From a37528a0fc3e367813a1e80885d9edc85e6b4889 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 23 Mar 2024 09:27:43 +0100 Subject: [PATCH 1/8] dockerd 24.0.6->26.0.0 --- docker/kustomization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/kustomization.yaml b/docker/kustomization.yaml index 175a527..9368aef 100644 --- a/docker/kustomization.yaml +++ b/docker/kustomization.yaml @@ -4,10 +4,10 @@ kind: Kustomization images: - name: docker:dind newName: docker - newTag: 24.0.6-dind@sha256:95c1bdb03ee2b92e2aeb682496928c61311aa63794fd5487922dfa81f704742e + newTag: 26.0.0-dind@sha256:645776ce2ff39e4889a887d05622e57c62f8a54f4f0a5376312b4d091483026d - name: docker:dind-rootless newName: docker - newTag: 24.0.6-dind-rootless@sha256:fbc42b5c40d5b381777728a79e3191e9add2296ebf762899c50f42f41192a360 + newTag: 26.0.0-dind-rootless@sha256:5ebb1f30cb627c66e488fcbac8a3f78c829dc545677c98e7200e922b91e54f4e resources: - dockerd-service.yaml From 82c517a4305b958293835dc5098c1466872c80a5 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 23 Mar 2024 09:32:03 +0100 Subject: [PATCH 2/8] will this propagate? can we set rewrite-timestamp=true? for docker-compose? See #57 for the rationale behind source date 0 --- docker/dockerd-statefulset.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker/dockerd-statefulset.yaml b/docker/dockerd-statefulset.yaml index 41f5ce3..6786a8d 100644 --- a/docker/dockerd-statefulset.yaml +++ b/docker/dockerd-statefulset.yaml @@ -64,6 +64,8 @@ spec: env: - name: DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS value: "-p 0.0.0.0:2376:2376/tcp" + - name: SOURCE_DATE_EPOCH + value: "0" - name: STORAGE_DRIVER valueFrom: fieldRef: From 93f3dff6cdffca8d6ede8abdf58f54161496c32a Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 23 Mar 2024 09:52:42 +0100 Subject: [PATCH 3/8] tekton pipelines 0.56->0.58, resolvers manually extracted to separate base --- tekton/release-resolvers/release.yaml | 20 ++--- tekton/release/release.yaml | 118 ++++++++++++++------------ 2 files changed, 73 insertions(+), 65 deletions(-) diff --git a/tekton/release-resolvers/release.yaml b/tekton/release-resolvers/release.yaml index ddc7d11..a624188 100644 --- a/tekton/release-resolvers/release.yaml +++ b/tekton/release-resolvers/release.yaml @@ -583,12 +583,12 @@ metadata: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.58.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.56.0" + version: "v0.58.0" spec: replicas: 1 selector: @@ -603,13 +603,13 @@ spec: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.58.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-resolvers - version: "v0.56.0" + version: "v0.58.0" spec: affinity: podAntiAffinity: @@ -626,7 +626,7 @@ spec: serviceAccountName: tekton-pipelines-resolvers containers: - name: controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.56.0@sha256:8c0598a04420caa0ee3aeb6fef7521f93f4c41f7308ccb0c616167dc1d5fa00a + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.58.0@sha256:9d2a81157a7a10286d6ea3a3885ad3896f3849884d644a70d6926ca3ef98eb14 resources: requests: cpu: 100m @@ -698,13 +698,13 @@ metadata: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.58.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-remote-resolvers - version: "v0.56.0" + version: "v0.58.0" name: tekton-pipelines-remote-resolvers namespace: tekton-pipelines-resolvers spec: diff --git a/tekton/release/release.yaml b/tekton/release/release.yaml index 7589787..0dab618 100644 --- a/tekton/release/release.yaml +++ b/tekton/release/release.yaml @@ -584,8 +584,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" + version: "v0.58.0" spec: group: tekton.dev preserveUnknownFields: false @@ -647,8 +647,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" + version: "v0.58.0" spec: group: tekton.dev preserveUnknownFields: false @@ -715,8 +715,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" + version: "v0.58.0" spec: group: tekton.dev preserveUnknownFields: false @@ -794,8 +794,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" + version: "v0.58.0" spec: group: tekton.dev preserveUnknownFields: false @@ -1007,8 +1007,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" + version: "v0.58.0" spec: group: tekton.dev preserveUnknownFields: false @@ -1062,8 +1062,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" + version: "v0.58.0" spec: group: tekton.dev preserveUnknownFields: false @@ -1144,8 +1144,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" + version: "v0.58.0" spec: group: tekton.dev preserveUnknownFields: false @@ -1254,8 +1254,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" + version: "v0.58.0" spec: group: tekton.dev versions: @@ -1306,7 +1306,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # The data is populated at install time. --- apiVersion: admissionregistration.k8s.io/v1 @@ -1317,7 +1317,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1336,7 +1336,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1355,7 +1355,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1543,6 +1543,11 @@ data: # no default-resolver-type is specified by default default-resolver-type: + # default-imagepullbackoff-timeout contains the default duration to wait + # before requeuing the TaskRun to retry, specifying 0 here is equivalent to fail fast + # possible values could be 1m, 5m, 10s, 1h, etc + # default-imagepullbackoff-timeout: "5m" + # default-container-resource-requirements allow users to update default resource requirements # to a init-containers and containers of a pods create by the controller # Onet: All the resource requirements are applied to init-containers and containers @@ -1776,6 +1781,9 @@ data: # Setting this flag to "true" will enable the use of StepActions in Steps # This feature is in preview mode and not implemented yet. Please check #7259 for updates. enable-step-actions: "false" + # Setting this flag to "true" will enable the use of Artifacts in Steps + # This feature is in preview mode and not implemented yet. Please check #7693 for updates. + enable-artifacts: "false" # Setting this flag to "true" will enable the built-in param input validation via param enum. enable-param-enum: "false" @@ -1808,7 +1816,7 @@ data: # this ConfigMap such that even if we don't have access to # other resources in the namespace we still can have access to # this ConfigMap. - version: "v0.56.0" + version: "v0.58.0" --- # Copyright 2020 Tekton Authors LLC @@ -2238,12 +2246,12 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.58.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.56.0" + version: "v0.58.0" spec: replicas: 1 selector: @@ -2258,13 +2266,13 @@ spec: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.58.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.56.0" + version: "v0.58.0" spec: affinity: nodeAffinity: @@ -2278,11 +2286,11 @@ spec: serviceAccountName: tekton-pipelines-controller containers: - name: tekton-pipelines-controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.56.0@sha256:fc5669e1bbabbf24b0ee4591ff20793643d778942e91ae52b3f7cca26d81a99b + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.58.0@sha256:23d14e0febf9e6ef3087ab8d96b298a387738659167c56713174f1328ec70bdd args: [ # These images are built on-demand by `ko resolve` and are replaced # by image references by digest. - "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.56.0@sha256:381ca58f0f911b6954530ea820bdda12850e535db9c6a85a17a02e3dd49345fb", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.56.0@sha256:4e627be53f78f30f73084ea0695d97397930d6f12d4cfab28d97b1aa57842881", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.56.0@sha256:4db16701d6e54d80cbb7b51e021d3f5698196d08d2f1ff33728154807ef1fe86", "-workingdirinit-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.56.0@sha256:c488368eff45a745dd58e65f526d746abcad431796bb0e719ecf2d5f71491692", + "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.58.0@sha256:b6503ff55a13ff0af83ed89d113a1a2aaf69ec8af83d0c8c69a35fc058bd202e", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.58.0@sha256:51b0e5b7461bdc638e86aadee7533514a3259cabb1e673c980f0634c2b848316", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.58.0@sha256:c5353a8d2d012711d43cea12ce5af3374d760705456471ae80f7aa12034f1404", "-workingdirinit-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.58.0@sha256:7db50c22a36809741a8de491d5bef8d06ba495cd57a7f3a42a5d9c9065881dbb", # The shell image must allow root in order to create directories and copy files to PVCs. # cgr.dev/chainguard/busybox as of April 14 2022 # image shall not contains tag, so it will be supported on a runtime like cri-o @@ -2370,13 +2378,13 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.58.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.56.0" + version: "v0.58.0" name: tekton-pipelines-controller namespace: tekton-pipelines spec: @@ -2420,12 +2428,12 @@ metadata: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.58.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.56.0" + version: "v0.58.0" spec: replicas: 1 selector: @@ -2440,13 +2448,13 @@ spec: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.58.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # labels below are related to istio and should not be used for resource lookup app: tekton-events-controller - version: "v0.56.0" + version: "v0.58.0" spec: affinity: nodeAffinity: @@ -2460,7 +2468,7 @@ spec: serviceAccountName: tekton-events-controller containers: - name: tekton-events-controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.56.0@sha256:c7fe97153fc32ea3eae343bcaf96761c9b0d80c8098ee35922550f0caf6887e0 + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.58.0@sha256:a664fc7bff61e2a90c0913ebede3d085e758cf15d58abd7b7acda8fc4fe1556e args: [] volumeMounts: - name: config-logging @@ -2536,13 +2544,13 @@ metadata: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.58.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # labels below are related to istio and should not be used for resource lookup app: tekton-events-controller - version: "v0.56.0" + version: "v0.58.0" name: tekton-events-controller namespace: tekton-pipelines spec: @@ -2586,12 +2594,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.58.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.56.0" + version: "v0.58.0" spec: minReplicas: 1 maxReplicas: 5 @@ -2634,12 +2642,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.58.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.56.0" + version: "v0.58.0" spec: selector: matchLabels: @@ -2653,13 +2661,13 @@ spec: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.58.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.56.0" + version: "v0.58.0" spec: affinity: nodeAffinity: @@ -2686,7 +2694,7 @@ spec: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.56.0@sha256:99824836bb47c1d9e21efdeff56e02b9426fe2323a22625b7af4f66a4028a5b4 + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.58.0@sha256:86a62cb119571a8d2f870d7cc7afd0eeae427c7c3d997bf631dfe77b4b21e90c # Resource request required for autoscaler to take any action for a metric resources: requests: @@ -2780,13 +2788,13 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.58.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.58.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.56.0" + version: "v0.58.0" name: tekton-pipelines-webhook namespace: tekton-pipelines spec: From 8655ec9e23a21ba1a25f7d2d095b2b6b919fc853 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 23 Mar 2024 09:55:07 +0100 Subject: [PATCH 4/8] tekton dashboard 0.43->0.45 --- tekton/dashboard-release/release-full.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tekton/dashboard-release/release-full.yaml b/tekton/dashboard-release/release-full.yaml index 4dc002b..caf23fc 100644 --- a/tekton/dashboard-release/release-full.yaml +++ b/tekton/dashboard-release/release-full.yaml @@ -271,7 +271,7 @@ subjects: --- apiVersion: v1 data: - version: v0.43.0 + version: v0.45.0 kind: ConfigMap metadata: labels: @@ -289,9 +289,9 @@ metadata: app.kubernetes.io/instance: default app.kubernetes.io/name: dashboard app.kubernetes.io/part-of: tekton-dashboard - app.kubernetes.io/version: v0.43.0 - dashboard.tekton.dev/release: v0.43.0 - version: v0.43.0 + app.kubernetes.io/version: v0.45.0 + dashboard.tekton.dev/release: v0.45.0 + version: v0.45.0 name: tekton-dashboard namespace: tekton-pipelines spec: @@ -315,9 +315,9 @@ metadata: app.kubernetes.io/instance: default app.kubernetes.io/name: dashboard app.kubernetes.io/part-of: tekton-dashboard - app.kubernetes.io/version: v0.43.0 - dashboard.tekton.dev/release: v0.43.0 - version: v0.43.0 + app.kubernetes.io/version: v0.45.0 + dashboard.tekton.dev/release: v0.45.0 + version: v0.45.0 name: tekton-dashboard namespace: tekton-pipelines spec: @@ -336,7 +336,7 @@ spec: app.kubernetes.io/instance: default app.kubernetes.io/name: dashboard app.kubernetes.io/part-of: tekton-dashboard - app.kubernetes.io/version: v0.43.0 + app.kubernetes.io/version: v0.45.0 name: tekton-dashboard spec: containers: @@ -348,7 +348,7 @@ spec: - --read-only=false - --log-level=info - --log-format=json - - --namespace= + - --default-namespace= - --namespaces= - --stream-logs=true - --external-logs= @@ -357,7 +357,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.43.0@sha256:70ca3d57d795c38b5a16e7b69bde8550337b7b2ea3183d94b022f0388b0ee61d + image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.45.0@sha256:5cd17db16f6b930e85d051a5669b032e5680ec80c2c87bc3a2f0134d55a53c38 livenessProbe: httpGet: path: /health From 620cefd24cdbb4c1f188b6c2b5234b8592942823 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Mon, 25 Mar 2024 10:28:41 +0100 Subject: [PATCH 5/8] rewrite-timestamp is now opt-in and source date epoch is opt out We're seeing build stability issues with rewrite-timestamp=true typically "failed to solve: content digest ...: not found" There are open issues with that error in the buildkit repo. --- bin/y-build | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/bin/y-build b/bin/y-build index eec7012..7f7b8dd 100755 --- a/bin/y-build +++ b/bin/y-build @@ -118,7 +118,10 @@ esac [ -n "$SOURCE_DATE_EPOCH" ] || SOURCE_DATE_EPOCH=0 -OUTPUT="type=image,name=$IMAGE,push=true,rewrite-timestamp=true" +OUTPUT="type=image,name=$IMAGE,push=true" + +[ "$REWRITE_TIMESTAMP" != "true" ] || OUTPUT="$OUTPUT,rewrite-timestamp=true" +[ "$SOURCE_DATE_EPOCH" != "-1" ] || SOURCE_DATE_EPOCH="" BUILD_TAG="$(echo $IMAGE | awk -F/ '{print $NF}' | awk -F@ '{print $1}' | awk -F: '{print $2}')" From 79136e3f936ec539cd5bf7e593745cb20f4ac55d Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Fri, 26 Apr 2024 07:00:00 +0200 Subject: [PATCH 6/8] dockerd 26.0.0->26.1.0 --- docker/kustomization.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/kustomization.yaml b/docker/kustomization.yaml index 9368aef..fb854de 100644 --- a/docker/kustomization.yaml +++ b/docker/kustomization.yaml @@ -4,10 +4,10 @@ kind: Kustomization images: - name: docker:dind newName: docker - newTag: 26.0.0-dind@sha256:645776ce2ff39e4889a887d05622e57c62f8a54f4f0a5376312b4d091483026d + newTag: 26.1.0-dind@sha256:308c63f771a0596e23f6007f537c8e1d77c8cf68864f0a5a6fc476c69b9b7416 - name: docker:dind-rootless newName: docker - newTag: 26.0.0-dind-rootless@sha256:5ebb1f30cb627c66e488fcbac8a3f78c829dc545677c98e7200e922b91e54f4e + newTag: 26.1.0-dind-rootless@sha256:b44f0792e9d62bedab00089885783a0e4e315efb8cb8265406f39d4c92bccdff resources: - dockerd-service.yaml From 45cb600237b7748454bd436a8ad30cea4f889c13 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Fri, 26 Apr 2024 07:00:23 +0200 Subject: [PATCH 7/8] The caller should set this, not up to dockerd This reverts commit 82c517a4305b958293835dc5098c1466872c80a5. --- docker/dockerd-statefulset.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker/dockerd-statefulset.yaml b/docker/dockerd-statefulset.yaml index 6786a8d..41f5ce3 100644 --- a/docker/dockerd-statefulset.yaml +++ b/docker/dockerd-statefulset.yaml @@ -64,8 +64,6 @@ spec: env: - name: DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS value: "-p 0.0.0.0:2376:2376/tcp" - - name: SOURCE_DATE_EPOCH - value: "0" - name: STORAGE_DRIVER valueFrom: fieldRef: From f2355422bcca1ebb92e77839b51e78eed5dbc12f Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Fri, 26 Apr 2024 07:03:32 +0200 Subject: [PATCH 8/8] Tekton pipelines 0.58.0->0.59.0, resolvers moved to separate base --- tekton/release-resolvers/release.yaml | 20 ++--- tekton/release/release.yaml | 124 +++++++++++++------------- 2 files changed, 71 insertions(+), 73 deletions(-) diff --git a/tekton/release-resolvers/release.yaml b/tekton/release-resolvers/release.yaml index a624188..5a6e260 100644 --- a/tekton/release-resolvers/release.yaml +++ b/tekton/release-resolvers/release.yaml @@ -583,12 +583,12 @@ metadata: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.58.0" + app.kubernetes.io/version: "v0.59.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.58.0" + version: "v0.59.0" spec: replicas: 1 selector: @@ -603,13 +603,13 @@ spec: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.58.0" + app.kubernetes.io/version: "v0.59.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-resolvers - version: "v0.58.0" + version: "v0.59.0" spec: affinity: podAntiAffinity: @@ -626,7 +626,7 @@ spec: serviceAccountName: tekton-pipelines-resolvers containers: - name: controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.58.0@sha256:9d2a81157a7a10286d6ea3a3885ad3896f3849884d644a70d6926ca3ef98eb14 + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.59.0@sha256:80015cd2b4bb73ea894733eec96befcf2e61670017cf579f4cd75a393ae7dd41 resources: requests: cpu: 100m @@ -698,13 +698,13 @@ metadata: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.58.0" + app.kubernetes.io/version: "v0.59.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-remote-resolvers - version: "v0.58.0" + version: "v0.59.0" name: tekton-pipelines-remote-resolvers namespace: tekton-pipelines-resolvers spec: diff --git a/tekton/release/release.yaml b/tekton/release/release.yaml index 0dab618..eceee5d 100644 --- a/tekton/release/release.yaml +++ b/tekton/release/release.yaml @@ -584,8 +584,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.58.0" - version: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" + version: "v0.59.0" spec: group: tekton.dev preserveUnknownFields: false @@ -616,14 +616,6 @@ spec: - tekton - tekton-pipelines scope: Cluster - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1beta1"] - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines --- # Copyright 2020 The Tekton Authors @@ -647,8 +639,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.58.0" - version: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" + version: "v0.59.0" spec: group: tekton.dev preserveUnknownFields: false @@ -715,8 +707,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.58.0" - version: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" + version: "v0.59.0" spec: group: tekton.dev preserveUnknownFields: false @@ -794,8 +786,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.58.0" - version: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" + version: "v0.59.0" spec: group: tekton.dev preserveUnknownFields: false @@ -1007,8 +999,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.58.0" - version: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" + version: "v0.59.0" spec: group: tekton.dev preserveUnknownFields: false @@ -1062,8 +1054,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.58.0" - version: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" + version: "v0.59.0" spec: group: tekton.dev preserveUnknownFields: false @@ -1144,8 +1136,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.58.0" - version: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" + version: "v0.59.0" spec: group: tekton.dev preserveUnknownFields: false @@ -1254,8 +1246,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.58.0" - version: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" + version: "v0.59.0" spec: group: tekton.dev versions: @@ -1306,7 +1298,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # The data is populated at install time. --- apiVersion: admissionregistration.k8s.io/v1 @@ -1317,7 +1309,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1336,7 +1328,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1355,7 +1347,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1786,6 +1778,12 @@ data: enable-artifacts: "false" # Setting this flag to "true" will enable the built-in param input validation via param enum. enable-param-enum: "false" + # Setting this flag to "pipeline,pipelinerun,taskrun" will prevent users from creating + # embedded spec Taskruns or Pipelineruns for Pipeline, Pipelinerun and taskrun + # respectively. We can specify "pipeline" to disable for Pipeline resource only. + # "pipelinerun" for Pipelinerun and "taskrun" for Taskrun. Or a combination of + # these. + disable-inline-spec: "" --- # Copyright 2021 The Tekton Authors @@ -1816,7 +1814,7 @@ data: # this ConfigMap such that even if we don't have access to # other resources in the namespace we still can have access to # this ConfigMap. - version: "v0.58.0" + version: "v0.59.0" --- # Copyright 2020 Tekton Authors LLC @@ -2246,12 +2244,12 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.58.0" + app.kubernetes.io/version: "v0.59.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.58.0" + version: "v0.59.0" spec: replicas: 1 selector: @@ -2266,13 +2264,13 @@ spec: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.58.0" + app.kubernetes.io/version: "v0.59.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.58.0" + version: "v0.59.0" spec: affinity: nodeAffinity: @@ -2286,11 +2284,11 @@ spec: serviceAccountName: tekton-pipelines-controller containers: - name: tekton-pipelines-controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.58.0@sha256:23d14e0febf9e6ef3087ab8d96b298a387738659167c56713174f1328ec70bdd + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.59.0@sha256:8178d0e51a35be3ebb4c6f1a2ffee2b7657daaad321ebda50b4a4718037d9208 args: [ # These images are built on-demand by `ko resolve` and are replaced # by image references by digest. - "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.58.0@sha256:b6503ff55a13ff0af83ed89d113a1a2aaf69ec8af83d0c8c69a35fc058bd202e", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.58.0@sha256:51b0e5b7461bdc638e86aadee7533514a3259cabb1e673c980f0634c2b848316", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.58.0@sha256:c5353a8d2d012711d43cea12ce5af3374d760705456471ae80f7aa12034f1404", "-workingdirinit-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.58.0@sha256:7db50c22a36809741a8de491d5bef8d06ba495cd57a7f3a42a5d9c9065881dbb", + "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.59.0@sha256:d602e0be27f766ae86949b485f9d5045b86f63f5c9ef0a6fe9d8a10283cd4aad", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.59.0@sha256:6eb172889e7f8978d990b9cf7f71daeb8db9a9f7b51b8163cd8a482df8fd47c5", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.59.0@sha256:52e3a25f57fcb2d59c3a4392118c6a22e0f66dca79423e2054f00919f80f77b2", "-workingdirinit-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.59.0@sha256:5162b2607b98ea965610dda729991f6e573670adabf86195af34a5dea5de1418", # The shell image must allow root in order to create directories and copy files to PVCs. # cgr.dev/chainguard/busybox as of April 14 2022 # image shall not contains tag, so it will be supported on a runtime like cri-o @@ -2378,13 +2376,13 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.58.0" + app.kubernetes.io/version: "v0.59.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.58.0" + version: "v0.59.0" name: tekton-pipelines-controller namespace: tekton-pipelines spec: @@ -2428,12 +2426,12 @@ metadata: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.58.0" + app.kubernetes.io/version: "v0.59.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.58.0" + version: "v0.59.0" spec: replicas: 1 selector: @@ -2448,13 +2446,13 @@ spec: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.58.0" + app.kubernetes.io/version: "v0.59.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # labels below are related to istio and should not be used for resource lookup app: tekton-events-controller - version: "v0.58.0" + version: "v0.59.0" spec: affinity: nodeAffinity: @@ -2468,7 +2466,7 @@ spec: serviceAccountName: tekton-events-controller containers: - name: tekton-events-controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.58.0@sha256:a664fc7bff61e2a90c0913ebede3d085e758cf15d58abd7b7acda8fc4fe1556e + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.59.0@sha256:280022e1d3b7a80d9b4d14f3f1104e0f36772e2d9125970c4913f35a1c7c31d3 args: [] volumeMounts: - name: config-logging @@ -2544,13 +2542,13 @@ metadata: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.58.0" + app.kubernetes.io/version: "v0.59.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # labels below are related to istio and should not be used for resource lookup app: tekton-events-controller - version: "v0.58.0" + version: "v0.59.0" name: tekton-events-controller namespace: tekton-pipelines spec: @@ -2594,12 +2592,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.58.0" + app.kubernetes.io/version: "v0.59.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.58.0" + version: "v0.59.0" spec: minReplicas: 1 maxReplicas: 5 @@ -2642,12 +2640,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.58.0" + app.kubernetes.io/version: "v0.59.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.58.0" + version: "v0.59.0" spec: selector: matchLabels: @@ -2661,13 +2659,13 @@ spec: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.58.0" + app.kubernetes.io/version: "v0.59.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.58.0" + version: "v0.59.0" spec: affinity: nodeAffinity: @@ -2694,7 +2692,7 @@ spec: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.58.0@sha256:86a62cb119571a8d2f870d7cc7afd0eeae427c7c3d997bf631dfe77b4b21e90c + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.59.0@sha256:43115883a5b0621e86358d3598e464e7a9192c8e92878ce5a9c4f193a5b679c1 # Resource request required for autoscaler to take any action for a metric resources: requests: @@ -2788,13 +2786,13 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.58.0" + app.kubernetes.io/version: "v0.59.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.58.0" + pipeline.tekton.dev/release: "v0.59.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.58.0" + version: "v0.59.0" name: tekton-pipelines-webhook namespace: tekton-pipelines spec: