Merge "chore(img): updates tekton images"

2021-04-22 20:21:15 +00:00 · 2021-04-22 20:21:15 +00:00 · cf3cfb2f50
commit cf3cfb2f50
parent 1a9d7a56ae 2f2458c252
99 changed files with 863 additions and 592 deletions
--- a/charts/tekton-dashboard/crds/crd_extension-dashboard.yaml
+++ b/charts/tekton-dashboard/crds/crd_extension-dashboard.yaml
@ -4,44 +4,44 @@ kind: CustomResourceDefinition
 metadata:
  name: extensions.dashboard.tekton.dev
  labels:
-    app.kubernetes.io/component: tekton
+    app.kubernetes.io/component: dashboard
    app.kubernetes.io/name: extensions
    app.kubernetes.io/part-of: tekton-dashboard
 spec:
  group: dashboard.tekton.dev
  names:
    categories:
-    - tekton
+      - tekton
-    - tekton-dashboard
+      - tekton-dashboard
    kind: Extension
    plural: extensions
    singular: extension
    plural: extensions
    shortNames:
-    - ext
+      - ext
-    - exts
+      - exts
  preserveUnknownFields: false
  scope: Namespaced
  versions:
-  - name: v1alpha1
+    - additionalPrinterColumns:
-    served: true
+        - jsonPath: .spec.apiVersion
-    storage: true
+          name: API version
-    additionalPrinterColumns:
+          type: string
-    - jsonPath: .spec.apiVersion
+        - jsonPath: .spec.name
-      name: API version
+          name: Kind
-      type: string
+          type: string
-    - jsonPath: .spec.name
+        - jsonPath: .spec.displayname
-      name: Kind
+          name: Display name
-      type: string
+          type: string
-    - jsonPath: .spec.displayname
+        - jsonPath: .metadata.creationTimestamp
-      name: Display name
+          name: Age
-      type: string
+          type: date
-    - jsonPath: .metadata.creationTimestamp
+      name: v1alpha1
-      name: Age
+      schema:
-      type: date
+        openAPIV3Schema:
-    schema:
+          type: object
-      openAPIV3Schema:
+          x-kubernetes-preserve-unknown-fields: true
-        type: object
+      served: true
-        x-kubernetes-preserve-unknown-fields: true
+      storage: true
-    subresources:
+      subresources:
-      status: {}
+        status: {}
 ...
--- a/charts/tekton-dashboard/templates/clusterrole_backend-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/clusterrole_backend-dashboard.yaml
@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  name: tekton-dashboard-backend
 rules:
  - apiGroups:
--- a/charts/tekton-dashboard/templates/clusterrole_dashboard-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/clusterrole_dashboard-dashboard.yaml
@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  name: tekton-dashboard-dashboard
 rules:
  - apiGroups:
--- a/charts/tekton-dashboard/templates/clusterrole_extensions-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/clusterrole_extensions-dashboard.yaml
@ -7,7 +7,7 @@ aggregationRule:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  name: tekton-dashboard-extensions
 ...
 {{- end -}}
--- a/charts/tekton-dashboard/templates/clusterrole_pipelines-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/clusterrole_pipelines-dashboard.yaml
@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  labels:  {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
+  labels:  {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  name: tekton-dashboard-pipelines
 rules:
  - apiGroups:
--- a/charts/tekton-dashboard/templates/clusterrole_tenant-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/clusterrole_tenant-dashboard.yaml
@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  name: tekton-dashboard-tenant
 rules:
  - apiGroups:
--- a/charts/tekton-dashboard/templates/clusterrole_triggers-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/clusterrole_triggers-dashboard.yaml
@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  labels:  {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
+  labels:  {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  name: tekton-dashboard-triggers
 rules:
  - apiGroups:
--- a/charts/tekton-dashboard/templates/clusterrolebinding_backend-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/clusterrolebinding_backend-dashboard.yaml
@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  name: tekton-dashboard-backend
 roleRef:
  apiGroup: rbac.authorization.k8s.io
--- a/charts/tekton-dashboard/templates/clusterrolebinding_extensions-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/clusterrolebinding_extensions-dashboard.yaml
@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  name: tekton-dashboard-extensions
 roleRef:
  apiGroup: rbac.authorization.k8s.io
--- a/charts/tekton-dashboard/templates/clusterrolebinding_tenant-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/clusterrolebinding_tenant-dashboard.yaml
@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  name: tekton-dashboard-tenant
 roleRef:
  apiGroup: rbac.authorization.k8s.io
--- a/charts/tekton-dashboard/templates/deployment-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/deployment-dashboard.yaml
@ -4,7 +4,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "helpers.labels.fullname" $ }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
 spec:
  replicas: 1
  selector:
@ -17,7 +17,7 @@ spec:
      maxSurge: 3
  template:
    metadata:
-      labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard") | nindent 8 }}
+      labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 8 }}
    spec:
      serviceAccountName: {{ template "helpers.labels.fullname" . }}
      securityContext:
@ -30,12 +30,11 @@ spec:
          image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "tekton_dashboard" ) }}
          imagePullPolicy: {{ $.Values.images.pull.policy | quote }}
          args:
-            - --port=8080
+            - --port=9097
            - --logout-url={{ $.Values.config.args.logout_url }}
            - --pipelines-namespace={{ $.Release.Namespace }}
            - --triggers-namespace={{ $.Release.Namespace }}
            - --read-only={{ $.Values.config.args.read_only }}
            - --csrf-secure-cookie={{ $.Values.config.args.csrf_secure_cookie }}
            - --log-level={{ $.Values.config.args.log_level }}
            - --log-format={{ $.Values.config.args.log_format }}
            - --namespace={{ $.Values.config.args.namespace }}
@ -48,20 +47,19 @@ spec:
                fieldRef:
                  fieldPath: metadata.namespace
          ports:
-            - name: web
+            - containerPort: 9097
              containerPort: 8080
          readinessProbe:
            httpGet:
              scheme: HTTP
              path: /readiness
-              port: 8080
+              port: 9097
            initialDelaySeconds: 15
            periodSeconds: 10
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /health
-              port: 8080
+              port: 9097
            initialDelaySeconds: 50
            periodSeconds: 20
            timeoutSeconds: 5
--- a/charts/tekton-dashboard/templates/ingress-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/ingress-dashboard.yaml
@ -1,6 +1,6 @@
 {{- define "ingress-dashboard" -}}
 ---
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ template "helpers.labels.fullname" $ }}
@ -18,10 +18,14 @@ spec:
  - host: {{ $.Values.params.endpoints.hostname }}
    http:
      paths:
-      - backend:
+      - path: /
-          serviceName: tekton-dashboard
+        pathType: Prefix
-          servicePort: web
+        backend:
-        path: /
+          service:
            name: tekton-dashboard
            port:
              name: http
  {{- if and $.Values.params.endpoints.tls.enabled }}
  tls:
  - hosts:
@ -31,5 +35,3 @@ spec:
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "ingress-dashboard" ) }}
--- a/charts/tekton-dashboard/templates/rolebinding_dashboard-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/rolebinding_dashboard-dashboard.yaml
@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  name: tekton-dashboard-dashboard
  namespace: {{ $.Release.Namespace }}
 roleRef:
--- a/charts/tekton-dashboard/templates/rolebinding_pipelines-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/rolebinding_pipelines-dashboard.yaml
@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  name: tekton-dashboard-pipelines
  namespace: {{ $.Release.Namespace }}
 roleRef:
--- a/charts/tekton-dashboard/templates/rolebinding_triggers-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/rolebinding_triggers-dashboard.yaml
@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  name: tekton-dashboard-triggers
  namespace: {{ $.Release.Namespace }}
 roleRef:
--- a/charts/tekton-dashboard/templates/service-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/service-dashboard.yaml
@ -4,13 +4,14 @@ apiVersion: v1
 kind: Service
 metadata:
  name: tekton-dashboard
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
 spec:
-  selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "dashboard") | nindent 4 }}
+  selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  ports:
-    - name: web
+    - name: http
      port: 9097
      protocol: TCP
-      port: 8080
+      targetPort: 9097
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-deployment" ) }}
--- a/charts/tekton-dashboard/templates/serviceaccount-dashboard.yaml
+++ b/charts/tekton-dashboard/templates/serviceaccount-dashboard.yaml
@ -3,7 +3,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  labels:  {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-dashboard") | nindent 4 }}
+  labels:  {{- include "helpers.labels.labels" (dict "Global" $ "Component" "dashboard" "PartOf" "tekton-dashboard") | nindent 4 }}
  name: {{ template "helpers.labels.fullname" . }}
  namespace: {{ $.Release.Namespace }}
 ...
--- a/charts/tekton-dashboard/values.yaml
+++ b/charts/tekton-dashboard/values.yaml
@ -1,7 +1,6 @@
 ---
 config:
  args:
    csrf_secure_cookie: false
    external-logs: ''
    log_format: json
    log_level: info
@ -16,7 +15,7 @@ images:
    tekton_dashboard:
      name: tektoncd/dashboard/cmd/dashboard
      repo: gcr.io/tekton-releases/github.com
-      tag: v0.12.0
+      tag: v0.14.0
  pull:
    policy: IfNotPresent
--- a/charts/tekton-pipelines/templates/clusterrole-aggregate-edit.yaml
+++ b/charts/tekton-pipelines/templates/clusterrole-aggregate-edit.yaml
@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: tekton-aggregate-edit
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
 rules:
--- a/charts/tekton-pipelines/templates/clusterrole-aggregate-view.yaml
+++ b/charts/tekton-pipelines/templates/clusterrole-aggregate-view.yaml
@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: tekton-aggregate-view
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $  "PartOf" "tekton-pipelines") | nindent 4 }}
    rbac.authorization.k8s.io/aggregate-to-view: "true"
 rules:
 - apiGroups:
-  - tekton.dev
+    - tekton.dev
  resources:
-  - tasks
+    - tasks
-  - taskruns
+    - taskruns
-  - pipelines
+    - pipelines
-  - pipelineruns
+    - pipelineruns
-  - pipelineresources
+    - pipelineresources
-  - conditions
+    - conditions
  verbs:
-  - get
+    - get
-  - list
+    - list
-  - watch
+    - watch
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrole-aggregate-view" ) }}
--- a/charts/tekton-pipelines/templates/clusterrole-controller-cluster-access.yaml
+++ b/charts/tekton-pipelines/templates/clusterrole-controller-cluster-access.yaml
@ -4,7 +4,7 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: tekton-pipelines-controller-cluster-access
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
 rules:
 - apiGroups: [""]
  # Namespace access is required because the controller timeout handling logic
@ -16,15 +16,13 @@ rules:
  # Controller needs cluster access to all of the CRDs that it is responsible for
  # managing.
 - apiGroups: ["tekton.dev"]
-  resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources",
+  resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "conditions", "runs"]
    "conditions", "runs"]
  verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 - apiGroups: ["tekton.dev"]
-  resources: ["taskruns/finalizers", "pipelineruns/finalizers"]
+  resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers"]
  verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 - apiGroups: ["tekton.dev"]
-  resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status",
+  resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status", "runs/status"]
    "pipelineruns/status", "pipelineresources/status"]
  verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 ...
 {{- end -}}
--- a/charts/tekton-pipelines/templates/clusterrole-controller-tenant-access.yaml
+++ b/charts/tekton-pipelines/templates/clusterrole-controller-tenant-access.yaml
@ -5,11 +5,10 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  # This is the access that the controller needs on a per-namespace basis.
  name: tekton-pipelines-controller-tenant-access
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
 rules:
 - apiGroups: [""]
-  resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps",
+  resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps", "persistentvolumeclaims", "limitranges"]
    "persistentvolumeclaims", "limitranges"]
  verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
  # Unclear if this access is actually required.  Simply a hold-over from the previous
  # incarnation of the controller's ClusterRole.
--- a/charts/tekton-pipelines/templates/clusterrole-webhook-cluster-access.yaml
+++ b/charts/tekton-pipelines/templates/clusterrole-webhook-cluster-access.yaml
@ -4,7 +4,7 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: tekton-pipelines-webhook-cluster-access
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
 rules:
 - # The webhook needs to be able to list and update customresourcedefinitions,
  # mainly to update the webhook certificates.
--- a/charts/tekton-pipelines/templates/clusterrolebinding-controller-cluster-access.yaml
+++ b/charts/tekton-pipelines/templates/clusterrolebinding-controller-cluster-access.yaml
@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: tekton-pipelines-controller-cluster-access
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
 subjects:
 - kind: ServiceAccount
  name: tekton-pipelines-controller
--- a/charts/tekton-pipelines/templates/clusterrolebinding-controller-tenant-access.yaml
+++ b/charts/tekton-pipelines/templates/clusterrolebinding-controller-tenant-access.yaml
@ -8,7 +8,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: tekton-pipelines-controller-tenant-access
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
 subjects:
 - kind: ServiceAccount
  name: tekton-pipelines-controller
--- a/charts/tekton-pipelines/templates/clusterrolebinding-webhook-cluster-access.yaml
+++ b/charts/tekton-pipelines/templates/clusterrolebinding-webhook-cluster-access.yaml
@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: tekton-pipelines-webhook-cluster-access
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
 subjects:
 - kind: ServiceAccount
  name: tekton-pipelines-webhook
--- a/charts/tekton-pipelines/templates/configmap-artifact-bucket.yaml
+++ b/charts/tekton-pipelines/templates/configmap-artifact-bucket.yaml
@ -5,7 +5,7 @@ kind: ConfigMap
 metadata:
  name: config-artifact-bucket
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
 data:
 {{- if $.Values.controller.conf.artifact_bucket.location }}
  # location of the gcs bucket to be used for artifact storage
--- a/charts/tekton-pipelines/templates/configmap-artifact-pvc.yaml
+++ b/charts/tekton-pipelines/templates/configmap-artifact-pvc.yaml
@ -5,7 +5,7 @@ kind: ConfigMap
 metadata:
  name: config-artifact-pvc
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
 data:
 {{- if $.Values.controller.conf.artifact_pvc.size }}
  # size of the PVC volume
--- a/charts/tekton-pipelines/templates/configmap-defaults.yaml
+++ b/charts/tekton-pipelines/templates/configmap-defaults.yaml
@ -5,7 +5,7 @@ kind: ConfigMap
 metadata:
  name: config-defaults
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
 data:
 {{- if $.Values.controller.conf.defaults.default_timeout_minutes }}
  # default-timeout-minutes contains the default number of
--- a/charts/tekton-pipelines/templates/configmap-feature-flags.yaml
+++ b/charts/tekton-pipelines/templates/configmap-feature-flags.yaml
@ -5,7 +5,7 @@ kind: ConfigMap
 metadata:
  name: feature-flags
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
 data:
  # Setting this flag to "true" will prevent Tekton to create an
  # Affinity Assistant for every TaskRun sharing a PVC workspace
@ -39,6 +39,21 @@ data:
  # info.
  disable-working-directory-overwrite: {{ $.Values.controller.conf.feature_flags.disable_working_directory_overwrite | quote }}
  # Setting this flag to "true" will prevent Tekton scanning attached
  # service accounts and injecting any credentials it finds into your
  # Steps.
  #
  # The default behaviour currently is for Tekton to search service
  # accounts for secrets matching a specified format and automatically
  # mount those into your Steps.
  #
  # Note: setting this to "true" will prevent PipelineResources from
  # working.
  #
  # See https://github.com/tektoncd/pipeline/issues/1836 for more
  # info.
  disable-creds-init: {{ $.Values.controller.conf.feature_flags.disable_creds_init | quote }}
  # This option should be set to false when Pipelines is running in a
  # cluster that does not use injected sidecars such as Istio. Setting
  # it to false should decrease the time it takes for a TaskRun to start
@ -47,6 +62,24 @@ data:
  #
  # See https://github.com/tektoncd/pipeline/issues/2080 for more info.
  running-in-environment-with-injected-sidecars: {{ $.Values.controller.conf.feature_flags.running_in_environment_with_injected_sidecars | quote }}
  # Setting this flag to "true" will require that any Git SSH Secret
  # offered to Tekton must have known_hosts included.
  #
  # See https://github.com/tektoncd/pipeline/issues/2981 for more
  # info.
  require-git-ssh-secret-known-hosts: {{ $.Values.controller.conf.feature_flags.require_git_ssh_secret_known_hosts | quote }}
  # Setting this flag to "true" enables the use of Tekton OCI bundle.
  # This is an experimental feature and thus should still be considered
  # an alpha feature.
  enable-tekton-oci-bundles: {{ $.Values.controller.conf.feature_flags.enable_tekton_oci_bundles | quote }}
  # Setting this flag to "true" enables the use of custom tasks from
  # within pipelines.
  # This is an experimental feature and thus should still be considered
  # an alpha feature.
  enable-custom-tasks: {{ $.Values.controller.conf.feature_flags.enable_custom_tasks | quote }}
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "configmap-feature-flags" ) }}
--- a/charts/tekton-pipelines/templates/configmap-leader-election.yaml
+++ b/charts/tekton-pipelines/templates/configmap-leader-election.yaml
@ -5,7 +5,7 @@ kind: ConfigMap
 metadata:
  name: config-leader-election
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
 data:
  # An inactive but valid configuration follows; see example.
  resourceLock: {{ $.Values.common_config.leader_election.resourceLock | quote }}
--- a/charts/tekton-pipelines/templates/configmap-logging.yaml
+++ b/charts/tekton-pipelines/templates/configmap-logging.yaml
@ -5,7 +5,7 @@ kind: ConfigMap
 metadata:
  name: config-logging
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
 data:
  # Common configuration for all knative codebase
  zap-logger-config: |
--- a/charts/tekton-pipelines/templates/configmap-observability.yaml
+++ b/charts/tekton-pipelines/templates/configmap-observability.yaml
@ -5,7 +5,7 @@ kind: ConfigMap
 metadata:
  name: config-observability
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
 data:
 {{- if $.Values.common_config.observability.metrics.backend_destination }}
  # metrics.backend-destination field specifies the system metrics destination.
--- a/charts/tekton-pipelines/templates/configmap-registry.yaml
+++ b/charts/tekton-pipelines/templates/configmap-registry.yaml
@ -0,0 +1,14 @@
 {{- define "configmap-registry" -}}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: config-registry-cert
  namespace: {{ $.Release.Namespace }}
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
 # data:
 #  # Registry's self-signed certificate
 #  cert: |
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "configmap-registry" ) }}
--- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-clustertasks.yaml
+++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-clustertasks.yaml
@ -4,7 +4,6 @@ kind: CustomResourceDefinition
 metadata:
  name: clustertasks.tekton.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: clustertasks
    app.kubernetes.io/instance: default
    app.kubernetes.io/part-of: tekton-pipelines
@ -12,53 +11,39 @@ spec:
  group: tekton.dev
  preserveUnknownFields: false
  versions:
-  - name: v1alpha1
+    - &version
-    served: true
+      name: v1alpha1
-    storage: false
+      served: true
-    schema:
+      storage: false
-      openAPIV3Schema:
+      schema:
-        type: object
+        openAPIV3Schema:
-        # One can use x-kubernetes-preserve-unknown-fields: true
+          type: object
-        # at the root of the schema (and inside any properties, additionalProperties)
+          # One can use x-kubernetes-preserve-unknown-fields: true
-        # to get the traditional CRD behaviour that nothing is pruned, despite
+          # at the root of the schema (and inside any properties, additionalProperties)
-        # setting spec.preserveUnknownProperties: false.
+          # to get the traditional CRD behaviour that nothing is pruned, despite
-        #
+          # setting spec.preserveUnknownProperties: false.
-        # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+          #
-        # See issue: https://github.com/knative/serving/issues/912
+          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
-        x-kubernetes-preserve-unknown-fields: true
+          # See issue: https://github.com/knative/serving/issues/912
-    # Opt into the status subresource so metadata.generation
+          x-kubernetes-preserve-unknown-fields: true
-    # starts to increment
+      # Opt into the status subresource so metadata.generation
-    subresources:
+      # starts to increment
-      status: {}
+      subresources:
-  - name: v1beta1
+        status: {}
-    served: true
+    - !!merge <<: *version
-    storage: true
+      name: v1beta1
-    schema:
+      storage: true
      openAPIV3Schema:
        type: object
        # One can use x-kubernetes-preserve-unknown-fields: true
        # at the root of the schema (and inside any properties, additionalProperties)
        # to get the traditional CRD behaviour that nothing is pruned, despite
        # setting spec.preserveUnknownProperties: false.
        #
        # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
        # See issue: https://github.com/knative/serving/issues/912
        x-kubernetes-preserve-unknown-fields: true
    # Opt into the status subresource so metadata.generation
    # starts to increment
    subresources:
      status: {}
  names:
    kind: ClusterTask
    plural: clustertasks
    categories:
-    - tekton
+      - tekton
-    - tekton-pipelines
+      - tekton-pipelines
  scope: Cluster
  conversion:
    strategy: Webhook
    webhook:
-      conversionReviewVersions: ["v1beta1","v1alpha1"]
+      conversionReviewVersions: ["v1beta1"]
      clientConfig:
        service:
          name: tekton-pipelines-webhook
--- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-conditions.yaml
+++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-conditions.yaml
@ -4,7 +4,6 @@ kind: CustomResourceDefinition
 metadata:
  name: conditions.tekton.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: conditions
    app.kubernetes.io/instance: default
    app.kubernetes.io/part-of: tekton-pipelines
--- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-images-caching.yaml
+++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-images-caching.yaml
@ -4,7 +4,6 @@ kind: CustomResourceDefinition
 metadata:
  name: images.caching.internal.knative.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: images-caching
    app.kubernetes.io/instance: default
    app.kubernetes.io/part-of: tekton-pipelines
--- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineresources.yaml
+++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineresources.yaml
@ -4,36 +4,35 @@ kind: CustomResourceDefinition
 metadata:
  name: pipelineresources.tekton.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: pipelineresources
    app.kubernetes.io/instance: default
    app.kubernetes.io/part-of: tekton-pipelines
 spec:
  group: tekton.dev
  versions:
    - name: v1alpha1
      served: true
      storage: true
      schema:
        openAPIV3Schema:
          type: object
          # One can use x-kubernetes-preserve-unknown-fields: true
          # at the root of the schema (and inside any properties, additionalProperties)
          # to get the traditional CRD behaviour that nothing is pruned, despite
          # setting spec.preserveUnknownProperties: false.
          #
          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
          # See issue: https://github.com/knative/serving/issues/912
          x-kubernetes-preserve-unknown-fields: true
      # Opt into the status subresource so metadata.generation
      # starts to increment
      subresources:
        status: {}
  names:
    kind: PipelineResource
    plural: pipelineresources
    categories:
-    - tekton
+      - tekton
-    - tekton-pipelines
+      - tekton-pipelines
  scope: Namespaced
  versions:
  - name: v1alpha1
    served: true
    storage: true
    schema:
      openAPIV3Schema:
        type: object
        # One can use x-kubernetes-preserve-unknown-fields: true
        # at the root of the schema (and inside any properties, additionalProperties)
        # to get the traditional CRD behaviour that nothing is pruned, despite
        # setting spec.preserveUnknownProperties: false.
        #
        # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
        # See issue: https://github.com/knative/serving/issues/912
        x-kubernetes-preserve-unknown-fields: true
    # Opt into the status subresource so metadata.generation
    # starts to increment
    subresources:
      status: {}
 ...
--- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineruns.yaml
+++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelineruns.yaml
@ -4,7 +4,6 @@ kind: CustomResourceDefinition
 metadata:
  name: pipelineruns.tekton.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: pipelineruns
    app.kubernetes.io/instance: default
    app.kubernetes.io/part-of: tekton-pipelines
@ -12,82 +11,55 @@ spec:
  group: tekton.dev
  preserveUnknownFields: false
  versions:
-  - name: v1alpha1
+    - &version
-    served: true
+      name: v1alpha1
-    storage: false
+      served: true
-    schema:
+      storage: false
-      openAPIV3Schema:
+      schema:
-        type: object
+        openAPIV3Schema:
-        # One can use x-kubernetes-preserve-unknown-fields: true
+          type: object
-        # at the root of the schema (and inside any properties, additionalProperties)
+          # One can use x-kubernetes-preserve-unknown-fields: true
-        # to get the traditional CRD behaviour that nothing is pruned, despite
+          # at the root of the schema (and inside any properties, additionalProperties)
-        # setting spec.preserveUnknownProperties: false.
+          # to get the traditional CRD behaviour that nothing is pruned, despite
-        #
+          # setting spec.preserveUnknownProperties: false.
-        # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+          #
-        # See issue: https://github.com/knative/serving/issues/912
+          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
-        x-kubernetes-preserve-unknown-fields: true
+          # See issue: https://github.com/knative/serving/issues/912
-    # Opt into the status subresource so metadata.generation
+          x-kubernetes-preserve-unknown-fields: true
-    # starts to increment
+      additionalPrinterColumns:
-    subresources:
+        - name: Succeeded
-      status: {}
+          type: string
-    additionalPrinterColumns:
+          jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
-    - name: Succeeded
+        - name: Reason
-      type: string
+          type: string
-      jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
+          jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
-    - name: Reason
+        - name: StartTime
-      type: string
+          type: date
-      jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
+          jsonPath: .status.startTime
-    - name: StartTime
+        - name: CompletionTime
-      type: date
+          type: date
-      jsonPath: .status.startTime
+          jsonPath: .status.completionTime
-    - name: CompletionTime
+      # Opt into the status subresource so metadata.generation
-      type: date
+      # starts to increment
-      jsonPath: .status.completionTime
+      subresources:
-  - name: v1beta1
+        status: {}
-    served: true
+    - !!merge <<: *version
-    storage: true
+      name: v1beta1
-    schema:
+      storage: true
      openAPIV3Schema:
        type: object
        # One can use x-kubernetes-preserve-unknown-fields: true
        # at the root of the schema (and inside any properties, additionalProperties)
        # to get the traditional CRD behaviour that nothing is pruned, despite
        # setting spec.preserveUnknownProperties: false.
        #
        # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
        # See issue: https://github.com/knative/serving/issues/912
        x-kubernetes-preserve-unknown-fields: true
    # Opt into the status subresource so metadata.generation
    # starts to increment
    subresources:
      status: {}
    additionalPrinterColumns:
    - name: Succeeded
      type: string
      jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
    - name: Reason
      type: string
      jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
    - name: StartTime
      type: date
      jsonPath: .status.startTime
    - name: CompletionTime
      type: date
      jsonPath: .status.completionTime
  names:
    kind: PipelineRun
    plural: pipelineruns
    categories:
-    - tekton
+      - tekton
-    - tekton-pipelines
+      - tekton-pipelines
    shortNames:
-    - pr
+      - pr
-    - prs
+      - prs
  scope: Namespaced
  conversion:
    strategy: Webhook
    webhook:
-      conversionReviewVersions: ["v1beta1","v1alpha1"]
+      conversionReviewVersions: ["v1beta1"]
      clientConfig:
        service:
          name: tekton-pipelines-webhook
--- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelines.yaml
+++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-pipelines.yaml
@ -4,7 +4,6 @@ kind: CustomResourceDefinition
 metadata:
  name: pipelines.tekton.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: pipelines
    app.kubernetes.io/instance: default
    app.kubernetes.io/part-of: tekton-pipelines
@ -12,53 +11,39 @@ spec:
  group: tekton.dev
  preserveUnknownFields: false
  versions:
-  - name: v1alpha1
+    - &version
-    served: true
+      name: v1alpha1
-    storage: false
+      served: true
-    schema:
+      storage: false
-      openAPIV3Schema:
+      # Opt into the status subresource so metadata.generation
-        type: object
+      # starts to increment
-        # One can use x-kubernetes-preserve-unknown-fields: true
+      subresources:
-        # at the root of the schema (and inside any properties, additionalProperties)
+        status: {}
-        # to get the traditional CRD behaviour that nothing is pruned, despite
+      schema:
-        # setting spec.preserveUnknownProperties: false.
+        openAPIV3Schema:
-        #
+          type: object
-        # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+          # One can use x-kubernetes-preserve-unknown-fields: true
-        # See issue: https://github.com/knative/serving/issues/912
+          # at the root of the schema (and inside any properties, additionalProperties)
-        x-kubernetes-preserve-unknown-fields: true
+          # to get the traditional CRD behaviour that nothing is pruned, despite
-    # Opt into the status subresource so metadata.generation
+          # setting spec.preserveUnknownProperties: false.
-    # starts to increment
+          #
-    subresources:
+          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
-      status: {}
+          # See issue: https://github.com/knative/serving/issues/912
-  - name: v1beta1
+          x-kubernetes-preserve-unknown-fields: true
-    served: true
+    - !!merge <<: *version
-    storage: true
+      name: v1beta1
-    schema:
+      storage: true
      openAPIV3Schema:
        type: object
        # One can use x-kubernetes-preserve-unknown-fields: true
        # at the root of the schema (and inside any properties, additionalProperties)
        # to get the traditional CRD behaviour that nothing is pruned, despite
        # setting spec.preserveUnknownProperties: false.
        #
        # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
        # See issue: https://github.com/knative/serving/issues/912
        x-kubernetes-preserve-unknown-fields: true
    # Opt into the status subresource so metadata.generation
    # starts to increment
    subresources:
      status: {}
  names:
    kind: Pipeline
    plural: pipelines
    categories:
-    - tekton
+      - tekton
-    - tekton-pipelines
+      - tekton-pipelines
  scope: Namespaced
  conversion:
    strategy: Webhook
    webhook:
-      conversionReviewVersions: ["v1beta1","v1alpha1"]
+      conversionReviewVersions: ["v1beta1"]
      clientConfig:
        service:
          name: tekton-pipelines-webhook
--- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-runs.yaml
+++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-runs.yaml
@ -4,7 +4,6 @@ kind: CustomResourceDefinition
 metadata:
  name: runs.tekton.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: runs
    app.kubernetes.io/instance: default
    app.kubernetes.io/part-of: tekton-pipelines
@ -12,47 +11,42 @@ spec:
  group: tekton.dev
  preserveUnknownFields: false
  versions:
-  - name: v1alpha1
+    - name: v1alpha1
-    served: true
+      served: true
-    storage: true
+      storage: true
-    schema:
+      schema:
-      openAPIV3Schema:
+        openAPIV3Schema:
-        type: object
+          type: object
-        # One can use x-kubernetes-preserve-unknown-fields: true
+          # One can use x-kubernetes-preserve-unknown-fields: true
-        # at the root of the schema (and inside any properties, additionalProperties)
+          # at the root of the schema (and inside any properties, additionalProperties)
-        # to get the traditional CRD behaviour that nothing is pruned, despite
+          # to get the traditional CRD behaviour that nothing is pruned, despite
-        # setting spec.preserveUnknownProperties: false.
+          # setting spec.preserveUnknownProperties: false.
-        #
+          #
-        # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
-        # See issue: https://github.com/knative/serving/issues/912
+          # See issue: https://github.com/knative/serving/issues/912
-        x-kubernetes-preserve-unknown-fields: true
+          x-kubernetes-preserve-unknown-fields: true
-    # Opt into the status subresource so metadata.generation
+      additionalPrinterColumns:
-    # starts to increment
+        - name: Succeeded
-    subresources:
+          type: string
-      status: {}
+          jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
-    additionalPrinterColumns:
+        - name: Reason
-    - name: Succeeded
+          type: string
-      type: string
+          jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
-      jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
+        - name: StartTime
-    - name: Reason
+          type: date
-      type: string
+          jsonPath: .status.startTime
-      jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
+        - name: CompletionTime
-    - name: StartTime
+          type: date
-      type: date
+          jsonPath: .status.completionTime
-      jsonPath: .status.startTime
+      # Opt into the status subresource so metadata.generation
      # starts to increment
      subresources:
        status: {}
  names:
    kind: Run
    plural: runs
    categories:
-    - tekton
+      - tekton
-    - tekton-pipelines
+      - tekton-pipelines
  scope: Namespaced
  conversion:
    strategy: Webhook
    webhook:
      conversionReviewVersions: ["v1beta1","v1alpha1"]
      clientConfig:
        service:
          name: tekton-pipelines-webhook
          namespace: {{ $.Release.Namespace }}
 ...
--- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-taskruns.yaml
+++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-taskruns.yaml
@ -4,7 +4,6 @@ kind: CustomResourceDefinition
 metadata:
  name: taskruns.tekton.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: taskruns
    app.kubernetes.io/instance: default
    app.kubernetes.io/part-of: tekton-pipelines
@ -12,82 +11,55 @@ spec:
  group: tekton.dev
  preserveUnknownFields: false
  versions:
-  - name: v1alpha1
+    - &version
-    served: true
+      name: v1alpha1
-    storage: false
+      served: true
-    schema:
+      storage: false
-      openAPIV3Schema:
+      schema:
-        type: object
+        openAPIV3Schema:
-        # One can use x-kubernetes-preserve-unknown-fields: true
+          type: object
-        # at the root of the schema (and inside any properties, additionalProperties)
+          # One can use x-kubernetes-preserve-unknown-fields: true
-        # to get the traditional CRD behaviour that nothing is pruned, despite
+          # at the root of the schema (and inside any properties, additionalProperties)
-        # setting spec.preserveUnknownProperties: false.
+          # to get the traditional CRD behaviour that nothing is pruned, despite
-        #
+          # setting spec.preserveUnknownProperties: false.
-        # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+          #
-        # See issue: https://github.com/knative/serving/issues/912
+          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
-        x-kubernetes-preserve-unknown-fields: true
+          # See issue: https://github.com/knative/serving/issues/912
-    # Opt into the status subresource so metadata.generation
+          x-kubernetes-preserve-unknown-fields: true
-    # starts to increment
+      additionalPrinterColumns:
-    subresources:
+        - name: Succeeded
-      status: {}
+          type: string
-    additionalPrinterColumns:
+          jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
-    - name: Succeeded
+        - name: Reason
-      type: string
+          type: string
-      jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
+          jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
-    - name: Reason
+        - name: StartTime
-      type: string
+          type: date
-      jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
+          jsonPath: .status.startTime
-    - name: StartTime
+        - name: CompletionTime
-      type: date
+          type: date
-      jsonPath: .status.startTime
+          jsonPath: .status.completionTime
-    - name: CompletionTime
+      # Opt into the status subresource so metadata.generation
-      type: date
+      # starts to increment
-      jsonPath: .status.completionTime
+      subresources:
-  - name: v1beta1
+        status: {}
-    served: true
+    - !!merge <<: *version
-    storage: true
+      name: v1beta1
-    schema:
+      storage: true
      openAPIV3Schema:
        type: object
        # One can use x-kubernetes-preserve-unknown-fields: true
        # at the root of the schema (and inside any properties, additionalProperties)
        # to get the traditional CRD behaviour that nothing is pruned, despite
        # setting spec.preserveUnknownProperties: false.
        #
        # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
        # See issue: https://github.com/knative/serving/issues/912
        x-kubernetes-preserve-unknown-fields: true
    # Opt into the status subresource so metadata.generation
    # starts to increment
    subresources:
      status: {}
    additionalPrinterColumns:
    - name: Succeeded
      type: string
      jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
    - name: Reason
      type: string
      jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
    - name: StartTime
      type: date
      jsonPath: .status.startTime
    - name: CompletionTime
      type: date
      jsonPath: .status.completionTime
  names:
    kind: TaskRun
    plural: taskruns
    categories:
-    - tekton
+      - tekton
-    - tekton-pipelines
+      - tekton-pipelines
    shortNames:
-    - tr
+      - tr
-    - trs
+      - trs
  scope: Namespaced
  conversion:
    strategy: Webhook
    webhook:
-      conversionReviewVersions: ["v1beta1","v1alpha1"]
+      conversionReviewVersions: ["v1beta1"]
      clientConfig:
        service:
          name: tekton-pipelines-webhook
--- a/charts/tekton-pipelines/templates/crds/customresourcedefinition-tasks.yaml
+++ b/charts/tekton-pipelines/templates/crds/customresourcedefinition-tasks.yaml
@ -4,7 +4,6 @@ kind: CustomResourceDefinition
 metadata:
  name: tasks.tekton.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: tasks
    app.kubernetes.io/instance: default
    app.kubernetes.io/part-of: tekton-pipelines
@ -12,55 +11,42 @@ spec:
  group: tekton.dev
  preserveUnknownFields: false
  versions:
-  - name: v1alpha1
+    - &version
-    served: true
+      name: v1alpha1
-    storage: false
+      served: true
-    schema:
+      storage: false
-      openAPIV3Schema:
+      schema:
-        type: object
+        openAPIV3Schema:
-        # One can use x-kubernetes-preserve-unknown-fields: true
+          type: object
-        # at the root of the schema (and inside any properties, additionalProperties)
+          # One can use x-kubernetes-preserve-unknown-fields: true
-        # to get the traditional CRD behaviour that nothing is pruned, despite
+          # at the root of the schema (and inside any properties, additionalProperties)
-        # setting spec.preserveUnknownProperties: false.
+          # to get the traditional CRD behaviour that nothing is pruned, despite
-        #
+          # setting spec.preserveUnknownProperties: false.
-        # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+          #
-        # See issue: https://github.com/knative/serving/issues/912
+          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
-        x-kubernetes-preserve-unknown-fields: true
+          # See issue: https://github.com/knative/serving/issues/912
-    # Opt into the status subresource so metadata.generation
+          x-kubernetes-preserve-unknown-fields: true
-    # starts to increment
+      # Opt into the status subresource so metadata.generation
-    subresources:
+      # starts to increment
-      status: {}
+      subresources:
-  - name: v1beta1
+        status: {}
-    served: true
+    - !!merge <<: *version
-    storage: true
+      name: v1beta1
-    schema:
+      storage: true
      openAPIV3Schema:
        type: object
        # One can use x-kubernetes-preserve-unknown-fields: true
        # at the root of the schema (and inside any properties, additionalProperties)
        # to get the traditional CRD behaviour that nothing is pruned, despite
        # setting spec.preserveUnknownProperties: false.
        #
        # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
        # See issue: https://github.com/knative/serving/issues/912
        x-kubernetes-preserve-unknown-fields: true
    # Opt into the status subresource so metadata.generation
    # starts to increment
    subresources:
      status: {}
  names:
    kind: Task
    plural: tasks
    categories:
-    - tekton
+      - tekton
-    - tekton-pipelines
+      - tekton-pipelines
  scope: Namespaced
  conversion:
    strategy: Webhook
    webhook:
-      conversionReviewVersions: ["v1beta1","v1alpha1"]
+      conversionReviewVersions: ["v1beta1"]
      clientConfig:
        service:
          name: tekton-pipelines-webhook
          namespace: tekton-pipelines
          namespace: {{ $.Release.Namespace }}
 ...
--- a/charts/tekton-pipelines/templates/deployment-controller.yaml
+++ b/charts/tekton-pipelines/templates/deployment-controller.yaml
@ -5,16 +5,16 @@ kind: Deployment
 metadata:
  name: tekton-pipelines-controller
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
 spec:
  replicas: {{ $.Values.controller.pod.replicas }}
  selector:
-    matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller") | nindent 6 }}
+    matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller" ) | nindent 6 }}
  template:
    metadata:
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-      labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 8 }}
+      labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 8 }}
    spec:
      serviceAccountName: tekton-pipelines-controller
      nodeSelector: {{- include "helpers.pod.node_selector" ( dict "Global" $ "Component" "controller" ) | nindent 8 }}
@ -27,8 +27,6 @@ spec:
          # by image references by digest.
          - -kubeconfig-writer-image
          - {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "kubeconfig_writer_image" ) }}
          - -creds-image
          - {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "creds_image" ) }}
          - -git-image
          - {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "git_image" ) }}
          - -entrypoint-image
@ -46,17 +44,19 @@ spec:
          - -shell-image
          - {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "shell_image" ) }}
        volumeMounts:
-        - name: config-logging
+          - name: config-logging
-          mountPath: /etc/config-logging
+            mountPath: /etc/config-logging
          - name: config-registry-cert
            mountPath: /etc/config-registry-cert
        env:
        - name: SYSTEM_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        - # If you are changing these names, you will also need to update
+          # If you are changing these names, you will also need to update
          # the controller's Role in 200-role.yaml to include the new
          # values in the "configmaps" "get" rule.
-          name: CONFIG_DEFAULTS_NAME
+        - name: CONFIG_DEFAULTS_NAME
          value: config-defaults
        - name: CONFIG_LOGGING_NAME
          value: config-logging
@ -70,6 +70,10 @@ spec:
          value: feature-flags
        - name: CONFIG_LEADERELECTION_NAME
          value: config-leader-election
        - name: SSL_CERT_FILE
          value: /etc/config-registry-cert/cert
        - name: SSL_CERT_DIR
          value: /etc/ssl/certs
        - name: METRICS_DOMAIN
          value: {{ $.Values.controller.conf.metrics_domain }}
        securityContext:
@ -79,10 +83,32 @@ spec:
          capabilities:
            drop:
              - all
        ports:
          - name: probes
            containerPort: {{ $.Values.controller.endpoints.ports.probes.port }}
        livenessProbe:
          httpGet:
            path: /health
            port: probes
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          timeoutSeconds: 5
        readinessProbe:
          httpGet:
            path: /readiness
            port: probes
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 10
          timeoutSeconds: 5
      volumes:
      - name: config-logging
        configMap:
          name: config-logging
      - name: config-registry-cert
        configMap:
          name: config-registry-cert
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "deployment-controller" ) }}
--- a/charts/tekton-pipelines/templates/deployment-webhook.yaml
+++ b/charts/tekton-pipelines/templates/deployment-webhook.yaml
@ -8,7 +8,7 @@ metadata:
  # change the value of WEBHOOK_SERVICE_NAME below.
  name: tekton-pipelines-webhook
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
 spec:
  replicas: {{ $.Values.webhook.pod.replicas }}
  selector:
@ -17,8 +17,17 @@ spec:
    metadata:
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
-      labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 8 }}
+      labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 8 }}
        app: tekton-pipelines-webhook
    spec:
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                topologyKey: kubernetes.io/hostname
                labelSelector:
                  matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $) | nindent 20 }}
              weight: 100
      serviceAccountName: tekton-pipelines-webhook
      nodeSelector: {{- include "helpers.pod.node_selector" ( dict "Global" $ "Component" "webhook" ) | nindent 8 }}
      containers:
@ -27,15 +36,22 @@ spec:
        # and substituted here.
        image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Component" "webhook" ) }}
        imagePullPolicy: {{ $.Values.images.pull.policy | quote }}
        resources:
          requests:
            cpu: 100m
            memory: 100Mi
          limits:
            cpu: 100m
            memory: 500Mi
        env:
        - name: SYSTEM_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
-        - # If you are changing these names, you will also need to update
+        # If you are changing these names, you will also need to update
-          # the webhook's Role in 200-role.yaml to include the new
+        # the webhook's Role in 200-role.yaml to include the new
-          # values in the "configmaps" "get" rule.
+        # values in the "configmaps" "get" rule.
-          name: CONFIG_LOGGING_NAME
+        - name: CONFIG_LOGGING_NAME
          value: config-logging
        - name: CONFIG_OBSERVABILITY_NAME
          value: config-observability
@ -61,6 +77,8 @@ spec:
          containerPort: {{ $.Values.webhook.endpoints.ports.profiling.targetPort }}
        - name: https-webhook
          containerPort: {{ $.Values.webhook.endpoints.ports.https_webhook.targetPort }}
        - name: probes
          containerPort: {{ $.Values.webhook.endpoints.ports.probes.port }}
        livenessProbe:
          tcpSocket:
            port: {{ $.Values.webhook.pod.probes.liveness.tcpPort }}
--- a/charts/tekton-pipelines/templates/hpa-webhook.yaml
+++ b/charts/tekton-pipelines/templates/hpa-webhook.yaml
@ -0,0 +1,23 @@
 {{- define "hpa-webhook" -}}
 ---
 apiVersion: autoscaling/v2beta1
 kind: HorizontalPodAutoscaler
 metadata:
  name: tekton-pipelines-webhook
  namespace: tekton-pipelines
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
 spec:
  minReplicas: 1
  maxReplicas: 5
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: tekton-pipelines-webhook
  metrics:
    - type: Resource
      resource:
        name: cpu
        targetAverageUtilization: 100
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "hpa-webhook" ) }}
--- a/charts/tekton-pipelines/templates/mutatingwebhookconfiguration-webhook.yaml
+++ b/charts/tekton-pipelines/templates/mutatingwebhookconfiguration-webhook.yaml
@ -4,10 +4,10 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
  name: webhook.pipeline.tekton.dev
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
 webhooks:
 - admissionReviewVersions:
-  - v1beta1
+    - v1
  clientConfig:
    service:
      name: tekton-pipelines-webhook
--- a/charts/tekton-pipelines/templates/pdb-webhook.yaml
+++ b/charts/tekton-pipelines/templates/pdb-webhook.yaml
@ -0,0 +1,14 @@
 {{- define "pdb-webhook" -}}
 ---
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
 metadata:
  name: tekton-pipelines-webhook
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
 spec:
  minAvailable: 80%
  selector:
    matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook" ) | nindent 6 }}
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "pdb-webhook" ) }}
--- a/charts/tekton-pipelines/templates/podsecuritypolicy-pipelines.yaml
+++ b/charts/tekton-pipelines/templates/podsecuritypolicy-pipelines.yaml
@ -4,7 +4,7 @@ apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: tekton-pipelines
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
 spec:
  privileged: false
  allowPrivilegeEscalation: false
--- a/charts/tekton-pipelines/templates/role-controller.yaml
+++ b/charts/tekton-pipelines/templates/role-controller.yaml
@ -5,7 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: tekton-pipelines-controller
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
 rules:
 - apiGroups: [""]
  resources: ["configmaps"]
@ -14,8 +14,7 @@ rules:
  apiGroups: [""]
  resources: ["configmaps"]
  verbs: ["get"]
-  resourceNames: ["config-logging", "config-observability", "config-artifact-bucket",
+  resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", "config-artifact-pvc", "feature-flags", "config-leader-election", "config-registry-cert"]
    "config-artifact-pvc", "feature-flags", "config-leader-election"]
 - apiGroups: ["policy"]
  resources: ["podsecuritypolicies"]
  resourceNames: ["tekton-pipelines"]
--- a/charts/tekton-pipelines/templates/clusterrole-leader-election.yaml
+++ b/charts/tekton-pipelines/templates/clusterrole-leader-election.yaml
@ -1,15 +1,15 @@
-{{- define "clusterrole-leader-election" -}}
+{{- define "role-leader-election" -}}
 ---
-kind: ClusterRole
+kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: tekton-pipelines-leader-election
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-pipelines") | nindent 4 }}
 rules:
- # We uses leases for leaderelection
+  # We uses leases for leaderelection
-  apiGroups: ["coordination.k8s.io"]
+- apiGroups: ["coordination.k8s.io"]
  resources: ["leases"]
  verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 ...
 {{- end -}}
-{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrole-leader-election" ) }}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "role-leader-election" ) }}
--- a/charts/tekton-pipelines/templates/role-webhook.yaml
+++ b/charts/tekton-pipelines/templates/role-webhook.yaml
@ -5,7 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: tekton-pipelines-webhook
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook"  "PartOf" "tekton-pipelines") | nindent 4 }}
 rules:
 - apiGroups: [""]
  resources: ["configmaps"]
--- a/charts/tekton-pipelines/templates/clusterrolebinding-controller-leader-election.yaml
+++ b/charts/tekton-pipelines/templates/clusterrolebinding-controller-leader-election.yaml
@ -1,18 +1,18 @@
-{{- define "clusterrolebinding-controller-leader-election" -}}
+{{- define "rolebinding-controller-leaderelection" -}}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
  name: tekton-pipelines-controller-leaderelection
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
 subjects:
 - kind: ServiceAccount
  name: tekton-pipelines-controller
  namespace: {{ $.Release.Namespace }}
 roleRef:
-  kind: ClusterRole
+  kind: Role
  name: tekton-pipelines-leader-election
  apiGroup: rbac.authorization.k8s.io
 ...
 {{- end -}}
-{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrolebinding-controller-leader-election" ) }}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "rolebinding-controller-leaderelection" ) }}
--- a/charts/tekton-pipelines/templates/rolebinding-controller.yaml
+++ b/charts/tekton-pipelines/templates/rolebinding-controller.yaml
@ -5,7 +5,7 @@ kind: RoleBinding
 metadata:
  name: tekton-pipelines-controller
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
 subjects:
 - kind: ServiceAccount
  name: tekton-pipelines-controller
--- a/charts/tekton-pipelines/templates/clusterrolebinding-webhook-leader-election.yaml
+++ b/charts/tekton-pipelines/templates/clusterrolebinding-webhook-leader-election.yaml
@ -1,18 +1,18 @@
-{{- define "clusterrolebinding-webhook-leader-election" -}}
+{{- define "rolebinding-webhook-leader-election" -}}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
  name: tekton-pipelines-webhook-leaderelection
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
 subjects:
 - kind: ServiceAccount
  name: tekton-pipelines-webhook
  namespace: {{ $.Release.Namespace }}
 roleRef:
-  kind: ClusterRole
+  kind: Role
  name: tekton-pipelines-leader-election
  apiGroup: rbac.authorization.k8s.io
 ...
 {{- end -}}
-{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrolebinding-webhook-leader-election" ) }}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "rolebinding-webhook-leader-election" ) }}
--- a/charts/tekton-pipelines/templates/rolebinding-webhook.yaml
+++ b/charts/tekton-pipelines/templates/rolebinding-webhook.yaml
@ -5,7 +5,7 @@ kind: RoleBinding
 metadata:
  name: tekton-pipelines-webhook
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
 subjects:
 - kind: ServiceAccount
  name: tekton-pipelines-webhook
--- a/charts/tekton-pipelines/templates/secret-webhook-certs.yaml
+++ b/charts/tekton-pipelines/templates/secret-webhook-certs.yaml
@ -5,7 +5,7 @@ kind: Secret
 metadata:
  name: webhook-certs
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
 # The data is populated at install time.
 ...
 {{- end -}}
--- a/charts/tekton-pipelines/templates/service-controller.yaml
+++ b/charts/tekton-pipelines/templates/service-controller.yaml
@ -3,7 +3,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
  name: tekton-pipelines-controller
  namespace: {{ $.Release.Namespace }}
 spec:
@ -12,7 +12,9 @@ spec:
    port: {{ $.Values.controller.endpoints.ports.metrics.port }}
    protocol: {{ $.Values.controller.endpoints.ports.metrics.protocol }}
    targetPort: {{ $.Values.controller.endpoints.ports.metrics.targetPort }}
-  selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller") | nindent 4 }}
+  - name: probes
    port: {{ $.Values.controller.endpoints.ports.probes.port }}
  selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-controller" ) }}
--- a/charts/tekton-pipelines/templates/service-webhook.yaml
+++ b/charts/tekton-pipelines/templates/service-webhook.yaml
@ -3,7 +3,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
  name: tekton-pipelines-webhook
  namespace: {{ $.Release.Namespace }}
 spec:
@ -18,7 +18,9 @@ spec:
  - name: https-webhook
    port: {{ $.Values.webhook.endpoints.ports.https_webhook.port }}
    targetPort: {{ $.Values.webhook.endpoints.ports.https_webhook.targetPort }}
-  selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook" )  | nindent 4 }}
+  - name: probes
    port: {{ $.Values.webhook.endpoints.ports.probes.port }}
  selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines")  | nindent 4 }}
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-webhook" ) }}
--- a/charts/tekton-pipelines/templates/serviceaccount-controller.yaml
+++ b/charts/tekton-pipelines/templates/serviceaccount-controller.yaml
@ -5,7 +5,7 @@ kind: ServiceAccount
 metadata:
  name: tekton-pipelines-controller
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-pipelines") | nindent 4 }}
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "serviceaccount-controller" ) }}
--- a/charts/tekton-pipelines/templates/serviceaccount-webhook.yaml
+++ b/charts/tekton-pipelines/templates/serviceaccount-webhook.yaml
@ -5,7 +5,7 @@ kind: ServiceAccount
 metadata:
  name: tekton-pipelines-webhook
  namespace: {{ $.Release.Namespace }}
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "serviceaccount-webhook" ) }}
--- a/charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-config.yaml
+++ b/charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-config.yaml
@ -4,10 +4,10 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
  name: config.webhook.pipeline.tekton.dev
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
 webhooks:
 - admissionReviewVersions:
-  - v1beta1
+    - v1
  clientConfig:
    service:
      name: tekton-pipelines-webhook
--- a/charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-validation.yaml
+++ b/charts/tekton-pipelines/templates/validatingwebhookconfiguration-webhook-validation.yaml
@ -4,10 +4,10 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
  name: validation.webhook.pipeline.tekton.dev
-  labels: {{- include "helpers.labels.labels" (dict "Global" $) | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-pipelines") | nindent 4 }}
 webhooks:
 - admissionReviewVersions:
-  - v1beta1
+    - v1
  clientConfig:
    service:
      name: tekton-pipelines-webhook
--- a/charts/tekton-pipelines/values.yaml
+++ b/charts/tekton-pipelines/values.yaml
@ -1,41 +1,35 @@
 # Default values file for Tekton-Pipelines
 ---
 images:
  applications:
    controller:
-      tag: v0.19.0
+      tag: v0.21.0
      name: tektoncd/pipeline/cmd/controller
      repo: gcr.io/tekton-releases/github.com
    kubeconfig_writer_image:
-      tag: v0.19.0
+      tag: v0.21.0
      name: tektoncd/pipeline/cmd/kubeconfigwriter
      repo: gcr.io/tekton-releases/github.com
    creds_image:
      tag: v0.19.0
      name: tektoncd/pipeline/cmd/creds-init
      repo: gcr.io/tekton-releases/github.com
    git_image:
-      tag: v0.19.0
+      tag: v0.21.0
      name: tektoncd/pipeline/cmd/git-init
      repo: gcr.io/tekton-releases/github.com
    entrypoint_image:
-      tag: v0.19.0
+      tag: v0.21.0
      name: tektoncd/pipeline/cmd/entrypoint
      repo: gcr.io/tekton-releases/github.com
    nop_image:
-      tag: v0.19.0
+      tag: v0.21.0
      name: tektoncd/pipeline/cmd/nop
      repo: gcr.io/tekton-releases/github.com
    imagedigest_exporter_image:
-      tag: v0.19.0
+      tag: v0.21.0
      name: tektoncd/pipeline/cmd/imagedigestexporter
      repo: gcr.io/tekton-releases/github.com
    pr_image:
-      tag: v0.19.0
+      tag: v0.21.0
      name: pipeline/cmd/pullrequest-init
      repo: gcr.io/tekton-releases/github.com
    build_gcs_fetcher_image:
-      tag: v0.19.0
+      tag: v0.21.0
      name: tektoncd/pipeline/vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher
      repo: gcr.io/tekton-releases/github.com
    gsutil_image:
@ -50,7 +44,7 @@ images:
      name: base@sha256
      repo: gcr.io/distroless
    webhook:
-      tag: v0.19.0
+      tag: v0.21.0
      name: tektoncd/pipeline/cmd/webhook
      repo: gcr.io/tekton-releases/github.com
  pull:
@ -71,6 +65,8 @@ controller:
        port: 9090
        protocol: TCP
        targetPort: 9090
      probes:
        port: 8080
  pod:
    replicas: 1
@ -102,6 +98,10 @@ controller:
      disable_home_env_overwrite: "false"
      disable_working_directory_overwrite: "false"
      running_in_environment_with_injected_sidecars: "true"
      disable_creds_init: "false"
      require_git_ssh_secret_known_hosts: "false"
      enable_tekton_oci_bundles: "false"
      enable_custom_tasks: "false"
 webhook:
  endpoints:
@ -115,6 +115,8 @@ webhook:
      https_webhook:
        port: 443
        targetPort: 8443
      probes:
        port: 8080
  pod:
    probes:
--- a/charts/tekton-triggers/crds/crd_clustertriggerbinding-triggers.yaml
+++ b/charts/tekton-triggers/crds/crd_clustertriggerbinding-triggers.yaml
@ -4,11 +4,11 @@ kind: CustomResourceDefinition
 metadata:
  name: clustertriggerbindings.triggers.tekton.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: clustertriggerbindings
    app.kubernetes.io/part-of: tekton-triggers
 spec:
  group: triggers.tekton.dev
  scope: Cluster
  names:
    kind: ClusterTriggerBinding
    plural: clustertriggerbindings
@ -18,16 +18,21 @@ spec:
    categories:
      - tekton
      - tekton-triggers
  preserveUnknownFields: false
  scope: Cluster
  versions:
-  - name: v1alpha1
+    - name: v1alpha1
-    served: true
+      served: true
-    storage: true
+      storage: true
-    subresources:
+      schema:
-      status: {}
+        openAPIV3Schema:
-    schema:
+          type: object
-      openAPIV3Schema:
+          # One can use x-kubernetes-preserve-unknown-fields: true
-        type: object
+          # at the root of the schema (and inside any properties, additionalProperties)
-        x-kubernetes-preserve-unknown-fields: true
+          # to get the traditional CRD behaviour that nothing is pruned, despite
          # setting spec.preserveUnknownProperties: false.
          #
          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
          # See issue: https://github.com/knative/serving/issues/912
          x-kubernetes-preserve-unknown-fields: true
      subresources:
        status: {}
 ...
--- a/charts/tekton-triggers/crds/crd_eventlistener-triggers.yaml
+++ b/charts/tekton-triggers/crds/crd_eventlistener-triggers.yaml
@ -4,11 +4,11 @@ kind: CustomResourceDefinition
 metadata:
  name: eventlisteners.triggers.tekton.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: eventlisteners
    app.kubernetes.io/part-of: tekton-triggers
 spec:
  group: triggers.tekton.dev
  scope: Namespaced
  names:
    kind: EventListener
    plural: eventlisteners
@ -18,26 +18,39 @@ spec:
    categories:
      - tekton
      - tekton-triggers
  preserveUnknownFields: false
  scope: Namespaced
  versions:
-  - name: v1alpha1
+    - name: v1alpha1
-    served: true
+      served: true
-    storage: true
+      storage: true
-    subresources:
+      schema:
-      status: {}
+        openAPIV3Schema:
-    additionalPrinterColumns:
+          type: object
-      - name: Address
+          # One can use x-kubernetes-preserve-unknown-fields: true
-        type: string
+          # at the root of the schema (and inside any properties, additionalProperties)
-        jsonPath: .status.address.url
+          # to get the traditional CRD behaviour that nothing is pruned, despite
-      - name: Available
+          # setting spec.preserveUnknownProperties: false.
-        type: string
+          #
-        jsonPath: ".status.conditions[?(@.type=='Available')].status"
+          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
-      - name: Reason
+          # See issue: https://github.com/knative/serving/issues/912
-        type: string
+          x-kubernetes-preserve-unknown-fields: true
-        jsonPath: ".status.conditions[?(@.type=='Available')].reason"
+      # Opt into the status subresource so metadata.generation
-    schema:
+      # starts to increment
-      openAPIV3Schema:
+      subresources:
-        type: object
+        status: {}
-        x-kubernetes-preserve-unknown-fields: true
+      additionalPrinterColumns:
        - name: Address
          type: string
          jsonPath: .status.address.url
        - name: Available
          type: string
          jsonPath: ".status.conditions[?(@.type=='Available')].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type=='Available')].reason"
        - name: Ready
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].status"
        - name: Reason
          type: string
          jsonPath: ".status.conditions[?(@.type=='Ready')].reason"
 ...
--- a/charts/tekton-triggers/crds/crd_trigger-triggers.yaml
+++ b/charts/tekton-triggers/crds/crd_trigger-triggers.yaml
@ -4,11 +4,11 @@ kind: CustomResourceDefinition
 metadata:
  name: triggers.triggers.tekton.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: triggers
    app.kubernetes.io/part-of: tekton-triggers
 spec:
  group: triggers.tekton.dev
  scope: Namespaced
  names:
    kind: Trigger
    plural: triggers
@ -18,16 +18,23 @@ spec:
    categories:
      - tekton
      - tekton-triggers
  preserveUnknownFields: false
  scope: Namespaced
  versions:
-  - name: v1alpha1
+    - name: v1alpha1
-    served: true
+      served: true
-    storage: true
+      storage: true
-    subresources:
+      schema:
-      status: {}
+        openAPIV3Schema:
-    schema:
+          type: object
-      openAPIV3Schema:
+          # One can use x-kubernetes-preserve-unknown-fields: true
-        type: object
+          # at the root of the schema (and inside any properties, additionalProperties)
-        x-kubernetes-preserve-unknown-fields: true
+          # to get the traditional CRD behaviour that nothing is pruned, despite
          # setting spec.preserveUnknownProperties: false.
          #
          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
          # See issue: https://github.com/knative/serving/issues/912
          x-kubernetes-preserve-unknown-fields: true
      # Opt into the status subresource so metadata.generation
      # starts to increment
      subresources:
        status: {}
 ...
--- a/charts/tekton-triggers/crds/crd_triggerbinding-triggers.yaml
+++ b/charts/tekton-triggers/crds/crd_triggerbinding-triggers.yaml
@ -4,11 +4,11 @@ kind: CustomResourceDefinition
 metadata:
  name: triggerbindings.triggers.tekton.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: triggerbindings
    app.kubernetes.io/part-of: tekton-triggers
 spec:
  group: triggers.tekton.dev
  scope: Namespaced
  names:
    kind: TriggerBinding
    plural: triggerbindings
@ -18,16 +18,23 @@ spec:
    categories:
      - tekton
      - tekton-triggers
  preserveUnknownFields: false
  scope: Namespaced
  versions:
-  - name: v1alpha1
+    - name: v1alpha1
-    served: true
+      served: true
-    storage: true
+      storage: true
-    subresources:
+      schema:
-      status: {}
+        openAPIV3Schema:
-    schema:
+          type: object
-      openAPIV3Schema:
+          # One can use x-kubernetes-preserve-unknown-fields: true
-        type: object
+          # at the root of the schema (and inside any properties, additionalProperties)
-        x-kubernetes-preserve-unknown-fields: true
+          # to get the traditional CRD behaviour that nothing is pruned, despite
          # setting spec.preserveUnknownProperties: false.
          #
          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
          # See issue: https://github.com/knative/serving/issues/912
          x-kubernetes-preserve-unknown-fields: true
      # Opt into the status subresource so metadata.generation
      # starts to increment
      subresources:
        status: {}
 ...
--- a/charts/tekton-triggers/crds/crd_triggertemplate-triggers.yaml
+++ b/charts/tekton-triggers/crds/crd_triggertemplate-triggers.yaml
@ -4,11 +4,11 @@ kind: CustomResourceDefinition
 metadata:
  name: triggertemplates.triggers.tekton.dev
  labels:
    app.kubernetes.io/component: tekton
    app.kubernetes.io/name: triggertemplates
    app.kubernetes.io/part-of: tekton-triggers
 spec:
  group: triggers.tekton.dev
  scope: Namespaced
  names:
    kind: TriggerTemplate
    plural: triggertemplates
@ -18,16 +18,23 @@ spec:
    categories:
      - tekton
      - tekton-triggers
  preserveUnknownFields: false
  scope: Namespaced
  versions:
-  - name: v1alpha1
+    - name: v1alpha1
-    served: true
+      served: true
-    storage: true
+      storage: true
-    subresources:
+      schema:
-      status: {}
+        openAPIV3Schema:
-    schema:
+          type: object
-      openAPIV3Schema:
+          # One can use x-kubernetes-preserve-unknown-fields: true
-        type: object
+          # at the root of the schema (and inside any properties, additionalProperties)
-        x-kubernetes-preserve-unknown-fields: true
+          # to get the traditional CRD behaviour that nothing is pruned, despite
          # setting spec.preserveUnknownProperties: false.
          #
          # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
          # See issue: https://github.com/knative/serving/issues/912
          x-kubernetes-preserve-unknown-fields: true
      # Opt into the status subresource so metadata.generation
      # starts to increment
      subresources:
        status: {}
 ...
--- a/charts/tekton-triggers/templates/clusterrole-admin.yaml
+++ b/charts/tekton-triggers/templates/clusterrole-admin.yaml
@ -3,7 +3,7 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
  name: tekton-triggers-admin
 rules:
  - apiGroups:
@ -91,6 +91,21 @@ rules:
      - delete
      - patch
      - watch
  - apiGroups:
      - serving.knative.dev
    resources:
      - "*"
      - "*/status"
      - "*/finalizers"
    verbs:
      - get
      - list
      - create
      - update
      - delete
      - deletecollection
      - patch
      - watch
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrole-admin" ) }}
--- a/charts/tekton-triggers/templates/clusterrole-aggregate_edit.yaml
+++ b/charts/tekton-triggers/templates/clusterrole-aggregate_edit.yaml
@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: tekton-triggers-aggregate-edit
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
 rules:
--- a/charts/tekton-triggers/templates/clusterrole-aggregate_view.yaml
+++ b/charts/tekton-triggers/templates/clusterrole-aggregate_view.yaml
@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: tekton-triggers-aggregate-view
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
    rbac.authorization.k8s.io/aggregate-to-view: "true"
 rules:
  - apiGroups:
--- a/charts/tekton-triggers/templates/clusterrole-core_interceptors.yaml
+++ b/charts/tekton-triggers/templates/clusterrole-core_interceptors.yaml
@ -0,0 +1,19 @@
 {{- define "clusterrole-core_interceptors" -}}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: tekton-triggers-core-interceptors
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
 rules:
  - apiGroups:
      - "*"
    resources:
      - secrets
    verbs:
      - get
      - list
      - watch
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrole-core_interceptors" ) }}
--- a/charts/tekton-triggers/templates/clusterrolebinding-controller_admin.yaml
+++ b/charts/tekton-triggers/templates/clusterrolebinding-controller_admin.yaml
@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
  name: tekton-triggers-controller-admin
 roleRef:
  kind: ClusterRole
--- a/charts/tekton-triggers/templates/clusterrolebinding-core_interceptors.yaml
+++ b/charts/tekton-triggers/templates/clusterrolebinding-core_interceptors.yaml
@ -0,0 +1,18 @@
 {{- define "clusterrolebinding-core_interceptors" -}}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
  name: tekton-triggers-core-interceptors
 roleRef:
  kind: ClusterRole
  name: tekton-triggers-core-interceptors
  apiGroup: rbac.authorization.k8s.io
 subjects:
  - kind: ServiceAccount
    name: tekton-triggers-core-interceptors
    namespace: {{ $.Release.Namespace }}
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "clusterrolebinding-core_interceptors" ) }}
--- a/charts/tekton-triggers/templates/clusterrolebinding-webhook_admin.yaml
+++ b/charts/tekton-triggers/templates/clusterrolebinding-webhook_admin.yaml
@ -3,7 +3,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
  name: tekton-triggers-webhook-admin
 roleRef:
  kind: ClusterRole
--- a/charts/tekton-triggers/templates/config-logging.yaml
+++ b/charts/tekton-triggers/templates/config-logging.yaml
@ -4,6 +4,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: config-logging-triggers
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
 data:
  zap-logger-config: |
    {{ $.Values.config.zap_logger_config | toJson }}
--- a/charts/tekton-triggers/templates/config-observability.yaml
+++ b/charts/tekton-triggers/templates/config-observability.yaml
@ -4,6 +4,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: config-observability-triggers
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
 data:
 {{- $.Values.configobservability | toYaml | nindent 2 }}
 {{- end -}}
--- a/charts/tekton-triggers/templates/deployment-controller.yaml
+++ b/charts/tekton-triggers/templates/deployment-controller.yaml
@ -4,7 +4,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: tekton-triggers-controller
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-triggers") | nindent 4 }}
 spec:
  replicas: 1
  selector:
@ -17,7 +17,8 @@ spec:
      maxSurge: 3
  template:
    metadata:
-      labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 8 }}
+      labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-triggers") | nindent 8 }}
        app: tekton-triggers-controller
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
    spec:
@ -36,6 +37,14 @@ spec:
            - {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "tekton_eventlistener" ) }}
            - -el-port
            - {{ $.Values.config.controller.el_port | quote }}
            - -el-readtimeout
            - {{ $.Values.config.controller.el_readtimeout | quote }}
            - -el-writetimeout
            - {{ $.Values.config.controller.el_writetimeout | quote }}
            - -el-idletimeout
            - {{ $.Values.config.controller.el_idletimeout | quote }}
            - -el-timeouthandler
            - {{ $.Values.config.controller.el_timeouthandler | quote }}
            - -period-seconds
            - {{ $.Values.config.controller.period_seconds | quote }}
            - -failure-threshold
--- a/charts/tekton-triggers/templates/deployment-core_interceptors.yaml
+++ b/charts/tekton-triggers/templates/deployment-core_interceptors.yaml
@ -0,0 +1,55 @@
 {{- define "deployment-core_interceptors" -}}
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: tekton-triggers-core-interceptors
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "interceptors" "PartOf" "tekton-triggers") | nindent 4 }}
 spec:
  replicas: 1
  selector:
    matchLabels: {{- include "helpers.labels.matchLabels" (dict "Global" $) | nindent 6 }}
  revisionHistoryLimit: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 3
  template:
    metadata:
      labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "interceptors" "PartOf" "tekton-triggers") | nindent 8 }}
        app: tekton-triggers-core-interceptors
    spec:
      serviceAccountName: tekton-triggers-core-interceptors
      nodeSelector: {{- include "helpers.pod.node_selector" ( dict "Global" $ "Application" "tekton_interceptor" ) | nindent 8 }}
      terminationGracePeriodSeconds: 30
      containers:
        - name: tekton-triggers-core-interceptors
          image: {{ include "helpers.pod.container.image" ( dict "Global" $ "Application" "tekton_interceptors" ) }}
          imagePullPolicy: {{ $.Values.images.pull.policy | quote }}
          args:
            - -logtostderr
            - -stderrthreshold
            - {{ $.Values.config.controller.stderrthreshold | quote }}
          env:
            - name: SYSTEM_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: CONFIG_LOGGING_NAME
              value: config-logging-triggers
            - name: CONFIG_OBSERVABILITY_NAME
              value: config-observability-triggers
            - name: METRICS_DOMAIN
              value: tekton.dev/triggers
          securityContext:
            allowPrivilegeEscalation: false
            runAsUser: 65532
            runAsGroup: 65532
            capabilities:
              drop:
                - all
      volumes: []
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "deployment-core_interceptors" ) }}
--- a/charts/tekton-triggers/templates/deployment-webhook.yaml
+++ b/charts/tekton-triggers/templates/deployment-webhook.yaml
@ -4,7 +4,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: tekton-triggers-webhook
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }}
 spec:
  replicas: 1
  selector:
@ -17,7 +17,8 @@ spec:
      maxSurge: 3
  template:
    metadata:
-      labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 8 }}
+      labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook"  "PartOf" "tekton-triggers") | nindent 8 }}
        app: tekton-triggers-webhook
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
    spec:
@ -43,7 +44,7 @@ spec:
              value: tekton.dev/triggers
          ports:
            - name: metrics
-              containerPort: {{ $.Values.params.endpoints.ports.metrics.port }}
+              containerPort: {{ $.Values.params.endpoints.ports.metrics.target }}
            - name: profiling
              containerPort: {{ $.Values.params.endpoints.ports.profiling.port }}
            - name: https-webhook
--- a/charts/tekton-triggers/templates/mutatingwebhookconfig-webhook.yaml
+++ b/charts/tekton-triggers/templates/mutatingwebhookconfig-webhook.yaml
@ -4,9 +4,11 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
  name: webhook.triggers.tekton.dev
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }}
 webhooks:
  - admissionReviewVersions:
      - v1beta1
      - v1
    clientConfig:
      service:
        name: tekton-triggers-webhook
--- a/charts/tekton-triggers/templates/psp-triggers.yaml
+++ b/charts/tekton-triggers/templates/psp-triggers.yaml
@ -4,9 +4,7 @@ apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
 metadata:
  name: tekton-triggers
-  labels:
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
    app.kubernetes.io/instance: tekton-triggers
    app.kubernetes.io/part-of: tekton-triggers
 spec:
  privileged: false
  allowPrivilegeEscalation: false
--- a/charts/tekton-triggers/templates/role-core_interceptors.yaml
+++ b/charts/tekton-triggers/templates/role-core_interceptors.yaml
@ -0,0 +1,27 @@
 {{- define "role-core_interceptors" -}}
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
  name: tekton-triggers-core-interceptors
  namespace: {{ $.Release.Namespace }}
 rules:
  - apiGroups:
      - policy
    resources:
      - podsecuritypolicies
    resourceNames:
      - tekton-triggers
    verbs:
      - use
  - apiGroups:
      - "*"
    resources:
      - configmaps
    verbs:
      - get
      - list
      - watch
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "role-core_interceptors" ) }}
--- a/charts/tekton-triggers/templates/role-triggers_admin.yaml
+++ b/charts/tekton-triggers/templates/role-triggers_admin.yaml
@ -1,9 +1,9 @@
-{{- define "role_admin-triggers" -}}
+{{- define "role-triggers_admin" -}}
 ---
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
  name: tekton-triggers-admin
  namespace: {{ $.Release.Namespace }}
 rules:
@ -16,4 +16,4 @@ rules:
    verbs:
      - use
 {{- end -}}
-{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "role_admin-triggers" ) }}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "role-triggers_admin" ) }}
--- a/charts/tekton-triggers/templates/role-webhook_admin.yaml
+++ b/charts/tekton-triggers/templates/role-webhook_admin.yaml
@ -3,7 +3,7 @@
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
  name: tekton-triggers-admin-webhook
  namespace: {{ $.Release.Namespace }}
 rules:
--- a/charts/tekton-triggers/templates/rolebinding-controller_admin.yaml
+++ b/charts/tekton-triggers/templates/rolebinding-controller_admin.yaml
@ -1,14 +1,11 @@
 {{- define "rolebinding-controller_admin" -}}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: tekton-triggers-controller-admin
  namespace: {{ $.Release.Namespace }}
-  labels:
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
    app.kubernetes.io/instance: tekton-triggers
    app.kubernetes.io/part-of: tekton-triggers
 subjects:
  - kind: ServiceAccount
    name: tekton-triggers-controller
--- a/charts/tekton-triggers/templates/rolebinding-core_interceptors.yaml
+++ b/charts/tekton-triggers/templates/rolebinding-core_interceptors.yaml
@ -0,0 +1,18 @@
 {{- define "rolebinding-core_interceptors" -}}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: tekton-triggers-core-interceptors
  namespace: {{ $.Release.Namespace }}
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
 subjects:
  - kind: ServiceAccount
    name: tekton-triggers-core-interceptors
    namespace: {{ $.Release.Namespace }}
 roleRef:
  kind: Role
  name: tekton-triggers-core-interceptors
  apiGroup: rbac.authorization.k8s.io
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "rolebinding-core_interceptors" ) }}
--- a/charts/tekton-triggers/templates/rolebinding-webhook_admin.yaml
+++ b/charts/tekton-triggers/templates/rolebinding-webhook_admin.yaml
@ -5,9 +5,7 @@ kind: RoleBinding
 metadata:
  name: tekton-triggers-webhook-admin
  namespace: {{ $.Release.Namespace }}
-  labels:
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
    app.kubernetes.io/instance: tekton-triggers
    app.kubernetes.io/part-of: tekton-triggers
 subjects:
  - kind: ServiceAccount
    name: tekton-triggers-webhook
--- a/charts/tekton-triggers/templates/secret-triggers.yaml
+++ b/charts/tekton-triggers/templates/secret-triggers.yaml
@ -4,6 +4,7 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: triggers-webhook-certs
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }}
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "secret-triggers" ) }}
--- a/charts/tekton-triggers/templates/service-controller.yaml
+++ b/charts/tekton-triggers/templates/service-controller.yaml
@ -4,14 +4,14 @@ apiVersion: v1
 kind: Service
 metadata:
  name: tekton-triggers-controller
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-triggers") | nindent 4 }}
 spec:
-  selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller") | nindent 4 }}
+  selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "controller" "PartOf" "tekton-triggers") | nindent 4 }}
  ports:
    - name: http-metrics
      protocol: TCP
      port: {{ $.Values.params.endpoints.ports.metrics.port }}
-      targetPort: {{ $.Values.params.endpoints.ports.metrics.port }}
+      targetPort: {{ $.Values.params.endpoints.ports.metrics.target }}
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-controller" ) }}
--- a/charts/tekton-triggers/templates/service-core_interceptors.yaml
+++ b/charts/tekton-triggers/templates/service-core_interceptors.yaml
@ -0,0 +1,16 @@
 {{- define "service-core_interceptors" -}}
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: tekton-triggers-core-interceptors
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "interceptors" "PartOf" "tekton-triggers") | nindent 4 }}
 spec:
  selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "interceptors" "PartOf" "tekton-triggers") | nindent 4 }}
  ports:
    - name: http
      port: {{ $.Values.params.endpoints.ports.interceptors.port }}
      targetPort: {{ $.Values.params.endpoints.ports.interceptors.target }}
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "service-core_interceptors" ) }}
--- a/charts/tekton-triggers/templates/service-webhook.yaml
+++ b/charts/tekton-triggers/templates/service-webhook.yaml
@ -4,9 +4,9 @@ apiVersion: v1
 kind: Service
 metadata:
  name: tekton-triggers-webhook
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }}
 spec:
-  selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook")| nindent 4 }}
+  selector: {{- include "helpers.labels.matchLabels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers")| nindent 4 }}
  ports:
    - name: https-webhook
      protocol: TCP
--- a/charts/tekton-triggers/templates/serviceaccount-controller.yaml
+++ b/charts/tekton-triggers/templates/serviceaccount-controller.yaml
@ -3,7 +3,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
  name: tekton-triggers-controller
  namespace: {{ $.Release.Namespace }}
 ...
--- a/charts/tekton-triggers/templates/serviceaccount-core_interceptors.yaml
+++ b/charts/tekton-triggers/templates/serviceaccount-core_interceptors.yaml
@ -0,0 +1,11 @@
 {{- define "serviceaccount-core_interceptors" -}}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
  name: tekton-triggers-core-interceptors
  namespace: {{ $.Release.Namespace }}
 ...
 {{- end -}}
 {{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "serviceaccount-core_interceptors" ) }}
--- a/charts/tekton-triggers/templates/serviceaccount-webhook.yaml
+++ b/charts/tekton-triggers/templates/serviceaccount-webhook.yaml
@ -3,7 +3,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "tekton" "PartOf" "tekton-triggers") | nindent 4 }}
+  labels: {{- include "helpers.labels.labels" (dict "Global" $ "PartOf" "tekton-triggers") | nindent 4 }}
  name: tekton-triggers-webhook
  namespace: {{ $.Release.Namespace }}
 ...
--- a/charts/tekton-triggers/templates/validatingwebhookconfig-config.yaml
+++ b/charts/tekton-triggers/templates/validatingwebhookconfig-config.yaml
@ -1,12 +1,14 @@
-{{- define "config-validation" -}}
+{{- define "validatingwebhookconfig-config" -}}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
  name: config.webhook.triggers.tekton.dev
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }}
 webhooks:
  - admissionReviewVersions:
      - v1beta1
      - v1
    clientConfig:
      service:
        name: tekton-triggers-webhook
@ -20,4 +22,4 @@ webhooks:
          operator: Exists
 ...
 {{- end -}}
-{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "config-validation" ) }}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "validatingwebhookconfig-config" ) }}
--- a/charts/tekton-triggers/templates/validatingwebhookconfig-validation.yaml
+++ b/charts/tekton-triggers/templates/validatingwebhookconfig-validation.yaml
@ -1,12 +1,14 @@
-{{- define "validatingwebhookconfig-webhook" -}}
+{{- define "validatingwebhookconfig-validation" -}}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
  name: validation.webhook.triggers.tekton.dev
  labels: {{- include "helpers.labels.labels" (dict "Global" $ "Component" "webhook" "PartOf" "tekton-triggers") | nindent 4 }}
 webhooks:
  - admissionReviewVersions:
      - v1beta1
      - v1
    clientConfig:
      service:
        name: tekton-triggers-webhook
@ -14,6 +16,10 @@ webhooks:
    failurePolicy: Fail
    sideEffects: None
    name: validation.webhook.triggers.tekton.dev
    namespaceSelector:
      matchExpressions:
        - key: triggers.tekton.dev/release
          operator: Exists
 ...
 {{- end -}}
-{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "validatingwebhookconfig-webhook" ) }}
+{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "validatingwebhookconfig-validation" ) }}
--- a/charts/tekton-triggers/values.yaml
+++ b/charts/tekton-triggers/values.yaml
@ -1,10 +1,14 @@
 ---
 config:
  controller:
    period_seconds: 10
    failure_threshold: 1
    stderrthreshold: INFO
    el_port: 8080
    el_readtimeout: 5
    el_writetimeout: 40
    el_idletimeout: 120
    el_timeouthandler: 30
    failure_threshold: 1
    period_seconds: 10
    stderrthreshold: INFO
  loglevel:
    controller: info
    eventlistener: info
@ -23,8 +27,8 @@ config:
      messageKey: msg
      nameKey: logger
      stacktraceKey: stacktrace
-      timeEncoder: ''
+      timeEncoder: iso8601
-      timeKey: ''
+      timeKey: ts
    encoding: json
    errorOutputPaths:
      - stderr
@ -40,6 +44,7 @@ params:
    ports:
      metrics:
        port: 9090
        target: 9090
        scheme: http
      profiling:
        port: 8008
@ -48,21 +53,32 @@ params:
        port: 443
        target: 8443
        scheme: https
      interceptors:
        port: 80
        target: 8082
 images:
  applications:
    tekton_controller:
      name: tektoncd/triggers/cmd/controller
      repo: gcr.io/tekton-releases/github.com
-      tag: v0.10.2
+      tag: v0.12.0
    tekton_eventlistener:
      name: tektoncd/triggers/cmd/eventlistenersink
      repo: gcr.io/tekton-releases/github.com
-      tag: v0.10.2
+      tag: v0.12.0
    tekton_webhook:
      name: tektoncd/triggers/cmd/webhook
      repo: gcr.io/tekton-releases/github.com
-      tag: v0.10.2
+      tag: v0.12.0
    tekton_interceptors:
      name: tektoncd/triggers/cmd/interceptors
      repo: gcr.io/tekton-releases/github.com
      tag: v0.12.0
    tekton_eventlistenersink:
      name: tektoncd/triggers/cmd/eventlistenersink
      repo: gcr.io/tekton-releases/github.com
      tag: v0.12.0
  pull:
    policy: IfNotPresent