airship/charts
Code Issues Proposed changes

Merge "chore(img): updates tekton images"

Browse Source
This commit is contained in:
Zuul 2021-04-22 20:21:15 +00:00 committed by Gerrit Code Review
commit cf3cfb2f50
99 changed files with 863 additions and 592 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
charts/tekton-dashboard/crds/crd_extension-dashboard.yaml
View File

@ -4,44 +4,44 @@ kind: CustomResourceDefinition
metadata:
name: extensions.dashboard.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/component: dashboard
app.kubernetes.io/name: extensions
app.kubernetes.io/part-of: tekton-dashboard
spec:
group: dashboard.tekton.dev
names:
categories:
- tekton
- tekton-dashboard
- tekton
- tekton-dashboard
kind: Extension
plural: extensions
singular: extension
plural: extensions
shortNames:
- ext
- exts
- ext
- exts
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
additionalPrinterColumns:
- jsonPath: .spec.apiVersion
name: API version
type: string
- jsonPath: .spec.name
name: Kind
type: string
- jsonPath: .spec.displayname
name: Display name
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .spec.apiVersion
name: API version
type: string
- jsonPath: .spec.name
name: Kind
type: string
- jsonPath: .spec.displayname
name: Display name
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
served: true
storage: true
subresources:
status: {}
...

2
charts/tekton-dashboard/templates/clusterrole_backend-dashboard.yaml
View File

@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
name: tekton-dashboard-backend
rules:
- apiGroups:

2
charts/tekton-dashboard/templates/clusterrole_dashboard-dashboard.yaml
View File

@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
name: tekton-dashboard-dashboard
rules:
- apiGroups:

2
charts/tekton-dashboard/templates/clusterrole_extensions-dashboard.yaml
View File

@ -7,7 +7,7 @@ aggregationRule:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
name: tekton-dashboard-extensions
...
{{- end -}}

2
charts/tekton-dashboard/templates/clusterrole_pipelines-dashboard.yaml
View File

@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
name: tekton-dashboard-pipelines
rules:
- apiGroups:

2
charts/tekton-dashboard/templates/clusterrole_tenant-dashboard.yaml
View File

@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
name: tekton-dashboard-tenant
rules:
- apiGroups:

2
charts/tekton-dashboard/templates/clusterrole_triggers-dashboard.yaml
View File

@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
name: tekton-dashboard-triggers
rules:
- apiGroups:

2
charts/tekton-dashboard/templates/clusterrolebinding_backend-dashboard.yaml
View File

@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
name: tekton-dashboard-backend
roleRef:
apiGroup: rbac.authorization.k8s.io

2
charts/tekton-dashboard/templates/clusterrolebinding_extensions-dashboard.yaml
View File

@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
name: tekton-dashboard-extensions
roleRef:
apiGroup: rbac.authorization.k8s.io

2
charts/tekton-dashboard/templates/clusterrolebinding_tenant-dashboard.yaml
View File

@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
name: tekton-dashboard-tenant
roleRef:
apiGroup: rbac.authorization.k8s.io

14
charts/tekton-dashboard/templates/deployment-dashboard.yaml
View File

@ -4,7 +4,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "helpers.labels.fullname" $ }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
spec:
replicas: 1
selector:
@ -17,7 +17,7 @@ spec:
maxSurge: 3
template:
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard") | nindent 8 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 8 }}
spec:
serviceAccountName: {{ template "helpers.labels.fullname" . }}
securityContext:
@ -30,12 +30,11 @@ spec:
image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "tekton_dashboard" ) }}
imagePullPolicy: {{ $.Values.images.pull.policy | quote }}
args:
- --port=8080
- --port=9097
- --logout-url={{ $.Values.config.args.logout_url }}
- --pipelines-namespace={{ $.Release.Namespace }}
- --triggers-namespace={{ $.Release.Namespace }}
- --read-only={{ $.Values.config.args.read_only }}
- --csrf-secure-cookie={{ $.Values.config.args.csrf_secure_cookie }}
- --log-level={{ $.Values.config.args.log_level }}
- --log-format={{ $.Values.config.args.log_format }}
- --namespace={{ $.Values.config.args.namespace }}
@ -48,20 +47,19 @@ spec:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: web
containerPort: 8080
- containerPort: 9097
readinessProbe:
httpGet:
scheme: HTTP
path: /readiness
port: 8080
port: 9097
initialDelaySeconds: 15
periodSeconds: 10
livenessProbe:
httpGet:
scheme: HTTP
path: /health
port: 8080
port: 9097
initialDelaySeconds: 50
periodSeconds: 20
timeoutSeconds: 5

16
charts/tekton-dashboard/templates/ingress-dashboard.yaml
View File

@ -1,6 +1,6 @@
{{- define "ingress-dashboard" -}}
---
apiVersion: networking.k8s.io/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ template "helpers.labels.fullname" $ }}
@ -18,10 +18,14 @@ spec:
- host: {{ $.Values.params.endpoints.hostname }}
http:
paths:
- backend:
serviceName: tekton-dashboard
servicePort: web
path: /
- path: /
pathType: Prefix
backend:
service:
name: tekton-dashboard
port:
name: http
{{- if and $.Values.params.endpoints.tls.enabled }}
tls:
- hosts:
@ -31,5 +35,3 @@ spec:
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "ingress-dashboard" ) }}

2
charts/tekton-dashboard/templates/rolebinding_dashboard-dashboard.yaml
View File

@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
name: tekton-dashboard-dashboard
namespace: {{ $.Release.Namespace }}
roleRef:

2
charts/tekton-dashboard/templates/rolebinding_pipelines-dashboard.yaml
View File

@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
name: tekton-dashboard-pipelines
namespace: {{ $.Release.Namespace }}
roleRef:

2
charts/tekton-dashboard/templates/rolebinding_triggers-dashboard.yaml
View File

@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
name: tekton-dashboard-triggers
namespace: {{ $.Release.Namespace }}
roleRef:

9
charts/tekton-dashboard/templates/service-dashboard.yaml
View File

@ -4,13 +4,14 @@ apiVersion: v1
kind: Service
metadata:
name: tekton-dashboard
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
spec:
selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "dashboard") | nindent 4 }}
selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
ports:
- name: web
- name: http
port: 9097
protocol: TCP
port: 8080
targetPort: 9097
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-deployment" ) }}

2
charts/tekton-dashboard/templates/serviceaccount-dashboard.yaml
View File

@ -3,7 +3,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
name: {{ template "helpers.labels.fullname" . }}
namespace: {{ $.Release.Namespace }}
...

3
charts/tekton-dashboard/values.yaml
View File

@ -1,7 +1,6 @@
---
config:
args:
csrf_secure_cookie: false
external-logs: ''
log_format: json
log_level: info
@ -16,7 +15,7 @@ images:
tekton_dashboard:
name: tektoncd/dashboard/cmd/dashboard
repo: gcr.io/tekton-releases/github.com
tag: v0.12.0
tag: v0.14.0
pull:
policy: IfNotPresent

2
charts/tekton-pipelines/templates/clusterrole-aggregate-edit.yaml
View File

@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tekton-aggregate-edit
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:

22
charts/tekton-pipelines/templates/clusterrole-aggregate-view.yaml
View File

@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tekton-aggregate-view
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups:
- tekton.dev
- tekton.dev
resources:
- tasks
- taskruns
- pipelines
- pipelineruns
- pipelineresources
- conditions
- tasks
- taskruns
- pipelines
- pipelineruns
- pipelineresources
- conditions
verbs:
- get
- list
- watch
- get
- list
- watch
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrole-aggregate-view" ) }}

10
charts/tekton-pipelines/templates/clusterrole-controller-cluster-access.yaml
View File

@ -4,7 +4,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-pipelines-controller-cluster-access
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
rules:
- apiGroups: [""]
# Namespace access is required because the controller timeout handling logic
@ -16,15 +16,13 @@ rules:
# Controller needs cluster access to all of the CRDs that it is responsible for
# managing.
- apiGroups: ["tekton.dev"]
resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources",
"conditions", "runs"]
resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "conditions", "runs"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
- apiGroups: ["tekton.dev"]
resources: ["taskruns/finalizers", "pipelineruns/finalizers"]
resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
- apiGroups: ["tekton.dev"]
resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status",
"pipelineruns/status", "pipelineresources/status"]
resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status", "runs/status"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
...
{{- end -}}

5
charts/tekton-pipelines/templates/clusterrole-controller-tenant-access.yaml
View File

@ -5,11 +5,10 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
# This is the access that the controller needs on a per-namespace basis.
name: tekton-pipelines-controller-tenant-access
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps",
"persistentvolumeclaims", "limitranges"]
resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps", "persistentvolumeclaims", "limitranges"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
# Unclear if this access is actually required. Simply a hold-over from the previous
# incarnation of the controller's ClusterRole.

2
charts/tekton-pipelines/templates/clusterrole-webhook-cluster-access.yaml
View File

@ -4,7 +4,7 @@ kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-pipelines-webhook-cluster-access
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
rules:
- # The webhook needs to be able to list and update customresourcedefinitions,
# mainly to update the webhook certificates.

2
charts/tekton-pipelines/templates/clusterrolebinding-controller-cluster-access.yaml
View File

@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-pipelines-controller-cluster-access
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
subjects:
- kind: ServiceAccount
name: tekton-pipelines-controller

2
charts/tekton-pipelines/templates/clusterrolebinding-controller-tenant-access.yaml
View File

@ -8,7 +8,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-pipelines-controller-tenant-access
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
subjects:
- kind: ServiceAccount
name: tekton-pipelines-controller

2
charts/tekton-pipelines/templates/clusterrolebinding-webhook-cluster-access.yaml
View File

@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-pipelines-webhook-cluster-access
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
subjects:
- kind: ServiceAccount
name: tekton-pipelines-webhook

2
charts/tekton-pipelines/templates/configmap-artifact-bucket.yaml
View File

@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: config-artifact-bucket
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
data:
{{- if $.Values.controller.conf.artifact_bucket.location }}
# location of the gcs bucket to be used for artifact storage

2
charts/tekton-pipelines/templates/configmap-artifact-pvc.yaml
View File

@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: config-artifact-pvc
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
data:
{{- if $.Values.controller.conf.artifact_pvc.size }}
# size of the PVC volume

2
charts/tekton-pipelines/templates/configmap-defaults.yaml
View File

@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: config-defaults
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
data:
{{- if $.Values.controller.conf.defaults.default_timeout_minutes }}
# default-timeout-minutes contains the default number of

35
charts/tekton-pipelines/templates/configmap-feature-flags.yaml
View File

@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: feature-flags
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
data:
# Setting this flag to "true" will prevent Tekton to create an
# Affinity Assistant for every TaskRun sharing a PVC workspace
@ -39,6 +39,21 @@ data:
# info.
disable-working-directory-overwrite: {{ $.Values.controller.conf.feature_flags.disable_working_directory_overwrite | quote }}
# Setting this flag to "true" will prevent Tekton scanning attached
# service accounts and injecting any credentials it finds into your
# Steps.
#
# The default behaviour currently is for Tekton to search service
# accounts for secrets matching a specified format and automatically
# mount those into your Steps.
#
# Note: setting this to "true" will prevent PipelineResources from
# working.
#
# See https://github.com/tektoncd/pipeline/issues/1836 for more
# info.
disable-creds-init: {{ $.Values.controller.conf.feature_flags.disable_creds_init | quote }}
# This option should be set to false when Pipelines is running in a
# cluster that does not use injected sidecars such as Istio. Setting
# it to false should decrease the time it takes for a TaskRun to start
@ -47,6 +62,24 @@ data:
#
# See https://github.com/tektoncd/pipeline/issues/2080 for more info.
running-in-environment-with-injected-sidecars: {{ $.Values.controller.conf.feature_flags.running_in_environment_with_injected_sidecars | quote }}
# Setting this flag to "true" will require that any Git SSH Secret
# offered to Tekton must have known_hosts included.
#
# See https://github.com/tektoncd/pipeline/issues/2981 for more
# info.
require-git-ssh-secret-known-hosts: {{ $.Values.controller.conf.feature_flags.require_git_ssh_secret_known_hosts | quote }}
# Setting this flag to "true" enables the use of Tekton OCI bundle.
# This is an experimental feature and thus should still be considered
# an alpha feature.
enable-tekton-oci-bundles: {{ $.Values.controller.conf.feature_flags.enable_tekton_oci_bundles | quote }}
# Setting this flag to "true" enables the use of custom tasks from
# within pipelines.
# This is an experimental feature and thus should still be considered
# an alpha feature.
enable-custom-tasks: {{ $.Values.controller.conf.feature_flags.enable_custom_tasks | quote }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "configmap-feature-flags" ) }}

2
charts/tekton-pipelines/templates/configmap-leader-election.yaml
View File

@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: config-leader-election
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
data:
# An inactive but valid configuration follows; see example.
resourceLock: {{ $.Values.common_config.leader_election.resourceLock | quote }}

2
charts/tekton-pipelines/templates/configmap-logging.yaml
View File

@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: config-logging
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
data:
# Common configuration for all knative codebase
zap-logger-config: |

2
charts/tekton-pipelines/templates/configmap-observability.yaml
View File

@ -5,7 +5,7 @@ kind: ConfigMap
metadata:
name: config-observability
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
data:
{{- if $.Values.common_config.observability.metrics.backend_destination }}
# metrics.backend-destination field specifies the system metrics destination.

14
charts/tekton-pipelines/templates/configmap-registry.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "configmap-registry" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: config-registry-cert
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
# data:
# # Registry's self-signed certificate
# cert: |
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "configmap-registry" ) }}

65
charts/tekton-pipelines/templates/crds/customresourcedefinition-clustertasks.yaml
View File

@ -4,7 +4,6 @@ kind: CustomResourceDefinition
metadata:
name: clustertasks.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: clustertasks
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
@ -12,53 +11,39 @@ spec:
group: tekton.dev
preserveUnknownFields: false
versions:
- name: v1alpha1
served: true
storage: false
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
- &version
name: v1alpha1
served: true
storage: false
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
- !!merge <<: *version
name: v1beta1
storage: true
names:
kind: ClusterTask
plural: clustertasks
categories:
- tekton
- tekton-pipelines
- tekton
- tekton-pipelines
scope: Cluster
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1beta1","v1alpha1"]
conversionReviewVersions: ["v1beta1"]
clientConfig:
service:
name: tekton-pipelines-webhook

1
charts/tekton-pipelines/templates/crds/customresourcedefinition-conditions.yaml
View File

@ -4,7 +4,6 @@ kind: CustomResourceDefinition
metadata:
name: conditions.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: conditions
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines

1
charts/tekton-pipelines/templates/crds/customresourcedefinition-images-caching.yaml
View File

@ -4,7 +4,6 @@ kind: CustomResourceDefinition
metadata:
name: images.caching.internal.knative.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: images-caching
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines

43
charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineresources.yaml
View File

@ -4,36 +4,35 @@ kind: CustomResourceDefinition
metadata:
name: pipelineresources.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: pipelineresources
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
spec:
group: tekton.dev
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
names:
kind: PipelineResource
plural: pipelineresources
categories:
- tekton
- tekton-pipelines
- tekton
- tekton-pipelines
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
...

108
charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineruns.yaml
View File

@ -4,7 +4,6 @@ kind: CustomResourceDefinition
metadata:
name: pipelineruns.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: pipelineruns
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
@ -12,82 +11,55 @@ spec:
group: tekton.dev
preserveUnknownFields: false
versions:
- name: v1alpha1
served: true
storage: false
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
additionalPrinterColumns:
- name: Succeeded
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
- name: StartTime
type: date
jsonPath: .status.startTime
- name: CompletionTime
type: date
jsonPath: .status.completionTime
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
additionalPrinterColumns:
- name: Succeeded
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
- name: StartTime
type: date
jsonPath: .status.startTime
- name: CompletionTime
type: date
jsonPath: .status.completionTime
- &version
name: v1alpha1
served: true
storage: false
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
additionalPrinterColumns:
- name: Succeeded
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
- name: StartTime
type: date
jsonPath: .status.startTime
- name: CompletionTime
type: date
jsonPath: .status.completionTime
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
- !!merge <<: *version
name: v1beta1
storage: true
names:
kind: PipelineRun
plural: pipelineruns
categories:
- tekton
- tekton-pipelines
- tekton
- tekton-pipelines
shortNames:
- pr
- prs
- pr
- prs
scope: Namespaced
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1beta1","v1alpha1"]
conversionReviewVersions: ["v1beta1"]
clientConfig:
service:
name: tekton-pipelines-webhook

65
charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelines.yaml
View File

@ -4,7 +4,6 @@ kind: CustomResourceDefinition
metadata:
name: pipelines.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: pipelines
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
@ -12,53 +11,39 @@ spec:
group: tekton.dev
preserveUnknownFields: false
versions:
- name: v1alpha1
served: true
storage: false
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
- &version
name: v1alpha1
served: true
storage: false
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
- !!merge <<: *version
name: v1beta1
storage: true
names:
kind: Pipeline
plural: pipelines
categories:
- tekton
- tekton-pipelines
- tekton
- tekton-pipelines
scope: Namespaced
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1beta1","v1alpha1"]
conversionReviewVersions: ["v1beta1"]
clientConfig:
service:
name: tekton-pipelines-webhook

72
charts/tekton-pipelines/templates/crds/customresourcedefinition-runs.yaml
View File

@ -4,7 +4,6 @@ kind: CustomResourceDefinition
metadata:
name: runs.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: runs
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
@ -12,47 +11,42 @@ spec:
group: tekton.dev
preserveUnknownFields: false
versions:
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
additionalPrinterColumns:
- name: Succeeded
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
- name: StartTime
type: date
jsonPath: .status.startTime
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
additionalPrinterColumns:
- name: Succeeded
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
- name: StartTime
type: date
jsonPath: .status.startTime
- name: CompletionTime
type: date
jsonPath: .status.completionTime
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
names:
kind: Run
plural: runs
categories:
- tekton
- tekton-pipelines
- tekton
- tekton-pipelines
scope: Namespaced
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1beta1","v1alpha1"]
clientConfig:
service:
name: tekton-pipelines-webhook
namespace: {{ $.Release.Namespace }}
...

108
charts/tekton-pipelines/templates/crds/customresourcedefinition-taskruns.yaml
View File

@ -4,7 +4,6 @@ kind: CustomResourceDefinition
metadata:
name: taskruns.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: taskruns
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
@ -12,82 +11,55 @@ spec:
group: tekton.dev
preserveUnknownFields: false
versions:
- name: v1alpha1
served: true
storage: false
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
additionalPrinterColumns:
- name: Succeeded
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
- name: StartTime
type: date
jsonPath: .status.startTime
- name: CompletionTime
type: date
jsonPath: .status.completionTime
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
additionalPrinterColumns:
- name: Succeeded
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
- name: StartTime
type: date
jsonPath: .status.startTime
- name: CompletionTime
type: date
jsonPath: .status.completionTime
- &version
name: v1alpha1
served: true
storage: false
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
additionalPrinterColumns:
- name: Succeeded
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
- name: StartTime
type: date
jsonPath: .status.startTime
- name: CompletionTime
type: date
jsonPath: .status.completionTime
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
- !!merge <<: *version
name: v1beta1
storage: true
names:
kind: TaskRun
plural: taskruns
categories:
- tekton
- tekton-pipelines
- tekton
- tekton-pipelines
shortNames:
- tr
- trs
- tr
- trs
scope: Namespaced
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1beta1","v1alpha1"]
conversionReviewVersions: ["v1beta1"]
clientConfig:
service:
name: tekton-pipelines-webhook

66
charts/tekton-pipelines/templates/crds/customresourcedefinition-tasks.yaml
View File

@ -4,7 +4,6 @@ kind: CustomResourceDefinition
metadata:
name: tasks.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: tasks
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
@ -12,55 +11,42 @@ spec:
group: tekton.dev
preserveUnknownFields: false
versions:
- name: v1alpha1
served: true
storage: false
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
- &version
name: v1alpha1
served: true
storage: false
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
- !!merge <<: *version
name: v1beta1
storage: true
names:
kind: Task
plural: tasks
categories:
- tekton
- tekton-pipelines
- tekton
- tekton-pipelines
scope: Namespaced
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1beta1","v1alpha1"]
conversionReviewVersions: ["v1beta1"]
clientConfig:
service:
name: tekton-pipelines-webhook
namespace: tekton-pipelines
namespace: {{ $.Release.Namespace }}
...

44
charts/tekton-pipelines/templates/deployment-controller.yaml
View File

@ -5,16 +5,16 @@ kind: Deployment
metadata:
name: tekton-pipelines-controller
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
spec:
replicas: {{ $.Values.controller.pod.replicas }}
selector:
matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller") | nindent 6 }}
matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller" ) | nindent 6 }}
template:
metadata:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 8 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 8 }}
spec:
serviceAccountName: tekton-pipelines-controller
nodeSelector: {{- include "helpers.pod.node_selector" ( dict "Global" $ "Component" "controller" ) | nindent 8 }}
@ -27,8 +27,6 @@ spec:
# by image references by digest.
- -kubeconfig-writer-image
- {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "kubeconfig_writer_image" ) }}
- -creds-image
- {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "creds_image" ) }}
- -git-image
- {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "git_image" ) }}
- -entrypoint-image
@ -46,17 +44,19 @@ spec:
- -shell-image
- {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "shell_image" ) }}
volumeMounts:
- name: config-logging
mountPath: /etc/config-logging
- name: config-logging
mountPath: /etc/config-logging
- name: config-registry-cert
mountPath: /etc/config-registry-cert
env:
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- # If you are changing these names, you will also need to update
# If you are changing these names, you will also need to update
# the controller's Role in 200-role.yaml to include the new
# values in the "configmaps" "get" rule.
name: CONFIG_DEFAULTS_NAME
- name: CONFIG_DEFAULTS_NAME
value: config-defaults
- name: CONFIG_LOGGING_NAME
value: config-logging
@ -70,6 +70,10 @@ spec:
value: feature-flags
- name: CONFIG_LEADERELECTION_NAME
value: config-leader-election
- name: SSL_CERT_FILE
value: /etc/config-registry-cert/cert
- name: SSL_CERT_DIR
value: /etc/ssl/certs
- name: METRICS_DOMAIN
value: {{ $.Values.controller.conf.metrics_domain }}
securityContext:
@ -79,10 +83,32 @@ spec:
capabilities:
drop:
- all
ports:
- name: probes
containerPort: {{ $.Values.controller.endpoints.ports.probes.port }}
livenessProbe:
httpGet:
path: /health
port: probes
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /readiness
port: probes
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
volumes:
- name: config-logging
configMap:
name: config-logging
- name: config-registry-cert
configMap:
name: config-registry-cert
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "deployment-controller" ) }}

30
charts/tekton-pipelines/templates/deployment-webhook.yaml
View File

@ -8,7 +8,7 @@ metadata:
# change the value of WEBHOOK_SERVICE_NAME below.
name: tekton-pipelines-webhook
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
spec:
replicas: {{ $.Values.webhook.pod.replicas }}
selector:
@ -17,8 +17,17 @@ spec:
metadata:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 8 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 8 }}
app: tekton-pipelines-webhook
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $) | nindent 20 }}
weight: 100
serviceAccountName: tekton-pipelines-webhook
nodeSelector: {{- include "helpers.pod.node_selector" ( dict "Global" $ "Component" "webhook" ) | nindent 8 }}
containers:
@ -27,15 +36,22 @@ spec:
# and substituted here.
image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "webhook" ) }}
imagePullPolicy: {{ $.Values.images.pull.policy | quote }}
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 500Mi
env:
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- # If you are changing these names, you will also need to update
# the webhook's Role in 200-role.yaml to include the new
# values in the "configmaps" "get" rule.
name: CONFIG_LOGGING_NAME
# If you are changing these names, you will also need to update
# the webhook's Role in 200-role.yaml to include the new
# values in the "configmaps" "get" rule.
- name: CONFIG_LOGGING_NAME
value: config-logging
- name: CONFIG_OBSERVABILITY_NAME
value: config-observability
@ -61,6 +77,8 @@ spec:
containerPort: {{ $.Values.webhook.endpoints.ports.profiling.targetPort }}
- name: https-webhook
containerPort: {{ $.Values.webhook.endpoints.ports.https_webhook.targetPort }}
- name: probes
containerPort: {{ $.Values.webhook.endpoints.ports.probes.port }}
livenessProbe:
tcpSocket:
port: {{ $.Values.webhook.pod.probes.liveness.tcpPort }}

23
charts/tekton-pipelines/templates/hpa-webhook.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- define "hpa-webhook" -}}
---
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: tekton-pipelines-webhook
namespace: tekton-pipelines
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
spec:
minReplicas: 1
maxReplicas: 5
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: tekton-pipelines-webhook
metrics:
- type: Resource
resource:
name: cpu
targetAverageUtilization: 100
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "hpa-webhook" ) }}

4
charts/tekton-pipelines/templates/mutatingwebhookconfiguration-webhook.yaml
View File

@ -4,10 +4,10 @@ apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: webhook.pipeline.tekton.dev
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
webhooks:
- admissionReviewVersions:
- v1beta1
- v1
clientConfig:
service:
name: tekton-pipelines-webhook

14
charts/tekton-pipelines/templates/pdb-webhook.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "pdb-webhook" -}}
---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: tekton-pipelines-webhook
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
spec:
minAvailable: 80%
selector:
matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook" ) | nindent 6 }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "pdb-webhook" ) }}

2
charts/tekton-pipelines/templates/podsecuritypolicy-pipelines.yaml
View File

@ -4,7 +4,7 @@ apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: tekton-pipelines
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
spec:
privileged: false
allowPrivilegeEscalation: false

5
charts/tekton-pipelines/templates/role-controller.yaml
View File

@ -5,7 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-pipelines-controller
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["configmaps"]
@ -14,8 +14,7 @@ rules:
apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]
resourceNames: ["config-logging", "config-observability", "config-artifact-bucket",
"config-artifact-pvc", "feature-flags", "config-leader-election"]
resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", "config-artifact-pvc", "feature-flags", "config-leader-election", "config-registry-cert"]
- apiGroups: ["policy"]
resources: ["podsecuritypolicies"]
resourceNames: ["tekton-pipelines"]

12
charts/tekton-pipelines/templates/clusterrole-leader-election.yaml → charts/tekton-pipelines/templates/role-leader-election.yaml
View File

@ -1,15 +1,15 @@
{{- define "clusterrole-leader-election" -}}
{{- define "role-leader-election" -}}
---
kind: ClusterRole
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-pipelines-leader-election
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
rules:
- # We uses leases for leaderelection
apiGroups: ["coordination.k8s.io"]
# We uses leases for leaderelection
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrole-leader-election" ) }}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "role-leader-election" ) }}

2
charts/tekton-pipelines/templates/role-webhook.yaml
View File

@ -5,7 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tekton-pipelines-webhook
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["configmaps"]

10
charts/tekton-pipelines/templates/clusterrolebinding-controller-leader-election.yaml → charts/tekton-pipelines/templates/rolebinding-controller-leaderelection.yaml
View File

@ -1,18 +1,18 @@
{{- define "clusterrolebinding-controller-leader-election" -}}
{{- define "rolebinding-controller-leaderelection" -}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
kind: RoleBinding
metadata:
name: tekton-pipelines-controller-leaderelection
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
subjects:
- kind: ServiceAccount
name: tekton-pipelines-controller
namespace: {{ $.Release.Namespace }}
roleRef:
kind: ClusterRole
kind: Role
name: tekton-pipelines-leader-election
apiGroup: rbac.authorization.k8s.io
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrolebinding-controller-leader-election" ) }}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "rolebinding-controller-leaderelection" ) }}

2
charts/tekton-pipelines/templates/rolebinding-controller.yaml
View File

@ -5,7 +5,7 @@ kind: RoleBinding
metadata:
name: tekton-pipelines-controller
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
subjects:
- kind: ServiceAccount
name: tekton-pipelines-controller

10
charts/tekton-pipelines/templates/clusterrolebinding-webhook-leader-election.yaml → charts/tekton-pipelines/templates/rolebinding-webhook-leader-election.yaml
View File

@ -1,18 +1,18 @@
{{- define "clusterrolebinding-webhook-leader-election" -}}
{{- define "rolebinding-webhook-leader-election" -}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
kind: RoleBinding
metadata:
name: tekton-pipelines-webhook-leaderelection
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
subjects:
- kind: ServiceAccount
name: tekton-pipelines-webhook
namespace: {{ $.Release.Namespace }}
roleRef:
kind: ClusterRole
kind: Role
name: tekton-pipelines-leader-election
apiGroup: rbac.authorization.k8s.io
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrolebinding-webhook-leader-election" ) }}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "rolebinding-webhook-leader-election" ) }}

2
charts/tekton-pipelines/templates/rolebinding-webhook.yaml
View File

@ -5,7 +5,7 @@ kind: RoleBinding
metadata:
name: tekton-pipelines-webhook
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
subjects:
- kind: ServiceAccount
name: tekton-pipelines-webhook

2
charts/tekton-pipelines/templates/secret-webhook-certs.yaml
View File

@ -5,7 +5,7 @@ kind: Secret
metadata:
name: webhook-certs
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
# The data is populated at install time.
...
{{- end -}}

6
charts/tekton-pipelines/templates/service-controller.yaml
View File

@ -3,7 +3,7 @@
apiVersion: v1
kind: Service
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
name: tekton-pipelines-controller
namespace: {{ $.Release.Namespace }}
spec:
@ -12,7 +12,9 @@ spec:
port: {{ $.Values.controller.endpoints.ports.metrics.port }}
protocol: {{ $.Values.controller.endpoints.ports.metrics.protocol }}
targetPort: {{ $.Values.controller.endpoints.ports.metrics.targetPort }}
selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller") | nindent 4 }}
- name: probes
port: {{ $.Values.controller.endpoints.ports.probes.port }}
selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-controller" ) }}

6
charts/tekton-pipelines/templates/service-webhook.yaml
View File

@ -3,7 +3,7 @@
apiVersion: v1
kind: Service
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
name: tekton-pipelines-webhook
namespace: {{ $.Release.Namespace }}
spec:
@ -18,7 +18,9 @@ spec:
- name: https-webhook
port: {{ $.Values.webhook.endpoints.ports.https_webhook.port }}
targetPort: {{ $.Values.webhook.endpoints.ports.https_webhook.targetPort }}
selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook" ) | nindent 4 }}
- name: probes
port: {{ $.Values.webhook.endpoints.ports.probes.port }}
selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-webhook" ) }}

2
charts/tekton-pipelines/templates/serviceaccount-controller.yaml
View File

@ -5,7 +5,7 @@ kind: ServiceAccount
metadata:
name: tekton-pipelines-controller
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "serviceaccount-controller" ) }}

2
charts/tekton-pipelines/templates/serviceaccount-webhook.yaml
View File

@ -5,7 +5,7 @@ kind: ServiceAccount
metadata:
name: tekton-pipelines-webhook
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "serviceaccount-webhook" ) }}

4
charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-config.yaml
View File

@ -4,10 +4,10 @@ apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: config.webhook.pipeline.tekton.dev
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
webhooks:
- admissionReviewVersions:
- v1beta1
- v1
clientConfig:
service:
name: tekton-pipelines-webhook

4
charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-validation.yaml
View File

@ -4,10 +4,10 @@ apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validation.webhook.pipeline.tekton.dev
labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
webhooks:
- admissionReviewVersions:
- v1beta1
- v1
clientConfig:
service:
name: tekton-pipelines-webhook

32
charts/tekton-pipelines/values.yaml
View File

@ -1,41 +1,35 @@
# Default values file for Tekton-Pipelines
---
images:
applications:
controller:
tag: v0.19.0
tag: v0.21.0
name: tektoncd/pipeline/cmd/controller
repo: gcr.io/tekton-releases/github.com
kubeconfig_writer_image:
tag: v0.19.0
tag: v0.21.0
name: tektoncd/pipeline/cmd/kubeconfigwriter
repo: gcr.io/tekton-releases/github.com
creds_image:
tag: v0.19.0
name: tektoncd/pipeline/cmd/creds-init
repo: gcr.io/tekton-releases/github.com
git_image:
tag: v0.19.0
tag: v0.21.0
name: tektoncd/pipeline/cmd/git-init
repo: gcr.io/tekton-releases/github.com
entrypoint_image:
tag: v0.19.0
tag: v0.21.0
name: tektoncd/pipeline/cmd/entrypoint
repo: gcr.io/tekton-releases/github.com
nop_image:
tag: v0.19.0
tag: v0.21.0
name: tektoncd/pipeline/cmd/nop
repo: gcr.io/tekton-releases/github.com
imagedigest_exporter_image:
tag: v0.19.0
tag: v0.21.0
name: tektoncd/pipeline/cmd/imagedigestexporter
repo: gcr.io/tekton-releases/github.com
pr_image:
tag: v0.19.0
tag: v0.21.0
name: pipeline/cmd/pullrequest-init
repo: gcr.io/tekton-releases/github.com
build_gcs_fetcher_image:
tag: v0.19.0
tag: v0.21.0
name: tektoncd/pipeline/vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher
repo: gcr.io/tekton-releases/github.com
gsutil_image:
@ -50,7 +44,7 @@ images:
name: base@sha256
repo: gcr.io/distroless
webhook:
tag: v0.19.0
tag: v0.21.0
name: tektoncd/pipeline/cmd/webhook
repo: gcr.io/tekton-releases/github.com
pull:
@ -71,6 +65,8 @@ controller:
port: 9090
protocol: TCP
targetPort: 9090
probes:
port: 8080
pod:
replicas: 1
@ -102,6 +98,10 @@ controller:
disable_home_env_overwrite: "false"
disable_working_directory_overwrite: "false"
running_in_environment_with_injected_sidecars: "true"
disable_creds_init: "false"
require_git_ssh_secret_known_hosts: "false"
enable_tekton_oci_bundles: "false"
enable_custom_tasks: "false"
webhook:
endpoints:
@ -115,6 +115,8 @@ webhook:
https_webhook:
port: 443
targetPort: 8443
probes:
port: 8080
pod:
probes:

29
charts/tekton-triggers/crds/crd_clustertriggerbinding-triggers.yaml
View File

@ -4,11 +4,11 @@ kind: CustomResourceDefinition
metadata:
name: clustertriggerbindings.triggers.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: clustertriggerbindings
app.kubernetes.io/part-of: tekton-triggers
spec:
group: triggers.tekton.dev
scope: Cluster
names:
kind: ClusterTriggerBinding
plural: clustertriggerbindings
@ -18,16 +18,21 @@ spec:
categories:
- tekton
- tekton-triggers
preserveUnknownFields: false
scope: Cluster
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
subresources:
status: {}
...

57
charts/tekton-triggers/crds/crd_eventlistener-triggers.yaml
View File

@ -4,11 +4,11 @@ kind: CustomResourceDefinition
metadata:
name: eventlisteners.triggers.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: eventlisteners
app.kubernetes.io/part-of: tekton-triggers
spec:
group: triggers.tekton.dev
scope: Namespaced
names:
kind: EventListener
plural: eventlisteners
@ -18,26 +18,39 @@ spec:
categories:
- tekton
- tekton-triggers
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: Address
type: string
jsonPath: .status.address.url
- name: Available
type: string
jsonPath: ".status.conditions[?(@.type=='Available')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Available')].reason"
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
additionalPrinterColumns:
- name: Address
type: string
jsonPath: .status.address.url
- name: Available
type: string
jsonPath: ".status.conditions[?(@.type=='Available')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Available')].reason"
- name: Ready
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].status"
- name: Reason
type: string
jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
...

31
charts/tekton-triggers/crds/crd_trigger-triggers.yaml
View File

@ -4,11 +4,11 @@ kind: CustomResourceDefinition
metadata:
name: triggers.triggers.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: triggers
app.kubernetes.io/part-of: tekton-triggers
spec:
group: triggers.tekton.dev
scope: Namespaced
names:
kind: Trigger
plural: triggers
@ -18,16 +18,23 @@ spec:
categories:
- tekton
- tekton-triggers
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
...

31
charts/tekton-triggers/crds/crd_triggerbinding-triggers.yaml
View File

@ -4,11 +4,11 @@ kind: CustomResourceDefinition
metadata:
name: triggerbindings.triggers.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: triggerbindings
app.kubernetes.io/part-of: tekton-triggers
spec:
group: triggers.tekton.dev
scope: Namespaced
names:
kind: TriggerBinding
plural: triggerbindings
@ -18,16 +18,23 @@ spec:
categories:
- tekton
- tekton-triggers
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
...

31
charts/tekton-triggers/crds/crd_triggertemplate-triggers.yaml
View File

@ -4,11 +4,11 @@ kind: CustomResourceDefinition
metadata:
name: triggertemplates.triggers.tekton.dev
labels:
app.kubernetes.io/component: tekton
app.kubernetes.io/name: triggertemplates
app.kubernetes.io/part-of: tekton-triggers
spec:
group: triggers.tekton.dev
scope: Namespaced
names:
kind: TriggerTemplate
plural: triggertemplates
@ -18,16 +18,23 @@ spec:
categories:
- tekton
- tekton-triggers
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
x-kubernetes-preserve-unknown-fields: true
- name: v1alpha1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
...

17
charts/tekton-triggers/templates/clusterrole-admin.yaml
View File

@ -3,7 +3,7 @@
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
name: tekton-triggers-admin
rules:
- apiGroups:
@ -91,6 +91,21 @@ rules:
- delete
- patch
- watch
- apiGroups:
- serving.knative.dev
resources:
- "*"
- "*/status"
- "*/finalizers"
verbs:
- get
- list
- create
- update
- delete
- deletecollection
- patch
- watch
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrole-admin" ) }}

2
charts/tekton-triggers/templates/clusterrole-aggregate_edit.yaml
View File

@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tekton-triggers-aggregate-edit
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:

2
charts/tekton-triggers/templates/clusterrole-aggregate_view.yaml
View File

@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tekton-triggers-aggregate-view
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
rbac.authorization.k8s.io/aggregate-to-view: "true"
rules:
- apiGroups:

19
charts/tekton-triggers/templates/clusterrole-core_interceptors.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- define "clusterrole-core_interceptors" -}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tekton-triggers-core-interceptors
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
rules:
- apiGroups:
- "*"
resources:
- secrets
verbs:
- get
- list
- watch
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrole-core_interceptors" ) }}

2
charts/tekton-triggers/templates/clusterrolebinding-controller_admin.yaml
View File

@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
name: tekton-triggers-controller-admin
roleRef:
kind: ClusterRole

18
charts/tekton-triggers/templates/clusterrolebinding-core_interceptors.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- define "clusterrolebinding-core_interceptors" -}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
name: tekton-triggers-core-interceptors
roleRef:
kind: ClusterRole
name: tekton-triggers-core-interceptors
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: tekton-triggers-core-interceptors
namespace: {{ $.Release.Namespace }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrolebinding-core_interceptors" ) }}

2
charts/tekton-triggers/templates/clusterrolebinding-webhook_admin.yaml
View File

@ -3,7 +3,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
name: tekton-triggers-webhook-admin
roleRef:
kind: ClusterRole

1
charts/tekton-triggers/templates/config-logging.yaml
View File

@ -4,6 +4,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: config-logging-triggers
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
data:
zap-logger-config: |
{{ $.Values.config.zap_logger_config | toJson }}

1
charts/tekton-triggers/templates/config-observability.yaml
View File

@ -4,6 +4,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: config-observability-triggers
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
data:
{{- $.Values.configobservability | toYaml | nindent 2 }}
{{- end -}}

13
charts/tekton-triggers/templates/deployment-controller.yaml
View File

@ -4,7 +4,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: tekton-triggers-controller
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-triggers") | nindent 4 }}
spec:
replicas: 1
selector:
@ -17,7 +17,8 @@ spec:
maxSurge: 3
template:
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 8 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-triggers") | nindent 8 }}
app: tekton-triggers-controller
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
spec:
@ -36,6 +37,14 @@ spec:
- {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "tekton_eventlistener" ) }}
- -el-port
- {{ $.Values.config.controller.el_port | quote }}
- -el-readtimeout
- {{ $.Values.config.controller.el_readtimeout | quote }}
- -el-writetimeout
- {{ $.Values.config.controller.el_writetimeout | quote }}
- -el-idletimeout
- {{ $.Values.config.controller.el_idletimeout | quote }}
- -el-timeouthandler
- {{ $.Values.config.controller.el_timeouthandler | quote }}
- -period-seconds
- {{ $.Values.config.controller.period_seconds | quote }}
- -failure-threshold

55
charts/tekton-triggers/templates/deployment-core_interceptors.yaml Normal file
View File

@ -0,0 +1,55 @@
{{- define "deployment-core_interceptors" -}}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tekton-triggers-core-interceptors
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "interceptors" "PartOf" "tekton-triggers") | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $) | nindent 6 }}
revisionHistoryLimit: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 3
template:
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "interceptors" "PartOf" "tekton-triggers") | nindent 8 }}
app: tekton-triggers-core-interceptors
spec:
serviceAccountName: tekton-triggers-core-interceptors
nodeSelector: {{- include "helpers.pod.node_selector" ( dict "Global" $ "Application" "tekton_interceptor" ) | nindent 8 }}
terminationGracePeriodSeconds: 30
containers:
- name: tekton-triggers-core-interceptors
image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "tekton_interceptors" ) }}
imagePullPolicy: {{ $.Values.images.pull.policy | quote }}
args:
- -logtostderr
- -stderrthreshold
- {{ $.Values.config.controller.stderrthreshold | quote }}
env:
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CONFIG_LOGGING_NAME
value: config-logging-triggers
- name: CONFIG_OBSERVABILITY_NAME
value: config-observability-triggers
- name: METRICS_DOMAIN
value: tekton.dev/triggers
securityContext:
allowPrivilegeEscalation: false
runAsUser: 65532
runAsGroup: 65532
capabilities:
drop:
- all
volumes: []
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "deployment-core_interceptors" ) }}

7
charts/tekton-triggers/templates/deployment-webhook.yaml
View File

@ -4,7 +4,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: tekton-triggers-webhook
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }}
spec:
replicas: 1
selector:
@ -17,7 +17,8 @@ spec:
maxSurge: 3
template:
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 8 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 8 }}
app: tekton-triggers-webhook
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
spec:
@ -43,7 +44,7 @@ spec:
value: tekton.dev/triggers
ports:
- name: metrics
containerPort: {{ $.Values.params.endpoints.ports.metrics.port }}
containerPort: {{ $.Values.params.endpoints.ports.metrics.target }}
- name: profiling
containerPort: {{ $.Values.params.endpoints.ports.profiling.port }}
- name: https-webhook

2
charts/tekton-triggers/templates/mutatingwebhookconfig-webhook.yaml
View File

@ -4,9 +4,11 @@ apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: webhook.triggers.tekton.dev
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }}
webhooks:
- admissionReviewVersions:
- v1beta1
- v1
clientConfig:
service:
name: tekton-triggers-webhook

4
charts/tekton-triggers/templates/psp-triggers.yaml
View File

@ -4,9 +4,7 @@ apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: tekton-triggers
labels:
app.kubernetes.io/instance: tekton-triggers
app.kubernetes.io/part-of: tekton-triggers
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
spec:
privileged: false
allowPrivilegeEscalation: false

27
charts/tekton-triggers/templates/role-core_interceptors.yaml Normal file
View File

@ -0,0 +1,27 @@
{{- define "role-core_interceptors" -}}
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
name: tekton-triggers-core-interceptors
namespace: {{ $.Release.Namespace }}
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
resourceNames:
- tekton-triggers
verbs:
- use
- apiGroups:
- "*"
resources:
- configmaps
verbs:
- get
- list
- watch
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "role-core_interceptors" ) }}

6
charts/tekton-triggers/templates/role-admin.yaml → charts/tekton-triggers/templates/role-triggers_admin.yaml
View File

@ -1,9 +1,9 @@
{{- define "role_admin-triggers" -}}
{{- define "role-triggers_admin" -}}
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
name: tekton-triggers-admin
namespace: {{ $.Release.Namespace }}
rules:
@ -16,4 +16,4 @@ rules:
verbs:
- use
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "role_admin-triggers" ) }}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "role-triggers_admin" ) }}

2
charts/tekton-triggers/templates/role-webhook_admin.yaml
View File

@ -3,7 +3,7 @@
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
name: tekton-triggers-admin-webhook
namespace: {{ $.Release.Namespace }}
rules:

5
charts/tekton-triggers/templates/rolebinding-controller_admin.yaml
View File

@ -1,14 +1,11 @@
{{- define "rolebinding-controller_admin" -}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-triggers-controller-admin
namespace: {{ $.Release.Namespace }}
labels:
app.kubernetes.io/instance: tekton-triggers
app.kubernetes.io/part-of: tekton-triggers
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
subjects:
- kind: ServiceAccount
name: tekton-triggers-controller

18
charts/tekton-triggers/templates/rolebinding-core_interceptors.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- define "rolebinding-core_interceptors" -}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-triggers-core-interceptors
namespace: {{ $.Release.Namespace }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
subjects:
- kind: ServiceAccount
name: tekton-triggers-core-interceptors
namespace: {{ $.Release.Namespace }}
roleRef:
kind: Role
name: tekton-triggers-core-interceptors
apiGroup: rbac.authorization.k8s.io
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "rolebinding-core_interceptors" ) }}

4
charts/tekton-triggers/templates/rolebinding-webhook_admin.yaml
View File

@ -5,9 +5,7 @@ kind: RoleBinding
metadata:
name: tekton-triggers-webhook-admin
namespace: {{ $.Release.Namespace }}
labels:
app.kubernetes.io/instance: tekton-triggers
app.kubernetes.io/part-of: tekton-triggers
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
subjects:
- kind: ServiceAccount
name: tekton-triggers-webhook

1
charts/tekton-triggers/templates/secret-triggers.yaml
View File

@ -4,6 +4,7 @@ apiVersion: v1
kind: Secret
metadata:
name: triggers-webhook-certs
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "secret-triggers" ) }}

6
charts/tekton-triggers/templates/service-controller.yaml
View File

@ -4,14 +4,14 @@ apiVersion: v1
kind: Service
metadata:
name: tekton-triggers-controller
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-triggers") | nindent 4 }}
spec:
selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller") | nindent 4 }}
selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-triggers") | nindent 4 }}
ports:
- name: http-metrics
protocol: TCP
port: {{ $.Values.params.endpoints.ports.metrics.port }}
targetPort: {{ $.Values.params.endpoints.ports.metrics.port }}
targetPort: {{ $.Values.params.endpoints.ports.metrics.target }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-controller" ) }}

16
charts/tekton-triggers/templates/service-core_interceptors.yaml Normal file
View File

@ -0,0 +1,16 @@
{{- define "service-core_interceptors" -}}
---
apiVersion: v1
kind: Service
metadata:
name: tekton-triggers-core-interceptors
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "interceptors" "PartOf" "tekton-triggers") | nindent 4 }}
spec:
selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "interceptors" "PartOf" "tekton-triggers") | nindent 4 }}
ports:
- name: http
port: {{ $.Values.params.endpoints.ports.interceptors.port }}
targetPort: {{ $.Values.params.endpoints.ports.interceptors.target }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-core_interceptors" ) }}

4
charts/tekton-triggers/templates/service-webhook.yaml
View File

@ -4,9 +4,9 @@ apiVersion: v1
kind: Service
metadata:
name: tekton-triggers-webhook
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }}
spec:
selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook")| nindent 4 }}
selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers")| nindent 4 }}
ports:
- name: https-webhook
protocol: TCP

2
charts/tekton-triggers/templates/serviceaccount-controller.yaml
View File

@ -3,7 +3,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
name: tekton-triggers-controller
namespace: {{ $.Release.Namespace }}
...

11
charts/tekton-triggers/templates/serviceaccount-core_interceptors.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- define "serviceaccount-core_interceptors" -}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
name: tekton-triggers-core-interceptors
namespace: {{ $.Release.Namespace }}
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "serviceaccount-core_interceptors" ) }}

2
charts/tekton-triggers/templates/serviceaccount-webhook.yaml
View File

@ -3,7 +3,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
name: tekton-triggers-webhook
namespace: {{ $.Release.Namespace }}
...

6
charts/tekton-triggers/templates/config-validation.yaml → charts/tekton-triggers/templates/validatingwebhookconfig-config.yaml
View File

@ -1,12 +1,14 @@
{{- define "config-validation" -}}
{{- define "validatingwebhookconfig-config" -}}
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: config.webhook.triggers.tekton.dev
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }}
webhooks:
- admissionReviewVersions:
- v1beta1
- v1
clientConfig:
service:
name: tekton-triggers-webhook
@ -20,4 +22,4 @@ webhooks:
operator: Exists
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "config-validation" ) }}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "validatingwebhookconfig-config" ) }}

10
charts/tekton-triggers/templates/validatingwebhookconfig-webhook.yaml → charts/tekton-triggers/templates/validatingwebhookconfig-validation.yaml
View File

@ -1,12 +1,14 @@
{{- define "validatingwebhookconfig-webhook" -}}
{{- define "validatingwebhookconfig-validation" -}}
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validation.webhook.triggers.tekton.dev
labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }}
webhooks:
- admissionReviewVersions:
- v1beta1
- v1
clientConfig:
service:
name: tekton-triggers-webhook
@ -14,6 +16,10 @@ webhooks:
failurePolicy: Fail
sideEffects: None
name: validation.webhook.triggers.tekton.dev
namespaceSelector:
matchExpressions:
- key: triggers.tekton.dev/release
operator: Exists
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "validatingwebhookconfig-webhook" ) }}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "validatingwebhookconfig-validation" ) }}

32
charts/tekton-triggers/values.yaml
View File

@ -1,10 +1,14 @@
---
config:
controller:
period_seconds: 10
failure_threshold: 1
stderrthreshold: INFO
el_port: 8080
el_readtimeout: 5
el_writetimeout: 40
el_idletimeout: 120
el_timeouthandler: 30
failure_threshold: 1
period_seconds: 10
stderrthreshold: INFO
loglevel:
controller: info
eventlistener: info
@ -23,8 +27,8 @@ config:
messageKey: msg
nameKey: logger
stacktraceKey: stacktrace
timeEncoder: ''
timeKey: ''
timeEncoder: iso8601
timeKey: ts
encoding: json
errorOutputPaths:
- stderr
@ -40,6 +44,7 @@ params:
ports:
metrics:
port: 9090
target: 9090
scheme: http
profiling:
port: 8008
@ -48,21 +53,32 @@ params:
port: 443
target: 8443
scheme: https
interceptors:
port: 80
target: 8082
images:
applications:
tekton_controller:
name: tektoncd/triggers/cmd/controller
repo: gcr.io/tekton-releases/github.com
tag: v0.10.2
tag: v0.12.0
tekton_eventlistener:
name: tektoncd/triggers/cmd/eventlistenersink
repo: gcr.io/tekton-releases/github.com
tag: v0.10.2
tag: v0.12.0
tekton_webhook:
name: tektoncd/triggers/cmd/webhook
repo: gcr.io/tekton-releases/github.com
tag: v0.10.2
tag: v0.12.0
tekton_interceptors:
name: tektoncd/triggers/cmd/interceptors
repo: gcr.io/tekton-releases/github.com
tag: v0.12.0
tekton_eventlistenersink:
name: tektoncd/triggers/cmd/eventlistenersink
repo: gcr.io/tekton-releases/github.com
tag: v0.12.0
pull:
policy: IfNotPresent