diff --git a/charts/tekton-dashboard/crds/crd_extension-dashboard.yaml b/charts/tekton-dashboard/crds/crd_extension-dashboard.yaml index aa8eaab1..905e975e 100644 --- a/charts/tekton-dashboard/crds/crd_extension-dashboard.yaml +++ b/charts/tekton-dashboard/crds/crd_extension-dashboard.yaml @@ -4,44 +4,44 @@ kind: CustomResourceDefinition metadata: name: extensions.dashboard.tekton.dev labels: - app.kubernetes.io/component: tekton + app.kubernetes.io/component: dashboard app.kubernetes.io/name: extensions app.kubernetes.io/part-of: tekton-dashboard spec: group: dashboard.tekton.dev names: categories: - - tekton - - tekton-dashboard + - tekton + - tekton-dashboard kind: Extension - plural: extensions singular: extension + plural: extensions shortNames: - - ext - - exts + - ext + - exts preserveUnknownFields: false scope: Namespaced versions: - - name: v1alpha1 - served: true - storage: true - additionalPrinterColumns: - - jsonPath: .spec.apiVersion - name: API version - type: string - - jsonPath: .spec.name - name: Kind - type: string - - jsonPath: .spec.displayname - name: Display name - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - subresources: - status: {} + - additionalPrinterColumns: + - jsonPath: .spec.apiVersion + name: API version + type: string + - jsonPath: .spec.name + name: Kind + type: string + - jsonPath: .spec.displayname + name: Display name + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + served: true + storage: true + subresources: + status: {} ... diff --git a/charts/tekton-dashboard/templates/clusterrole_backend-dashboard.yaml b/charts/tekton-dashboard/templates/clusterrole_backend-dashboard.yaml index b2bec8e8..db33e5cd 100644 --- a/charts/tekton-dashboard/templates/clusterrole_backend-dashboard.yaml +++ b/charts/tekton-dashboard/templates/clusterrole_backend-dashboard.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} name: tekton-dashboard-backend rules: - apiGroups: diff --git a/charts/tekton-dashboard/templates/clusterrole_dashboard-dashboard.yaml b/charts/tekton-dashboard/templates/clusterrole_dashboard-dashboard.yaml index bec97f18..bdc14b6e 100644 --- a/charts/tekton-dashboard/templates/clusterrole_dashboard-dashboard.yaml +++ b/charts/tekton-dashboard/templates/clusterrole_dashboard-dashboard.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} name: tekton-dashboard-dashboard rules: - apiGroups: diff --git a/charts/tekton-dashboard/templates/clusterrole_extensions-dashboard.yaml b/charts/tekton-dashboard/templates/clusterrole_extensions-dashboard.yaml index a4d41925..5a741ee3 100644 --- a/charts/tekton-dashboard/templates/clusterrole_extensions-dashboard.yaml +++ b/charts/tekton-dashboard/templates/clusterrole_extensions-dashboard.yaml @@ -7,7 +7,7 @@ aggregationRule: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} name: tekton-dashboard-extensions ... {{- end -}} diff --git a/charts/tekton-dashboard/templates/clusterrole_pipelines-dashboard.yaml b/charts/tekton-dashboard/templates/clusterrole_pipelines-dashboard.yaml index 8aaaff74..511c6ea6 100644 --- a/charts/tekton-dashboard/templates/clusterrole_pipelines-dashboard.yaml +++ b/charts/tekton-dashboard/templates/clusterrole_pipelines-dashboard.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} name: tekton-dashboard-pipelines rules: - apiGroups: diff --git a/charts/tekton-dashboard/templates/clusterrole_tenant-dashboard.yaml b/charts/tekton-dashboard/templates/clusterrole_tenant-dashboard.yaml index 80851cfa..0b10540c 100644 --- a/charts/tekton-dashboard/templates/clusterrole_tenant-dashboard.yaml +++ b/charts/tekton-dashboard/templates/clusterrole_tenant-dashboard.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} name: tekton-dashboard-tenant rules: - apiGroups: diff --git a/charts/tekton-dashboard/templates/clusterrole_triggers-dashboard.yaml b/charts/tekton-dashboard/templates/clusterrole_triggers-dashboard.yaml index 99cfdbfe..9cd90dfe 100644 --- a/charts/tekton-dashboard/templates/clusterrole_triggers-dashboard.yaml +++ b/charts/tekton-dashboard/templates/clusterrole_triggers-dashboard.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} name: tekton-dashboard-triggers rules: - apiGroups: diff --git a/charts/tekton-dashboard/templates/clusterrolebinding_backend-dashboard.yaml b/charts/tekton-dashboard/templates/clusterrolebinding_backend-dashboard.yaml index 2bdb452c..af2fbb26 100644 --- a/charts/tekton-dashboard/templates/clusterrolebinding_backend-dashboard.yaml +++ b/charts/tekton-dashboard/templates/clusterrolebinding_backend-dashboard.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} name: tekton-dashboard-backend roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/charts/tekton-dashboard/templates/clusterrolebinding_extensions-dashboard.yaml b/charts/tekton-dashboard/templates/clusterrolebinding_extensions-dashboard.yaml index 6fa366d8..f484aafc 100644 --- a/charts/tekton-dashboard/templates/clusterrolebinding_extensions-dashboard.yaml +++ b/charts/tekton-dashboard/templates/clusterrolebinding_extensions-dashboard.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} name: tekton-dashboard-extensions roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/charts/tekton-dashboard/templates/clusterrolebinding_tenant-dashboard.yaml b/charts/tekton-dashboard/templates/clusterrolebinding_tenant-dashboard.yaml index 951fe3dc..c722ac33 100644 --- a/charts/tekton-dashboard/templates/clusterrolebinding_tenant-dashboard.yaml +++ b/charts/tekton-dashboard/templates/clusterrolebinding_tenant-dashboard.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} name: tekton-dashboard-tenant roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/charts/tekton-dashboard/templates/deployment-dashboard.yaml b/charts/tekton-dashboard/templates/deployment-dashboard.yaml index 32d5de90..13e45f80 100644 --- a/charts/tekton-dashboard/templates/deployment-dashboard.yaml +++ b/charts/tekton-dashboard/templates/deployment-dashboard.yaml @@ -4,7 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "helpers.labels.fullname" $ }} - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} spec: replicas: 1 selector: @@ -17,7 +17,7 @@ spec: maxSurge: 3 template: metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard") | nindent 8 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 8 }} spec: serviceAccountName: {{ template "helpers.labels.fullname" . }} securityContext: @@ -30,12 +30,11 @@ spec: image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "tekton_dashboard" ) }} imagePullPolicy: {{ $.Values.images.pull.policy | quote }} args: - - --port=8080 + - --port=9097 - --logout-url={{ $.Values.config.args.logout_url }} - --pipelines-namespace={{ $.Release.Namespace }} - --triggers-namespace={{ $.Release.Namespace }} - --read-only={{ $.Values.config.args.read_only }} - - --csrf-secure-cookie={{ $.Values.config.args.csrf_secure_cookie }} - --log-level={{ $.Values.config.args.log_level }} - --log-format={{ $.Values.config.args.log_format }} - --namespace={{ $.Values.config.args.namespace }} @@ -48,20 +47,19 @@ spec: fieldRef: fieldPath: metadata.namespace ports: - - name: web - containerPort: 8080 + - containerPort: 9097 readinessProbe: httpGet: scheme: HTTP path: /readiness - port: 8080 + port: 9097 initialDelaySeconds: 15 periodSeconds: 10 livenessProbe: httpGet: scheme: HTTP path: /health - port: 8080 + port: 9097 initialDelaySeconds: 50 periodSeconds: 20 timeoutSeconds: 5 diff --git a/charts/tekton-dashboard/templates/ingress-dashboard.yaml b/charts/tekton-dashboard/templates/ingress-dashboard.yaml index cf870085..dc6bad37 100644 --- a/charts/tekton-dashboard/templates/ingress-dashboard.yaml +++ b/charts/tekton-dashboard/templates/ingress-dashboard.yaml @@ -1,6 +1,6 @@ {{- define "ingress-dashboard" -}} --- -apiVersion: networking.k8s.io/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ template "helpers.labels.fullname" $ }} @@ -18,10 +18,14 @@ spec: - host: {{ $.Values.params.endpoints.hostname }} http: paths: - - backend: - serviceName: tekton-dashboard - servicePort: web - path: / + - path: / + pathType: Prefix + backend: + service: + name: tekton-dashboard + port: + name: http + {{- if and $.Values.params.endpoints.tls.enabled }} tls: - hosts: @@ -31,5 +35,3 @@ spec: ... {{- end -}} {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "ingress-dashboard" ) }} - - diff --git a/charts/tekton-dashboard/templates/rolebinding_dashboard-dashboard.yaml b/charts/tekton-dashboard/templates/rolebinding_dashboard-dashboard.yaml index 9d14daac..3b619abd 100644 --- a/charts/tekton-dashboard/templates/rolebinding_dashboard-dashboard.yaml +++ b/charts/tekton-dashboard/templates/rolebinding_dashboard-dashboard.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} name: tekton-dashboard-dashboard namespace: {{ $.Release.Namespace }} roleRef: diff --git a/charts/tekton-dashboard/templates/rolebinding_pipelines-dashboard.yaml b/charts/tekton-dashboard/templates/rolebinding_pipelines-dashboard.yaml index 16494ee4..ca399262 100644 --- a/charts/tekton-dashboard/templates/rolebinding_pipelines-dashboard.yaml +++ b/charts/tekton-dashboard/templates/rolebinding_pipelines-dashboard.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} name: tekton-dashboard-pipelines namespace: {{ $.Release.Namespace }} roleRef: diff --git a/charts/tekton-dashboard/templates/rolebinding_triggers-dashboard.yaml b/charts/tekton-dashboard/templates/rolebinding_triggers-dashboard.yaml index 9831bf72..a51b9ab4 100644 --- a/charts/tekton-dashboard/templates/rolebinding_triggers-dashboard.yaml +++ b/charts/tekton-dashboard/templates/rolebinding_triggers-dashboard.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} name: tekton-dashboard-triggers namespace: {{ $.Release.Namespace }} roleRef: diff --git a/charts/tekton-dashboard/templates/service-dashboard.yaml b/charts/tekton-dashboard/templates/service-dashboard.yaml index 1b704f3b..2b7024d8 100644 --- a/charts/tekton-dashboard/templates/service-dashboard.yaml +++ b/charts/tekton-dashboard/templates/service-dashboard.yaml @@ -4,13 +4,14 @@ apiVersion: v1 kind: Service metadata: name: tekton-dashboard - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} spec: - selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "dashboard") | nindent 4 }} + selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} ports: - - name: web + - name: http + port: 9097 protocol: TCP - port: 8080 + targetPort: 9097 ... {{- end -}} {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-deployment" ) }} diff --git a/charts/tekton-dashboard/templates/serviceaccount-dashboard.yaml b/charts/tekton-dashboard/templates/serviceaccount-dashboard.yaml index d63c13c7..b280b34e 100644 --- a/charts/tekton-dashboard/templates/serviceaccount-dashboard.yaml +++ b/charts/tekton-dashboard/templates/serviceaccount-dashboard.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }} name: {{ template "helpers.labels.fullname" . }} namespace: {{ $.Release.Namespace }} ... diff --git a/charts/tekton-dashboard/values.yaml b/charts/tekton-dashboard/values.yaml index 18848514..283df6a8 100644 --- a/charts/tekton-dashboard/values.yaml +++ b/charts/tekton-dashboard/values.yaml @@ -1,7 +1,6 @@ --- config: args: - csrf_secure_cookie: false external-logs: '' log_format: json log_level: info @@ -16,7 +15,7 @@ images: tekton_dashboard: name: tektoncd/dashboard/cmd/dashboard repo: gcr.io/tekton-releases/github.com - tag: v0.12.0 + tag: v0.14.0 pull: policy: IfNotPresent diff --git a/charts/tekton-pipelines/templates/clusterrole-aggregate-edit.yaml b/charts/tekton-pipelines/templates/clusterrole-aggregate-edit.yaml index f106481f..8d33614b 100644 --- a/charts/tekton-pipelines/templates/clusterrole-aggregate-edit.yaml +++ b/charts/tekton-pipelines/templates/clusterrole-aggregate-edit.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: tekton-aggregate-edit - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }} rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: diff --git a/charts/tekton-pipelines/templates/clusterrole-aggregate-view.yaml b/charts/tekton-pipelines/templates/clusterrole-aggregate-view.yaml index 2f5f78c5..f54742ba 100644 --- a/charts/tekton-pipelines/templates/clusterrole-aggregate-view.yaml +++ b/charts/tekton-pipelines/templates/clusterrole-aggregate-view.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: tekton-aggregate-view - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }} rbac.authorization.k8s.io/aggregate-to-view: "true" rules: - apiGroups: - - tekton.dev + - tekton.dev resources: - - tasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - - conditions + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions verbs: - - get - - list - - watch + - get + - list + - watch ... {{- end -}} {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrole-aggregate-view" ) }} diff --git a/charts/tekton-pipelines/templates/clusterrole-controller-cluster-access.yaml b/charts/tekton-pipelines/templates/clusterrole-controller-cluster-access.yaml index 081f6cc1..97f78dd9 100644 --- a/charts/tekton-pipelines/templates/clusterrole-controller-cluster-access.yaml +++ b/charts/tekton-pipelines/templates/clusterrole-controller-cluster-access.yaml @@ -4,7 +4,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-pipelines-controller-cluster-access - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }} rules: - apiGroups: [""] # Namespace access is required because the controller timeout handling logic @@ -16,15 +16,13 @@ rules: # Controller needs cluster access to all of the CRDs that it is responsible for # managing. - apiGroups: ["tekton.dev"] - resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", - "conditions", "runs"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "conditions", "runs"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["tekton.dev"] - resources: ["taskruns/finalizers", "pipelineruns/finalizers"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["tekton.dev"] - resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", - "pipelineruns/status", "pipelineresources/status"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status", "runs/status"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] ... {{- end -}} diff --git a/charts/tekton-pipelines/templates/clusterrole-controller-tenant-access.yaml b/charts/tekton-pipelines/templates/clusterrole-controller-tenant-access.yaml index edaed599..003ba8b2 100644 --- a/charts/tekton-pipelines/templates/clusterrole-controller-tenant-access.yaml +++ b/charts/tekton-pipelines/templates/clusterrole-controller-tenant-access.yaml @@ -5,11 +5,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: # This is the access that the controller needs on a per-namespace basis. name: tekton-pipelines-controller-tenant-access - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }} rules: - apiGroups: [""] - resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps", - "persistentvolumeclaims", "limitranges"] + resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps", "persistentvolumeclaims", "limitranges"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] # Unclear if this access is actually required. Simply a hold-over from the previous # incarnation of the controller's ClusterRole. diff --git a/charts/tekton-pipelines/templates/clusterrole-webhook-cluster-access.yaml b/charts/tekton-pipelines/templates/clusterrole-webhook-cluster-access.yaml index 5a77dbae..dbdbf283 100644 --- a/charts/tekton-pipelines/templates/clusterrole-webhook-cluster-access.yaml +++ b/charts/tekton-pipelines/templates/clusterrole-webhook-cluster-access.yaml @@ -4,7 +4,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-pipelines-webhook-cluster-access - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} rules: - # The webhook needs to be able to list and update customresourcedefinitions, # mainly to update the webhook certificates. diff --git a/charts/tekton-pipelines/templates/clusterrolebinding-controller-cluster-access.yaml b/charts/tekton-pipelines/templates/clusterrolebinding-controller-cluster-access.yaml index 09bedcbc..93c0f593 100644 --- a/charts/tekton-pipelines/templates/clusterrolebinding-controller-cluster-access.yaml +++ b/charts/tekton-pipelines/templates/clusterrolebinding-controller-cluster-access.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tekton-pipelines-controller-cluster-access - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }} subjects: - kind: ServiceAccount name: tekton-pipelines-controller diff --git a/charts/tekton-pipelines/templates/clusterrolebinding-controller-tenant-access.yaml b/charts/tekton-pipelines/templates/clusterrolebinding-controller-tenant-access.yaml index d9c99c8c..5d8ce8c2 100644 --- a/charts/tekton-pipelines/templates/clusterrolebinding-controller-tenant-access.yaml +++ b/charts/tekton-pipelines/templates/clusterrolebinding-controller-tenant-access.yaml @@ -8,7 +8,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tekton-pipelines-controller-tenant-access - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }} subjects: - kind: ServiceAccount name: tekton-pipelines-controller diff --git a/charts/tekton-pipelines/templates/clusterrolebinding-webhook-cluster-access.yaml b/charts/tekton-pipelines/templates/clusterrolebinding-webhook-cluster-access.yaml index 9f3bc592..2b303cca 100644 --- a/charts/tekton-pipelines/templates/clusterrolebinding-webhook-cluster-access.yaml +++ b/charts/tekton-pipelines/templates/clusterrolebinding-webhook-cluster-access.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tekton-pipelines-webhook-cluster-access - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} subjects: - kind: ServiceAccount name: tekton-pipelines-webhook diff --git a/charts/tekton-pipelines/templates/configmap-artifact-bucket.yaml b/charts/tekton-pipelines/templates/configmap-artifact-bucket.yaml index 978c39f4..b203d06a 100644 --- a/charts/tekton-pipelines/templates/configmap-artifact-bucket.yaml +++ b/charts/tekton-pipelines/templates/configmap-artifact-bucket.yaml @@ -5,7 +5,7 @@ kind: ConfigMap metadata: name: config-artifact-bucket namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }} data: {{- if $.Values.controller.conf.artifact_bucket.location }} # location of the gcs bucket to be used for artifact storage diff --git a/charts/tekton-pipelines/templates/configmap-artifact-pvc.yaml b/charts/tekton-pipelines/templates/configmap-artifact-pvc.yaml index 98b1a1a5..04fad8eb 100644 --- a/charts/tekton-pipelines/templates/configmap-artifact-pvc.yaml +++ b/charts/tekton-pipelines/templates/configmap-artifact-pvc.yaml @@ -5,7 +5,7 @@ kind: ConfigMap metadata: name: config-artifact-pvc namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }} data: {{- if $.Values.controller.conf.artifact_pvc.size }} # size of the PVC volume diff --git a/charts/tekton-pipelines/templates/configmap-defaults.yaml b/charts/tekton-pipelines/templates/configmap-defaults.yaml index 85db213e..6ec7490e 100644 --- a/charts/tekton-pipelines/templates/configmap-defaults.yaml +++ b/charts/tekton-pipelines/templates/configmap-defaults.yaml @@ -5,7 +5,7 @@ kind: ConfigMap metadata: name: config-defaults namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }} data: {{- if $.Values.controller.conf.defaults.default_timeout_minutes }} # default-timeout-minutes contains the default number of diff --git a/charts/tekton-pipelines/templates/configmap-feature-flags.yaml b/charts/tekton-pipelines/templates/configmap-feature-flags.yaml index e2f2b5e0..c35f34b3 100644 --- a/charts/tekton-pipelines/templates/configmap-feature-flags.yaml +++ b/charts/tekton-pipelines/templates/configmap-feature-flags.yaml @@ -5,7 +5,7 @@ kind: ConfigMap metadata: name: feature-flags namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }} data: # Setting this flag to "true" will prevent Tekton to create an # Affinity Assistant for every TaskRun sharing a PVC workspace @@ -39,6 +39,21 @@ data: # info. disable-working-directory-overwrite: {{ $.Values.controller.conf.feature_flags.disable_working_directory_overwrite | quote }} + # Setting this flag to "true" will prevent Tekton scanning attached + # service accounts and injecting any credentials it finds into your + # Steps. + # + # The default behaviour currently is for Tekton to search service + # accounts for secrets matching a specified format and automatically + # mount those into your Steps. + # + # Note: setting this to "true" will prevent PipelineResources from + # working. + # + # See https://github.com/tektoncd/pipeline/issues/1836 for more + # info. + disable-creds-init: {{ $.Values.controller.conf.feature_flags.disable_creds_init | quote }} + # This option should be set to false when Pipelines is running in a # cluster that does not use injected sidecars such as Istio. Setting # it to false should decrease the time it takes for a TaskRun to start @@ -47,6 +62,24 @@ data: # # See https://github.com/tektoncd/pipeline/issues/2080 for more info. running-in-environment-with-injected-sidecars: {{ $.Values.controller.conf.feature_flags.running_in_environment_with_injected_sidecars | quote }} + + # Setting this flag to "true" will require that any Git SSH Secret + # offered to Tekton must have known_hosts included. + # + # See https://github.com/tektoncd/pipeline/issues/2981 for more + # info. + require-git-ssh-secret-known-hosts: {{ $.Values.controller.conf.feature_flags.require_git_ssh_secret_known_hosts | quote }} + + # Setting this flag to "true" enables the use of Tekton OCI bundle. + # This is an experimental feature and thus should still be considered + # an alpha feature. + enable-tekton-oci-bundles: {{ $.Values.controller.conf.feature_flags.enable_tekton_oci_bundles | quote }} + + # Setting this flag to "true" enables the use of custom tasks from + # within pipelines. + # This is an experimental feature and thus should still be considered + # an alpha feature. + enable-custom-tasks: {{ $.Values.controller.conf.feature_flags.enable_custom_tasks | quote }} ... {{- end -}} {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "configmap-feature-flags" ) }} diff --git a/charts/tekton-pipelines/templates/configmap-leader-election.yaml b/charts/tekton-pipelines/templates/configmap-leader-election.yaml index 0a07f222..4e999721 100644 --- a/charts/tekton-pipelines/templates/configmap-leader-election.yaml +++ b/charts/tekton-pipelines/templates/configmap-leader-election.yaml @@ -5,7 +5,7 @@ kind: ConfigMap metadata: name: config-leader-election namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }} data: # An inactive but valid configuration follows; see example. resourceLock: {{ $.Values.common_config.leader_election.resourceLock | quote }} diff --git a/charts/tekton-pipelines/templates/configmap-logging.yaml b/charts/tekton-pipelines/templates/configmap-logging.yaml index 44574192..bdf2b3c6 100644 --- a/charts/tekton-pipelines/templates/configmap-logging.yaml +++ b/charts/tekton-pipelines/templates/configmap-logging.yaml @@ -5,7 +5,7 @@ kind: ConfigMap metadata: name: config-logging namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }} data: # Common configuration for all knative codebase zap-logger-config: | diff --git a/charts/tekton-pipelines/templates/configmap-observability.yaml b/charts/tekton-pipelines/templates/configmap-observability.yaml index 9f709766..b11ae3da 100644 --- a/charts/tekton-pipelines/templates/configmap-observability.yaml +++ b/charts/tekton-pipelines/templates/configmap-observability.yaml @@ -5,7 +5,7 @@ kind: ConfigMap metadata: name: config-observability namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }} data: {{- if $.Values.common_config.observability.metrics.backend_destination }} # metrics.backend-destination field specifies the system metrics destination. diff --git a/charts/tekton-pipelines/templates/configmap-registry.yaml b/charts/tekton-pipelines/templates/configmap-registry.yaml new file mode 100644 index 00000000..fc15e220 --- /dev/null +++ b/charts/tekton-pipelines/templates/configmap-registry.yaml @@ -0,0 +1,14 @@ +{{- define "configmap-registry" -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-registry-cert + namespace: {{ $.Release.Namespace }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }} +# data: +# # Registry's self-signed certificate +# cert: | +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "configmap-registry" ) }} diff --git a/charts/tekton-pipelines/templates/crds/customresourcedefinition-clustertasks.yaml b/charts/tekton-pipelines/templates/crds/customresourcedefinition-clustertasks.yaml index e2455713..0cb0ef40 100644 --- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-clustertasks.yaml +++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-clustertasks.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: name: clustertasks.tekton.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: clustertasks app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines @@ -12,53 +11,39 @@ spec: group: tekton.dev preserveUnknownFields: false versions: - - name: v1alpha1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} + - &version + name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - !!merge <<: *version + name: v1beta1 + storage: true names: kind: ClusterTask plural: clustertasks categories: - - tekton - - tekton-pipelines + - tekton + - tekton-pipelines scope: Cluster conversion: strategy: Webhook webhook: - conversionReviewVersions: ["v1beta1","v1alpha1"] + conversionReviewVersions: ["v1beta1"] clientConfig: service: name: tekton-pipelines-webhook diff --git a/charts/tekton-pipelines/templates/crds/customresourcedefinition-conditions.yaml b/charts/tekton-pipelines/templates/crds/customresourcedefinition-conditions.yaml index a761f815..aa0152ba 100644 --- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-conditions.yaml +++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-conditions.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: name: conditions.tekton.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: conditions app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipelines/templates/crds/customresourcedefinition-images-caching.yaml b/charts/tekton-pipelines/templates/crds/customresourcedefinition-images-caching.yaml index f172c418..401c063a 100644 --- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-images-caching.yaml +++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-images-caching.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: name: images.caching.internal.knative.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: images-caching app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineresources.yaml b/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineresources.yaml index bda3d4cc..ba0b9761 100644 --- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineresources.yaml +++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineresources.yaml @@ -4,36 +4,35 @@ kind: CustomResourceDefinition metadata: name: pipelineresources.tekton.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: pipelineresources app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines spec: group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} names: kind: PipelineResource plural: pipelineresources categories: - - tekton - - tekton-pipelines + - tekton + - tekton-pipelines scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} ... diff --git a/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineruns.yaml b/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineruns.yaml index d56e3a93..cfca0fb2 100644 --- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineruns.yaml +++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineruns.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: name: pipelineruns.tekton.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: pipelineruns app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines @@ -12,82 +11,55 @@ spec: group: tekton.dev preserveUnknownFields: false versions: - - name: v1alpha1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime - - name: CompletionTime - type: date - jsonPath: .status.completionTime - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime - - name: CompletionTime - type: date - jsonPath: .status.completionTime + - &version + name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - !!merge <<: *version + name: v1beta1 + storage: true names: kind: PipelineRun plural: pipelineruns categories: - - tekton - - tekton-pipelines + - tekton + - tekton-pipelines shortNames: - - pr - - prs + - pr + - prs scope: Namespaced conversion: strategy: Webhook webhook: - conversionReviewVersions: ["v1beta1","v1alpha1"] + conversionReviewVersions: ["v1beta1"] clientConfig: service: name: tekton-pipelines-webhook diff --git a/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelines.yaml b/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelines.yaml index 5b317d86..dc570821 100644 --- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelines.yaml +++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelines.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: name: pipelines.tekton.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: pipelines app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines @@ -12,53 +11,39 @@ spec: group: tekton.dev preserveUnknownFields: false versions: - - name: v1alpha1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} + - &version + name: v1alpha1 + served: true + storage: false + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + - !!merge <<: *version + name: v1beta1 + storage: true names: kind: Pipeline plural: pipelines categories: - - tekton - - tekton-pipelines + - tekton + - tekton-pipelines scope: Namespaced conversion: strategy: Webhook webhook: - conversionReviewVersions: ["v1beta1","v1alpha1"] + conversionReviewVersions: ["v1beta1"] clientConfig: service: name: tekton-pipelines-webhook diff --git a/charts/tekton-pipelines/templates/crds/customresourcedefinition-runs.yaml b/charts/tekton-pipelines/templates/crds/customresourcedefinition-runs.yaml index a94a7238..f1acbdfb 100644 --- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-runs.yaml +++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-runs.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: name: runs.tekton.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: runs app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines @@ -12,47 +11,42 @@ spec: group: tekton.dev preserveUnknownFields: false versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} names: kind: Run plural: runs categories: - - tekton - - tekton-pipelines + - tekton + - tekton-pipelines scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1beta1","v1alpha1"] - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: {{ $.Release.Namespace }} ... diff --git a/charts/tekton-pipelines/templates/crds/customresourcedefinition-taskruns.yaml b/charts/tekton-pipelines/templates/crds/customresourcedefinition-taskruns.yaml index c0d6e55b..888747bb 100644 --- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-taskruns.yaml +++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-taskruns.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: name: taskruns.tekton.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: taskruns app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines @@ -12,82 +11,55 @@ spec: group: tekton.dev preserveUnknownFields: false versions: - - name: v1alpha1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime - - name: CompletionTime - type: date - jsonPath: .status.completionTime - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime - - name: CompletionTime - type: date - jsonPath: .status.completionTime + - &version + name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - !!merge <<: *version + name: v1beta1 + storage: true names: kind: TaskRun plural: taskruns categories: - - tekton - - tekton-pipelines + - tekton + - tekton-pipelines shortNames: - - tr - - trs + - tr + - trs scope: Namespaced conversion: strategy: Webhook webhook: - conversionReviewVersions: ["v1beta1","v1alpha1"] + conversionReviewVersions: ["v1beta1"] clientConfig: service: name: tekton-pipelines-webhook diff --git a/charts/tekton-pipelines/templates/crds/customresourcedefinition-tasks.yaml b/charts/tekton-pipelines/templates/crds/customresourcedefinition-tasks.yaml index ad6d5ad0..b1127b1c 100644 --- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-tasks.yaml +++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-tasks.yaml @@ -4,7 +4,6 @@ kind: CustomResourceDefinition metadata: name: tasks.tekton.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: tasks app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines @@ -12,55 +11,42 @@ spec: group: tekton.dev preserveUnknownFields: false versions: - - name: v1alpha1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} + - &version + name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - !!merge <<: *version + name: v1beta1 + storage: true names: kind: Task plural: tasks categories: - - tekton - - tekton-pipelines + - tekton + - tekton-pipelines scope: Namespaced conversion: strategy: Webhook webhook: - conversionReviewVersions: ["v1beta1","v1alpha1"] + conversionReviewVersions: ["v1beta1"] clientConfig: service: name: tekton-pipelines-webhook + namespace: tekton-pipelines namespace: {{ $.Release.Namespace }} ... diff --git a/charts/tekton-pipelines/templates/deployment-controller.yaml b/charts/tekton-pipelines/templates/deployment-controller.yaml index 80b2c8f2..0838f253 100644 --- a/charts/tekton-pipelines/templates/deployment-controller.yaml +++ b/charts/tekton-pipelines/templates/deployment-controller.yaml @@ -5,16 +5,16 @@ kind: Deployment metadata: name: tekton-pipelines-controller namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }} spec: replicas: {{ $.Values.controller.pod.replicas }} selector: - matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller") | nindent 6 }} + matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller" ) | nindent 6 }} template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 8 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 8 }} spec: serviceAccountName: tekton-pipelines-controller nodeSelector: {{- include "helpers.pod.node_selector" ( dict "Global" $ "Component" "controller" ) | nindent 8 }} @@ -27,8 +27,6 @@ spec: # by image references by digest. - -kubeconfig-writer-image - {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "kubeconfig_writer_image" ) }} - - -creds-image - - {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "creds_image" ) }} - -git-image - {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "git_image" ) }} - -entrypoint-image @@ -46,17 +44,19 @@ spec: - -shell-image - {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "shell_image" ) }} volumeMounts: - - name: config-logging - mountPath: /etc/config-logging + - name: config-logging + mountPath: /etc/config-logging + - name: config-registry-cert + mountPath: /etc/config-registry-cert env: - name: SYSTEM_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - - # If you are changing these names, you will also need to update + # If you are changing these names, you will also need to update # the controller's Role in 200-role.yaml to include the new # values in the "configmaps" "get" rule. - name: CONFIG_DEFAULTS_NAME + - name: CONFIG_DEFAULTS_NAME value: config-defaults - name: CONFIG_LOGGING_NAME value: config-logging @@ -70,6 +70,10 @@ spec: value: feature-flags - name: CONFIG_LEADERELECTION_NAME value: config-leader-election + - name: SSL_CERT_FILE + value: /etc/config-registry-cert/cert + - name: SSL_CERT_DIR + value: /etc/ssl/certs - name: METRICS_DOMAIN value: {{ $.Values.controller.conf.metrics_domain }} securityContext: @@ -79,10 +83,32 @@ spec: capabilities: drop: - all + ports: + - name: probes + containerPort: {{ $.Values.controller.endpoints.ports.probes.port }} + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 volumes: - name: config-logging configMap: name: config-logging + - name: config-registry-cert + configMap: + name: config-registry-cert ... {{- end -}} {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "deployment-controller" ) }} diff --git a/charts/tekton-pipelines/templates/deployment-webhook.yaml b/charts/tekton-pipelines/templates/deployment-webhook.yaml index 37eac049..8c18dc84 100644 --- a/charts/tekton-pipelines/templates/deployment-webhook.yaml +++ b/charts/tekton-pipelines/templates/deployment-webhook.yaml @@ -8,7 +8,7 @@ metadata: # change the value of WEBHOOK_SERVICE_NAME below. name: tekton-pipelines-webhook namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} spec: replicas: {{ $.Values.webhook.pod.replicas }} selector: @@ -17,8 +17,17 @@ spec: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 8 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 8 }} + app: tekton-pipelines-webhook spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $) | nindent 20 }} + weight: 100 serviceAccountName: tekton-pipelines-webhook nodeSelector: {{- include "helpers.pod.node_selector" ( dict "Global" $ "Component" "webhook" ) | nindent 8 }} containers: @@ -27,15 +36,22 @@ spec: # and substituted here. image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "webhook" ) }} imagePullPolicy: {{ $.Values.images.pull.policy | quote }} + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 100m + memory: 500Mi env: - name: SYSTEM_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - - # If you are changing these names, you will also need to update - # the webhook's Role in 200-role.yaml to include the new - # values in the "configmaps" "get" rule. - name: CONFIG_LOGGING_NAME + # If you are changing these names, you will also need to update + # the webhook's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_LOGGING_NAME value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability @@ -61,6 +77,8 @@ spec: containerPort: {{ $.Values.webhook.endpoints.ports.profiling.targetPort }} - name: https-webhook containerPort: {{ $.Values.webhook.endpoints.ports.https_webhook.targetPort }} + - name: probes + containerPort: {{ $.Values.webhook.endpoints.ports.probes.port }} livenessProbe: tcpSocket: port: {{ $.Values.webhook.pod.probes.liveness.tcpPort }} diff --git a/charts/tekton-pipelines/templates/hpa-webhook.yaml b/charts/tekton-pipelines/templates/hpa-webhook.yaml new file mode 100644 index 00000000..9be5c690 --- /dev/null +++ b/charts/tekton-pipelines/templates/hpa-webhook.yaml @@ -0,0 +1,23 @@ +{{- define "hpa-webhook" -}} +--- +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} +spec: + minReplicas: 1 + maxReplicas: 5 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: tekton-pipelines-webhook + metrics: + - type: Resource + resource: + name: cpu + targetAverageUtilization: 100 +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "hpa-webhook" ) }} diff --git a/charts/tekton-pipelines/templates/mutatingwebhookconfiguration-webhook.yaml b/charts/tekton-pipelines/templates/mutatingwebhookconfiguration-webhook.yaml index a3fc029b..4357a103 100644 --- a/charts/tekton-pipelines/templates/mutatingwebhookconfiguration-webhook.yaml +++ b/charts/tekton-pipelines/templates/mutatingwebhookconfiguration-webhook.yaml @@ -4,10 +4,10 @@ apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: webhook.pipeline.tekton.dev - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} webhooks: - admissionReviewVersions: - - v1beta1 + - v1 clientConfig: service: name: tekton-pipelines-webhook diff --git a/charts/tekton-pipelines/templates/pdb-webhook.yaml b/charts/tekton-pipelines/templates/pdb-webhook.yaml new file mode 100644 index 00000000..113ba5ac --- /dev/null +++ b/charts/tekton-pipelines/templates/pdb-webhook.yaml @@ -0,0 +1,14 @@ +{{- define "pdb-webhook" -}} +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: tekton-pipelines-webhook + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} +spec: + minAvailable: 80% + selector: + matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook" ) | nindent 6 }} +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "pdb-webhook" ) }} diff --git a/charts/tekton-pipelines/templates/podsecuritypolicy-pipelines.yaml b/charts/tekton-pipelines/templates/podsecuritypolicy-pipelines.yaml index 058e0267..2e51a4bd 100644 --- a/charts/tekton-pipelines/templates/podsecuritypolicy-pipelines.yaml +++ b/charts/tekton-pipelines/templates/podsecuritypolicy-pipelines.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: tekton-pipelines - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }} spec: privileged: false allowPrivilegeEscalation: false diff --git a/charts/tekton-pipelines/templates/role-controller.yaml b/charts/tekton-pipelines/templates/role-controller.yaml index 1afb3f30..3adb04dc 100644 --- a/charts/tekton-pipelines/templates/role-controller.yaml +++ b/charts/tekton-pipelines/templates/role-controller.yaml @@ -5,7 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-pipelines-controller namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }} rules: - apiGroups: [""] resources: ["configmaps"] @@ -14,8 +14,7 @@ rules: apiGroups: [""] resources: ["configmaps"] verbs: ["get"] - resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", - "config-artifact-pvc", "feature-flags", "config-leader-election"] + resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", "config-artifact-pvc", "feature-flags", "config-leader-election", "config-registry-cert"] - apiGroups: ["policy"] resources: ["podsecuritypolicies"] resourceNames: ["tekton-pipelines"] diff --git a/charts/tekton-pipelines/templates/clusterrole-leader-election.yaml b/charts/tekton-pipelines/templates/role-leader-election.yaml similarity index 50% rename from charts/tekton-pipelines/templates/clusterrole-leader-election.yaml rename to charts/tekton-pipelines/templates/role-leader-election.yaml index 337b5186..0baa7d8f 100644 --- a/charts/tekton-pipelines/templates/clusterrole-leader-election.yaml +++ b/charts/tekton-pipelines/templates/role-leader-election.yaml @@ -1,15 +1,15 @@ -{{- define "clusterrole-leader-election" -}} +{{- define "role-leader-election" -}} --- -kind: ClusterRole +kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-pipelines-leader-election - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }} rules: -- # We uses leases for leaderelection - apiGroups: ["coordination.k8s.io"] + # We uses leases for leaderelection +- apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] ... {{- end -}} -{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrole-leader-election" ) }} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "role-leader-election" ) }} diff --git a/charts/tekton-pipelines/templates/role-webhook.yaml b/charts/tekton-pipelines/templates/role-webhook.yaml index 22aaf153..7299be54 100644 --- a/charts/tekton-pipelines/templates/role-webhook.yaml +++ b/charts/tekton-pipelines/templates/role-webhook.yaml @@ -5,7 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-pipelines-webhook namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} rules: - apiGroups: [""] resources: ["configmaps"] diff --git a/charts/tekton-pipelines/templates/clusterrolebinding-controller-leader-election.yaml b/charts/tekton-pipelines/templates/rolebinding-controller-leaderelection.yaml similarity index 67% rename from charts/tekton-pipelines/templates/clusterrolebinding-controller-leader-election.yaml rename to charts/tekton-pipelines/templates/rolebinding-controller-leaderelection.yaml index 9213a4b7..b54ec106 100644 --- a/charts/tekton-pipelines/templates/clusterrolebinding-controller-leader-election.yaml +++ b/charts/tekton-pipelines/templates/rolebinding-controller-leaderelection.yaml @@ -1,18 +1,18 @@ -{{- define "clusterrolebinding-controller-leader-election" -}} +{{- define "rolebinding-controller-leaderelection" -}} --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: name: tekton-pipelines-controller-leaderelection - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }} subjects: - kind: ServiceAccount name: tekton-pipelines-controller namespace: {{ $.Release.Namespace }} roleRef: - kind: ClusterRole + kind: Role name: tekton-pipelines-leader-election apiGroup: rbac.authorization.k8s.io ... {{- end -}} -{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrolebinding-controller-leader-election" ) }} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "rolebinding-controller-leaderelection" ) }} diff --git a/charts/tekton-pipelines/templates/rolebinding-controller.yaml b/charts/tekton-pipelines/templates/rolebinding-controller.yaml index 249c09f5..9b5768d0 100644 --- a/charts/tekton-pipelines/templates/rolebinding-controller.yaml +++ b/charts/tekton-pipelines/templates/rolebinding-controller.yaml @@ -5,7 +5,7 @@ kind: RoleBinding metadata: name: tekton-pipelines-controller namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }} subjects: - kind: ServiceAccount name: tekton-pipelines-controller diff --git a/charts/tekton-pipelines/templates/clusterrolebinding-webhook-leader-election.yaml b/charts/tekton-pipelines/templates/rolebinding-webhook-leader-election.yaml similarity index 68% rename from charts/tekton-pipelines/templates/clusterrolebinding-webhook-leader-election.yaml rename to charts/tekton-pipelines/templates/rolebinding-webhook-leader-election.yaml index a8d4c208..f9e8fe4e 100644 --- a/charts/tekton-pipelines/templates/clusterrolebinding-webhook-leader-election.yaml +++ b/charts/tekton-pipelines/templates/rolebinding-webhook-leader-election.yaml @@ -1,18 +1,18 @@ -{{- define "clusterrolebinding-webhook-leader-election" -}} +{{- define "rolebinding-webhook-leader-election" -}} --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: name: tekton-pipelines-webhook-leaderelection - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} subjects: - kind: ServiceAccount name: tekton-pipelines-webhook namespace: {{ $.Release.Namespace }} roleRef: - kind: ClusterRole + kind: Role name: tekton-pipelines-leader-election apiGroup: rbac.authorization.k8s.io ... {{- end -}} -{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrolebinding-webhook-leader-election" ) }} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "rolebinding-webhook-leader-election" ) }} diff --git a/charts/tekton-pipelines/templates/rolebinding-webhook.yaml b/charts/tekton-pipelines/templates/rolebinding-webhook.yaml index c55b6b4a..ef692f6a 100644 --- a/charts/tekton-pipelines/templates/rolebinding-webhook.yaml +++ b/charts/tekton-pipelines/templates/rolebinding-webhook.yaml @@ -5,7 +5,7 @@ kind: RoleBinding metadata: name: tekton-pipelines-webhook namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} subjects: - kind: ServiceAccount name: tekton-pipelines-webhook diff --git a/charts/tekton-pipelines/templates/secret-webhook-certs.yaml b/charts/tekton-pipelines/templates/secret-webhook-certs.yaml index c14009d2..f52f7468 100644 --- a/charts/tekton-pipelines/templates/secret-webhook-certs.yaml +++ b/charts/tekton-pipelines/templates/secret-webhook-certs.yaml @@ -5,7 +5,7 @@ kind: Secret metadata: name: webhook-certs namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} # The data is populated at install time. ... {{- end -}} diff --git a/charts/tekton-pipelines/templates/service-controller.yaml b/charts/tekton-pipelines/templates/service-controller.yaml index c3b762e5..ebf69669 100644 --- a/charts/tekton-pipelines/templates/service-controller.yaml +++ b/charts/tekton-pipelines/templates/service-controller.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }} name: tekton-pipelines-controller namespace: {{ $.Release.Namespace }} spec: @@ -12,7 +12,9 @@ spec: port: {{ $.Values.controller.endpoints.ports.metrics.port }} protocol: {{ $.Values.controller.endpoints.ports.metrics.protocol }} targetPort: {{ $.Values.controller.endpoints.ports.metrics.targetPort }} - selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller") | nindent 4 }} + - name: probes + port: {{ $.Values.controller.endpoints.ports.probes.port }} + selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }} ... {{- end -}} {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-controller" ) }} diff --git a/charts/tekton-pipelines/templates/service-webhook.yaml b/charts/tekton-pipelines/templates/service-webhook.yaml index 7b7b88db..d08ec410 100644 --- a/charts/tekton-pipelines/templates/service-webhook.yaml +++ b/charts/tekton-pipelines/templates/service-webhook.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} name: tekton-pipelines-webhook namespace: {{ $.Release.Namespace }} spec: @@ -18,7 +18,9 @@ spec: - name: https-webhook port: {{ $.Values.webhook.endpoints.ports.https_webhook.port }} targetPort: {{ $.Values.webhook.endpoints.ports.https_webhook.targetPort }} - selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook" ) | nindent 4 }} + - name: probes + port: {{ $.Values.webhook.endpoints.ports.probes.port }} + selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} ... {{- end -}} {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-webhook" ) }} diff --git a/charts/tekton-pipelines/templates/serviceaccount-controller.yaml b/charts/tekton-pipelines/templates/serviceaccount-controller.yaml index 78cb4037..61f7b4b8 100644 --- a/charts/tekton-pipelines/templates/serviceaccount-controller.yaml +++ b/charts/tekton-pipelines/templates/serviceaccount-controller.yaml @@ -5,7 +5,7 @@ kind: ServiceAccount metadata: name: tekton-pipelines-controller namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }} ... {{- end -}} {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "serviceaccount-controller" ) }} diff --git a/charts/tekton-pipelines/templates/serviceaccount-webhook.yaml b/charts/tekton-pipelines/templates/serviceaccount-webhook.yaml index 4324a9d6..cec60a7a 100644 --- a/charts/tekton-pipelines/templates/serviceaccount-webhook.yaml +++ b/charts/tekton-pipelines/templates/serviceaccount-webhook.yaml @@ -5,7 +5,7 @@ kind: ServiceAccount metadata: name: tekton-pipelines-webhook namespace: {{ $.Release.Namespace }} - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} ... {{- end -}} {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "serviceaccount-webhook" ) }} diff --git a/charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-config.yaml b/charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-config.yaml index ed6f2ee3..60d708f3 100644 --- a/charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-config.yaml +++ b/charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-config.yaml @@ -4,10 +4,10 @@ apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: config.webhook.pipeline.tekton.dev - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} webhooks: - admissionReviewVersions: - - v1beta1 + - v1 clientConfig: service: name: tekton-pipelines-webhook diff --git a/charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-validation.yaml b/charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-validation.yaml index 072bf585..b00a0f1e 100644 --- a/charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-validation.yaml +++ b/charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-validation.yaml @@ -4,10 +4,10 @@ apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.pipeline.tekton.dev - labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }} webhooks: - admissionReviewVersions: - - v1beta1 + - v1 clientConfig: service: name: tekton-pipelines-webhook diff --git a/charts/tekton-pipelines/values.yaml b/charts/tekton-pipelines/values.yaml index 8ce26a70..252b2f01 100644 --- a/charts/tekton-pipelines/values.yaml +++ b/charts/tekton-pipelines/values.yaml @@ -1,41 +1,35 @@ -# Default values file for Tekton-Pipelines ---- images: applications: controller: - tag: v0.19.0 + tag: v0.21.0 name: tektoncd/pipeline/cmd/controller repo: gcr.io/tekton-releases/github.com kubeconfig_writer_image: - tag: v0.19.0 + tag: v0.21.0 name: tektoncd/pipeline/cmd/kubeconfigwriter repo: gcr.io/tekton-releases/github.com - creds_image: - tag: v0.19.0 - name: tektoncd/pipeline/cmd/creds-init - repo: gcr.io/tekton-releases/github.com git_image: - tag: v0.19.0 + tag: v0.21.0 name: tektoncd/pipeline/cmd/git-init repo: gcr.io/tekton-releases/github.com entrypoint_image: - tag: v0.19.0 + tag: v0.21.0 name: tektoncd/pipeline/cmd/entrypoint repo: gcr.io/tekton-releases/github.com nop_image: - tag: v0.19.0 + tag: v0.21.0 name: tektoncd/pipeline/cmd/nop repo: gcr.io/tekton-releases/github.com imagedigest_exporter_image: - tag: v0.19.0 + tag: v0.21.0 name: tektoncd/pipeline/cmd/imagedigestexporter repo: gcr.io/tekton-releases/github.com pr_image: - tag: v0.19.0 + tag: v0.21.0 name: pipeline/cmd/pullrequest-init repo: gcr.io/tekton-releases/github.com build_gcs_fetcher_image: - tag: v0.19.0 + tag: v0.21.0 name: tektoncd/pipeline/vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher repo: gcr.io/tekton-releases/github.com gsutil_image: @@ -50,7 +44,7 @@ images: name: base@sha256 repo: gcr.io/distroless webhook: - tag: v0.19.0 + tag: v0.21.0 name: tektoncd/pipeline/cmd/webhook repo: gcr.io/tekton-releases/github.com pull: @@ -71,6 +65,8 @@ controller: port: 9090 protocol: TCP targetPort: 9090 + probes: + port: 8080 pod: replicas: 1 @@ -102,6 +98,10 @@ controller: disable_home_env_overwrite: "false" disable_working_directory_overwrite: "false" running_in_environment_with_injected_sidecars: "true" + disable_creds_init: "false" + require_git_ssh_secret_known_hosts: "false" + enable_tekton_oci_bundles: "false" + enable_custom_tasks: "false" webhook: endpoints: @@ -115,6 +115,8 @@ webhook: https_webhook: port: 443 targetPort: 8443 + probes: + port: 8080 pod: probes: diff --git a/charts/tekton-triggers/crds/crd_clustertriggerbinding-triggers.yaml b/charts/tekton-triggers/crds/crd_clustertriggerbinding-triggers.yaml index f7d2cee0..b5cd981b 100644 --- a/charts/tekton-triggers/crds/crd_clustertriggerbinding-triggers.yaml +++ b/charts/tekton-triggers/crds/crd_clustertriggerbinding-triggers.yaml @@ -4,11 +4,11 @@ kind: CustomResourceDefinition metadata: name: clustertriggerbindings.triggers.tekton.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: clustertriggerbindings app.kubernetes.io/part-of: tekton-triggers spec: group: triggers.tekton.dev + scope: Cluster names: kind: ClusterTriggerBinding plural: clustertriggerbindings @@ -18,16 +18,21 @@ spec: categories: - tekton - tekton-triggers - preserveUnknownFields: false - scope: Cluster versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + subresources: + status: {} ... diff --git a/charts/tekton-triggers/crds/crd_eventlistener-triggers.yaml b/charts/tekton-triggers/crds/crd_eventlistener-triggers.yaml index 1e4d57da..5f9dd5f8 100644 --- a/charts/tekton-triggers/crds/crd_eventlistener-triggers.yaml +++ b/charts/tekton-triggers/crds/crd_eventlistener-triggers.yaml @@ -4,11 +4,11 @@ kind: CustomResourceDefinition metadata: name: eventlisteners.triggers.tekton.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: eventlisteners app.kubernetes.io/part-of: tekton-triggers spec: group: triggers.tekton.dev + scope: Namespaced names: kind: EventListener plural: eventlisteners @@ -18,26 +18,39 @@ spec: categories: - tekton - tekton-triggers - preserveUnknownFields: false - scope: Namespaced versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Address - type: string - jsonPath: .status.address.url - - name: Available - type: string - jsonPath: ".status.conditions[?(@.type=='Available')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Available')].reason" - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + additionalPrinterColumns: + - name: Address + type: string + jsonPath: .status.address.url + - name: Available + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Available')].reason" + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" ... diff --git a/charts/tekton-triggers/crds/crd_trigger-triggers.yaml b/charts/tekton-triggers/crds/crd_trigger-triggers.yaml index 0bcf10dc..0d3f37e6 100644 --- a/charts/tekton-triggers/crds/crd_trigger-triggers.yaml +++ b/charts/tekton-triggers/crds/crd_trigger-triggers.yaml @@ -4,11 +4,11 @@ kind: CustomResourceDefinition metadata: name: triggers.triggers.tekton.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: triggers app.kubernetes.io/part-of: tekton-triggers spec: group: triggers.tekton.dev + scope: Namespaced names: kind: Trigger plural: triggers @@ -18,16 +18,23 @@ spec: categories: - tekton - tekton-triggers - preserveUnknownFields: false - scope: Namespaced versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} ... diff --git a/charts/tekton-triggers/crds/crd_triggerbinding-triggers.yaml b/charts/tekton-triggers/crds/crd_triggerbinding-triggers.yaml index 37308b15..6b058071 100644 --- a/charts/tekton-triggers/crds/crd_triggerbinding-triggers.yaml +++ b/charts/tekton-triggers/crds/crd_triggerbinding-triggers.yaml @@ -4,11 +4,11 @@ kind: CustomResourceDefinition metadata: name: triggerbindings.triggers.tekton.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: triggerbindings app.kubernetes.io/part-of: tekton-triggers spec: group: triggers.tekton.dev + scope: Namespaced names: kind: TriggerBinding plural: triggerbindings @@ -18,16 +18,23 @@ spec: categories: - tekton - tekton-triggers - preserveUnknownFields: false - scope: Namespaced versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} ... diff --git a/charts/tekton-triggers/crds/crd_triggertemplate-triggers.yaml b/charts/tekton-triggers/crds/crd_triggertemplate-triggers.yaml index 24262eef..719726cd 100644 --- a/charts/tekton-triggers/crds/crd_triggertemplate-triggers.yaml +++ b/charts/tekton-triggers/crds/crd_triggertemplate-triggers.yaml @@ -4,11 +4,11 @@ kind: CustomResourceDefinition metadata: name: triggertemplates.triggers.tekton.dev labels: - app.kubernetes.io/component: tekton app.kubernetes.io/name: triggertemplates app.kubernetes.io/part-of: tekton-triggers spec: group: triggers.tekton.dev + scope: Namespaced names: kind: TriggerTemplate plural: triggertemplates @@ -18,16 +18,23 @@ spec: categories: - tekton - tekton-triggers - preserveUnknownFields: false - scope: Namespaced versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} ... diff --git a/charts/tekton-triggers/templates/clusterrole-admin.yaml b/charts/tekton-triggers/templates/clusterrole-admin.yaml index 7fe1fc5f..110d6b06 100644 --- a/charts/tekton-triggers/templates/clusterrole-admin.yaml +++ b/charts/tekton-triggers/templates/clusterrole-admin.yaml @@ -3,7 +3,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} name: tekton-triggers-admin rules: - apiGroups: @@ -91,6 +91,21 @@ rules: - delete - patch - watch + - apiGroups: + - serving.knative.dev + resources: + - "*" + - "*/status" + - "*/finalizers" + verbs: + - get + - list + - create + - update + - delete + - deletecollection + - patch + - watch ... {{- end -}} {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrole-admin" ) }} diff --git a/charts/tekton-triggers/templates/clusterrole-aggregate_edit.yaml b/charts/tekton-triggers/templates/clusterrole-aggregate_edit.yaml index 107905bc..3f6ece2d 100644 --- a/charts/tekton-triggers/templates/clusterrole-aggregate_edit.yaml +++ b/charts/tekton-triggers/templates/clusterrole-aggregate_edit.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: tekton-triggers-aggregate-edit - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: diff --git a/charts/tekton-triggers/templates/clusterrole-aggregate_view.yaml b/charts/tekton-triggers/templates/clusterrole-aggregate_view.yaml index f6cab3ca..56f45b80 100644 --- a/charts/tekton-triggers/templates/clusterrole-aggregate_view.yaml +++ b/charts/tekton-triggers/templates/clusterrole-aggregate_view.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: tekton-triggers-aggregate-view - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} rbac.authorization.k8s.io/aggregate-to-view: "true" rules: - apiGroups: diff --git a/charts/tekton-triggers/templates/clusterrole-core_interceptors.yaml b/charts/tekton-triggers/templates/clusterrole-core_interceptors.yaml new file mode 100644 index 00000000..d4289a13 --- /dev/null +++ b/charts/tekton-triggers/templates/clusterrole-core_interceptors.yaml @@ -0,0 +1,19 @@ +{{- define "clusterrole-core_interceptors" -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-triggers-core-interceptors + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} +rules: + - apiGroups: + - "*" + resources: + - secrets + verbs: + - get + - list + - watch +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrole-core_interceptors" ) }} diff --git a/charts/tekton-triggers/templates/clusterrolebinding-controller_admin.yaml b/charts/tekton-triggers/templates/clusterrolebinding-controller_admin.yaml index 0e6ca263..46881eb6 100644 --- a/charts/tekton-triggers/templates/clusterrolebinding-controller_admin.yaml +++ b/charts/tekton-triggers/templates/clusterrolebinding-controller_admin.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} name: tekton-triggers-controller-admin roleRef: kind: ClusterRole diff --git a/charts/tekton-triggers/templates/clusterrolebinding-core_interceptors.yaml b/charts/tekton-triggers/templates/clusterrolebinding-core_interceptors.yaml new file mode 100644 index 00000000..7e9d7fc0 --- /dev/null +++ b/charts/tekton-triggers/templates/clusterrolebinding-core_interceptors.yaml @@ -0,0 +1,18 @@ +{{- define "clusterrolebinding-core_interceptors" -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} + name: tekton-triggers-core-interceptors +roleRef: + kind: ClusterRole + name: tekton-triggers-core-interceptors + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: tekton-triggers-core-interceptors + namespace: {{ $.Release.Namespace }} +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrolebinding-core_interceptors" ) }} diff --git a/charts/tekton-triggers/templates/clusterrolebinding-webhook_admin.yaml b/charts/tekton-triggers/templates/clusterrolebinding-webhook_admin.yaml index f39c0dcc..7e4ff758 100644 --- a/charts/tekton-triggers/templates/clusterrolebinding-webhook_admin.yaml +++ b/charts/tekton-triggers/templates/clusterrolebinding-webhook_admin.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} name: tekton-triggers-webhook-admin roleRef: kind: ClusterRole diff --git a/charts/tekton-triggers/templates/config-logging.yaml b/charts/tekton-triggers/templates/config-logging.yaml index b8be5048..78c9a3b1 100644 --- a/charts/tekton-triggers/templates/config-logging.yaml +++ b/charts/tekton-triggers/templates/config-logging.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-logging-triggers + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} data: zap-logger-config: | {{ $.Values.config.zap_logger_config | toJson }} diff --git a/charts/tekton-triggers/templates/config-observability.yaml b/charts/tekton-triggers/templates/config-observability.yaml index 4f80027a..2517f235 100644 --- a/charts/tekton-triggers/templates/config-observability.yaml +++ b/charts/tekton-triggers/templates/config-observability.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: config-observability-triggers + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} data: {{- $.Values.configobservability | toYaml | nindent 2 }} {{- end -}} diff --git a/charts/tekton-triggers/templates/deployment-controller.yaml b/charts/tekton-triggers/templates/deployment-controller.yaml index a32d954a..974a75e3 100644 --- a/charts/tekton-triggers/templates/deployment-controller.yaml +++ b/charts/tekton-triggers/templates/deployment-controller.yaml @@ -4,7 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: tekton-triggers-controller - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-triggers") | nindent 4 }} spec: replicas: 1 selector: @@ -17,7 +17,8 @@ spec: maxSurge: 3 template: metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 8 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-triggers") | nindent 8 }} + app: tekton-triggers-controller annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" spec: @@ -36,6 +37,14 @@ spec: - {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "tekton_eventlistener" ) }} - -el-port - {{ $.Values.config.controller.el_port | quote }} + - -el-readtimeout + - {{ $.Values.config.controller.el_readtimeout | quote }} + - -el-writetimeout + - {{ $.Values.config.controller.el_writetimeout | quote }} + - -el-idletimeout + - {{ $.Values.config.controller.el_idletimeout | quote }} + - -el-timeouthandler + - {{ $.Values.config.controller.el_timeouthandler | quote }} - -period-seconds - {{ $.Values.config.controller.period_seconds | quote }} - -failure-threshold diff --git a/charts/tekton-triggers/templates/deployment-core_interceptors.yaml b/charts/tekton-triggers/templates/deployment-core_interceptors.yaml new file mode 100644 index 00000000..5b50ca72 --- /dev/null +++ b/charts/tekton-triggers/templates/deployment-core_interceptors.yaml @@ -0,0 +1,55 @@ +{{- define "deployment-core_interceptors" -}} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-triggers-core-interceptors + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "interceptors" "PartOf" "tekton-triggers") | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $) | nindent 6 }} + revisionHistoryLimit: 3 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 3 + template: + metadata: + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "interceptors" "PartOf" "tekton-triggers") | nindent 8 }} + app: tekton-triggers-core-interceptors + spec: + serviceAccountName: tekton-triggers-core-interceptors + nodeSelector: {{- include "helpers.pod.node_selector" ( dict "Global" $ "Application" "tekton_interceptor" ) | nindent 8 }} + terminationGracePeriodSeconds: 30 + containers: + - name: tekton-triggers-core-interceptors + image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "tekton_interceptors" ) }} + imagePullPolicy: {{ $.Values.images.pull.policy | quote }} + args: + - -logtostderr + - -stderrthreshold + - {{ $.Values.config.controller.stderrthreshold | quote }} + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging-triggers + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability-triggers + - name: METRICS_DOMAIN + value: tekton.dev/triggers + securityContext: + allowPrivilegeEscalation: false + runAsUser: 65532 + runAsGroup: 65532 + capabilities: + drop: + - all + volumes: [] +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "deployment-core_interceptors" ) }} diff --git a/charts/tekton-triggers/templates/deployment-webhook.yaml b/charts/tekton-triggers/templates/deployment-webhook.yaml index 439f8b26..293eaade 100644 --- a/charts/tekton-triggers/templates/deployment-webhook.yaml +++ b/charts/tekton-triggers/templates/deployment-webhook.yaml @@ -4,7 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: tekton-triggers-webhook - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }} spec: replicas: 1 selector: @@ -17,7 +17,8 @@ spec: maxSurge: 3 template: metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 8 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 8 }} + app: tekton-triggers-webhook annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" spec: @@ -43,7 +44,7 @@ spec: value: tekton.dev/triggers ports: - name: metrics - containerPort: {{ $.Values.params.endpoints.ports.metrics.port }} + containerPort: {{ $.Values.params.endpoints.ports.metrics.target }} - name: profiling containerPort: {{ $.Values.params.endpoints.ports.profiling.port }} - name: https-webhook diff --git a/charts/tekton-triggers/templates/mutatingwebhookconfig-webhook.yaml b/charts/tekton-triggers/templates/mutatingwebhookconfig-webhook.yaml index fccb86d4..85d472ed 100644 --- a/charts/tekton-triggers/templates/mutatingwebhookconfig-webhook.yaml +++ b/charts/tekton-triggers/templates/mutatingwebhookconfig-webhook.yaml @@ -4,9 +4,11 @@ apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: webhook.triggers.tekton.dev + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }} webhooks: - admissionReviewVersions: - v1beta1 + - v1 clientConfig: service: name: tekton-triggers-webhook diff --git a/charts/tekton-triggers/templates/psp-triggers.yaml b/charts/tekton-triggers/templates/psp-triggers.yaml index 62be6866..2df958b8 100644 --- a/charts/tekton-triggers/templates/psp-triggers.yaml +++ b/charts/tekton-triggers/templates/psp-triggers.yaml @@ -4,9 +4,7 @@ apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: tekton-triggers - labels: - app.kubernetes.io/instance: tekton-triggers - app.kubernetes.io/part-of: tekton-triggers + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} spec: privileged: false allowPrivilegeEscalation: false diff --git a/charts/tekton-triggers/templates/role-core_interceptors.yaml b/charts/tekton-triggers/templates/role-core_interceptors.yaml new file mode 100644 index 00000000..d1314d35 --- /dev/null +++ b/charts/tekton-triggers/templates/role-core_interceptors.yaml @@ -0,0 +1,27 @@ +{{- define "role-core_interceptors" -}} +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} + name: tekton-triggers-core-interceptors + namespace: {{ $.Release.Namespace }} +rules: + - apiGroups: + - policy + resources: + - podsecuritypolicies + resourceNames: + - tekton-triggers + verbs: + - use + - apiGroups: + - "*" + resources: + - configmaps + verbs: + - get + - list + - watch +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "role-core_interceptors" ) }} diff --git a/charts/tekton-triggers/templates/role-admin.yaml b/charts/tekton-triggers/templates/role-triggers_admin.yaml similarity index 74% rename from charts/tekton-triggers/templates/role-admin.yaml rename to charts/tekton-triggers/templates/role-triggers_admin.yaml index 447e1aa0..df827550 100644 --- a/charts/tekton-triggers/templates/role-admin.yaml +++ b/charts/tekton-triggers/templates/role-triggers_admin.yaml @@ -1,9 +1,9 @@ -{{- define "role_admin-triggers" -}} +{{- define "role-triggers_admin" -}} --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} name: tekton-triggers-admin namespace: {{ $.Release.Namespace }} rules: @@ -16,4 +16,4 @@ rules: verbs: - use {{- end -}} -{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "role_admin-triggers" ) }} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "role-triggers_admin" ) }} diff --git a/charts/tekton-triggers/templates/role-webhook_admin.yaml b/charts/tekton-triggers/templates/role-webhook_admin.yaml index 1c353f22..fc715ac6 100644 --- a/charts/tekton-triggers/templates/role-webhook_admin.yaml +++ b/charts/tekton-triggers/templates/role-webhook_admin.yaml @@ -3,7 +3,7 @@ kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} name: tekton-triggers-admin-webhook namespace: {{ $.Release.Namespace }} rules: diff --git a/charts/tekton-triggers/templates/rolebinding-controller_admin.yaml b/charts/tekton-triggers/templates/rolebinding-controller_admin.yaml index 177be572..e2911bee 100644 --- a/charts/tekton-triggers/templates/rolebinding-controller_admin.yaml +++ b/charts/tekton-triggers/templates/rolebinding-controller_admin.yaml @@ -1,14 +1,11 @@ {{- define "rolebinding-controller_admin" -}} - --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tekton-triggers-controller-admin namespace: {{ $.Release.Namespace }} - labels: - app.kubernetes.io/instance: tekton-triggers - app.kubernetes.io/part-of: tekton-triggers + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} subjects: - kind: ServiceAccount name: tekton-triggers-controller diff --git a/charts/tekton-triggers/templates/rolebinding-core_interceptors.yaml b/charts/tekton-triggers/templates/rolebinding-core_interceptors.yaml new file mode 100644 index 00000000..1b62b491 --- /dev/null +++ b/charts/tekton-triggers/templates/rolebinding-core_interceptors.yaml @@ -0,0 +1,18 @@ +{{- define "rolebinding-core_interceptors" -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-triggers-core-interceptors + namespace: {{ $.Release.Namespace }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} +subjects: + - kind: ServiceAccount + name: tekton-triggers-core-interceptors + namespace: {{ $.Release.Namespace }} +roleRef: + kind: Role + name: tekton-triggers-core-interceptors + apiGroup: rbac.authorization.k8s.io +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "rolebinding-core_interceptors" ) }} diff --git a/charts/tekton-triggers/templates/rolebinding-webhook_admin.yaml b/charts/tekton-triggers/templates/rolebinding-webhook_admin.yaml index 8ecc6f48..1368413b 100644 --- a/charts/tekton-triggers/templates/rolebinding-webhook_admin.yaml +++ b/charts/tekton-triggers/templates/rolebinding-webhook_admin.yaml @@ -5,9 +5,7 @@ kind: RoleBinding metadata: name: tekton-triggers-webhook-admin namespace: {{ $.Release.Namespace }} - labels: - app.kubernetes.io/instance: tekton-triggers - app.kubernetes.io/part-of: tekton-triggers + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} subjects: - kind: ServiceAccount name: tekton-triggers-webhook diff --git a/charts/tekton-triggers/templates/secret-triggers.yaml b/charts/tekton-triggers/templates/secret-triggers.yaml index a9af21dc..4aef28b1 100644 --- a/charts/tekton-triggers/templates/secret-triggers.yaml +++ b/charts/tekton-triggers/templates/secret-triggers.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Secret metadata: name: triggers-webhook-certs + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }} ... {{- end -}} {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "secret-triggers" ) }} diff --git a/charts/tekton-triggers/templates/service-controller.yaml b/charts/tekton-triggers/templates/service-controller.yaml index c738cc2c..ef9695c0 100644 --- a/charts/tekton-triggers/templates/service-controller.yaml +++ b/charts/tekton-triggers/templates/service-controller.yaml @@ -4,14 +4,14 @@ apiVersion: v1 kind: Service metadata: name: tekton-triggers-controller - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-triggers") | nindent 4 }} spec: - selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller") | nindent 4 }} + selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-triggers") | nindent 4 }} ports: - name: http-metrics protocol: TCP port: {{ $.Values.params.endpoints.ports.metrics.port }} - targetPort: {{ $.Values.params.endpoints.ports.metrics.port }} + targetPort: {{ $.Values.params.endpoints.ports.metrics.target }} ... {{- end -}} {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-controller" ) }} diff --git a/charts/tekton-triggers/templates/service-core_interceptors.yaml b/charts/tekton-triggers/templates/service-core_interceptors.yaml new file mode 100644 index 00000000..c682390b --- /dev/null +++ b/charts/tekton-triggers/templates/service-core_interceptors.yaml @@ -0,0 +1,16 @@ +{{- define "service-core_interceptors" -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: tekton-triggers-core-interceptors + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "interceptors" "PartOf" "tekton-triggers") | nindent 4 }} +spec: + selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "interceptors" "PartOf" "tekton-triggers") | nindent 4 }} + ports: + - name: http + port: {{ $.Values.params.endpoints.ports.interceptors.port }} + targetPort: {{ $.Values.params.endpoints.ports.interceptors.target }} +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-core_interceptors" ) }} diff --git a/charts/tekton-triggers/templates/service-webhook.yaml b/charts/tekton-triggers/templates/service-webhook.yaml index fd9389d0..1f694144 100644 --- a/charts/tekton-triggers/templates/service-webhook.yaml +++ b/charts/tekton-triggers/templates/service-webhook.yaml @@ -4,9 +4,9 @@ apiVersion: v1 kind: Service metadata: name: tekton-triggers-webhook - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }} spec: - selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook")| nindent 4 }} + selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers")| nindent 4 }} ports: - name: https-webhook protocol: TCP diff --git a/charts/tekton-triggers/templates/serviceaccount-controller.yaml b/charts/tekton-triggers/templates/serviceaccount-controller.yaml index 23cb01d0..b1a2f3d0 100644 --- a/charts/tekton-triggers/templates/serviceaccount-controller.yaml +++ b/charts/tekton-triggers/templates/serviceaccount-controller.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} name: tekton-triggers-controller namespace: {{ $.Release.Namespace }} ... diff --git a/charts/tekton-triggers/templates/serviceaccount-core_interceptors.yaml b/charts/tekton-triggers/templates/serviceaccount-core_interceptors.yaml new file mode 100644 index 00000000..d9a2d2e5 --- /dev/null +++ b/charts/tekton-triggers/templates/serviceaccount-core_interceptors.yaml @@ -0,0 +1,11 @@ +{{- define "serviceaccount-core_interceptors" -}} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} + name: tekton-triggers-core-interceptors + namespace: {{ $.Release.Namespace }} +... +{{- end -}} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "serviceaccount-core_interceptors" ) }} diff --git a/charts/tekton-triggers/templates/serviceaccount-webhook.yaml b/charts/tekton-triggers/templates/serviceaccount-webhook.yaml index fef9474f..ffe71566 100644 --- a/charts/tekton-triggers/templates/serviceaccount-webhook.yaml +++ b/charts/tekton-triggers/templates/serviceaccount-webhook.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }} + labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }} name: tekton-triggers-webhook namespace: {{ $.Release.Namespace }} ... diff --git a/charts/tekton-triggers/templates/config-validation.yaml b/charts/tekton-triggers/templates/validatingwebhookconfig-config.yaml similarity index 71% rename from charts/tekton-triggers/templates/config-validation.yaml rename to charts/tekton-triggers/templates/validatingwebhookconfig-config.yaml index d25893ae..c7ef7bc9 100644 --- a/charts/tekton-triggers/templates/config-validation.yaml +++ b/charts/tekton-triggers/templates/validatingwebhookconfig-config.yaml @@ -1,12 +1,14 @@ -{{- define "config-validation" -}} +{{- define "validatingwebhookconfig-config" -}} --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: config.webhook.triggers.tekton.dev + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }} webhooks: - admissionReviewVersions: - v1beta1 + - v1 clientConfig: service: name: tekton-triggers-webhook @@ -20,4 +22,4 @@ webhooks: operator: Exists ... {{- end -}} -{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "config-validation" ) }} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "validatingwebhookconfig-config" ) }} diff --git a/charts/tekton-triggers/templates/validatingwebhookconfig-webhook.yaml b/charts/tekton-triggers/templates/validatingwebhookconfig-validation.yaml similarity index 57% rename from charts/tekton-triggers/templates/validatingwebhookconfig-webhook.yaml rename to charts/tekton-triggers/templates/validatingwebhookconfig-validation.yaml index 9afca960..2a95130e 100644 --- a/charts/tekton-triggers/templates/validatingwebhookconfig-webhook.yaml +++ b/charts/tekton-triggers/templates/validatingwebhookconfig-validation.yaml @@ -1,12 +1,14 @@ -{{- define "validatingwebhookconfig-webhook" -}} +{{- define "validatingwebhookconfig-validation" -}} --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.triggers.tekton.dev + labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }} webhooks: - admissionReviewVersions: - v1beta1 + - v1 clientConfig: service: name: tekton-triggers-webhook @@ -14,6 +16,10 @@ webhooks: failurePolicy: Fail sideEffects: None name: validation.webhook.triggers.tekton.dev + namespaceSelector: + matchExpressions: + - key: triggers.tekton.dev/release + operator: Exists ... {{- end -}} -{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "validatingwebhookconfig-webhook" ) }} +{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "validatingwebhookconfig-validation" ) }} diff --git a/charts/tekton-triggers/values.yaml b/charts/tekton-triggers/values.yaml index 645e74f6..118e3aaf 100644 --- a/charts/tekton-triggers/values.yaml +++ b/charts/tekton-triggers/values.yaml @@ -1,10 +1,14 @@ --- config: controller: - period_seconds: 10 - failure_threshold: 1 - stderrthreshold: INFO el_port: 8080 + el_readtimeout: 5 + el_writetimeout: 40 + el_idletimeout: 120 + el_timeouthandler: 30 + failure_threshold: 1 + period_seconds: 10 + stderrthreshold: INFO loglevel: controller: info eventlistener: info @@ -23,8 +27,8 @@ config: messageKey: msg nameKey: logger stacktraceKey: stacktrace - timeEncoder: '' - timeKey: '' + timeEncoder: iso8601 + timeKey: ts encoding: json errorOutputPaths: - stderr @@ -40,6 +44,7 @@ params: ports: metrics: port: 9090 + target: 9090 scheme: http profiling: port: 8008 @@ -48,21 +53,32 @@ params: port: 443 target: 8443 scheme: https + interceptors: + port: 80 + target: 8082 images: applications: tekton_controller: name: tektoncd/triggers/cmd/controller repo: gcr.io/tekton-releases/github.com - tag: v0.10.2 + tag: v0.12.0 tekton_eventlistener: name: tektoncd/triggers/cmd/eventlistenersink repo: gcr.io/tekton-releases/github.com - tag: v0.10.2 + tag: v0.12.0 tekton_webhook: name: tektoncd/triggers/cmd/webhook repo: gcr.io/tekton-releases/github.com - tag: v0.10.2 + tag: v0.12.0 + tekton_interceptors: + name: tektoncd/triggers/cmd/interceptors + repo: gcr.io/tekton-releases/github.com + tag: v0.12.0 + tekton_eventlistenersink: + name: tektoncd/triggers/cmd/eventlistenersink + repo: gcr.io/tekton-releases/github.com + tag: v0.12.0 pull: policy: IfNotPresent