diff --git a/manifests/tekton-pipelines.yaml b/manifests/tekton-pipelines.yaml index cd25cbb1..da5d6b6e 100644 --- a/manifests/tekton-pipelines.yaml +++ b/manifests/tekton-pipelines.yaml @@ -56,7 +56,7 @@ rules: # Controller needs cluster access to all of the CRDs that it is responsible for # managing. - apiGroups: ["tekton.dev"] - resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns", "stepactions"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["tekton.dev"] resources: ["verificationpolicies"] @@ -65,7 +65,7 @@ rules: resources: ["taskruns/finalizers", "pipelineruns/finalizers", "customruns/finalizers"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["tekton.dev"] - resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "customruns/status", "verificationpolicies/status", "stepactions/status"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "customruns/status", "verificationpolicies/status"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] # resolution.tekton.dev - apiGroups: ["resolution.tekton.dev"] @@ -122,7 +122,6 @@ rules: - resolutionrequests.resolution.tekton.dev - customruns.tekton.dev - verificationpolicies.tekton.dev - - stepactions.tekton.dev # knative.dev/pkg needs list/watch permissions to set up informers for the webhook. - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -207,7 +206,7 @@ rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["get"] - resourceNames: ["config-logging", "config-observability", "feature-flags", "config-leader-election-controller", "config-registry-cert"] + resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", "config-artifact-pvc", "feature-flags", "config-leader-election", "config-registry-cert"] --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 @@ -226,7 +225,7 @@ rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["get"] - resourceNames: ["config-logging", "config-observability", "config-leader-election-webhook", "feature-flags"] + resourceNames: ["config-logging", "config-observability", "config-leader-election", "feature-flags"] - apiGroups: [""] resources: ["secrets"] verbs: ["list", "watch"] @@ -240,25 +239,6 @@ rules: --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-events-controller - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: events - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["list", "watch"] - # The controller needs access to these configmaps for logging information and runtime configuration. - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] - resourceNames: ["config-logging", "config-observability", "feature-flags", "config-leader-election-events", "config-registry-cert"] ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-pipelines-leader-election namespace: tekton-pipelines @@ -529,7 +509,7 @@ roleRef: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: tekton-pipelines-events-controller + name: tekton-events-controller namespace: tekton-pipelines labels: app.kubernetes.io/component: events @@ -541,7 +521,7 @@ subjects: namespace: tekton-pipelines roleRef: kind: Role - name: tekton-pipelines-events-controller + name: tekton-pipelines-controller apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 @@ -584,8 +564,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.66.0" - version: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" + version: "v0.49.0" spec: group: tekton.dev preserveUnknownFields: false @@ -616,6 +596,14 @@ spec: - tekton - tekton-pipelines scope: Cluster + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines --- # Copyright 2020 The Tekton Authors @@ -639,8 +627,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.66.0" - version: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" + version: "v0.49.0" spec: group: tekton.dev preserveUnknownFields: false @@ -707,8 +695,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.66.0" - version: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" + version: "v0.49.0" spec: group: tekton.dev preserveUnknownFields: false @@ -786,8 +774,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.66.0" - version: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" + version: "v0.49.0" spec: group: tekton.dev preserveUnknownFields: false @@ -977,79 +965,6 @@ spec: name: tekton-pipelines-webhook namespace: tekton-pipelines ---- -# Copyright 2023 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: stepactions.tekton.dev - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.66.0" - version: "v0.66.0" -spec: - group: tekton.dev - preserveUnknownFields: false - versions: - - name: v1alpha1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - names: - kind: StepAction - plural: stepactions - singular: stepaction - categories: - - tekton - - tekton-pipelines - scope: Namespaced - --- # Copyright 2019 The Tekton Authors # @@ -1072,8 +987,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.66.0" - version: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" + version: "v0.49.0" spec: group: tekton.dev preserveUnknownFields: false @@ -1154,8 +1069,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.66.0" - version: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" + version: "v0.49.0" spec: group: tekton.dev preserveUnknownFields: false @@ -1264,8 +1179,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.66.0" - version: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" + version: "v0.49.0" spec: group: tekton.dev versions: @@ -1316,7 +1231,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" # The data is populated at install time. --- apiVersion: admissionregistration.k8s.io/v1 @@ -1327,7 +1242,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1346,7 +1261,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1365,7 +1280,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1413,7 +1328,6 @@ rules: - pipelineruns - runs - customruns - - stepactions verbs: - create - delete @@ -1457,7 +1371,6 @@ rules: - pipelineruns - runs - customruns - - stepactions verbs: - get - list @@ -1553,115 +1466,6 @@ data: # no default-resolver-type is specified by default default-resolver-type: - # default-imagepullbackoff-timeout contains the default duration to wait - # before requeuing the TaskRun to retry, specifying 0 here is equivalent to fail fast - # possible values could be 1m, 5m, 10s, 1h, etc - # default-imagepullbackoff-timeout: "5m" - - # default-container-resource-requirements allow users to update default resource requirements - # to a init-containers and containers of a pods create by the controller - # Onet: All the resource requirements are applied to init-containers and containers - # only if the existing resource requirements are empty. - # default-container-resource-requirements: | - # place-scripts: # updates resource requirements of a 'place-scripts' container - # requests: - # memory: "64Mi" - # cpu: "250m" - # limits: - # memory: "128Mi" - # cpu: "500m" - # - # prepare: # updates resource requirements of a 'prepare' container - # requests: - # memory: "64Mi" - # cpu: "250m" - # limits: - # memory: "256Mi" - # cpu: "500m" - # - # working-dir-initializer: # updates resource requirements of a 'working-dir-initializer' container - # requests: - # memory: "64Mi" - # cpu: "250m" - # limits: - # memory: "512Mi" - # cpu: "500m" - # - # prefix-scripts: # updates resource requirements of containers which starts with 'scripts-' - # requests: - # memory: "64Mi" - # cpu: "250m" - # limits: - # memory: "128Mi" - # cpu: "500m" - # - # prefix-sidecar-scripts: # updates resource requirements of containers which starts with 'sidecar-scripts-' - # requests: - # memory: "64Mi" - # cpu: "250m" - # limits: - # memory: "128Mi" - # cpu: "500m" - # - # default: # updates resource requirements of init-containers and containers which has empty resource resource requirements - # requests: - # memory: "64Mi" - # cpu: "250m" - # limits: - # memory: "256Mi" - # cpu: "500m" - ---- -# Copyright 2023 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-events - namespace: tekton-pipelines - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # formats contains a comma seperated list of event formats to be used - # the only format supported today is "tektonv1". An empty string is not - # a valid configuration. To disable events, do not specify the sink. - formats: "tektonv1" - - # sink contains the event sink to be used for TaskRun, PipelineRun and - # CustomRun. If no sink is specified, no CloudEvent is generated. - # This setting supercedes the "default-cloud-events-sink" from the - # "config-defaults" config map - sink: "https://events.sink/cdevents" - --- # Copyright 2019 The Tekton Authors # @@ -1691,24 +1495,10 @@ data: # # The default behaviour is for Tekton to create Affinity Assistants # - # See more in the Affinity Assistant documentation - # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md + # See more in the workspace documentation about Affinity Assistant + # https://github.com/tektoncd/pipeline/blob/main/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline # or https://github.com/tektoncd/pipeline/pull/2630 for more info. - # - # Note: This feature flag is deprecated and will be removed in release v0.60. Consider using `coschedule` feature flag to configure Affinity Assistant behavior. disable-affinity-assistant: "false" - # Setting this flag will determine how PipelineRun Pods are scheduled with Affinity Assistant. - # Acceptable values are "workspaces" (default), "pipelineruns", "isolate-pipelinerun", or "disabled". - # - # Setting it to "workspaces" will schedule all the taskruns sharing the same PVC-based workspace in a pipelinerun to the same node. - # Setting it to "pipelineruns" will schedule all the taskruns in a pipelinerun to the same node. - # Setting it to "isolate-pipelinerun" will schedule all the taskruns in a pipelinerun to the same node, - # and only allows one pipelinerun to run on a node at a time. - # Setting it to "disabled" will not apply any coschedule policy. - # - # See more in the Affinity Assistant documentation - # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md - coschedule: "workspaces" # Setting this flag to "true" will prevent Tekton scanning attached # service accounts and injecting any credentials it finds into your # Steps. @@ -1769,42 +1559,16 @@ data: # If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance. # If set to "none", then Tekton will not have non-falsifiable provenance. # This is an experimental feature and thus should still be considered an alpha feature. - enforce-nonfalsifiability: "none" + enforce-nonfalsifiablity: "none" # Setting this flag will determine how Tekton pipelines will handle extracting results from the task. # Acceptable values are "termination-message" or "sidecar-logs". - # "sidecar-logs" is now a beta feature. + # "sidecar-logs" is an experimental feature and thus should still be considered + # an alpha feature. results-from: "termination-message" - # Setting this flag will determine the upper limit of each task result - # This flag is optional and only associated with the previous flag, results-from - # When results-from is set to "sidecar-logs", this flag can be used to configure the upper limit of a task result - # max-result-size: "4096" # Setting this flag to "true" will limit privileges for containers injected by Tekton into TaskRuns. # This allows TaskRuns to run in namespaces with "restricted" pod security standards. # Not all Kubernetes implementations support this option. set-security-context: "false" - # Setting this flag to "true" will keep pod on cancellation - # allowing examination of the logs on the pods from cancelled taskruns - keep-pod-on-cancel: "false" - # Setting this flag to "true" will enable the CEL evaluation in WhenExpression - enable-cel-in-whenexpression: "false" - # Setting this flag to "true" will enable the use of StepActions in Steps - # This feature is in preview mode and not implemented yet. Please check #7259 for updates. - enable-step-actions: "false" - # Setting this flag to "true" will enable the use of Artifacts in Steps - # This feature is in preview mode and not implemented yet. Please check #7693 for updates. - enable-artifacts: "false" - # Setting this flag to "true" will enable the built-in param input validation via param enum. - enable-param-enum: "false" - # Setting this flag to "pipeline,pipelinerun,taskrun" will prevent users from creating - # embedded spec Taskruns or Pipelineruns for Pipeline, Pipelinerun and taskrun - # respectively. We can specify "pipeline" to disable for Pipeline resource only. - # "pipelinerun" for Pipelinerun and "taskrun" for Taskrun. Or a combination of - # these. - disable-inline-spec: "" - # Setting this flag to "true" will enable the use of concise resolver syntax - enable-concise-resolver-syntax: "false" - # Setthing this flag to "true" will enable native Kubernetes Sidecar support - enable-kubernetes-sidecar: "false" --- # Copyright 2021 The Tekton Authors @@ -1835,7 +1599,7 @@ data: # this ConfigMap such that even if we don't have access to # other resources in the namespace we still can have access to # this ConfigMap. - version: "v0.66.0" + version: "v0.49.0" --- # Copyright 2020 Tekton Authors LLC @@ -1855,115 +1619,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: config-leader-election-controller - namespace: tekton-pipelines - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # lease-duration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - lease-duration: "60s" - # renew-deadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renew-deadline: "40s" - # retry-period is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retry-period: "10s" - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2023 Tekton Authors LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election-events - namespace: tekton-pipelines - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # lease-duration is how long non-leaders will wait to try to acquire the - # lock; 15 seconds is the value used by core kubernetes controllers. - lease-duration: "60s" - # renew-deadline is how long a leader will try to renew the lease before - # giving up; 10 seconds is the value used by core kubernetes controllers. - renew-deadline: "40s" - # retry-period is how long the leader election client waits between tries of - # actions; 2 seconds is the value used by core kubernetes controllers. - retry-period: "10s" - # buckets is the number of buckets used to partition key space of each - # Reconciler. If this number is M and the replica number of the controller - # is N, the N replicas will compete for the M buckets. The owner of a - # bucket will take care of the reconciling for the keys partitioned into - # that bucket. - buckets: "1" - ---- -# Copyright 2023 Tekton Authors LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election-webhook + name: config-leader-election namespace: tekton-pipelines labels: app.kubernetes.io/instance: default @@ -2113,8 +1769,6 @@ data: metrics.taskrun.duration-type: "histogram" metrics.pipelinerun.level: "pipeline" metrics.pipelinerun.duration-type: "histogram" - metrics.count.enable-reason: "false" - metrics.running-pipelinerun.level: "" --- # Copyright 2020 Tekton Authors LLC @@ -2194,54 +1848,6 @@ data: # spire-node-alias-prefix specifies the SPIRE node alias prefix to use. # spire-node-alias-prefix: "/tekton-node/" ---- -# Copyright 2023 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-tracing - namespace: tekton-pipelines - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - # - # Enable sending traces to defined endpoint by setting this to true - enabled: "true" - # - # API endpoint to send the traces to - # (optional): The default value is given below - endpoint: "http://jaeger-collector.jaeger.svc.cluster.local:14268/api/traces" - # (optional) Name of the k8s secret which contains basic auth credentials - credentialsSecret: "jaeger-creds" - --- # Copyright 2019 The Tekton Authors # @@ -2266,12 +1872,12 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.66.0" + app.kubernetes.io/version: "v0.49.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.66.0" + version: "v0.49.0" spec: replicas: 1 selector: @@ -2286,13 +1892,13 @@ spec: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.66.0" + app.kubernetes.io/version: "v0.49.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.66.0" + version: "v0.49.0" spec: affinity: nodeAffinity: @@ -2306,11 +1912,11 @@ spec: serviceAccountName: tekton-pipelines-controller containers: - name: tekton-pipelines-controller - image: ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36:v0.66.0@sha256:551acccdf303d3bafc4280a99a84e269caa84d1f1b895ad1a8fec3949f1285cb + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.49.0@sha256:cde0654aab99ea19e030eb269f28deba6cc550910586ee7a832cae3ee63ea565 args: [ # These images are built on-demand by `ko resolve` and are replaced # by image references by digest. - "-entrypoint-image", "ghcr.io/tektoncd/pipeline/entrypoint-bff0a22da108bc2f16c818c97641a296:v0.66.0@sha256:83d83ed6c6aa7f539f6c022e36b92100b53ca74124e83c31a002a06a945c2dc1", "-nop-image", "ghcr.io/tektoncd/pipeline/nop-8eac7c133edad5df719dc37b36b62482:v0.66.0@sha256:299c91dfe66598c7e0ff4dd634a0bd98310fb58b394f512670f1fd1df0576768", "-sidecarlogresults-image", "ghcr.io/tektoncd/pipeline/sidecarlogresults-7501c6a20d741631510a448b48ab098f:v0.66.0@sha256:e2dce589992d4f763b1c97214522dc7bfe849692ea8876d7f2f70caf2f21f085", "-workingdirinit-image", "ghcr.io/tektoncd/pipeline/workingdirinit-0c558922ec6a1b739e550e349f2d5fc1:v0.66.0@sha256:c9a062c4c3c30f3fb0d3748d72772bff5a5167ec0b63699da72366710b15a260", + "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.49.0@sha256:0e43b6ae2d517df85aac356b411fe291057c2f12aef3a949be961cfc1d31c158", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.49.0@sha256:91eb79439e756e557259da3c0823f29483863ed6b8a409da664f879279c95d59", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.49.0@sha256:4055c213dbb60722432c87b80fb8e52ed6409e6cbb83e62ebb53f0c6d33056f6", "-workingdirinit-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.49.0@sha256:643cf8dbc46fbbfb9f333628c33bbdfb76d11b5005c2aaed28abdc20f739d0b8", # The shell image must allow root in order to create directories and copy files to PVCs. # cgr.dev/chainguard/busybox as of April 14 2022 # image shall not contains tag, so it will be supported on a runtime like cri-o @@ -2337,10 +1943,14 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability + - name: CONFIG_ARTIFACT_BUCKET_NAME + value: config-artifact-bucket + - name: CONFIG_ARTIFACT_PVC_NAME + value: config-artifact-pvc - name: CONFIG_FEATURE_FLAGS_NAME value: feature-flags - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election-controller + value: config-leader-election - name: CONFIG_SPIRE value: config-spire - name: SSL_CERT_FILE @@ -2349,9 +1959,15 @@ spec: value: /etc/ssl/certs - name: METRICS_DOMAIN value: tekton.dev/pipeline + # The following variables can be uncommented with correct values to enable Jaeger tracing + #- name: OTEL_EXPORTER_JAEGER_ENDPOINT + # value: http://jaeger-collector.jaeger:14268/api/traces + #- name: OTEL_EXPORTER_JAEGER_USER + # value: username + #- name: OTEL_EXPORTER_JAEGER_PASSWORD + # value: password securityContext: allowPrivilegeEscalation: false - readOnlyRootFilesystem: true capabilities: drop: - "ALL" @@ -2399,13 +2015,13 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.66.0" + app.kubernetes.io/version: "v0.49.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.66.0" + version: "v0.49.0" name: tekton-pipelines-controller namespace: tekton-pipelines spec: @@ -2449,12 +2065,12 @@ metadata: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.66.0" + app.kubernetes.io/version: "v0.49.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.66.0" + version: "v0.49.0" spec: replicas: 1 selector: @@ -2469,13 +2085,13 @@ spec: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.66.0" + app.kubernetes.io/version: "v0.49.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" # labels below are related to istio and should not be used for resource lookup app: tekton-events-controller - version: "v0.66.0" + version: "v0.49.0" spec: affinity: nodeAffinity: @@ -2489,7 +2105,7 @@ spec: serviceAccountName: tekton-events-controller containers: - name: tekton-events-controller - image: ghcr.io/tektoncd/pipeline/events-a9042f7efb0cbade2a868a1ee5ddd52c:v0.66.0@sha256:35671c23cf8201ba6779008643efec3cac1a88485e930ada8ba818dc821dd019 + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.49.0@sha256:968999c9f4ba1003725a9455f9a3a2cba36766768e4f1ee40010fafa765f450d args: [] volumeMounts: - name: config-logging @@ -2511,14 +2127,13 @@ spec: - name: CONFIG_OBSERVABILITY_NAME value: config-observability - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election-events + value: config-leader-election - name: SSL_CERT_FILE value: /etc/config-registry-cert/cert - name: SSL_CERT_DIR value: /etc/ssl/certs securityContext: allowPrivilegeEscalation: false - readOnlyRootFilesystem: true capabilities: drop: - "ALL" @@ -2566,13 +2181,13 @@ metadata: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.66.0" + app.kubernetes.io/version: "v0.49.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" # labels below are related to istio and should not be used for resource lookup app: tekton-events-controller - version: "v0.66.0" + version: "v0.49.0" name: tekton-events-controller namespace: tekton-pipelines spec: @@ -2646,11 +2261,11 @@ rules: resources: ["resolutionrequests", "resolutionrequests/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["tekton.dev"] - resources: ["tasks", "pipelines", "stepactions"] + resources: ["tasks", "pipelines"] verbs: ["get", "list"] # Read-only access to these. - apiGroups: [""] - resources: ["secrets", "serviceaccounts"] + resources: ["secrets"] verbs: ["get", "list", "watch"] --- @@ -2893,7 +2508,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: config-leader-election-resolvers + name: config-leader-election namespace: tekton-pipelines-resolvers labels: app.kubernetes.io/component: resolvers @@ -3092,34 +2707,6 @@ data: # if not specified in the resolver parameters. Optional. default-org: "" ---- -# Copyright 2023 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: http-resolver-config - namespace: tekton-pipelines-resolvers - labels: - app.kubernetes.io/component: resolvers - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines -data: - # The maximum amount of time the http resolver will wait for a response from the server. - fetch-timeout: "1m" - --- # Copyright 2022 The Tekton Authors # @@ -3179,12 +2766,12 @@ metadata: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.66.0" + app.kubernetes.io/version: "v0.49.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.66.0" + version: "v0.49.0" spec: replicas: 1 selector: @@ -3199,13 +2786,13 @@ spec: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.66.0" + app.kubernetes.io/version: "v0.49.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-resolvers - version: "v0.66.0" + version: "v0.49.0" spec: affinity: podAntiAffinity: @@ -3222,7 +2809,7 @@ spec: serviceAccountName: tekton-pipelines-resolvers containers: - name: controller - image: ghcr.io/tektoncd/pipeline/resolvers-ff86b24f130c42b88983d3c13993056d:v0.66.0@sha256:577a91ecb0ee529bd1a62c35ef1c47e1cd021cb017e6d528b3a6471250abb9c1 + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.49.0@sha256:78ddd51c8dda6e1e8aa0d3ee65f49f76c9f7bde8235320ae81db2d9ed0e6ce32 resources: requests: cpu: 100m @@ -3233,11 +2820,6 @@ spec: ports: - name: metrics containerPort: 9090 - - name: profiling - containerPort: 8008 - # This must match the value of the environment variable PROBES_PORT. - - name: probes - containerPort: 8080 env: - name: SYSTEM_NAMESPACE valueFrom: @@ -3253,16 +2835,12 @@ spec: - name: CONFIG_FEATURE_FLAGS_NAME value: feature-flags - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election-resolvers + value: config-leader-election - name: METRICS_DOMAIN value: tekton.dev/resolution - - name: PROBES_PORT - value: "8080" - # Override this env var to set a private hub api endpoint + # Override this env var to set a private hub api endpoint - name: ARTIFACT_HUB_API value: "https://artifacthub.io/" - - name: TEKTON_HUB_API - value: "https://api.hub.tekton.dev/" securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -3273,53 +2851,6 @@ spec: seccompProfile: type: RuntimeDefault ---- -# Copyright 2023 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: resolvers - app.kubernetes.io/component: resolvers - app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.66.0" - app.kubernetes.io/part-of: tekton-pipelines - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.66.0" - # labels below are related to istio and should not be used for resource lookup - app: tekton-pipelines-remote-resolvers - version: "v0.66.0" - name: tekton-pipelines-remote-resolvers - namespace: tekton-pipelines-resolvers -spec: - ports: - - name: http-metrics - port: 9090 - protocol: TCP - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: probes - port: 8080 - selector: - app.kubernetes.io/name: resolvers - app.kubernetes.io/component: resolvers - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines - --- # Copyright 2020 The Tekton Authors # @@ -3344,12 +2875,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.66.0" + app.kubernetes.io/version: "v0.49.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.66.0" + version: "v0.49.0" spec: minReplicas: 1 maxReplicas: 5 @@ -3392,12 +2923,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.66.0" + app.kubernetes.io/version: "v0.49.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" # labels below are related to istio and should not be used for resource lookup - version: "v0.66.0" + version: "v0.49.0" spec: selector: matchLabels: @@ -3411,13 +2942,13 @@ spec: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.66.0" + app.kubernetes.io/version: "v0.49.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.66.0" + version: "v0.49.0" spec: affinity: nodeAffinity: @@ -3444,7 +2975,7 @@ spec: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: ghcr.io/tektoncd/pipeline/webhook-d4749e605405422fd87700164e31b2d1:v0.66.0@sha256:ec7fd90de73d06b0146a8d469b9186bf3317dfa2ef7922283caf24c69e6576f7 + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.49.0@sha256:df3be59025cc59dbcc639710a77f922f07b778de49616b59bb5343fbf7cc8b79 # Resource request required for autoscaler to take any action for a metric resources: requests: @@ -3466,7 +2997,7 @@ spec: - name: CONFIG_OBSERVABILITY_NAME value: config-observability - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election-webhook + value: config-leader-election - name: CONFIG_FEATURE_FLAGS_NAME value: feature-flags # If you change PROBES_PORT, you will also need to change the @@ -3494,7 +3025,6 @@ spec: value: tekton.dev/pipeline securityContext: allowPrivilegeEscalation: false - readOnlyRootFilesystem: true capabilities: drop: - "ALL" @@ -3539,13 +3069,13 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.66.0" + app.kubernetes.io/version: "v0.49.0" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.66.0" + pipeline.tekton.dev/release: "v0.49.0" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.66.0" + version: "v0.49.0" name: tekton-pipelines-webhook namespace: tekton-pipelines spec: @@ -3568,5 +3098,3 @@ spec: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - ----