From 06acee86865aba461f1922a36b8e1278f091c1b4 Mon Sep 17 00:00:00 2001 From: Openshift Pipeline Release Team Date: Mon, 31 Jul 2023 15:03:11 +0200 Subject: [PATCH] Release yaml generated for pac release v0.17.5 on branch release-v0.17.5 --- release.k8s.yaml | 1182 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1182 insertions(+) create mode 100644 release.k8s.yaml diff --git a/release.k8s.yaml b/release.k8s.yaml new file mode 100644 index 000000000..a1dc7f92c --- /dev/null +++ b/release.k8s.yaml @@ -0,0 +1,1182 @@ +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Namespace +metadata: + name: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + openshift.io/cluster-monitoring: "true" +--- + +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: pipelines-as-code-info + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + # All system:authenticated users needs to have access + # of the pipelines-as-code-info ConfigMap even if they don't + # have access to the other resources present in the + # installed namespace. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["pipelines-as-code-info"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-info + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-info +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: pipelines-as-code-aggregate + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - pipelinesascode.tekton.dev + resources: + - repositories + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- + +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipelines-as-code-controller + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipelines-as-code-controller-role + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-controller-binding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-controller-role +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipeline-as-code-controller-clusterrole + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["create"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "update", "delete"] + - apiGroups: ["pipelinesascode.tekton.dev"] + resources: ["repositories"] + verbs: ["create", "list"] + - apiGroups: ["tekton.dev"] + resources: ["pipelineruns"] + verbs: ["get", "list", "create", "patch"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pipelines-as-code-controller-clusterbinding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: +- kind: ServiceAccount + name: pipelines-as-code-controller + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-as-code-controller-clusterrole +--- + +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipelines-as-code-watcher + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipelines-as-code-watcher-role + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-watcher-binding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-watcher +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-watcher-role +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipeline-as-code-watcher-clusterrole + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "delete"] + - apiGroups: ["pipelinesascode.tekton.dev"] + resources: ["repositories"] + verbs: ["get", "list", "update", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["pipelineruns"] + verbs: ["get", "delete", "list", "watch", "update", "patch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns"] + verbs: ["get", "list"] + - apiGroups: [""] + resources: ["pods/log"] + verbs: ["get"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pipelines-as-code-watcher-clusterbinding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: +- kind: ServiceAccount + name: pipelines-as-code-watcher + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-as-code-watcher-clusterrole +--- + +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipelines-as-code-webhook-role + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["pipelines-as-code-webhook-certs"] + # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # webhook uses leases for leader election +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: pipelines-as-code-webhook-binding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: + - kind: ServiceAccount + name: pipelines-as-code-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pipelines-as-code-webhook-role +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: pipeline-as-code-webhook-clusterrole + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +rules: + - apiGroups: ["pipelinesascode.tekton.dev"] + resources: ["repositories"] + verbs: ["get", "list", "watch"] + # The webhook performs a reconciliation on this resource and continuously + # updates configuration. + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["list", "watch"] + # When there are changes to the configs or secrets, knative updates the validating webhook config + # with the updated certificates or the refreshed set of rules. + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "update", "delete"] + resourceNames: ["validation.pipelinesascode.tekton.dev"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pipelines-as-code-webhook-clusterbinding + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +subjects: +- kind: ServiceAccount + name: pipelines-as-code-webhook + namespace: pipelines-as-code +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: pipeline-as-code-webhook-clusterrole +--- + +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: repositories.pipelinesascode.tekton.dev + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +spec: + group: pipelinesascode.tekton.dev + versions: + - name: v1alpha1 + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - name: Succeeded + type: string + jsonPath: '.pipelinerun_status[-1].conditions[?(@.type=="Succeeded")].status' + - name: Reason + type: string + jsonPath: '.pipelinerun_status[-1].conditions[?(@.type=="Succeeded")].reason' + - name: StartTime + type: date + jsonPath: ".pipelinerun_status[-1].startTime" + - name: CompletionTime + type: date + jsonPath: ".pipelinerun_status[-1].completionTime" + served: true + storage: true + schema: + openAPIV3Schema: + x-kubernetes-preserve-unknown-fields: true + description: Schema for the repository API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/ api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of Repository + properties: + concurrency_limit: + description: Number of maximum pipelinerun running at any moment + type: integer + url: + description: Repository URL + type: string + type: + description: Git repository provider + type: string + enum: + - github + - gitea + - bitbucket + - gitlab + - bitbucket-enteprise + incoming: + type: array + items: + type: object + properties: + type: + description: Type of webhook + type: string + enum: + - webhook-url + targets: + description: List of target branches or ref to trigger webhooks on + type: array + items: + description: Branch name + type: string + secret: + description: Secret to use for the webhook + type: object + properties: + key: + description: Key of the secret + type: string + default: "secret" + name: + description: Name of the secret + type: string + git_provider: + type: object + properties: + url: + description: The Git provider api url + type: string + user: + description: The Git provider api user + type: string + type: + description: The Git provider type + type: string + secret: + type: object + properties: + key: + type: string + description: "Key inside the secret" + default: "provider.token" + name: + type: string + description: "The secret name" + webhook_secret: + type: object + properties: + key: + type: string + description: "Key inside the secret" + default: "webhook.secret" + name: + type: string + description: "The secret name" + + type: object + type: object + scope: Namespaced + names: + plural: repositories + singular: repository + kind: Repository + shortNames: + - repo +--- + +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +data: + # The application name, you can customize this label + application-name: "Pipelines as Code CI" + + # Whether to automatically create a secret with the token to be use by git-clone + secret-auto-create: "true" + + # By default we only generate token scoped to the repository from where the + # payload come from. + # We do this because if the github apps is installed on an github organisation + # + # and there is a mix of public and private repositories in there + # where some users on that org does not have access. + # + # If you trust every users on your organisations to access any repos there or + # not planning to install your github application globally on a Github Organisation + # then you can safely set this option to false. + secret-github-app-token-scoped: "true" + + # If you don't want to completely disable the scoping of the token, but still + # wants some other repos (on the same installation id) available from the + # token, then you can add an extra owner/repo here. + # + # You can have multiple owner/repositories separated by commas: + # i.e: "owner/private-repo1, org/repo2" + secret-github-app-scope-extra-repos: "" + + # Tekton HUB API urls + hub-url: "https://api.hub.tekton.dev/v1" + + # Tekton HUB catalog name + hub-catalog-name: "tekton" + + # Allow fetching remote tasks + remote-tasks: "true" + + # Using the URL of the Tekton dashboard, Pipelines-as-Code generates a URL to the + # PipelineRun on the Tekton dashboard + tekton-dashboard-url: "" + + # Enable or disable the feature to show a log snippet of the failed task when there is + # an error in a Pipeline + # + # It will show the last 3 lines of the first container of the first task + # that has error in the pipeline. + # + # you may want to disable this if you think your pipeline may leak some value + error-log-snippet: "true" + + # alpha feature: disabled by default + # + # Enable or disable the inspection of container logs to detect error message + # and expose them as annotations on Pull Request. Only Github apps is supported + # + # This feature is currently alpha, use it at your own risk + error-detection-from-container-logs: "false" + + # How many lines to grab from the container when inspecting the + # logs for error-detection. Increasing this value may increase the watcher + # memory usage. Use -1 for unlimited lines. + error-detection-max-number-of-lines: "50" + + # The default regexp used when we use the simple error detection + error-detection-simple-regexp: | + ^(?P[^:]*):(?P[0-9]+):(?P[0-9]+)?([ ]*)?(?P.*) + + # Since public bitbucket doesn't have the concept of Secret, we need to be + # able to secure the request by querying https://ip-ranges.atlassian.com/, + # this only happen for public bitbucket (ie: when provider.url is not set in + # repository spec). If you want to override this, you need to bear in mind + # this could be a security issue, a malicious user can send a PR to your repo + # with a modification to your PipelineRun that would grab secrets, tunnel or + # others and then send a malicious webhook payload to the controller which + # look like a authorized owner has send the PR to run it.. + bitbucket-cloud-check-source-ip: "true" + + # Add extra IPS (ie: 127.0.0.1) or networks (127.0.0.0/16) separated by commas. + bitbucket-cloud-additional-source-ip: "" + + # max-keep-run-upper-limit defines the upper limit for max-keep-run annotation value which a user can set on + # pipelineRun. the value set on annotation should be less than or equal to the upper limit otherwise + # the upper limit will be used while cleaning up + max-keep-run-upper-limit: "" + + # if defined then applies to all pipelineRun who doesn't have max-keep-runs annotation + default-max-keep-runs: "" + + # Whether to auto configure newly created repositories, this will create a new namespace + # and repository CR, supported only with GitHub App + auto-configure-new-github-repo: "false" + + # add a template to generate name for namespace for your auto configured github repo + # supported fields are repo_owner, repo_name + # eg. if defined as `{{repo_owner}}-{{repo_name}}-ci`, then namespace generated for repository + # https://github.com/owner/repo will be `owner-repo-ci` + auto-configure-repo-namespace-template: "" + + # Configure a custom console here + # + # custom-console-name: Console Name + # custom-console-url: https://url + # custom-console-url-pr-details: https://url/ns/{{ namespace }}/{{ pr }} + # custom-console-url-pr-tasklog: https://url/ns/{{ namespace }}/{{ pr }}/logs/{{ task }} + +kind: ConfigMap +metadata: + name: pipelines-as-code + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/part-of: pipelines-as-code +--- + +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This configmap is filled by bootstrap command +# GitHub App is added as provider and later this is checked +# before configuring a new GitHub App so that we don't +# configure more than one App + +apiVersion: v1 +data: + # pipelines as code controller version + version: "v0.17.5" + + # controller url to be used for configuring webhook using cli + controller-url: "" + + # display the configured provider on the platform + # only one provider type to be configured at a time + # eg. if GitHub App is configured, then webhooks should not be configured + provider: "" + +kind: ConfigMap +metadata: + name: pipelines-as-code-info + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/part-of: pipelines-as-code +--- + +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Secret +metadata: + name: pipelines-as-code-webhook-certs + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/part-of: pipelines-as-code +# The data is populated at install time +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.pipelinesascode.tekton.dev + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/part-of: pipelines-as-code +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + failurePolicy: Fail + sideEffects: None + name: validation.pipelinesascode.tekton.dev +--- + +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pipelines-as-code-config-observability + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/part-of: pipelines-as-code +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pipelines-as-code-controller + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/part-of: pipelines-as-code +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + template: + metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.17.5" + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: pipelines-as-code-controller + containers: + - name: pac-controller + image: "ghcr.io/openshift-pipelines/pipelines-as-code-controller:v0.17.5" + imagePullPolicy: Always + ports: + - name: api + containerPort: 8080 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readinessProbe: + failureThreshold: 3 + httpGet: + path: /live + port: api + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /live + port: api + scheme: HTTP + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 1 + env: + - name: TLS_KEY + value: "key" + - name: TLS_CERT + value: "cert" + - name: TLS_SECRET_NAME + value: "pipelines-as-code-tls-secret" + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: K_METRICS_CONFIG + value: '{"Domain":"pipelinesascode.tekton.dev/controller","Component":"controller","PrometheusPort":0,"PrometheusHost":"","ConfigMap":{}}' + - name: K_TRACING_CONFIG + value: '{"backend":"","debug":"false","sample-rate":"0"}' + - name: K_SINK_TIMEOUT + value: "30" + volumeMounts: + - mountPath: "/etc/pipelines-as-code/tls" + readOnly: true + name: tls + volumes: + - name: tls + secret: + secretName: pipelines-as-code-tls-secret + optional: true +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Service +metadata: + name: pipelines-as-code-controller + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/part-of: pipelines-as-code +spec: + ports: + - name: http-listener + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pipelines-as-code-watcher + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/part-of: pipelines-as-code +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: watcher + app.kubernetes.io/component: watcher + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + template: + metadata: + labels: + app.kubernetes.io/name: watcher + app.kubernetes.io/component: watcher + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.17.5" + app: pipelines-as-code-watcher + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: pipelines-as-code-watcher + containers: + - name: pac-watcher + image: "ghcr.io/openshift-pipelines/pipelines-as-code-watcher:v0.17.5" + imagePullPolicy: Always + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: METRICS_DOMAIN + value: tekton.dev/pipelinesascode + - name: CONFIG_OBSERVABILITY_NAME + value: pipelines-as-code-config-observability + ports: + - name: probes + containerPort: 8080 + - name: metrics + containerPort: 9090 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readinessProbe: + httpGet: + path: /live + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + livenessProbe: + httpGet: + path: /live + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Service +metadata: + name: pipelines-as-code-watcher + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/part-of: pipelines-as-code + app: pipelines-as-code-watcher +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app.kubernetes.io/name: watcher + app.kubernetes.io/component: watcher + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/part-of: pipelines-as-code +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + template: + metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code + app.kubernetes.io/version: "v0.17.5" + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: pipelines-as-code-webhook + containers: + - name: pac-webhook + image: "ghcr.io/openshift-pipelines/pipelines-as-code-webhook:v0.17.5" + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: WEBHOOK_SERVICE_NAME + value: pipelines-as-code-webhook + - name: WEBHOOK_SECRET_NAME + value: pipelines-as-code-webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipelinesascode + ports: + - name: https-webhook + containerPort: 8443 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL +# Copyright 2023 Red Hat +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: v1 +kind: Service +metadata: + name: pipelines-as-code-webhook + namespace: pipelines-as-code + labels: + app.kubernetes.io/version: "v0.17.5" + app.kubernetes.io/part-of: pipelines-as-code +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: pipelines-as-code