mode 100644 index 0000000000..e6c835d85b --- /dev/null +++ b/charts/tekton-pipelines/templates/config-defaults-cm.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + {{- toYaml .Values.configDefaults | nindent 2 }} +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + name: config-defaults \ No newline at end of file diff --git a/charts/tekton-pipelines/templates/configmap-config-events.yaml b/charts/tekton-pipelines/templates/config-events-cm.yaml similarity index 98% rename from charts/tekton-pipelines/templates/configmap-config-events.yaml rename to charts/tekton-pipelines/templates/config-events-cm.yaml index 7583b6baed..6976fe4088 100644 --- a/charts/tekton-pipelines/templates/configmap-config-events.yaml +++ b/charts/tekton-pipelines/templates/config-events-cm.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-events - namespace: tekton-pipelines labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipelines/templates/configmap-config-leader-election-controller.yaml b/charts/tekton-pipelines/templates/config-leader-election-controller-cm.yaml similarity index 98% rename from charts/tekton-pipelines/templates/configmap-config-leader-election-controller.yaml rename to charts/tekton-pipelines/templates/config-leader-election-controller-cm.yaml index 8af224b7d1..1178a3fc8c 100644 --- a/charts/tekton-pipelines/templates/configmap-config-leader-election-controller.yaml +++ b/charts/tekton-pipelines/templates/config-leader-election-controller-cm.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-leader-election-controller - namespace: tekton-pipelines labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipelines/templates/configmap-config-leader-election-events.yaml b/charts/tekton-pipelines/templates/config-leader-election-events-cm.yaml similarity index 98% rename from charts/tekton-pipelines/templates/configmap-config-leader-election-events.yaml rename to charts/tekton-pipelines/templates/config-leader-election-events-cm.yaml index 55be4ea300..c92bbadb74 100644 --- a/charts/tekton-pipelines/templates/configmap-config-leader-election-events.yaml +++ b/charts/tekton-pipelines/templates/config-leader-election-events-cm.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-leader-election-events - namespace: tekton-pipelines labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipelines/templates/configmap-config-leader-election-resolvers.yaml b/charts/tekton-pipelines/templates/config-leader-election-resolvers-cm.yaml similarity index 98% rename from charts/tekton-pipelines/templates/configmap-config-leader-election-resolvers.yaml rename to charts/tekton-pipelines/templates/config-leader-election-resolvers-cm.yaml index 40dda69cab..28676279d1 100644 --- a/charts/tekton-pipelines/templates/configmap-config-leader-election-resolvers.yaml +++ b/charts/tekton-pipelines/templates/config-leader-election-resolvers-cm.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-leader-election-resolvers - namespace: tekton-pipelines-resolvers labels: app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/configmap-config-leader-election-webhook.yaml b/charts/tekton-pipelines/templates/config-leader-election-webhook-cm.yaml similarity index 98% rename from charts/tekton-pipelines/templates/configmap-config-leader-election-webhook.yaml rename to charts/tekton-pipelines/templates/config-leader-election-webhook-cm.yaml index 8883a600b6..17621b66bf 100644 --- a/charts/tekton-pipelines/templates/configmap-config-leader-election-webhook.yaml +++ b/charts/tekton-pipelines/templates/config-leader-election-webhook-cm.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-leader-election-webhook - namespace: tekton-pipelines labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipelines/templates/config-logging-cm.yaml b/charts/tekton-pipelines/templates/config-logging-cm.yaml new file mode 100644 index 0000000000..045ff7284e --- /dev/null +++ b/charts/tekton-pipelines/templates/config-logging-cm.yaml @@ -0,0 +1,51 @@ +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" diff --git a/charts/tekton-pipelines/templates/configmap-config-observability.yaml b/charts/tekton-pipelines/templates/config-observability-cm.yaml similarity index 50% rename from charts/tekton-pipelines/templates/configmap-config-observability.yaml rename to charts/tekton-pipelines/templates/config-observability-cm.yaml index c2d8a1d5b0..1b1a807fc0 100644 --- a/charts/tekton-pipelines/templates/configmap-config-observability.yaml +++ b/charts/tekton-pipelines/templates/config-observability-cm.yaml @@ -1,65 +1,3 @@ -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: tekton-pipelines - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using Stackdriver will incur additional charges. - metrics.backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used and metrics will be sent to the cluster's project if this field is - # not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed - # to send metrics to Stackdriver using "global" resource type and custom - # metric type. Setting this flag to "true" could cause extra Stackdriver - # charge. If metrics.backend-destination is not Stackdriver, this is - # ignored. - metrics.allow-stackdriver-custom-metrics: "false" - metrics.taskrun.level: "task" - metrics.taskrun.duration-type: "histogram" - metrics.pipelinerun.level: "pipeline" - metrics.pipelinerun.duration-type: "histogram" - metrics.count.enable-reason: "false" ---- # Copyright 2022 The Tekton Authors # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -78,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-observability - namespace: tekton-pipelines-resolvers labels: app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/configmap-config-registry-cert.yaml b/charts/tekton-pipelines/templates/config-registry-cert-cm.yaml similarity index 96% rename from charts/tekton-pipelines/templates/configmap-config-registry-cert.yaml rename to charts/tekton-pipelines/templates/config-registry-cert-cm.yaml index 22162be079..6302b12349 100644 --- a/charts/tekton-pipelines/templates/configmap-config-registry-cert.yaml +++ b/charts/tekton-pipelines/templates/config-registry-cert-cm.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-registry-cert - namespace: tekton-pipelines labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipelines/templates/configmap-config-spire.yaml b/charts/tekton-pipelines/templates/config-spire-cm.yaml similarity index 98% rename from charts/tekton-pipelines/templates/configmap-config-spire.yaml rename to charts/tekton-pipelines/templates/config-spire-cm.yaml index 726d5ade91..437951c494 100644 --- a/charts/tekton-pipelines/templates/configmap-config-spire.yaml +++ b/charts/tekton-pipelines/templates/config-spire-cm.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-spire - namespace: tekton-pipelines labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipelines/templates/configmap-config-tracing.yaml b/charts/tekton-pipelines/templates/config-tracing-cm.yaml similarity index 93% rename from charts/tekton-pipelines/templates/configmap-config-tracing.yaml rename to charts/tekton-pipelines/templates/config-tracing-cm.yaml index f65862304b..6bc3679406 100644 --- a/charts/tekton-pipelines/templates/configmap-config-tracing.yaml +++ b/charts/tekton-pipelines/templates/config-tracing-cm.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-tracing - namespace: tekton-pipelines labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines @@ -42,3 +41,5 @@ data: # API endpoint to send the traces to # (optional): The default value is given below endpoint: "http://jaeger-collector.jaeger.svc.cluster.local:14268/api/traces" + # (optional) Name of the k8s secret which contains basic auth credentials + credentialsSecret: "jaeger-creds" diff --git a/charts/tekton-pipelines/templates/validatingwebhookconfiguration-config.webhook.pipeline.tekton.dev.yaml b/charts/tekton-pipelines/templates/config.webhook.pipeline.tekton.dev-valwebhookcfg.yaml similarity index 93% rename from charts/tekton-pipelines/templates/validatingwebhookconfiguration-config.webhook.pipeline.tekton.dev.yaml rename to charts/tekton-pipelines/templates/config.webhook.pipeline.tekton.dev-valwebhookcfg.yaml index f03308bcce..40ece7b8d1 100644 --- a/charts/tekton-pipelines/templates/validatingwebhookconfiguration-config.webhook.pipeline.tekton.dev.yaml +++ b/charts/tekton-pipelines/templates/config.webhook.pipeline.tekton.dev-valwebhookcfg.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" webhooks: - admissionReviewVersions: ["v1"] clientConfig: diff --git a/charts/tekton-pipelines/templates/configmap-config-defaults.yaml b/charts/tekton-pipelines/templates/configmap-config-defaults.yaml deleted file mode 100644 index 0526a4a967..0000000000 --- a/charts/tekton-pipelines/templates/configmap-config-defaults.yaml +++ /dev/null @@ -1,88 +0,0 @@ -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-defaults - namespace: tekton-pipelines - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # default-timeout-minutes contains the default number of - # minutes to use for TaskRun and PipelineRun, if none is specified. - default-timeout-minutes: "60" # 60 minutes - - # default-service-account contains the default service account name - # to use for TaskRun and PipelineRun, if none is specified. - default-service-account: "default" - - # default-managed-by-label-value contains the default value given to the - # "app.kubernetes.io/managed-by" label applied to all Pods created for - # TaskRuns. If a user's requested TaskRun specifies another value for this - # label, the user's request supercedes. - default-managed-by-label-value: "tekton-pipelines" - - # default-pod-template contains the default pod template to use for - # TaskRun and PipelineRun. If a pod template is specified on the - # PipelineRun, the default-pod-template is merged with that one. - # default-pod-template: - - # default-affinity-assistant-pod-template contains the default pod template - # to use for affinity assistant pods. If a pod template is specified on the - # PipelineRun, the default-affinity-assistant-pod-template is merged with - # that one. - # default-affinity-assistant-pod-template: - - # default-cloud-events-sink contains the default CloudEvents sink to be - # used for TaskRun and PipelineRun, when no sink is specified. - # Note that right now it is still not possible to set a PipelineRun or - # TaskRun specific sink, so the default is the only option available. - # If no sink is specified, no CloudEvent is generated - # default-cloud-events-sink: - - # default-task-run-workspace-binding contains the default workspace - # configuration provided for any Workspaces that a Task declares - # but that a TaskRun does not explicitly provide. - # default-task-run-workspace-binding: | - # emptyDir: {} - - # default-max-matrix-combinations-count contains the default maximum number - # of combinations from a Matrix, if none is specified. - default-max-matrix-combinations-count: "256" - - # default-forbidden-env contains comma seperated environment variables that cannot be - # overridden by podTemplate. - default-forbidden-env: - - # default-resolver-type contains the default resolver type to be used in the cluster, - # no default-resolver-type is specified by default - default-resolver-type: diff --git a/charts/tekton-pipelines/templates/configmap-config-logging.yaml b/charts/tekton-pipelines/templates/configmap-config-logging.yaml deleted file mode 100644 index 237ab9b3d1..0000000000 --- a/charts/tekton-pipelines/templates/configmap-config-logging.yaml +++ /dev/null @@ -1,104 +0,0 @@ -# Copyright 2019 Tekton Authors LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: tekton-pipelines - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines -data: - zap-logger-config: | - { - "level": "info", - "development": false, - "sampling": { - "initial": 100, - "thereafter": 100 - }, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "timestamp", - "levelKey": "severity", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "message", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - # Log level overrides - loglevel.controller: "info" - loglevel.webhook: "info" ---- -# Copyright 2019 Tekton Authors LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: tekton-pipelines-resolvers - labels: - app.kubernetes.io/component: resolvers - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines -data: - zap-logger-config: | - { - "level": "info", - "development": false, - "sampling": { - "initial": 100, - "thereafter": 100 - }, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "timestamp", - "levelKey": "severity", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "message", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - # Log level overrides - loglevel.controller: "info" - loglevel.webhook: "info" diff --git a/charts/tekton-pipelines/templates/configmap-feature-flags.yaml b/charts/tekton-pipelines/templates/configmap-feature-flags.yaml deleted file mode 100644 index c9d9c61a04..0000000000 --- a/charts/tekton-pipelines/templates/configmap-feature-flags.yaml +++ /dev/null @@ -1,128 +0,0 @@ -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: feature-flags - namespace: tekton-pipelines - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines -data: - # Setting this flag to "true" will prevent Tekton to create an - # Affinity Assistant for every TaskRun sharing a PVC workspace - # - # The default behaviour is for Tekton to create Affinity Assistants - # - # See more in the Affinity Assistant documentation - # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md - # or https://github.com/tektoncd/pipeline/pull/2630 for more info. - # - # Note: This feature flag is deprecated and will be removed in release v0.60. Consider using `coschedule` feature flag to configure Affinity Assistant behavior. - disable-affinity-assistant: "false" - # Setting this flag will determine how PipelineRun Pods are scheduled with Affinity Assistant. - # Acceptable values are "workspaces" (default), "pipelineruns", "isolate-pipelinerun", or "disabled". - # - # Setting it to "workspaces" will schedule all the taskruns sharing the same PVC-based workspace in a pipelinerun to the same node. - # Setting it to "pipelineruns" will schedule all the taskruns in a pipelinerun to the same node. - # Setting it to "isolate-pipelinerun" will schedule all the taskruns in a pipelinerun to the same node, - # and only allows one pipelinerun to run on a node at a time. - # Setting it to "disabled" will not apply any coschedule policy. - # - # See more in the Affinity Assistant documentation - # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md - coschedule: "workspaces" - # Setting this flag to "true" will prevent Tekton scanning attached - # service accounts and injecting any credentials it finds into your - # Steps. - # - # The default behaviour currently is for Tekton to search service - # accounts for secrets matching a specified format and automatically - # mount those into your Steps. - # - # Note: setting this to "true" will prevent PipelineResources from - # working. - # - # See https://github.com/tektoncd/pipeline/issues/2791 for more - # info. - disable-creds-init: "false" - # Setting this flag to "false" will stop Tekton from waiting for a - # TaskRun's sidecar containers to be running before starting the first - # step. This will allow Tasks to be run in environments that don't - # support the DownwardAPI volume type, but may lead to unintended - # behaviour if sidecars are used. - # - # See https://github.com/tektoncd/pipeline/issues/4937 for more info. - await-sidecar-readiness: "true" - # This option should be set to false when Pipelines is running in a - # cluster that does not use injected sidecars such as Istio. Setting - # it to false should decrease the time it takes for a TaskRun to start - # running. For clusters that use injected sidecars, setting this - # option to false can lead to unexpected behavior. - # - # See https://github.com/tektoncd/pipeline/issues/2080 for more info. - running-in-environment-with-injected-sidecars: "true" - # Setting this flag to "true" will require that any Git SSH Secret - # offered to Tekton must have known_hosts included. - # - # See https://github.com/tektoncd/pipeline/issues/2981 for more - # info. - require-git-ssh-secret-known-hosts: "false" - # Setting this flag to "true" enables the use of Tekton OCI bundle. - # This is an experimental feature and thus should still be considered - # an alpha feature. - enable-tekton-oci-bundles: "false" - # Setting this flag will determine which gated features are enabled. - # Acceptable values are "stable", "beta", or "alpha". - enable-api-fields: "beta" - # Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a - # CloudEvents sink is configured in the config-defaults config map - send-cloudevents-for-runs: "false" - # This flag affects the behavior of taskruns and pipelineruns in cases where no VerificationPolicies match them. - # If it is set to "fail", TaskRuns and PipelineRuns will fail verification if no matching policies are found. - # If it is set to "warn", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and an error will be logged. - # If it is set to "ignore", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and no error will be logged. - trusted-resources-verification-no-match-policy: "ignore" - # Setting this flag to "true" enables populating the "provenance" field in TaskRun - # and PipelineRun status. This field contains metadata about resources used - # in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline - # definition was fetched. - enable-provenance-in-status: "true" - # Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance. - # If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance. - # If set to "none", then Tekton will not have non-falsifiable provenance. - # This is an experimental feature and thus should still be considered an alpha feature. - enforce-nonfalsifiability: "none" - # Setting this flag will determine how Tekton pipelines will handle extracting results from the task. - # Acceptable values are "termination-message" or "sidecar-logs". - # "sidecar-logs" is an experimental feature and thus should still be considered - # an alpha feature. - results-from: "termination-message" - # Setting this flag will determine the upper limit of each task result - # This flag is optional and only associated with the previous flag, results-from - # When results-from is set to "sidecar-logs", this flag can be used to configure the upper limit of a task result - # max-result-size: "4096" - # Setting this flag to "true" will limit privileges for containers injected by Tekton into TaskRuns. - # This allows TaskRuns to run in namespaces with "restricted" pod security standards. - # Not all Kubernetes implementations support this option. - set-security-context: "false" - # Setting this flag to "true" will keep pod on cancellation - # allowing examination of the logs on the pods from cancelled taskruns - keep-pod-on-cancel: "false" - # Setting this flag to "true" will enable the CEL evaluation in WhenExpression - enable-cel-in-whenexpression: "false" - # Setting this flag to "true" will enable the use of StepActions in Steps - # This feature is in preview mode and not implemented yet. Please check #7259 for updates. - enable-step-actions: "false" diff --git a/charts/tekton-pipelines/templates/configmap-git-resolver-config.yaml b/charts/tekton-pipelines/templates/configmap-git-resolver-config.yaml deleted file mode 100644 index 565d2837ca..0000000000 --- a/charts/tekton-pipelines/templates/configmap-git-resolver-config.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2022 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: git-resolver-config - namespace: tekton-pipelines-resolvers - labels: - app.kubernetes.io/component: resolvers - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines -data: - # The maximum amount of time a single anonymous cloning resolution may take. - fetch-timeout: "1m" - # The git url to fetch the remote resource from when using anonymous cloning. - default-url: "https://github.com/tektoncd/catalog.git" - # The git revision to fetch the remote resource from with either anonymous cloning or the authenticated API. - default-revision: "main" - # The SCM type to use with the authenticated API. Can be github, gitlab, gitea, bitbucketserver, bitbucketcloud - scm-type: "github" - # The SCM server URL to use with the authenticated API. Not needed when using github.com, gitlab.com, or BitBucket Cloud - server-url: "" - # The Kubernetes secret containing the API token for the SCM provider. Required when using the authenticated API. - api-token-secret-name: "" - # The key in the API token secret containing the actual token. Required when using the authenticated API. - api-token-secret-key: "" - # The namespace containing the API token secret. Defaults to "default". - api-token-secret-namespace: "default" - # The default organization to look for repositories under when using the authenticated API, - # if not specified in the resolver parameters. Optional. - default-org: "" diff --git a/charts/tekton-pipelines/templates/customresourcedefinition-clustertasks.tekton.dev.yaml b/charts/tekton-pipelines/templates/customresourcedefinition-clustertasks.tekton.dev.yaml deleted file mode 100644 index a488715ef6..0000000000 --- a/charts/tekton-pipelines/templates/customresourcedefinition-clustertasks.tekton.dev.yaml +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clustertasks.tekton.dev - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.53.0" - version: "v0.53.0" -spec: - group: tekton.dev - preserveUnknownFields: false - versions: - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - names: - kind: ClusterTask - plural: clustertasks - singular: clustertask - categories: - - tekton - - tekton-pipelines - scope: Cluster - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1beta1"] - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines diff --git a/charts/tekton-pipelines/templates/customresourcedefinition-customruns.tekton.dev.yaml b/charts/tekton-pipelines/templates/customruns.tekton.dev-crd.yaml similarity index 97% rename from charts/tekton-pipelines/templates/customresourcedefinition-customruns.tekton.dev.yaml rename to charts/tekton-pipelines/templates/customruns.tekton.dev-crd.yaml index c5799dbeb4..549a306627 100644 --- a/charts/tekton-pipelines/templates/customresourcedefinition-customruns.tekton.dev.yaml +++ b/charts/tekton-pipelines/templates/customruns.tekton.dev-crd.yaml @@ -19,8 +19,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.53.0" - version: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" + version: "v0.69.0" spec: group: tekton.dev preserveUnknownFields: false diff --git a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-controller.yaml b/charts/tekton-pipelines/templates/deployment-tekton-pipelines-controller.yaml deleted file mode 100644 index 6af4390c21..0000000000 --- a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-controller.yaml +++ /dev/null @@ -1,155 +0,0 @@ -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tekton-pipelines-controller - namespace: tekton-pipelines - labels: - app.kubernetes.io/name: controller - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.53.0" - app.kubernetes.io/part-of: tekton-pipelines - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.53.0" - # labels below are related to istio and should not be used for resource lookup - version: "v0.53.0" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: controller - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines - template: - metadata: - labels: - app.kubernetes.io/name: controller - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.53.0" - app.kubernetes.io/part-of: tekton-pipelines - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.53.0" - # labels below are related to istio and should not be used for resource lookup - app: tekton-pipelines-controller - version: "v0.53.0" - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/os - operator: NotIn - values: - - windows - serviceAccountName: tekton-pipelines-controller - containers: - - name: tekton-pipelines-controller - image: {{ .Values.controller.deployment.image }} - args: [ - # These images are built on-demand by `ko resolve` and are replaced - # by image references by digest. - "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.53.0@sha256:6d7c0d37c18857690579a96b04aef555c449aee86e485aa40d7873046bc645ea", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.53.0@sha256:8a4c5986d2c661ff1d3a780b85abd78382c82b827a20f343ac2bcf8ad5f5aabe", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.53.0@sha256:bde8db347d4559163ebde8a2d36357ba186991fcd1fcc46c17b50f288bdbbd6d", "-workingdirinit-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.53.0@sha256:ea121f92a654a290f178d14b5ad5feb010bd622f11fabf0f9080d8bbf0efaf97", - # The shell image must allow root in order to create directories and copy files to PVCs. - # cgr.dev/chainguard/busybox as of April 14 2022 - # image shall not contains tag, so it will be supported on a runtime like cri-o - "-shell-image", "cgr.dev/chainguard/busybox@sha256:19f02276bf8dbdd62f069b922f10c65262cc34b710eea26ff928129a736be791", - # for script mode to work with windows we need a powershell image - # pinning to nanoserver tag as of July 15 2021 - "-shell-image-win", "mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6"] - volumeMounts: - - name: config-logging - mountPath: /etc/config-logging - - name: config-registry-cert - mountPath: /etc/config-registry-cert - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # If you are changing these names, you will also need to update - # the controller's Role in 200-role.yaml to include the new - # values in the "configmaps" "get" rule. - - name: CONFIG_DEFAULTS_NAME - value: config-defaults - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: CONFIG_FEATURE_FLAGS_NAME - value: feature-flags - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election-controller - - name: CONFIG_SPIRE - value: config-spire - - name: SSL_CERT_FILE - value: /etc/config-registry-cert/cert - - name: SSL_CERT_DIR - value: /etc/ssl/certs - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - # The following variables can be uncommented with correct values to enable Jaeger tracing - #- name: OTEL_EXPORTER_JAEGER_ENDPOINT - # value: http://jaeger-collector.jaeger:14268/api/traces - #- name: OTEL_EXPORTER_JAEGER_USER - # value: username - #- name: OTEL_EXPORTER_JAEGER_PASSWORD - # value: password - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - # User 65532 is the nonroot user ID - runAsUser: 65532 - runAsGroup: 65532 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - resources: {{- toYaml .Values.controller.resources | nindent 12 }} - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: probes - containerPort: 8080 - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - volumes: - - name: config-logging - configMap: - name: config-logging - - name: config-registry-cert - configMap: - name: config-registry-cert diff --git a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-remote-resolvers.yaml b/charts/tekton-pipelines/templates/deployment-tekton-pipelines-remote-resolvers.yaml deleted file mode 100644 index 0fb2593252..0000000000 --- a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-remote-resolvers.yaml +++ /dev/null @@ -1,109 +0,0 @@ -# Copyright 2022 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tekton-pipelines-remote-resolvers - namespace: tekton-pipelines-resolvers - labels: - app.kubernetes.io/name: resolvers - app.kubernetes.io/component: resolvers - app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.53.0" - app.kubernetes.io/part-of: tekton-pipelines - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.53.0" - # labels below are related to istio and should not be used for resource lookup - version: "v0.53.0" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: resolvers - app.kubernetes.io/component: resolvers - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines - template: - metadata: - labels: - app.kubernetes.io/name: resolvers - app.kubernetes.io/component: resolvers - app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.53.0" - app.kubernetes.io/part-of: tekton-pipelines - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.53.0" - # labels below are related to istio and should not be used for resource lookup - app: tekton-pipelines-resolvers - version: "v0.53.0" - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: resolvers - app.kubernetes.io/component: resolvers - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: tekton-pipelines-resolvers - containers: - - name: controller - image: {{ .Values.remoteresolver.deployment.image }} - resources: {{- toYaml .Values.remoteresolver.resources | nindent 12 }} - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - # This must match the value of the environment variable PROBES_PORT. - - name: probes - containerPort: 8080 - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # If you are changing these names, you will also need to update - # the controller's Role in 200-role.yaml to include the new - # values in the "configmaps" "get" rule. - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: CONFIG_FEATURE_FLAGS_NAME - value: feature-flags - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election-resolvers - - name: METRICS_DOMAIN - value: tekton.dev/resolution - - name: PROBES_PORT - value: "8080" - # Override this env var to set a private hub api endpoint - - name: ARTIFACT_HUB_API - value: "https://artifacthub.io/" - - name: TEKTON_HUB_API - value: "https://api.hub.tekton.dev/" - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - "ALL" - seccompProfile: - type: RuntimeDefault diff --git a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-webhook.yaml b/charts/tekton-pipelines/templates/deployment-tekton-pipelines-webhook.yaml deleted file mode 100644 index a7faec3d7d..0000000000 --- a/charts/tekton-pipelines/templates/deployment-tekton-pipelines-webhook.yaml +++ /dev/null @@ -1,158 +0,0 @@ -# Copyright 2020 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - # Note: the Deployment name must be the same as the Service name specified in - # config/400-webhook-service.yaml. If you change this name, you must also - # change the value of WEBHOOK_SERVICE_NAME below. - name: tekton-pipelines-webhook - namespace: tekton-pipelines - labels: - app.kubernetes.io/name: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.53.0" - app.kubernetes.io/part-of: tekton-pipelines - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.53.0" - # labels below are related to istio and should not be used for resource lookup - version: "v0.53.0" -spec: - selector: - matchLabels: - app.kubernetes.io/name: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines - template: - metadata: - labels: - app.kubernetes.io/name: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.53.0" - app.kubernetes.io/part-of: tekton-pipelines - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.53.0" - # labels below are related to istio and should not be used for resource lookup - app: tekton-pipelines-webhook - version: "v0.53.0" - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/os - operator: NotIn - values: - - windows - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: tekton-pipelines-webhook - containers: - - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: {{ .Values.webhook.deployment.image }} - # Resource request required for autoscaler to take any action for a metric - resources: {{- toYaml .Values.webhook.resources | nindent 12 }} - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - # If you are changing these names, you will also need to update - # the webhook's Role in 200-role.yaml to include the new - # values in the "configmaps" "get" rule. - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election-webhook - - name: CONFIG_FEATURE_FLAGS_NAME - value: feature-flags - # If you change PROBES_PORT, you will also need to change the - # containerPort "probes" to the same value. - - name: PROBES_PORT - value: "8080" - # If you change WEBHOOK_PORT, you will also need to change the - # containerPort "https-webhook" to the same value. - - name: WEBHOOK_PORT - value: "8443" - # if you change WEBHOOK_ADMISSION_CONTROLLER_NAME, you will also need to update - # the webhooks.name in 500-webhooks.yaml to include the new names of admission webhooks. - # Additionally, you will also need to change the resource names (metadata.name) of - # "MutatingWebhookConfiguration" and "ValidatingWebhookConfiguration" in 500-webhooks.yaml - # to reflect the change in the name of the admission webhook. - # Followed by changing the webhook's Role in 200-clusterrole.yaml to update the "resourceNames" of - # "mutatingwebhookconfigurations" and "validatingwebhookconfigurations" resources. - - name: WEBHOOK_ADMISSION_CONTROLLER_NAME - value: webhook.pipeline.tekton.dev - - name: WEBHOOK_SERVICE_NAME - value: tekton-pipelines-webhook - - name: WEBHOOK_SECRET_NAME - value: webhook-certs - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - # User 65532 is the distroless nonroot user ID - runAsUser: 65532 - runAsGroup: 65532 - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - # This must match the value of the environment variable WEBHOOK_PORT. - - name: https-webhook - containerPort: 8443 - # This must match the value of the environment variable PROBES_PORT. - - name: probes - containerPort: 8080 - livenessProbe: - httpGet: - path: /health - port: probes - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /readiness - port: probes - scheme: HTTP - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 diff --git a/charts/tekton-pipelines/templates/feature-flags-cm.yaml b/charts/tekton-pipelines/templates/feature-flags-cm.yaml new file mode 100644 index 0000000000..a7668f6451 --- /dev/null +++ b/charts/tekton-pipelines/templates/feature-flags-cm.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + {{- toYaml .Values.featureFlags | nindent 2 }} +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + name: feature-flags \ No newline at end of file diff --git a/charts/tekton-pipelines/templates/git-resolver-config-cm.yaml b/charts/tekton-pipelines/templates/git-resolver-config-cm.yaml new file mode 100644 index 0000000000..f94bec3a14 --- /dev/null +++ b/charts/tekton-pipelines/templates/git-resolver-config-cm.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +data: + {{- tpl (toYaml .Values.gitResolverConfig | nindent 2) . }} +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + name: git-resolver-config \ No newline at end of file diff --git a/charts/tekton-pipelines/templates/http-resolver-config-cm.yaml b/charts/tekton-pipelines/templates/http-resolver-config-cm.yaml new file mode 100644 index 0000000000..658bfe02fa --- /dev/null +++ b/charts/tekton-pipelines/templates/http-resolver-config-cm.yaml @@ -0,0 +1,25 @@ +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: http-resolver-config + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # The maximum amount of time the http resolver will wait for a response from the server. + fetch-timeout: "1m" diff --git a/charts/tekton-pipelines/templates/configmap-hubresolver-config.yaml b/charts/tekton-pipelines/templates/hubresolver-config-cm.yaml similarity index 97% rename from charts/tekton-pipelines/templates/configmap-hubresolver-config.yaml rename to charts/tekton-pipelines/templates/hubresolver-config-cm.yaml index c0bd9306a9..551771903f 100644 --- a/charts/tekton-pipelines/templates/configmap-hubresolver-config.yaml +++ b/charts/tekton-pipelines/templates/hubresolver-config-cm.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: hubresolver-config - namespace: tekton-pipelines-resolvers labels: app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/customresourcedefinition-pipelineruns.tekton.dev.yaml b/charts/tekton-pipelines/templates/pipelineruns.tekton.dev-crd.yaml similarity index 98% rename from charts/tekton-pipelines/templates/customresourcedefinition-pipelineruns.tekton.dev.yaml rename to charts/tekton-pipelines/templates/pipelineruns.tekton.dev-crd.yaml index fe303ad1a7..dd7908e633 100644 --- a/charts/tekton-pipelines/templates/customresourcedefinition-pipelineruns.tekton.dev.yaml +++ b/charts/tekton-pipelines/templates/pipelineruns.tekton.dev-crd.yaml @@ -19,8 +19,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.53.0" - version: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" + version: "v0.69.0" spec: group: tekton.dev preserveUnknownFields: false diff --git a/charts/tekton-pipelines/templates/configmap-pipelines-info.yaml b/charts/tekton-pipelines/templates/pipelines-info-cm.yaml similarity index 95% rename from charts/tekton-pipelines/templates/configmap-pipelines-info.yaml rename to charts/tekton-pipelines/templates/pipelines-info-cm.yaml index 3d2ecae83e..d73ceeac59 100644 --- a/charts/tekton-pipelines/templates/configmap-pipelines-info.yaml +++ b/charts/tekton-pipelines/templates/pipelines-info-cm.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: pipelines-info - namespace: tekton-pipelines labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines @@ -26,4 +25,4 @@ data: # this ConfigMap such that even if we don't have access to # other resources in the namespace we still can have access to # this ConfigMap. - version: "v0.53.0" + version: "v0.69.0" diff --git a/charts/tekton-pipelines/templates/customresourcedefinition-pipelines.tekton.dev.yaml b/charts/tekton-pipelines/templates/pipelines.tekton.dev-crd.yaml similarity index 97% rename from charts/tekton-pipelines/templates/customresourcedefinition-pipelines.tekton.dev.yaml rename to charts/tekton-pipelines/templates/pipelines.tekton.dev-crd.yaml index 0774b1964b..a6016f7660 100644 --- a/charts/tekton-pipelines/templates/customresourcedefinition-pipelines.tekton.dev.yaml +++ b/charts/tekton-pipelines/templates/pipelines.tekton.dev-crd.yaml @@ -19,8 +19,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.53.0" - version: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" + version: "v0.69.0" spec: group: tekton.dev preserveUnknownFields: false diff --git a/charts/tekton-pipelines/templates/customresourcedefinition-resolutionrequests.resolution.tekton.dev.yaml b/charts/tekton-pipelines/templates/resolutionrequests.resolution.tekton.dev-crd.yaml similarity index 100% rename from charts/tekton-pipelines/templates/customresourcedefinition-resolutionrequests.resolution.tekton.dev.yaml rename to charts/tekton-pipelines/templates/resolutionrequests.resolution.tekton.dev-crd.yaml diff --git a/charts/tekton-pipelines/templates/configmap-resolvers-feature-flags.yaml b/charts/tekton-pipelines/templates/resolvers-feature-flags-cm.yaml similarity index 97% rename from charts/tekton-pipelines/templates/configmap-resolvers-feature-flags.yaml rename to charts/tekton-pipelines/templates/resolvers-feature-flags-cm.yaml index cc83a65113..086994de5e 100644 --- a/charts/tekton-pipelines/templates/configmap-resolvers-feature-flags.yaml +++ b/charts/tekton-pipelines/templates/resolvers-feature-flags-cm.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ConfigMap metadata: name: resolvers-feature-flags - namespace: tekton-pipelines-resolvers labels: app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/stepactions.tekton.dev-crd.yaml b/charts/tekton-pipelines/templates/stepactions.tekton.dev-crd.yaml new file mode 100644 index 0000000000..d665846fa4 --- /dev/null +++ b/charts/tekton-pipelines/templates/stepactions.tekton.dev-crd.yaml @@ -0,0 +1,71 @@ +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: stepactions.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.69.0" + version: "v0.69.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: StepAction + plural: stepactions + singular: stepaction + categories: + - tekton + - tekton-pipelines + scope: Namespaced diff --git a/charts/tekton-pipelines/templates/customresourcedefinition-taskruns.tekton.dev.yaml b/charts/tekton-pipelines/templates/taskruns.tekton.dev-crd.yaml similarity index 98% rename from charts/tekton-pipelines/templates/customresourcedefinition-taskruns.tekton.dev.yaml rename to charts/tekton-pipelines/templates/taskruns.tekton.dev-crd.yaml index bff21c0412..2ae7e9f7be 100644 --- a/charts/tekton-pipelines/templates/customresourcedefinition-taskruns.tekton.dev.yaml +++ b/charts/tekton-pipelines/templates/taskruns.tekton.dev-crd.yaml @@ -19,8 +19,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.53.0" - version: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" + version: "v0.69.0" spec: group: tekton.dev preserveUnknownFields: false diff --git a/charts/tekton-pipelines/templates/customresourcedefinition-tasks.tekton.dev.yaml b/charts/tekton-pipelines/templates/tasks.tekton.dev-crd.yaml similarity index 97% rename from charts/tekton-pipelines/templates/customresourcedefinition-tasks.tekton.dev.yaml rename to charts/tekton-pipelines/templates/tasks.tekton.dev-crd.yaml index 8720edc7b0..b841393feb 100644 --- a/charts/tekton-pipelines/templates/customresourcedefinition-tasks.tekton.dev.yaml +++ b/charts/tekton-pipelines/templates/tasks.tekton.dev-crd.yaml @@ -19,8 +19,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.53.0" - version: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" + version: "v0.69.0" spec: group: tekton.dev preserveUnknownFields: false diff --git a/charts/tekton-pipelines/templates/clusterrole-tekton-aggregate-edit.yaml b/charts/tekton-pipelines/templates/tekton-aggregate-edit-clusterrole.yaml similarity index 100% rename from charts/tekton-pipelines/templates/clusterrole-tekton-aggregate-edit.yaml rename to charts/tekton-pipelines/templates/tekton-aggregate-edit-clusterrole.yaml diff --git a/charts/tekton-pipelines/templates/clusterrole-tekton-aggregate-view.yaml b/charts/tekton-pipelines/templates/tekton-aggregate-view-clusterrole.yaml similarity index 100% rename from charts/tekton-pipelines/templates/clusterrole-tekton-aggregate-view.yaml rename to charts/tekton-pipelines/templates/tekton-aggregate-view-clusterrole.yaml diff --git a/charts/tekton-pipelines/templates/tekton-bot-sa.yaml b/charts/tekton-pipelines/templates/tekton-bot-sa.yaml new file mode 100644 index 0000000000..0e4f0a4ff2 --- /dev/null +++ b/charts/tekton-pipelines/templates/tekton-bot-sa.yaml @@ -0,0 +1,32 @@ +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-bot + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + {{- if .Values.serviceaccount.annotations }} + annotations: {{ toYaml .Values.serviceaccount.annotations | nindent 4 }} + {{- end }} +secrets: +{{- if .Values.auth.git.password }} +- name: tekton-git +{{- end }} +{{- if .Values.auth.docker.configJson }} +- name: tekton-container-registry-auth +{{- end }} + diff --git a/charts/tekton-pipelines/templates/tekton-container-registry-auth-secret.yaml b/charts/tekton-pipelines/templates/tekton-container-registry-auth-secret.yaml new file mode 100644 index 0000000000..e2354b0a68 --- /dev/null +++ b/charts/tekton-pipelines/templates/tekton-container-registry-auth-secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.auth.docker.configJson }} +apiVersion: v1 +data: + .dockerconfigjson: {{ .Values.auth.docker.configJson | b64enc | quote }} +kind: Secret +metadata: + name: tekton-container-registry-auth + annotations: + tekton.dev/docker-0: {{ .Values.auth.docker.url | quote }} + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +type: kubernetes.io/dockerconfigjson +{{- end }} \ No newline at end of file diff --git a/charts/tekton-pipelines/templates/clusterrole-tekton-events-controller-cluster-access.yaml b/charts/tekton-pipelines/templates/tekton-events-controller-cluster-access-clusterrole.yaml similarity index 100% rename from charts/tekton-pipelines/templates/clusterrole-tekton-events-controller-cluster-access.yaml rename to charts/tekton-pipelines/templates/tekton-events-controller-cluster-access-clusterrole.yaml diff --git a/charts/tekton-pipelines/templates/clusterrolebinding-tekton-events-controller-cluster-access.yaml b/charts/tekton-pipelines/templates/tekton-events-controller-cluster-access-crb.yaml similarity index 91% rename from charts/tekton-pipelines/templates/clusterrolebinding-tekton-events-controller-cluster-access.yaml rename to charts/tekton-pipelines/templates/tekton-events-controller-cluster-access-crb.yaml index 732b69678d..bb7ed5c5e8 100644 --- a/charts/tekton-pipelines/templates/clusterrolebinding-tekton-events-controller-cluster-access.yaml +++ b/charts/tekton-pipelines/templates/tekton-events-controller-cluster-access-crb.yaml @@ -9,7 +9,7 @@ metadata: subjects: - kind: ServiceAccount name: tekton-events-controller - namespace: tekton-pipelines + namespace: '{{ .Release.Namespace }}' roleRef: kind: ClusterRole name: tekton-events-controller-cluster-access diff --git a/charts/tekton-pipelines/templates/deployment-tekton-events-controller.yaml b/charts/tekton-pipelines/templates/tekton-events-controller-deploy.yaml similarity index 89% rename from charts/tekton-pipelines/templates/deployment-tekton-events-controller.yaml rename to charts/tekton-pipelines/templates/tekton-events-controller-deploy.yaml index 26dead707d..ffb76973a4 100644 --- a/charts/tekton-pipelines/templates/deployment-tekton-events-controller.yaml +++ b/charts/tekton-pipelines/templates/tekton-events-controller-deploy.yaml @@ -16,17 +16,16 @@ apiVersion: apps/v1 kind: Deployment metadata: name: tekton-events-controller - namespace: tekton-pipelines labels: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.53.0" + app.kubernetes.io/version: "v0.69.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.53.0" + version: "v0.69.0" spec: replicas: 1 selector: @@ -41,13 +40,13 @@ spec: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.53.0" + app.kubernetes.io/version: "v0.69.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" # labels below are related to istio and should not be used for resource lookup app: tekton-events-controller - version: "v0.53.0" + version: "v0.69.0" spec: affinity: nodeAffinity: @@ -61,9 +60,8 @@ spec: serviceAccountName: tekton-events-controller containers: - name: tekton-events-controller - image: {{ .Values.events.deployment.image }} + image: ghcr.io/tektoncd/pipeline/events-a9042f7efb0cbade2a868a1ee5ddd52c:v0.69.0@sha256:38711b49ccbadbd0ec2832421bf99f5f9e2a86b443adb7d50357c058137684ea args: [] - resources: {{- toYaml .Values.events.resources | nindent 12 }} volumeMounts: - name: config-logging mountPath: /etc/config-logging @@ -74,6 +72,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: KUBERNETES_MIN_VERSION + value: "v1.28.0" # If you are changing these names, you will also need to update # the controller's Role in 200-role.yaml to include the new # values in the "configmaps" "get" rule. @@ -91,6 +91,7 @@ spec: value: /etc/ssl/certs securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true capabilities: drop: - "ALL" diff --git a/charts/tekton-pipelines/templates/rolebinding-tekton-events-controller-leaderelection.yaml b/charts/tekton-pipelines/templates/tekton-events-controller-leaderelection-rb.yaml similarity index 87% rename from charts/tekton-pipelines/templates/rolebinding-tekton-events-controller-leaderelection.yaml rename to charts/tekton-pipelines/templates/tekton-events-controller-leaderelection-rb.yaml index 1dda455a40..646b22036c 100644 --- a/charts/tekton-pipelines/templates/rolebinding-tekton-events-controller-leaderelection.yaml +++ b/charts/tekton-pipelines/templates/tekton-events-controller-leaderelection-rb.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tekton-events-controller-leaderelection - namespace: tekton-pipelines labels: app.kubernetes.io/component: events app.kubernetes.io/instance: default @@ -10,7 +9,7 @@ metadata: subjects: - kind: ServiceAccount name: tekton-events-controller - namespace: tekton-pipelines + namespace: '{{ .Release.Namespace }}' roleRef: kind: Role name: tekton-pipelines-leader-election diff --git a/charts/tekton-pipelines/templates/serviceaccount-tekton-events-controller.yaml b/charts/tekton-pipelines/templates/tekton-events-controller-sa.yaml similarity index 87% rename from charts/tekton-pipelines/templates/serviceaccount-tekton-events-controller.yaml rename to charts/tekton-pipelines/templates/tekton-events-controller-sa.yaml index 1ba076dc54..a8fcb20544 100644 --- a/charts/tekton-pipelines/templates/serviceaccount-tekton-events-controller.yaml +++ b/charts/tekton-pipelines/templates/tekton-events-controller-sa.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: ServiceAccount metadata: name: tekton-events-controller - namespace: tekton-pipelines labels: app.kubernetes.io/component: events app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/service-tekton-events-controller.yaml b/charts/tekton-pipelines/templates/tekton-events-controller-svc.yaml similarity index 86% rename from charts/tekton-pipelines/templates/service-tekton-events-controller.yaml rename to charts/tekton-pipelines/templates/tekton-events-controller-svc.yaml index 59f260fc11..85cc7e4c25 100644 --- a/charts/tekton-pipelines/templates/service-tekton-events-controller.yaml +++ b/charts/tekton-pipelines/templates/tekton-events-controller-svc.yaml @@ -5,15 +5,14 @@ metadata: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.53.0" + app.kubernetes.io/version: "v0.69.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" # labels below are related to istio and should not be used for resource lookup app: tekton-events-controller - version: "v0.53.0" + version: "v0.69.0" name: tekton-events-controller - namespace: tekton-pipelines spec: ports: - name: http-metrics diff --git a/charts/tekton-pipelines/templates/tekton-git-secret.yaml b/charts/tekton-pipelines/templates/tekton-git-secret.yaml new file mode 100644 index 0000000000..2873480921 --- /dev/null +++ b/charts/tekton-pipelines/templates/tekton-git-secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.auth.git.password }} +apiVersion: v1 +data: + password: {{ .Values.auth.git.password | b64enc | quote }} + username: {{ .Values.auth.git.username | b64enc | quote }} +kind: Secret +metadata: + name: tekton-git + annotations: + tekton.dev/git-0: {{ .Values.auth.git.url | quote }} + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +type: kubernetes.io/basic-auth +{{- end }} \ No newline at end of file diff --git a/charts/tekton-pipelines/templates/clusterrole-tekton-pipelines-controller-cluster-access.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-controller-cluster-access-clusterrole.yaml similarity index 100% rename from charts/tekton-pipelines/templates/clusterrole-tekton-pipelines-controller-cluster-access.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-controller-cluster-access-clusterrole.yaml diff --git a/charts/tekton-pipelines/templates/clusterrolebinding-tekton-pipelines-controller-cluster-access.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-controller-cluster-access-crb.yaml similarity index 96% rename from charts/tekton-pipelines/templates/clusterrolebinding-tekton-pipelines-controller-cluster-access.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-controller-cluster-access-crb.yaml index 96a142585a..06daf3f5f2 100644 --- a/charts/tekton-pipelines/templates/clusterrolebinding-tekton-pipelines-controller-cluster-access.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-controller-cluster-access-crb.yaml @@ -23,7 +23,7 @@ metadata: subjects: - kind: ServiceAccount name: tekton-pipelines-controller - namespace: tekton-pipelines + namespace: '{{ .Release.Namespace }}' roleRef: kind: ClusterRole name: tekton-pipelines-controller-cluster-access diff --git a/charts/tekton-pipelines/templates/tekton-pipelines-controller-deploy.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-controller-deploy.yaml new file mode 100644 index 0000000000..ea78c79ba1 --- /dev/null +++ b/charts/tekton-pipelines/templates/tekton-pipelines-controller-deploy.yaml @@ -0,0 +1,149 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/name: controller + app.kubernetes.io/part-of: tekton-pipelines + app.kubernetes.io/version: v0.69.0 + {{- with .Values.controller.deployment.labels }} + {{- toYaml . | nindent 4 }} + {{- end}} + pipeline.tekton.dev/release: v0.69.0 + version: v0.69.0 + name: tekton-pipelines-controller +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/name: controller + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + annotations: + fake: value + {{- with .Values.controller.pod.annotations }} + {{- toYaml . | nindent 8 }} + {{- end}} + labels: + app: tekton-pipelines-controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/name: controller + app.kubernetes.io/part-of: tekton-pipelines + app.kubernetes.io/version: v0.69.0 + {{- with .Values.controller.pod.labels }} + {{- toYaml . | nindent 8 }} + {{- end}} + pipeline.tekton.dev/release: v0.69.0 + version: v0.69.0 + spec: + affinity: + {{- with .Values.controller.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - args: + - -entrypoint-image + - ghcr.io/tektoncd/pipeline/entrypoint-bff0a22da108bc2f16c818c97641a296:v0.69.0@sha256:c4427dc67f89552db62e0ce2f5d573ad54dc386a975d38201f30943120adf1e9 + - -nop-image + - ghcr.io/tektoncd/pipeline/nop-8eac7c133edad5df719dc37b36b62482:v0.69.0@sha256:4a2e726ce80ea573b6348a44ce783ee4a7c1c6aaeab1a0c00001f321f4c38c0f + - -sidecarlogresults-image + - ghcr.io/tektoncd/pipeline/sidecarlogresults-7501c6a20d741631510a448b48ab098f:v0.69.0@sha256:9925427cd47c224fc5432ed388b7b60be5cb237d2478d6d925e2bc3d1052d688 + - -workingdirinit-image + - ghcr.io/tektoncd/pipeline/workingdirinit-0c558922ec6a1b739e550e349f2d5fc1:v0.69.0@sha256:afbf8087e7e89f5e82d1ec366c5f74eaff3a63b3a2ab28a601d5de450d6fd144 + - -shell-image + - cgr.dev/chainguard/busybox@sha256:19f02276bf8dbdd62f069b922f10c65262cc34b710eea26ff928129a736be791 + - -shell-image-win + - mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6 + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBERNETES_MIN_VERSION + value: v1.28.0 + - name: CONFIG_DEFAULTS_NAME + value: config-defaults + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-controller + - name: CONFIG_SPIRE + value: config-spire + - name: SSL_CERT_FILE + value: /etc/config-registry-cert/cert + - name: SSL_CERT_DIR + value: /etc/ssl/certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + envFrom: + - secretRef: + name: '{{ .Values.controller.envFromSecret }}' + optional: true + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + name: tekton-pipelines-controller + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + - containerPort: 8080 + name: probes + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + resources: + {{- toYaml .Values.controller.resources | nindent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /etc/config-logging + name: config-logging + - mountPath: /etc/config-registry-cert + name: config-registry-cert + image: {{ .Values.controller.deployment.image }} + nodeSelector: + {{- with .Values.controller.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end}} + serviceAccountName: tekton-pipelines-controller + tolerations: + {{- with .Values.controller.tolerations }} + {{- toYaml . | nindent 6 }} + {{- end}} + volumes: + - configMap: + name: config-logging + name: config-logging + - configMap: + name: config-registry-cert + name: config-registry-cert \ No newline at end of file diff --git a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-controller-leaderelection.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-controller-leaderelection-rb.yaml similarity index 87% rename from charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-controller-leaderelection.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-controller-leaderelection-rb.yaml index ef2c86eb9e..8068eade3f 100644 --- a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-controller-leaderelection.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-controller-leaderelection-rb.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tekton-pipelines-controller-leaderelection - namespace: tekton-pipelines labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: default @@ -10,7 +9,7 @@ metadata: subjects: - kind: ServiceAccount name: tekton-pipelines-controller - namespace: tekton-pipelines + namespace: '{{ .Release.Namespace }}' roleRef: kind: Role name: tekton-pipelines-leader-election diff --git a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-controller.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-controller-rb.yaml similarity index 94% rename from charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-controller.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-controller-rb.yaml index 60626f1198..e28887bfdd 100644 --- a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-controller.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-controller-rb.yaml @@ -16,7 +16,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tekton-pipelines-controller - namespace: tekton-pipelines labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: default @@ -24,7 +23,7 @@ metadata: subjects: - kind: ServiceAccount name: tekton-pipelines-controller - namespace: tekton-pipelines + namespace: '{{ .Release.Namespace }}' roleRef: kind: Role name: tekton-pipelines-controller diff --git a/charts/tekton-pipelines/templates/role-tekton-pipelines-controller.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-controller-role.yaml similarity index 97% rename from charts/tekton-pipelines/templates/role-tekton-pipelines-controller.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-controller-role.yaml index e0db94bff8..b1294eed5f 100644 --- a/charts/tekton-pipelines/templates/role-tekton-pipelines-controller.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-controller-role.yaml @@ -16,7 +16,6 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-pipelines-controller - namespace: tekton-pipelines labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/serviceaccount-tekton-pipelines-controller.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-controller-sa.yaml similarity index 96% rename from charts/tekton-pipelines/templates/serviceaccount-tekton-pipelines-controller.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-controller-sa.yaml index 136ba99470..8fa6ceb9ce 100644 --- a/charts/tekton-pipelines/templates/serviceaccount-tekton-pipelines-controller.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-controller-sa.yaml @@ -15,7 +15,6 @@ apiVersion: v1 kind: ServiceAccount metadata: name: tekton-pipelines-controller - namespace: tekton-pipelines labels: app.kubernetes.io/component: controller app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/service-tekton-pipelines-controller.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-controller-svc.yaml similarity index 86% rename from charts/tekton-pipelines/templates/service-tekton-pipelines-controller.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-controller-svc.yaml index 4309e658fd..b5351d612d 100644 --- a/charts/tekton-pipelines/templates/service-tekton-pipelines-controller.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-controller-svc.yaml @@ -5,15 +5,14 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.53.0" + app.kubernetes.io/version: "v0.69.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.53.0" + version: "v0.69.0" name: tekton-pipelines-controller - namespace: tekton-pipelines spec: ports: - name: http-metrics diff --git a/charts/tekton-pipelines/templates/clusterrole-tekton-pipelines-controller-tenant-access.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-controller-tenant-access-clusterrole.yaml similarity index 100% rename from charts/tekton-pipelines/templates/clusterrole-tekton-pipelines-controller-tenant-access.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-controller-tenant-access-clusterrole.yaml diff --git a/charts/tekton-pipelines/templates/clusterrolebinding-tekton-pipelines-controller-tenant-access.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-controller-tenant-access-crb.yaml similarity index 94% rename from charts/tekton-pipelines/templates/clusterrolebinding-tekton-pipelines-controller-tenant-access.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-controller-tenant-access-crb.yaml index dc982365ef..1b2a623bde 100644 --- a/charts/tekton-pipelines/templates/clusterrolebinding-tekton-pipelines-controller-tenant-access.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-controller-tenant-access-crb.yaml @@ -13,7 +13,7 @@ metadata: subjects: - kind: ServiceAccount name: tekton-pipelines-controller - namespace: tekton-pipelines + namespace: '{{ .Release.Namespace }}' roleRef: kind: ClusterRole name: tekton-pipelines-controller-tenant-access diff --git a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-events-controller.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-events-controller-rb.yaml similarity index 87% rename from charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-events-controller.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-events-controller-rb.yaml index 8977d58bcc..6691568ddc 100644 --- a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-events-controller.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-events-controller-rb.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tekton-pipelines-events-controller - namespace: tekton-pipelines labels: app.kubernetes.io/component: events app.kubernetes.io/instance: default @@ -10,7 +9,7 @@ metadata: subjects: - kind: ServiceAccount name: tekton-events-controller - namespace: tekton-pipelines + namespace: '{{ .Release.Namespace }}' roleRef: kind: Role name: tekton-pipelines-events-controller diff --git a/charts/tekton-pipelines/templates/role-tekton-pipelines-events-controller.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-events-controller-role.yaml similarity index 95% rename from charts/tekton-pipelines/templates/role-tekton-pipelines-events-controller.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-events-controller-role.yaml index 08b4b5cc6c..0f28c25e86 100644 --- a/charts/tekton-pipelines/templates/role-tekton-pipelines-events-controller.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-events-controller-role.yaml @@ -2,7 +2,6 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-pipelines-events-controller - namespace: tekton-pipelines labels: app.kubernetes.io/component: events app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-info.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-info-rb.yaml similarity index 94% rename from charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-info.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-info-rb.yaml index 31f8cba335..a1a1fad7e6 100644 --- a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-info.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-info-rb.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tekton-pipelines-info - namespace: tekton-pipelines labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipelines/templates/role-tekton-pipelines-info.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-info-role.yaml similarity index 94% rename from charts/tekton-pipelines/templates/role-tekton-pipelines-info.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-info-role.yaml index d5b27166a1..c27a86d198 100644 --- a/charts/tekton-pipelines/templates/role-tekton-pipelines-info.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-info-role.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: tekton-pipelines-info - namespace: tekton-pipelines labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipelines/templates/role-tekton-pipelines-leader-election.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-leader-election-role.yaml similarity index 92% rename from charts/tekton-pipelines/templates/role-tekton-pipelines-leader-election.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-leader-election-role.yaml index 3056ef35d2..7a9191cdc5 100644 --- a/charts/tekton-pipelines/templates/role-tekton-pipelines-leader-election.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-leader-election-role.yaml @@ -2,7 +2,6 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-pipelines-leader-election - namespace: tekton-pipelines labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipelines/templates/namespace-tekton-pipelines-resolvers.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-ns.yaml similarity index 86% rename from charts/tekton-pipelines/templates/namespace-tekton-pipelines-resolvers.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-ns.yaml index 08f05ca189..fd63f2979d 100644 --- a/charts/tekton-pipelines/templates/namespace-tekton-pipelines-resolvers.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-ns.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 The Tekton Authors +# Copyright 2019 The Tekton Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,9 +15,8 @@ apiVersion: v1 kind: Namespace metadata: - name: tekton-pipelines-resolvers + name: tekton-pipelines labels: - app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines pod-security.kubernetes.io/enforce: restricted diff --git a/charts/tekton-pipelines/templates/tekton-pipelines-remote-resolvers-deploy.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-remote-resolvers-deploy.yaml new file mode 100644 index 0000000000..d0f8dc6b1b --- /dev/null +++ b/charts/tekton-pipelines/templates/tekton-pipelines-remote-resolvers-deploy.yaml @@ -0,0 +1,102 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/name: resolvers + app.kubernetes.io/part-of: tekton-pipelines + app.kubernetes.io/version: v0.69.0 + pipeline.tekton.dev/release: v0.69.0 + version: v0.69.0 + name: tekton-pipelines-remote-resolvers +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/name: resolvers + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app: tekton-pipelines-resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/name: resolvers + app.kubernetes.io/part-of: tekton-pipelines + app.kubernetes.io/version: v0.69.0 + pipeline.tekton.dev/release: v0.69.0 + version: v0.69.0 + spec: + affinity: + {{- with .Values.remoteresolver.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/name: resolvers + app.kubernetes.io/part-of: tekton-pipelines + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBERNETES_MIN_VERSION + value: v1.28.0 + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-resolvers + - name: METRICS_DOMAIN + value: tekton.dev/resolution + - name: PROBES_PORT + value: "8080" + - name: ARTIFACT_HUB_API + value: https://artifacthub.io/ + - name: TEKTON_HUB_API + value: https://api.hub.tekton.dev/ + image: ghcr.io/tektoncd/pipeline/resolvers-ff86b24f130c42b88983d3c13993056d:v0.69.0@sha256:9a05e45464c87744963b13bd1e086be941249571805f692e2c39548593033f3c + name: controller + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + - containerPort: 8080 + name: probes + resources: + {{- with .Values.remoteresolver.resources }} + {{- toYaml . | trim | nindent 10 }} + {{- end }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + nodeSelector: + {{- with .Values.remoteresolver.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end}} + serviceAccountName: tekton-pipelines-resolvers + tolerations: + {{- with .Values.remoteresolver.tolerations }} + {{- toYaml . | nindent 6 }} + {{- end}} \ No newline at end of file diff --git a/charts/tekton-pipelines/templates/service-tekton-pipelines-remote-resolvers.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-remote-resolvers-svc.yaml similarity index 90% rename from charts/tekton-pipelines/templates/service-tekton-pipelines-remote-resolvers.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-remote-resolvers-svc.yaml index 821bba788b..b135cacb9c 100644 --- a/charts/tekton-pipelines/templates/service-tekton-pipelines-remote-resolvers.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-remote-resolvers-svc.yaml @@ -18,15 +18,14 @@ metadata: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.53.0" + app.kubernetes.io/version: "v0.69.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-remote-resolvers - version: "v0.53.0" + version: "v0.69.0" name: tekton-pipelines-remote-resolvers - namespace: tekton-pipelines-resolvers spec: ports: - name: http-metrics diff --git a/charts/tekton-pipelines/templates/clusterrolebinding-tekton-pipelines-resolvers.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-resolvers-crb.yaml similarity index 96% rename from charts/tekton-pipelines/templates/clusterrolebinding-tekton-pipelines-resolvers.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-resolvers-crb.yaml index cdd40fc15d..1278a12251 100644 --- a/charts/tekton-pipelines/templates/clusterrolebinding-tekton-pipelines-resolvers.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-resolvers-crb.yaml @@ -23,7 +23,7 @@ metadata: subjects: - kind: ServiceAccount name: tekton-pipelines-resolvers - namespace: tekton-pipelines-resolvers + namespace: '{{ .Release.Namespace }}' roleRef: kind: ClusterRole name: tekton-pipelines-resolvers-resolution-request-updates diff --git a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-resolvers-namespace-rbac.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-resolvers-namespace-rbac-rb.yaml similarity index 92% rename from charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-resolvers-namespace-rbac.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-resolvers-namespace-rbac-rb.yaml index 11ca0e8133..9f54ddb859 100644 --- a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-resolvers-namespace-rbac.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-resolvers-namespace-rbac-rb.yaml @@ -16,7 +16,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tekton-pipelines-resolvers-namespace-rbac - namespace: tekton-pipelines-resolvers labels: app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default @@ -24,7 +23,7 @@ metadata: subjects: - kind: ServiceAccount name: tekton-pipelines-resolvers - namespace: tekton-pipelines-resolvers + namespace: '{{ .Release.Namespace }}' roleRef: kind: Role name: tekton-pipelines-resolvers-namespace-rbac diff --git a/charts/tekton-pipelines/templates/role-tekton-pipelines-resolvers-namespace-rbac.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-resolvers-namespace-rbac-role.yaml similarity index 96% rename from charts/tekton-pipelines/templates/role-tekton-pipelines-resolvers-namespace-rbac.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-resolvers-namespace-rbac-role.yaml index a64a35eac7..773fb7e635 100644 --- a/charts/tekton-pipelines/templates/role-tekton-pipelines-resolvers-namespace-rbac.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-resolvers-namespace-rbac-role.yaml @@ -16,7 +16,6 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-pipelines-resolvers-namespace-rbac - namespace: tekton-pipelines-resolvers labels: app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/clusterrole-tekton-pipelines-resolvers-resolution-request-updates.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-resolvers-resolution-request-updates-clusterrole.yaml similarity index 92% rename from charts/tekton-pipelines/templates/clusterrole-tekton-pipelines-resolvers-resolution-request-updates.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-resolvers-resolution-request-updates-clusterrole.yaml index 3215d74b14..4364334095 100644 --- a/charts/tekton-pipelines/templates/clusterrole-tekton-pipelines-resolvers-resolution-request-updates.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-resolvers-resolution-request-updates-clusterrole.yaml @@ -26,9 +26,9 @@ rules: resources: ["resolutionrequests", "resolutionrequests/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["tekton.dev"] - resources: ["tasks", "pipelines"] + resources: ["tasks", "pipelines", "stepactions"] verbs: ["get", "list"] # Read-only access to these. - apiGroups: [""] - resources: ["secrets"] + resources: ["secrets", "serviceaccounts"] verbs: ["get", "list", "watch"] diff --git a/charts/tekton-pipelines/templates/serviceaccount-tekton-pipelines-resolvers.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-resolvers-sa.yaml similarity index 95% rename from charts/tekton-pipelines/templates/serviceaccount-tekton-pipelines-resolvers.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-resolvers-sa.yaml index 08815c6a59..db3d068752 100644 --- a/charts/tekton-pipelines/templates/serviceaccount-tekton-pipelines-resolvers.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-resolvers-sa.yaml @@ -16,7 +16,6 @@ apiVersion: v1 kind: ServiceAccount metadata: name: tekton-pipelines-resolvers - namespace: tekton-pipelines-resolvers labels: app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/clusterrole-tekton-pipelines-webhook-cluster-access.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-cluster-access-clusterrole.yaml similarity index 100% rename from charts/tekton-pipelines/templates/clusterrole-tekton-pipelines-webhook-cluster-access.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-webhook-cluster-access-clusterrole.yaml diff --git a/charts/tekton-pipelines/templates/clusterrolebinding-tekton-pipelines-webhook-cluster-access.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-cluster-access-crb.yaml similarity index 91% rename from charts/tekton-pipelines/templates/clusterrolebinding-tekton-pipelines-webhook-cluster-access.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-webhook-cluster-access-crb.yaml index 988ecf2de6..529487aba5 100644 --- a/charts/tekton-pipelines/templates/clusterrolebinding-tekton-pipelines-webhook-cluster-access.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-cluster-access-crb.yaml @@ -9,7 +9,7 @@ metadata: subjects: - kind: ServiceAccount name: tekton-pipelines-webhook - namespace: tekton-pipelines + namespace: '{{ .Release.Namespace }}' roleRef: kind: ClusterRole name: tekton-pipelines-webhook-cluster-access diff --git a/charts/tekton-pipelines/templates/tekton-pipelines-webhook-deploy.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-deploy.yaml new file mode 100644 index 0000000000..0f5f940b1f --- /dev/null +++ b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-deploy.yaml @@ -0,0 +1,138 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipelines + app.kubernetes.io/version: v0.69.0 + {{- with .Values.webhook.deployment.labels }} + {{- toYaml . | nindent 4 }} + {{- end}} + pipeline.tekton.dev/release: v0.69.0 + version: v0.69.0 + name: tekton-pipelines-webhook +spec: + selector: + matchLabels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app: tekton-pipelines-webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipelines + app.kubernetes.io/version: v0.69.0 + {{- with .Values.webhook.pod.labels }} + {{- toYaml . | nindent 8 }} + {{- end}} + pipeline.tekton.dev/release: v0.69.0 + version: v0.69.0 + spec: + affinity: + {{- with .Values.webhook.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/name: webhook + app.kubernetes.io/part-of: tekton-pipelines + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBERNETES_MIN_VERSION + value: v1.28.0 + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-webhook + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + - name: PROBES_PORT + value: "8080" + - name: WEBHOOK_PORT + value: "8443" + - name: WEBHOOK_ADMISSION_CONTROLLER_NAME + value: webhook.pipeline.tekton.dev + - name: WEBHOOK_SERVICE_NAME + value: tekton-pipelines-webhook + - name: WEBHOOK_SECRET_NAME + value: webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + envFrom: + - secretRef: + name: '{{ .Values.webhook.envFromSecret }}' + optional: true + image: ghcr.io/tektoncd/pipeline/webhook-d4749e605405422fd87700164e31b2d1:v0.69.0@sha256:d295b914dee401a7a23a28b779394b3d471d96e091f0ade937accf6d058915b6 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + name: webhook + ports: + - containerPort: 9090 + name: metrics + - containerPort: 8008 + name: profiling + - containerPort: 8443 + name: https-webhook + - containerPort: 8080 + name: probes + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + resources: + limits: + cpu: 500m + memory: 500Mi + requests: + cpu: 100m + memory: 100Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + seccompProfile: + type: RuntimeDefault + nodeSelector: + {{- with .Values.webhook.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end}} + serviceAccountName: tekton-pipelines-webhook + tolerations: + {{- with .Values.webhook.tolerations }} + {{- toYaml . | nindent 6 }} + {{- end}} diff --git a/charts/tekton-pipelines/templates/horizontalpodautoscaler-tekton-pipelines-webhook.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-horizontalpodautoscaler.yaml similarity index 90% rename from charts/tekton-pipelines/templates/horizontalpodautoscaler-tekton-pipelines-webhook.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-webhook-horizontalpodautoscaler.yaml index 2d7ee38adc..d0414e19d2 100644 --- a/charts/tekton-pipelines/templates/horizontalpodautoscaler-tekton-pipelines-webhook.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-horizontalpodautoscaler.yaml @@ -16,17 +16,16 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: tekton-pipelines-webhook - namespace: tekton-pipelines labels: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.53.0" + app.kubernetes.io/version: "v0.69.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.53.0" + version: "v0.69.0" spec: minReplicas: 1 maxReplicas: 5 diff --git a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-webhook-leaderelection.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-leaderelection-rb.yaml similarity index 87% rename from charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-webhook-leaderelection.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-webhook-leaderelection-rb.yaml index 6218fa34ca..6549621f55 100644 --- a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-webhook-leaderelection.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-leaderelection-rb.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tekton-pipelines-webhook-leaderelection - namespace: tekton-pipelines labels: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default @@ -10,7 +9,7 @@ metadata: subjects: - kind: ServiceAccount name: tekton-pipelines-webhook - namespace: tekton-pipelines + namespace: '{{ .Release.Namespace }}' roleRef: kind: Role name: tekton-pipelines-leader-election diff --git a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-webhook.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-rb.yaml similarity index 86% rename from charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-webhook.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-webhook-rb.yaml index 6f945ee62b..09a9e692fe 100644 --- a/charts/tekton-pipelines/templates/rolebinding-tekton-pipelines-webhook.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-rb.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tekton-pipelines-webhook - namespace: tekton-pipelines labels: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default @@ -10,7 +9,7 @@ metadata: subjects: - kind: ServiceAccount name: tekton-pipelines-webhook - namespace: tekton-pipelines + namespace: '{{ .Release.Namespace }}' roleRef: kind: Role name: tekton-pipelines-webhook diff --git a/charts/tekton-pipelines/templates/role-tekton-pipelines-webhook.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-role.yaml similarity index 96% rename from charts/tekton-pipelines/templates/role-tekton-pipelines-webhook.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-webhook-role.yaml index d96b178f53..40919caecf 100644 --- a/charts/tekton-pipelines/templates/role-tekton-pipelines-webhook.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-role.yaml @@ -2,7 +2,6 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-pipelines-webhook - namespace: tekton-pipelines labels: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/serviceaccount-tekton-pipelines-webhook.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-sa.yaml similarity index 87% rename from charts/tekton-pipelines/templates/serviceaccount-tekton-pipelines-webhook.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-webhook-sa.yaml index 0d459101a9..1d5eef3799 100644 --- a/charts/tekton-pipelines/templates/serviceaccount-tekton-pipelines-webhook.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-sa.yaml @@ -2,7 +2,6 @@ apiVersion: v1 kind: ServiceAccount metadata: name: tekton-pipelines-webhook - namespace: tekton-pipelines labels: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default diff --git a/charts/tekton-pipelines/templates/service-tekton-pipelines-webhook.yaml b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-svc.yaml similarity index 88% rename from charts/tekton-pipelines/templates/service-tekton-pipelines-webhook.yaml rename to charts/tekton-pipelines/templates/tekton-pipelines-webhook-svc.yaml index 5f636d4536..ae4917fb2b 100644 --- a/charts/tekton-pipelines/templates/service-tekton-pipelines-webhook.yaml +++ b/charts/tekton-pipelines/templates/tekton-pipelines-webhook-svc.yaml @@ -5,15 +5,14 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.53.0" + app.kubernetes.io/version: "v0.69.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.53.0" + version: "v0.69.0" name: tekton-pipelines-webhook - namespace: tekton-pipelines spec: ports: # Define metrics and profiling for them to be accessible within service meshes. diff --git a/charts/tekton-pipelines/templates/validatingwebhookconfiguration-validation.webhook.pipeline.tekton.dev.yaml b/charts/tekton-pipelines/templates/validation.webhook.pipeline.tekton.dev-valwebhookcfg.yaml similarity index 92% rename from charts/tekton-pipelines/templates/validatingwebhookconfiguration-validation.webhook.pipeline.tekton.dev.yaml rename to charts/tekton-pipelines/templates/validation.webhook.pipeline.tekton.dev-valwebhookcfg.yaml index cb24f53593..db5ae441f7 100644 --- a/charts/tekton-pipelines/templates/validatingwebhookconfiguration-validation.webhook.pipeline.tekton.dev.yaml +++ b/charts/tekton-pipelines/templates/validation.webhook.pipeline.tekton.dev-valwebhookcfg.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" webhooks: - admissionReviewVersions: ["v1"] clientConfig: diff --git a/charts/tekton-pipelines/templates/customresourcedefinition-verificationpolicies.tekton.dev.yaml b/charts/tekton-pipelines/templates/verificationpolicies.tekton.dev-crd.yaml similarity index 96% rename from charts/tekton-pipelines/templates/customresourcedefinition-verificationpolicies.tekton.dev.yaml rename to charts/tekton-pipelines/templates/verificationpolicies.tekton.dev-crd.yaml index cfde34c7ad..829a4ccb37 100644 --- a/charts/tekton-pipelines/templates/customresourcedefinition-verificationpolicies.tekton.dev.yaml +++ b/charts/tekton-pipelines/templates/verificationpolicies.tekton.dev-crd.yaml @@ -19,8 +19,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.53.0" - version: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" + version: "v0.69.0" spec: group: tekton.dev versions: diff --git a/charts/tekton-pipelines/templates/secret-webhook-certs.yaml b/charts/tekton-pipelines/templates/webhook-certs-secret.yaml similarity index 87% rename from charts/tekton-pipelines/templates/secret-webhook-certs.yaml rename to charts/tekton-pipelines/templates/webhook-certs-secret.yaml index 74d4d3d6a1..046e6ff0fb 100644 --- a/charts/tekton-pipelines/templates/secret-webhook-certs.yaml +++ b/charts/tekton-pipelines/templates/webhook-certs-secret.yaml @@ -16,10 +16,9 @@ apiVersion: v1 kind: Secret metadata: name: webhook-certs - namespace: tekton-pipelines labels: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.53.0" -# The data is populated at install time. + pipeline.tekton.dev/release: "v0.69.0" + # The data is populated at install time. diff --git a/charts/tekton-pipelines/templates/mutatingwebhookconfiguration-webhook.pipeline.tekton.dev.yaml b/charts/tekton-pipelines/templates/webhook.pipeline.tekton.dev-mutwebhookcfg.yaml similarity index 92% rename from charts/tekton-pipelines/templates/mutatingwebhookconfiguration-webhook.pipeline.tekton.dev.yaml rename to charts/tekton-pipelines/templates/webhook.pipeline.tekton.dev-mutwebhookcfg.yaml index 7afe786f84..18048416c7 100644 --- a/charts/tekton-pipelines/templates/mutatingwebhookconfiguration-webhook.pipeline.tekton.dev.yaml +++ b/charts/tekton-pipelines/templates/webhook.pipeline.tekton.dev-mutwebhookcfg.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.53.0" + pipeline.tekton.dev/release: "v0.69.0" webhooks: - admissionReviewVersions: ["v1"] clientConfig: diff --git a/charts/tekton-pipelines/values.yaml b/charts/tekton-pipelines/values.yaml index 399bca5a1d..3fa2cf3d8e 100644 --- a/charts/tekton-pipelines/values.yaml +++ b/charts/tekton-pipelines/values.yaml @@ -1,7 +1,19 @@ +auth: + git: + username: "admin" + password: "" + url: https://github.com + docker: + # if specified use the docker config.json style secret like this: + # https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#configuring-docker-authentication-for-docker + configJson: "" +serviceaccount: + enabled: true + annotations: {} # Values for tekton-pipelines-controller controller: deployment: - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.53.0@sha256:9cef507c33127c488938fd6af10c0c2242b4b667732e488545338f290025fa08 + image: ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36:v0.69.0@sha256:a3264de3edaae85ec7ce26f4f0876d4977ebdddceda793a8848ad8592347ecab labels: {} pod: labels: {} @@ -20,17 +32,10 @@ controller: - windows tolerations: [] nodeSelector: {} - resources: - requests: - cpu: 100m - memory: 100Mi - limits: - cpu: 1000m - memory: 1000Mi + resources: {} # Values for tekton-pipelines-webhook webhook: deployment: - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.53.0@sha256:da5cefe4b29a2c0904ccdae95d5bf668068c2ac1fc1618c239425fc616360568 labels: {} pod: labels: {} @@ -48,11 +53,8 @@ webhook: - windows tolerations: [] nodeSelector: {} - resources: {} # Values to amend tekton-pipelines-remote-resolvers remoteresolver: - deployment: - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.53.0@sha256:6445641a3ea1afa918f92ef51d18edf1bdb40c08878374db33e290221e3564e1 affinity: {} tolerations: [] nodeSelector: {} @@ -62,9 +64,277 @@ remoteresolver: memory: 100Mi limits: cpu: 1000m - memory: 1000Mi + memory: 4Gi +# configuration to put in the config-defaults ConfigMap +configDefaults: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ -events: - deployment: - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.53.0@sha256:340e1edd0783bdb86e396ef53499f068a42da1986a1d806ab652b448869637bd - resources: {} \ No newline at end of file + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # default-timeout-minutes contains the default number of + # minutes to use for TaskRun and PipelineRun, if none is specified. + default-timeout-minutes: "60" # 60 minutes + + # default-service-account contains the default service account name + # to use for TaskRun and PipelineRun, if none is specified. + default-service-account: "default" + + # default-managed-by-label-value contains the default value given to the + # "app.kubernetes.io/managed-by" label applied to all Pods created for + # TaskRuns. If a user's requested TaskRun specifies another value for this + # label, the user's request supercedes. + default-managed-by-label-value: "tekton-pipelines" + + # default-pod-template contains the default pod template to use for + # TaskRun and PipelineRun. If a pod template is specified on the + # PipelineRun, the default-pod-template is merged with that one. + # default-pod-template: + + # default-affinity-assistant-pod-template contains the default pod template + # to use for affinity assistant pods. If a pod template is specified on the + # PipelineRun, the default-affinity-assistant-pod-template is merged with + # that one. + # default-affinity-assistant-pod-template: + + # default-cloud-events-sink contains the default CloudEvents sink to be + # used for TaskRun and PipelineRun, when no sink is specified. + # Note that right now it is still not possible to set a PipelineRun or + # TaskRun specific sink, so the default is the only option available. + # If no sink is specified, no CloudEvent is generated + # default-cloud-events-sink: + + # default-task-run-workspace-binding contains the default workspace + # configuration provided for any Workspaces that a Task declares + # but that a TaskRun does not explicitly provide. + # default-task-run-workspace-binding: | + # emptyDir: {} + + # default-max-matrix-combinations-count contains the default maximum number + # of combinations from a Matrix, if none is specified. + default-max-matrix-combinations-count: "256" + + # default-forbidden-env contains comma seperated environment variables that cannot be + # overridden by podTemplate. + default-forbidden-env: + + # default-resolver-type contains the default resolver type to be used in the cluster, + # no default-resolver-type is specified by default + default-resolver-type: + + # default-imagepullbackoff-timeout contains the default duration to wait + # before requeuing the TaskRun to retry, specifying 0 here is equivalent to fail fast + # possible values could be 1m, 5m, 10s, 1h, etc + # default-imagepullbackoff-timeout: "5m" + + # default-maximum-resolution-timeout specifies the default duration used by the + # resolution controller before timing out when exceeded. + # Possible values include "1m", "5m", "10s", "1h", etc. + # Example: default-maximum-resolution-timeout: "1m" + + # default-container-resource-requirements allow users to update default resource requirements + # to a init-containers and containers of a pods create by the controller + # Onet: All the resource requirements are applied to init-containers and containers + # only if the existing resource requirements are empty. + # default-container-resource-requirements: | + # place-scripts: # updates resource requirements of a 'place-scripts' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # prepare: # updates resource requirements of a 'prepare' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "256Mi" + # cpu: "500m" + # + # working-dir-initializer: # updates resource requirements of a 'working-dir-initializer' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "512Mi" + # cpu: "500m" + # + # prefix-scripts: # updates resource requirements of containers which starts with 'scripts-' + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # prefix-sidecar-scripts: # updates resource requirements of containers which starts with 'sidecar-scripts-' + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # default: # updates resource requirements of init-containers and containers which has empty resource resource requirements + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "256Mi" + # cpu: "500m" +gitResolverConfig: + # The maximum amount of time a single anonymous cloning resolution may take. + fetch-timeout: "1m" + # The git url to fetch the remote resource from when using anonymous cloning. + default-url: "https://github.com/tektoncd/catalog.git" + # The git revision to fetch the remote resource from with either anonymous cloning or the authenticated API. + default-revision: "main" + # The SCM type to use with the authenticated API. Can be github, gitlab, gitea, bitbucketserver, bitbucketcloud + scm-type: "github" + # The SCM server URL to use with the authenticated API. Not needed when using github.com, gitlab.com, or BitBucket Cloud + server-url: "" + # The Kubernetes secret containing the API token for the SCM provider. Required when using the authenticated API. + api-token-secret-name: "" + # The key in the API token secret containing the actual token. Required when using the authenticated API. + api-token-secret-key: "" + # The namespace containing the API token secret. Defaults to "default". + api-token-secret-namespace: "default" + # The default organization to look for repositories under when using the authenticated API, + # if not specified in the resolver parameters. Optional. + default-org: "" +# feature flags to put in feature-flags ConfigMap +featureFlags: + # Setting this flag to "true" will prevent Tekton to create an + # Affinity Assistant for every TaskRun sharing a PVC workspace + # + # The default behaviour is for Tekton to create Affinity Assistants + # + # See more in the Affinity Assistant documentation + # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md + # or https://github.com/tektoncd/pipeline/pull/2630 for more info. + # + # Note: This feature flag is deprecated and will be removed in release v0.60. Consider using `coschedule` feature flag to configure Affinity Assistant behavior. + disable-affinity-assistant: "false" + # Setting this flag will determine how PipelineRun Pods are scheduled with Affinity Assistant. + # Acceptable values are "workspaces" (default), "pipelineruns", "isolate-pipelinerun", or "disabled". + # + # Setting it to "workspaces" will schedule all the taskruns sharing the same PVC-based workspace in a pipelinerun to the same node. + # Setting it to "pipelineruns" will schedule all the taskruns in a pipelinerun to the same node. + # Setting it to "isolate-pipelinerun" will schedule all the taskruns in a pipelinerun to the same node, + # and only allows one pipelinerun to run on a node at a time. + # Setting it to "disabled" will not apply any coschedule policy. + # + # See more in the Affinity Assistant documentation + # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md + coschedule: "workspaces" + # Setting this flag to "true" will prevent Tekton scanning attached + # service accounts and injecting any credentials it finds into your + # Steps. + # + # The default behaviour currently is for Tekton to search service + # accounts for secrets matching a specified format and automatically + # mount those into your Steps. + # + # Note: setting this to "true" will prevent PipelineResources from + # working. + # + # See https://github.com/tektoncd/pipeline/issues/2791 for more + # info. + disable-creds-init: "false" + # Setting this flag to "false" will stop Tekton from waiting for a + # TaskRun's sidecar containers to be running before starting the first + # step. This will allow Tasks to be run in environments that don't + # support the DownwardAPI volume type, but may lead to unintended + # behaviour if sidecars are used. + # + # See https://github.com/tektoncd/pipeline/issues/4937 for more info. + await-sidecar-readiness: "true" + # This option should be set to false when Pipelines is running in a + # cluster that does not use injected sidecars such as Istio. Setting + # it to false should decrease the time it takes for a TaskRun to start + # running. For clusters that use injected sidecars, setting this + # option to false can lead to unexpected behavior. + # + # See https://github.com/tektoncd/pipeline/issues/2080 for more info. + running-in-environment-with-injected-sidecars: "true" + # Setting this flag to "true" will require that any Git SSH Secret + # offered to Tekton must have known_hosts included. + # + # See https://github.com/tektoncd/pipeline/issues/2981 for more + # info. + require-git-ssh-secret-known-hosts: "false" + # Setting this flag to "true" enables the use of Tekton OCI bundle. + # This is an experimental feature and thus should still be considered + # an alpha feature. + enable-tekton-oci-bundles: "false" + # Setting this flag will determine which gated features are enabled. + # Acceptable values are "stable", "beta", or "alpha". + enable-api-fields: "beta" + # Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a + # CloudEvents sink is configured in the config-defaults config map + send-cloudevents-for-runs: "false" + # This flag affects the behavior of taskruns and pipelineruns in cases where no VerificationPolicies match them. + # If it is set to "fail", TaskRuns and PipelineRuns will fail verification if no matching policies are found. + # If it is set to "warn", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and an error will be logged. + # If it is set to "ignore", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and no error will be logged. + trusted-resources-verification-no-match-policy: "ignore" + # Setting this flag to "true" enables populating the "provenance" field in TaskRun + # and PipelineRun status. This field contains metadata about resources used + # in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline + # definition was fetched. + enable-provenance-in-status: "true" + # Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance. + # If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance. + # If set to "none", then Tekton will not have non-falsifiable provenance. + # This is an experimental feature and thus should still be considered an alpha feature. + enforce-nonfalsifiability: "none" + # Setting this flag will determine how Tekton pipelines will handle extracting results from the task. + # Acceptable values are "termination-message" or "sidecar-logs". + # "sidecar-logs" is now a beta feature. + results-from: "termination-message" + # Setting this flag will determine the upper limit of each task result + # This flag is optional and only associated with the previous flag, results-from + # When results-from is set to "sidecar-logs", this flag can be used to configure the upper limit of a task result + # max-result-size: "4096" + # Setting this flag to "true" will limit privileges for containers injected by Tekton into TaskRuns. + # This allows TaskRuns to run in namespaces with "restricted" pod security standards. + # Not all Kubernetes implementations support this option. + set-security-context: "false" + # Setting this flag to "true" will set readOnlyRootFilesystem in securityContext for all containers used in TaskRuns and AffinityAssistant. + set-security-context-read-only-root-filesystem: "false" + # Setting this flag to "true" will keep pod on cancellation + # allowing examination of the logs on the pods from cancelled taskruns + keep-pod-on-cancel: "false" + # Setting this flag to "true" will enable the CEL evaluation in WhenExpression + enable-cel-in-whenexpression: "false" + # Setting this flag to "true" will enable the use of StepActions in Steps + # This feature is in preview mode and not implemented yet. Please check #7259 for updates. + enable-step-actions: "false" + # Setting this flag to "true" will enable the use of Artifacts in Steps + # This feature is in preview mode and not implemented yet. Please check #7693 for updates. + enable-artifacts: "false" + # Setting this flag to "true" will enable the built-in param input validation via param enum. + enable-param-enum: "false" + # Setting this flag to "pipeline,pipelinerun,taskrun" will prevent users from creating + # embedded spec Taskruns or Pipelineruns for Pipeline, Pipelinerun and taskrun + # respectively. We can specify "pipeline" to disable for Pipeline resource only. + # "pipelinerun" for Pipelinerun and "taskrun" for Taskrun. Or a combination of + # these. + disable-inline-spec: "" + # Setting this flag to "true" will enable the use of concise resolver syntax + enable-concise-resolver-syntax: "false" + # Setthing this flag to "true" will enable native Kubernetes Sidecar support + enable-kubernetes-sidecar: "false"