diff --git a/charts/tekton-pipeline/Chart.yaml b/charts/tekton-pipeline/Chart.yaml index 3e3547e..6e1a179 100644 --- a/charts/tekton-pipeline/Chart.yaml +++ b/charts/tekton-pipeline/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart for Tekton Pipelines name: tekton-pipeline -version: 1.0.2 -appVersion: 0.42.0 +version: 1.0.3 +appVersion: 0.65.3 icon: https://avatars2.githubusercontent.com/u/47602533 home: https://github.com/cdfoundation/tekton-helm-chart diff --git a/charts/tekton-pipeline/templates/clustertasks.tekton.dev-crd.yaml b/charts/tekton-pipeline/templates/clustertasks.tekton.dev-crd.yaml index eb88003..303cfec 100644 --- a/charts/tekton-pipeline/templates/clustertasks.tekton.dev-crd.yaml +++ b/charts/tekton-pipeline/templates/clustertasks.tekton.dev-crd.yaml @@ -19,8 +19,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.42.0" - version: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" + version: "v0.65.3" spec: group: tekton.dev preserveUnknownFields: false @@ -51,11 +51,3 @@ spec: - tekton - tekton-pipelines scope: Cluster - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1beta1"] - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines diff --git a/charts/tekton-pipeline/templates/config-artifact-bucket-cm.yaml b/charts/tekton-pipeline/templates/config-artifact-bucket-cm.yaml deleted file mode 100644 index 1aef58d..0000000 --- a/charts/tekton-pipeline/templates/config-artifact-bucket-cm.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-artifact-bucket - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines -# data: -# # location of the gcs bucket to be used for artifact storage -# location: "gs://bucket-name" -# # name of the secret that will contain the credentials for the service account -# # with access to the bucket -# bucket.service.account.secret.name: -# # The key in the secret with the required service account json -# bucket.service.account.secret.key: -# # The field name that should be used for the service account -# # Valid values: GOOGLE_APPLICATION_CREDENTIALS, BOTO_CONFIG. -# bucket.service.account.field.name: GOOGLE_APPLICATION_CREDENTIALS diff --git a/charts/tekton-pipeline/templates/config-events-cm.yaml b/charts/tekton-pipeline/templates/config-events-cm.yaml new file mode 100644 index 0000000..6976fe4 --- /dev/null +++ b/charts/tekton-pipeline/templates/config-events-cm.yaml @@ -0,0 +1,48 @@ +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-events + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # formats contains a comma seperated list of event formats to be used + # the only format supported today is "tektonv1". An empty string is not + # a valid configuration. To disable events, do not specify the sink. + formats: "tektonv1" + + # sink contains the event sink to be used for TaskRun, PipelineRun and + # CustomRun. If no sink is specified, no CloudEvent is generated. + # This setting supercedes the "default-cloud-events-sink" from the + # "config-defaults" config map + sink: "https://events.sink/cdevents" diff --git a/charts/tekton-pipeline/templates/config-leader-election-controller-cm.yaml b/charts/tekton-pipeline/templates/config-leader-election-controller-cm.yaml new file mode 100644 index 0000000..1178a3f --- /dev/null +++ b/charts/tekton-pipeline/templates/config-leader-election-controller-cm.yaml @@ -0,0 +1,51 @@ +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-controller + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" diff --git a/charts/tekton-pipeline/templates/config-leader-election-events-cm.yaml b/charts/tekton-pipeline/templates/config-leader-election-events-cm.yaml new file mode 100644 index 0000000..c92bbad --- /dev/null +++ b/charts/tekton-pipeline/templates/config-leader-election-events-cm.yaml @@ -0,0 +1,51 @@ +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-events + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" diff --git a/charts/tekton-pipeline/templates/config-leader-election-cm.yaml b/charts/tekton-pipeline/templates/config-leader-election-resolvers-cm.yaml similarity index 98% rename from charts/tekton-pipeline/templates/config-leader-election-cm.yaml rename to charts/tekton-pipeline/templates/config-leader-election-resolvers-cm.yaml index 7ea76cf..2867627 100644 --- a/charts/tekton-pipeline/templates/config-leader-election-cm.yaml +++ b/charts/tekton-pipeline/templates/config-leader-election-resolvers-cm.yaml @@ -15,7 +15,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: config-leader-election + name: config-leader-election-resolvers labels: app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default diff --git a/charts/tekton-pipeline/templates/config-leader-election-webhook-cm.yaml b/charts/tekton-pipeline/templates/config-leader-election-webhook-cm.yaml new file mode 100644 index 0000000..17621b6 --- /dev/null +++ b/charts/tekton-pipeline/templates/config-leader-election-webhook-cm.yaml @@ -0,0 +1,51 @@ +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-webhook + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" diff --git a/charts/tekton-pipeline/templates/config-spire-cm.yaml b/charts/tekton-pipeline/templates/config-spire-cm.yaml new file mode 100644 index 0000000..437951c --- /dev/null +++ b/charts/tekton-pipeline/templates/config-spire-cm.yaml @@ -0,0 +1,48 @@ +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-spire + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # spire-trust-domain specifies the SPIRE trust domain to use. + # spire-trust-domain: "example.org" + # + # spire-socket-path specifies the SPIRE agent socket for SPIFFE workload API. + # spire-socket-path: "unix:///spiffe-workload-api/spire-agent.sock" + # + # spire-server-addr specifies the SPIRE server address for workload/node registration. + # spire-server-addr: "spire-server.spire.svc.cluster.local:8081" + # + # spire-node-alias-prefix specifies the SPIRE node alias prefix to use. + # spire-node-alias-prefix: "/tekton-node/" diff --git a/charts/tekton-pipeline/templates/config-trusted-resources-cm.yaml b/charts/tekton-pipeline/templates/config-tracing-cm.yaml similarity index 74% rename from charts/tekton-pipeline/templates/config-trusted-resources-cm.yaml rename to charts/tekton-pipeline/templates/config-tracing-cm.yaml index 8058df1..6bc3679 100644 --- a/charts/tekton-pipeline/templates/config-trusted-resources-cm.yaml +++ b/charts/tekton-pipeline/templates/config-tracing-cm.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 The Tekton Authors +# Copyright 2023 The Tekton Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: config-trusted-resources + name: config-tracing labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines @@ -34,7 +34,12 @@ data: # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. - - # publickeys specifies the list of public keys, the paths are separated by comma - # publickeys: "/etc/verification-secrets/cosign.pub, - # gcpkms://projects/tekton/locations/us/keyRings/trusted-resources/cryptoKeys/trusted-resources" + # + # Enable sending traces to defined endpoint by setting this to true + enabled: "true" + # + # API endpoint to send the traces to + # (optional): The default value is given below + endpoint: "http://jaeger-collector.jaeger.svc.cluster.local:14268/api/traces" + # (optional) Name of the k8s secret which contains basic auth credentials + credentialsSecret: "jaeger-creds" diff --git a/charts/tekton-pipeline/templates/config.webhook.pipeline.tekton.dev-valwebhookcfg.yaml b/charts/tekton-pipeline/templates/config.webhook.pipeline.tekton.dev-valwebhookcfg.yaml index b5654cc..4baef3e 100644 --- a/charts/tekton-pipeline/templates/config.webhook.pipeline.tekton.dev-valwebhookcfg.yaml +++ b/charts/tekton-pipeline/templates/config.webhook.pipeline.tekton.dev-valwebhookcfg.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" webhooks: - admissionReviewVersions: ["v1"] clientConfig: diff --git a/charts/tekton-pipeline/templates/customruns.tekton.dev-crd.yaml b/charts/tekton-pipeline/templates/customruns.tekton.dev-crd.yaml index e9dfde3..750dbc6 100644 --- a/charts/tekton-pipeline/templates/customruns.tekton.dev-crd.yaml +++ b/charts/tekton-pipeline/templates/customruns.tekton.dev-crd.yaml @@ -19,8 +19,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.42.0" - version: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" + version: "v0.65.3" spec: group: tekton.dev preserveUnknownFields: false diff --git a/charts/tekton-pipeline/templates/config-artifact-pvc-cm.yaml b/charts/tekton-pipeline/templates/http-resolver-config-cm.yaml similarity index 75% rename from charts/tekton-pipeline/templates/config-artifact-pvc-cm.yaml rename to charts/tekton-pipeline/templates/http-resolver-config-cm.yaml index 5b6c916..658bfe0 100644 --- a/charts/tekton-pipeline/templates/config-artifact-pvc-cm.yaml +++ b/charts/tekton-pipeline/templates/http-resolver-config-cm.yaml @@ -1,4 +1,4 @@ -# Copyright 2019 The Tekton Authors +# Copyright 2023 The Tekton Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,13 +15,11 @@ apiVersion: v1 kind: ConfigMap metadata: - name: config-artifact-pvc + name: http-resolver-config labels: + app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines -# data: -# # size of the PVC volume -# size: 5Gi -# -# # storage class of the PVC volume -# storageClassName: storage-class-name +data: + # The maximum amount of time the http resolver will wait for a response from the server. + fetch-timeout: "1m" diff --git a/charts/tekton-pipeline/templates/pipelineruns.tekton.dev-crd.yaml b/charts/tekton-pipeline/templates/pipelineruns.tekton.dev-crd.yaml index f9cf27f..70fbd2c 100644 --- a/charts/tekton-pipeline/templates/pipelineruns.tekton.dev-crd.yaml +++ b/charts/tekton-pipeline/templates/pipelineruns.tekton.dev-crd.yaml @@ -19,15 +19,15 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.42.0" - version: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" + version: "v0.65.3" spec: group: tekton.dev preserveUnknownFields: false versions: - name: v1beta1 served: true - storage: true + storage: false schema: openAPIV3Schema: type: object @@ -57,8 +57,8 @@ spec: subresources: status: {} - name: v1 - served: false - storage: false + served: true + storage: true schema: openAPIV3Schema: type: object diff --git a/charts/tekton-pipeline/templates/pipelines-info-cm.yaml b/charts/tekton-pipeline/templates/pipelines-info-cm.yaml index 923d1d0..8aa60c5 100644 --- a/charts/tekton-pipeline/templates/pipelines-info-cm.yaml +++ b/charts/tekton-pipeline/templates/pipelines-info-cm.yaml @@ -25,4 +25,4 @@ data: # this ConfigMap such that even if we don't have access to # other resources in the namespace we still can have access to # this ConfigMap. - version: "v0.42.0" + version: "v0.65.3" diff --git a/charts/tekton-pipeline/templates/pipelines.tekton.dev-crd.yaml b/charts/tekton-pipeline/templates/pipelines.tekton.dev-crd.yaml index 9689c16..6cdcff6 100644 --- a/charts/tekton-pipeline/templates/pipelines.tekton.dev-crd.yaml +++ b/charts/tekton-pipeline/templates/pipelines.tekton.dev-crd.yaml @@ -19,15 +19,15 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.42.0" - version: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" + version: "v0.65.3" spec: group: tekton.dev preserveUnknownFields: false versions: - name: v1beta1 served: true - storage: true + storage: false subresources: status: {} schema: @@ -42,8 +42,8 @@ spec: # See issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true - name: v1 - served: false - storage: false + served: true + storage: true schema: openAPIV3Schema: type: object diff --git a/charts/tekton-pipeline/templates/runs.tekton.dev-crd.yaml b/charts/tekton-pipeline/templates/stepactions.tekton.dev-crd.yaml similarity index 62% rename from charts/tekton-pipeline/templates/runs.tekton.dev-crd.yaml rename to charts/tekton-pipeline/templates/stepactions.tekton.dev-crd.yaml index 911ccc1..bb1d308 100644 --- a/charts/tekton-pipeline/templates/runs.tekton.dev-crd.yaml +++ b/charts/tekton-pipeline/templates/stepactions.tekton.dev-crd.yaml @@ -1,4 +1,4 @@ -# Copyright 2020 The Tekton Authors +# Copyright 2023 The Tekton Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,17 +15,35 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: runs.tekton.dev + name: stepactions.tekton.dev labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.42.0" - version: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" + version: "v0.65.3" spec: group: tekton.dev preserveUnknownFields: false versions: - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1beta1 served: true storage: true schema: @@ -39,27 +57,14 @@ spec: # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ # See issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime - - name: CompletionTime - type: date - jsonPath: .status.completionTime # Opt into the status subresource so metadata.generation # starts to increment subresources: status: {} names: - kind: Run - plural: runs - singular: run + kind: StepAction + plural: stepactions + singular: stepaction categories: - tekton - tekton-pipelines diff --git a/charts/tekton-pipeline/templates/taskruns.tekton.dev-crd.yaml b/charts/tekton-pipeline/templates/taskruns.tekton.dev-crd.yaml index 05eaf55..57c801d 100644 --- a/charts/tekton-pipeline/templates/taskruns.tekton.dev-crd.yaml +++ b/charts/tekton-pipeline/templates/taskruns.tekton.dev-crd.yaml @@ -19,15 +19,15 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.42.0" - version: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" + version: "v0.65.3" spec: group: tekton.dev preserveUnknownFields: false versions: - name: v1beta1 served: true - storage: true + storage: false schema: openAPIV3Schema: type: object @@ -57,8 +57,8 @@ spec: subresources: status: {} - name: v1 - served: false - storage: false + served: true + storage: true schema: openAPIV3Schema: type: object diff --git a/charts/tekton-pipeline/templates/tasks.tekton.dev-crd.yaml b/charts/tekton-pipeline/templates/tasks.tekton.dev-crd.yaml index 3de873c..58ee040 100644 --- a/charts/tekton-pipeline/templates/tasks.tekton.dev-crd.yaml +++ b/charts/tekton-pipeline/templates/tasks.tekton.dev-crd.yaml @@ -19,15 +19,15 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.42.0" - version: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" + version: "v0.65.3" spec: group: tekton.dev preserveUnknownFields: false versions: - name: v1beta1 served: true - storage: true + storage: false schema: openAPIV3Schema: type: object @@ -44,8 +44,8 @@ spec: subresources: status: {} - name: v1 - served: false - storage: false + served: true + storage: true schema: openAPIV3Schema: type: object diff --git a/charts/tekton-pipeline/templates/tekton-aggregate-edit-clusterrole.yaml b/charts/tekton-pipeline/templates/tekton-aggregate-edit-clusterrole.yaml index fb6cf03..a921a9a 100644 --- a/charts/tekton-pipeline/templates/tekton-aggregate-edit-clusterrole.yaml +++ b/charts/tekton-pipeline/templates/tekton-aggregate-edit-clusterrole.yaml @@ -29,9 +29,9 @@ rules: - taskruns - pipelines - pipelineruns - - pipelineresources - runs - customruns + - stepactions verbs: - create - delete diff --git a/charts/tekton-pipeline/templates/tekton-aggregate-view-clusterrole.yaml b/charts/tekton-pipeline/templates/tekton-aggregate-view-clusterrole.yaml index 5effc13..d6948e2 100644 --- a/charts/tekton-pipeline/templates/tekton-aggregate-view-clusterrole.yaml +++ b/charts/tekton-pipeline/templates/tekton-aggregate-view-clusterrole.yaml @@ -28,9 +28,9 @@ rules: - taskruns - pipelines - pipelineruns - - pipelineresources - runs - customruns + - stepactions verbs: - get - list diff --git a/charts/tekton-pipeline/templates/tekton-events-controller-cluster-access-clusterrole.yaml b/charts/tekton-pipeline/templates/tekton-events-controller-cluster-access-clusterrole.yaml new file mode 100644 index 0000000..5035e56 --- /dev/null +++ b/charts/tekton-pipeline/templates/tekton-events-controller-cluster-access-clusterrole.yaml @@ -0,0 +1,12 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-events-controller-cluster-access + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns"] + verbs: ["get", "list", "watch"] diff --git a/charts/tekton-pipeline/templates/tekton-events-controller-cluster-access-crb.yaml b/charts/tekton-pipeline/templates/tekton-events-controller-cluster-access-crb.yaml new file mode 100644 index 0000000..bb7ed5c --- /dev/null +++ b/charts/tekton-pipeline/templates/tekton-events-controller-cluster-access-crb.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-events-controller-cluster-access + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: '{{ .Release.Namespace }}' +roleRef: + kind: ClusterRole + name: tekton-events-controller-cluster-access + apiGroup: rbac.authorization.k8s.io diff --git a/charts/tekton-pipeline/templates/tekton-events-controller-deploy.yaml b/charts/tekton-pipeline/templates/tekton-events-controller-deploy.yaml new file mode 100644 index 0000000..debb564 --- /dev/null +++ b/charts/tekton-pipeline/templates/tekton-events-controller-deploy.yaml @@ -0,0 +1,131 @@ +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-events-controller + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.3" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.3" + # labels below are related to istio and should not be used for resource lookup + version: "v0.65.3" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.3" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.3" + # labels below are related to istio and should not be used for resource lookup + app: tekton-events-controller + version: "v0.65.3" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + serviceAccountName: tekton-events-controller + containers: + - name: tekton-events-controller + image: ghcr.io/tektoncd/pipeline/events-a9042f7efb0cbade2a868a1ee5ddd52c:v0.65.3@sha256:45d0defae953be18630dbad039f27eee6cb9833d20ac49c5a9ae7af5f6990c33 + args: [] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + - name: config-registry-cert + mountPath: /etc/config-registry-cert + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_DEFAULTS_NAME + value: config-defaults + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-events + - name: SSL_CERT_FILE + value: /etc/config-registry-cert/cert + - name: SSL_CERT_DIR + value: /etc/ssl/certs + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - "ALL" + # User 65532 is the nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + volumes: + - name: config-logging + configMap: + name: config-logging + - name: config-registry-cert + configMap: + name: config-registry-cert diff --git a/charts/tekton-pipeline/templates/tekton-events-controller-leaderelection-rb.yaml b/charts/tekton-pipeline/templates/tekton-events-controller-leaderelection-rb.yaml new file mode 100644 index 0000000..646b220 --- /dev/null +++ b/charts/tekton-pipeline/templates/tekton-events-controller-leaderelection-rb.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-events-controller-leaderelection + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: '{{ .Release.Namespace }}' +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io diff --git a/charts/tekton-pipeline/templates/tekton-events-controller-sa.yaml b/charts/tekton-pipeline/templates/tekton-events-controller-sa.yaml new file mode 100644 index 0000000..a8fcb20 --- /dev/null +++ b/charts/tekton-pipeline/templates/tekton-events-controller-sa.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-events-controller + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipeline/templates/tekton-events-controller-svc.yaml b/charts/tekton-pipeline/templates/tekton-events-controller-svc.yaml new file mode 100644 index 0000000..de0fbb4 --- /dev/null +++ b/charts/tekton-pipeline/templates/tekton-events-controller-svc.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.3" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.3" + # labels below are related to istio and should not be used for resource lookup + app: tekton-events-controller + version: "v0.65.3" + name: tekton-events-controller +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-controller-cluster-access-clusterrole.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-controller-cluster-access-clusterrole.yaml index 5d7c286..b728dc5 100644 --- a/charts/tekton-pipeline/templates/tekton-pipelines-controller-cluster-access-clusterrole.yaml +++ b/charts/tekton-pipeline/templates/tekton-pipelines-controller-cluster-access-clusterrole.yaml @@ -25,16 +25,23 @@ rules: # Controller needs to watch Pods created by TaskRuns to see them progress. resources: ["pods"] verbs: ["list", "watch"] + - apiGroups: [""] + # Controller needs to get the list of cordoned nodes over the course of a single run + resources: ["nodes"] + verbs: ["list"] # Controller needs cluster access to all of the CRDs that it is responsible for # managing. - apiGroups: ["tekton.dev"] - resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "runs", "customruns"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns", "stepactions"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["tekton.dev"] - resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers", "customruns/finalizers"] + resources: ["verificationpolicies"] + verbs: ["get", "list", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "customruns/finalizers"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["tekton.dev"] - resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status", "runs/status", "customruns/status"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "customruns/status", "verificationpolicies/status", "stepactions/status"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] # resolution.tekton.dev - apiGroups: ["resolution.tekton.dev"] diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-controller-deploy.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-controller-deploy.yaml index 9c0e17c..16df9cc 100644 --- a/charts/tekton-pipeline/templates/tekton-pipelines-controller-deploy.yaml +++ b/charts/tekton-pipeline/templates/tekton-pipelines-controller-deploy.yaml @@ -6,12 +6,12 @@ metadata: app.kubernetes.io/instance: default app.kubernetes.io/name: controller app.kubernetes.io/part-of: tekton-pipelines - app.kubernetes.io/version: v0.42.0 + app.kubernetes.io/version: v0.65.3 {{- with .Values.controller.deployment.labels }} {{- toYaml . | nindent 4 }} {{- end}} - pipeline.tekton.dev/release: v0.42.0 - version: v0.42.0 + pipeline.tekton.dev/release: v0.65.3 + version: v0.65.3 name: tekton-pipelines-controller spec: replicas: 1 @@ -34,12 +34,12 @@ spec: app.kubernetes.io/instance: default app.kubernetes.io/name: controller app.kubernetes.io/part-of: tekton-pipelines - app.kubernetes.io/version: v0.42.0 + app.kubernetes.io/version: v0.65.3 {{- with .Values.controller.pod.labels }} {{- toYaml . | nindent 8 }} {{- end}} - pipeline.tekton.dev/release: v0.42.0 - version: v0.42.0 + pipeline.tekton.dev/release: v0.65.3 + version: v0.65.3 spec: affinity: {{- with .Values.controller.affinity }} @@ -47,22 +47,14 @@ spec: {{- end }} containers: - args: - - -kubeconfig-writer-image - - gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.42.0@sha256:672df16c97c15d20102749c6e86195683d037bd6c8787560c9c07ade8b610071 - - -git-image - - gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.42.0@sha256:211b0822659b2030a9e12b1cdb47faab2187a63a24ed9d21044520f967674138 - -entrypoint-image - - gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.42.0@sha256:77e43d0fc9f7e7bdfa31dc16082b08dace05ce81c91a06c00dfa2f547212ce72 + - ghcr.io/tektoncd/pipeline/entrypoint-bff0a22da108bc2f16c818c97641a296:v0.65.3@sha256:0b4eb672fc6ab0d9fd365bbe11bbefa83131f27185ff3c11cf7f20ccb0e43155 - -nop-image - - gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.42.0@sha256:bd1fcc45d40a8ef1621789856caa2f54d7a884f19af921105feafae0131648c5 - - -imagedigest-exporter-image - - gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.42.0@sha256:370d5a0e39577f784f1376fac0822230b9a44950c01fe2190692a0a5a810adc6 - - -pr-image - - gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.42.0@sha256:e00d578d40d57a5124bee5107cb3358763874588a7fe2522ebc7bb979280d06e + - ghcr.io/tektoncd/pipeline/nop-8eac7c133edad5df719dc37b36b62482:v0.65.3@sha256:5d6d6f3fce07a7e2d65c77f706c081c0d6fea22fdb085a879eeb0e6c1f12ce78 + - -sidecarlogresults-image + - ghcr.io/tektoncd/pipeline/sidecarlogresults-7501c6a20d741631510a448b48ab098f:v0.65.3@sha256:fc3b8c29c6056e5639ac3ae9083c00701a20722dec9991c0fd3a14e46b45f02e - -workingdirinit-image - - gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.42.0@sha256:60a39c629448ac2845c4781513ef44c2f2fbcb6eb321d70a016002b5fa7b2379 - - -gsutil-image - - gcr.io/google.com/cloudsdktool/cloud-sdk@sha256:27b2c22bf259d9bc1a291e99c63791ba0c27a04d2db0a43241ba0f1f20f4067f + - ghcr.io/tektoncd/pipeline/workingdirinit-0c558922ec6a1b739e550e349f2d5fc1:v0.65.3@sha256:c3a301aebc2fca8f0c477e4246d48d9b85a37ed0b41dd541f6503e7f1e15571e - -shell-image - cgr.dev/chainguard/busybox@sha256:19f02276bf8dbdd62f069b922f10c65262cc34b710eea26ff928129a736be791 - -shell-image-win @@ -78,16 +70,12 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability - - name: CONFIG_ARTIFACT_BUCKET_NAME - value: config-artifact-bucket - - name: CONFIG_ARTIFACT_PVC_NAME - value: config-artifact-pvc - name: CONFIG_FEATURE_FLAGS_NAME value: feature-flags - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: CONFIG_TRUSTED_RESOURCES_NAME - value: config-trusted-resources + value: config-leader-election-controller + - name: CONFIG_SPIRE + value: config-spire - name: SSL_CERT_FILE value: /etc/config-registry-cert/cert - name: SSL_CERT_DIR @@ -122,11 +110,14 @@ spec: initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 + resources: + {{- toYaml .Values.controller.resources | nindent 10 }} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL + readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 @@ -137,9 +128,6 @@ spec: name: config-logging - mountPath: /etc/config-registry-cert name: config-registry-cert - - mountPath: /etc/verification-secrets - name: verification-secrets - readOnly: true image: {{ .Values.controller.deployment.image }} nodeSelector: {{- with .Values.controller.nodeSelector }} @@ -156,8 +144,4 @@ spec: name: config-logging - configMap: name: config-registry-cert - name: config-registry-cert - - name: verification-secrets - secret: - optional: true - secretName: verification-secrets \ No newline at end of file + name: config-registry-cert \ No newline at end of file diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-controller-role.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-controller-role.yaml index 80d441b..b1294ee 100644 --- a/charts/tekton-pipeline/templates/tekton-pipelines-controller-role.yaml +++ b/charts/tekton-pipeline/templates/tekton-pipelines-controller-role.yaml @@ -28,4 +28,4 @@ rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["get"] - resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", "config-artifact-pvc", "feature-flags", "config-leader-election", "config-registry-cert"] + resourceNames: ["config-logging", "config-observability", "feature-flags", "config-leader-election-controller", "config-registry-cert"] diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-controller-svc.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-controller-svc.yaml index efdcc07..e2f9506 100644 --- a/charts/tekton-pipeline/templates/tekton-pipelines-controller-svc.yaml +++ b/charts/tekton-pipeline/templates/tekton-pipelines-controller-svc.yaml @@ -5,13 +5,13 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.42.0" + app.kubernetes.io/version: "v0.65.3" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.42.0" + version: "v0.65.3" name: tekton-pipelines-controller spec: ports: diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-events-controller-rb.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-events-controller-rb.yaml new file mode 100644 index 0000000..6691568 --- /dev/null +++ b/charts/tekton-pipeline/templates/tekton-pipelines-events-controller-rb.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-events-controller + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: '{{ .Release.Namespace }}' +roleRef: + kind: Role + name: tekton-pipelines-events-controller + apiGroup: rbac.authorization.k8s.io diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-events-controller-role.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-events-controller-role.yaml new file mode 100644 index 0000000..0f28c25 --- /dev/null +++ b/charts/tekton-pipeline/templates/tekton-pipelines-events-controller-role.yaml @@ -0,0 +1,17 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-events-controller + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The controller needs access to these configmaps for logging information and runtime configuration. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "feature-flags", "config-leader-election-events", "config-registry-cert"] diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-remote-resolvers-deploy.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-remote-resolvers-deploy.yaml index a279e17..0df94b9 100644 --- a/charts/tekton-pipeline/templates/tekton-pipelines-remote-resolvers-deploy.yaml +++ b/charts/tekton-pipeline/templates/tekton-pipelines-remote-resolvers-deploy.yaml @@ -6,9 +6,9 @@ metadata: app.kubernetes.io/instance: default app.kubernetes.io/name: resolvers app.kubernetes.io/part-of: tekton-pipelines - app.kubernetes.io/version: v0.42.0 - pipeline.tekton.dev/release: v0.42.0 - version: v0.42.0 + app.kubernetes.io/version: v0.65.3 + pipeline.tekton.dev/release: v0.65.3 + version: v0.65.3 name: tekton-pipelines-remote-resolvers spec: replicas: 1 @@ -26,9 +26,9 @@ spec: app.kubernetes.io/instance: default app.kubernetes.io/name: resolvers app.kubernetes.io/part-of: tekton-pipelines - app.kubernetes.io/version: v0.42.0 - pipeline.tekton.dev/release: v0.42.0 - version: v0.42.0 + app.kubernetes.io/version: v0.65.3 + pipeline.tekton.dev/release: v0.65.3 + version: v0.65.3 spec: affinity: {{- with .Values.remoteresolver.affinity }} @@ -58,16 +58,24 @@ spec: - name: CONFIG_FEATURE_FLAGS_NAME value: feature-flags - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election + value: config-leader-election-resolvers - name: METRICS_DOMAIN value: tekton.dev/resolution + - name: PROBES_PORT + value: "8080" - name: ARTIFACT_HUB_API value: https://artifacthub.io/ - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.42.0@sha256:eaa7d21d45f0bc1c411823d6a943e668c820f9cf52f1549d188edb89e992f6e0 + - name: TEKTON_HUB_API + value: https://api.hub.tekton.dev/ + image: ghcr.io/tektoncd/pipeline/resolvers-ff86b24f130c42b88983d3c13993056d:v0.65.3@sha256:81b76337e4de0c5cf0ab50cbf0557bca40a89a834bc9a321dda01339d1a10edb name: controller ports: - containerPort: 9090 name: metrics + - containerPort: 8008 + name: profiling + - containerPort: 8080 + name: probes resources: {{- with .Values.remoteresolver.resources }} {{- toYaml . | trim | nindent 10 }} diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-remote-resolvers-svc.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-remote-resolvers-svc.yaml new file mode 100644 index 0000000..6f67816 --- /dev/null +++ b/charts/tekton-pipeline/templates/tekton-pipelines-remote-resolvers-svc.yaml @@ -0,0 +1,44 @@ +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.65.3" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.65.3" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-remote-resolvers + version: "v0.65.3" + name: tekton-pipelines-remote-resolvers +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-resolvers-resolution-request-updates-clusterrole.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-resolvers-resolution-request-updates-clusterrole.yaml index 3215d74..4364334 100644 --- a/charts/tekton-pipeline/templates/tekton-pipelines-resolvers-resolution-request-updates-clusterrole.yaml +++ b/charts/tekton-pipeline/templates/tekton-pipelines-resolvers-resolution-request-updates-clusterrole.yaml @@ -26,9 +26,9 @@ rules: resources: ["resolutionrequests", "resolutionrequests/status"] verbs: ["get", "list", "watch", "update", "patch"] - apiGroups: ["tekton.dev"] - resources: ["tasks", "pipelines"] + resources: ["tasks", "pipelines", "stepactions"] verbs: ["get", "list"] # Read-only access to these. - apiGroups: [""] - resources: ["secrets"] + resources: ["secrets", "serviceaccounts"] verbs: ["get", "list", "watch"] diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-webhook-cluster-access-clusterrole.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-webhook-cluster-access-clusterrole.yaml index 5f40859..26c8796 100644 --- a/charts/tekton-pipeline/templates/tekton-pipelines-webhook-cluster-access-clusterrole.yaml +++ b/charts/tekton-pipeline/templates/tekton-pipelines-webhook-cluster-access-clusterrole.yaml @@ -15,13 +15,13 @@ rules: resourceNames: - pipelines.tekton.dev - pipelineruns.tekton.dev - - runs.tekton.dev - tasks.tekton.dev - clustertasks.tekton.dev - taskruns.tekton.dev - - pipelineresources.tekton.dev - resolutionrequests.resolution.tekton.dev - customruns.tekton.dev + - verificationpolicies.tekton.dev + - stepactions.tekton.dev # knative.dev/pkg needs list/watch permissions to set up informers for the webhook. - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-webhook-deploy.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-webhook-deploy.yaml index ee62ef5..1e5e509 100644 --- a/charts/tekton-pipeline/templates/tekton-pipelines-webhook-deploy.yaml +++ b/charts/tekton-pipeline/templates/tekton-pipelines-webhook-deploy.yaml @@ -6,12 +6,12 @@ metadata: app.kubernetes.io/instance: default app.kubernetes.io/name: webhook app.kubernetes.io/part-of: tekton-pipelines - app.kubernetes.io/version: v0.42.0 + app.kubernetes.io/version: v0.65.3 {{- with .Values.webhook.deployment.labels }} {{- toYaml . | nindent 4 }} {{- end}} - pipeline.tekton.dev/release: v0.42.0 - version: v0.42.0 + pipeline.tekton.dev/release: v0.65.3 + version: v0.65.3 name: tekton-pipelines-webhook spec: selector: @@ -28,12 +28,12 @@ spec: app.kubernetes.io/instance: default app.kubernetes.io/name: webhook app.kubernetes.io/part-of: tekton-pipelines - app.kubernetes.io/version: v0.42.0 + app.kubernetes.io/version: v0.65.3 {{- with .Values.webhook.pod.labels }} {{- toYaml . | nindent 8 }} {{- end}} - pipeline.tekton.dev/release: v0.42.0 - version: v0.42.0 + pipeline.tekton.dev/release: v0.65.3 + version: v0.65.3 spec: affinity: {{- with .Values.webhook.affinity }} @@ -61,11 +61,15 @@ spec: - name: CONFIG_OBSERVABILITY_NAME value: config-observability - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election + value: config-leader-election-webhook - name: CONFIG_FEATURE_FLAGS_NAME value: feature-flags + - name: PROBES_PORT + value: "8080" - name: WEBHOOK_PORT value: "8443" + - name: WEBHOOK_ADMISSION_CONTROLLER_NAME + value: webhook.pipeline.tekton.dev - name: WEBHOOK_SERVICE_NAME value: tekton-pipelines-webhook - name: WEBHOOK_SECRET_NAME @@ -76,7 +80,7 @@ spec: - secretRef: name: '{{ .Values.webhook.envFromSecret }}' optional: true - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.42.0@sha256:90989eeb6e0ba9c481b1faba3b01bcc70725baa58484c8f6ce9d22cc601e63dc + image: ghcr.io/tektoncd/pipeline/webhook-d4749e605405422fd87700164e31b2d1:v0.65.3@sha256:bc13a169e53ad152c1bf3bab769ecd382ba216236974f6bef4bb8c5baa5ec3d2 livenessProbe: httpGet: path: /health @@ -115,6 +119,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-webhook-horizontalpodautoscaler.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-webhook-horizontalpodautoscaler.yaml index c3ab090..4bfd1a6 100644 --- a/charts/tekton-pipeline/templates/tekton-pipelines-webhook-horizontalpodautoscaler.yaml +++ b/charts/tekton-pipeline/templates/tekton-pipelines-webhook-horizontalpodautoscaler.yaml @@ -20,12 +20,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.42.0" + app.kubernetes.io/version: "v0.65.3" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" # labels below are related to istio and should not be used for resource lookup - version: "v0.42.0" + version: "v0.65.3" spec: minReplicas: 1 maxReplicas: 5 diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-webhook-role.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-webhook-role.yaml index 9d3a176..40919ca 100644 --- a/charts/tekton-pipeline/templates/tekton-pipelines-webhook-role.yaml +++ b/charts/tekton-pipeline/templates/tekton-pipelines-webhook-role.yaml @@ -14,7 +14,7 @@ rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["get"] - resourceNames: ["config-logging", "config-observability", "config-leader-election", "feature-flags"] + resourceNames: ["config-logging", "config-observability", "config-leader-election-webhook", "feature-flags"] - apiGroups: [""] resources: ["secrets"] verbs: ["list", "watch"] diff --git a/charts/tekton-pipeline/templates/tekton-pipelines-webhook-svc.yaml b/charts/tekton-pipeline/templates/tekton-pipelines-webhook-svc.yaml index 9215c59..bfd9dcd 100644 --- a/charts/tekton-pipeline/templates/tekton-pipelines-webhook-svc.yaml +++ b/charts/tekton-pipeline/templates/tekton-pipelines-webhook-svc.yaml @@ -5,28 +5,29 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.42.0" + app.kubernetes.io/version: "v0.65.3" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.42.0" + version: "v0.65.3" name: tekton-pipelines-webhook spec: ports: # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics port: 9090 - targetPort: 9090 + targetPort: metrics - name: http-profiling port: 8008 - targetPort: 8008 + targetPort: profiling - name: https-webhook port: 443 targetPort: https-webhook - name: probes port: 8080 + targetPort: probes selector: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook diff --git a/charts/tekton-pipeline/templates/validation.webhook.pipeline.tekton.dev-valwebhookcfg.yaml b/charts/tekton-pipeline/templates/validation.webhook.pipeline.tekton.dev-valwebhookcfg.yaml index e8f5d6e..2d5728f 100644 --- a/charts/tekton-pipeline/templates/validation.webhook.pipeline.tekton.dev-valwebhookcfg.yaml +++ b/charts/tekton-pipeline/templates/validation.webhook.pipeline.tekton.dev-valwebhookcfg.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" webhooks: - admissionReviewVersions: ["v1"] clientConfig: diff --git a/charts/tekton-pipeline/templates/pipelineresources.tekton.dev-crd.yaml b/charts/tekton-pipeline/templates/verificationpolicies.tekton.dev-crd.yaml similarity index 80% rename from charts/tekton-pipeline/templates/pipelineresources.tekton.dev-crd.yaml rename to charts/tekton-pipeline/templates/verificationpolicies.tekton.dev-crd.yaml index 03a732c..397bf4f 100644 --- a/charts/tekton-pipeline/templates/pipelineresources.tekton.dev-crd.yaml +++ b/charts/tekton-pipeline/templates/verificationpolicies.tekton.dev-crd.yaml @@ -1,4 +1,4 @@ -# Copyright 2019 The Tekton Authors +# Copyright 2022 The Tekton Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,12 +15,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: pipelineresources.tekton.dev + name: verificationpolicies.tekton.dev labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.42.0" - version: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" + version: "v0.65.3" spec: group: tekton.dev versions: @@ -38,14 +38,10 @@ spec: # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ # See issue: https://github.com/knative/serving/issues/912 x-kubernetes-preserve-unknown-fields: true - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} names: - kind: PipelineResource - plural: pipelineresources - singular: pipelineresource + kind: VerificationPolicy + plural: verificationpolicies + singular: verificationpolicy categories: - tekton - tekton-pipelines diff --git a/charts/tekton-pipeline/templates/webhook-certs-secret.yaml b/charts/tekton-pipeline/templates/webhook-certs-secret.yaml index 4cba818..1ea903c 100644 --- a/charts/tekton-pipeline/templates/webhook-certs-secret.yaml +++ b/charts/tekton-pipeline/templates/webhook-certs-secret.yaml @@ -20,5 +20,5 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" # The data is populated at install time. diff --git a/charts/tekton-pipeline/templates/webhook.pipeline.tekton.dev-mutwebhookcfg.yaml b/charts/tekton-pipeline/templates/webhook.pipeline.tekton.dev-mutwebhookcfg.yaml index 7ddff56..10ee121 100644 --- a/charts/tekton-pipeline/templates/webhook.pipeline.tekton.dev-mutwebhookcfg.yaml +++ b/charts/tekton-pipeline/templates/webhook.pipeline.tekton.dev-mutwebhookcfg.yaml @@ -6,7 +6,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.42.0" + pipeline.tekton.dev/release: "v0.65.3" webhooks: - admissionReviewVersions: ["v1"] clientConfig: diff --git a/charts/tekton-pipeline/values.yaml b/charts/tekton-pipeline/values.yaml index 24c9f07..dc42ec6 100644 --- a/charts/tekton-pipeline/values.yaml +++ b/charts/tekton-pipeline/values.yaml @@ -13,7 +13,7 @@ serviceaccount: # Values for tekton-pipelines-controller controller: deployment: - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.42.0@sha256:1fa50403c071b768984e23e26d0e68d2f7e470284ef2eb73581ec556bacdad95 + image: ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36:v0.65.3@sha256:4a36ae96bd285531bfbbe17e8a7603414b66bef809b8fd577f9cf7f4eef9a64d labels: {} pod: labels: {} @@ -64,7 +64,7 @@ remoteresolver: memory: 100Mi limits: cpu: 1000m - memory: 1000Mi + memory: 4Gi # configuration to put in the config-defaults ConfigMap configDefaults: _example: | @@ -124,6 +124,72 @@ configDefaults: # default-max-matrix-combinations-count contains the default maximum number # of combinations from a Matrix, if none is specified. default-max-matrix-combinations-count: "256" + + # default-forbidden-env contains comma seperated environment variables that cannot be + # overridden by podTemplate. + default-forbidden-env: + + # default-resolver-type contains the default resolver type to be used in the cluster, + # no default-resolver-type is specified by default + default-resolver-type: + + # default-imagepullbackoff-timeout contains the default duration to wait + # before requeuing the TaskRun to retry, specifying 0 here is equivalent to fail fast + # possible values could be 1m, 5m, 10s, 1h, etc + # default-imagepullbackoff-timeout: "5m" + + # default-container-resource-requirements allow users to update default resource requirements + # to a init-containers and containers of a pods create by the controller + # Onet: All the resource requirements are applied to init-containers and containers + # only if the existing resource requirements are empty. + # default-container-resource-requirements: | + # place-scripts: # updates resource requirements of a 'place-scripts' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # prepare: # updates resource requirements of a 'prepare' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "256Mi" + # cpu: "500m" + # + # working-dir-initializer: # updates resource requirements of a 'working-dir-initializer' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "512Mi" + # cpu: "500m" + # + # prefix-scripts: # updates resource requirements of containers which starts with 'scripts-' + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # prefix-sidecar-scripts: # updates resource requirements of containers which starts with 'sidecar-scripts-' + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # default: # updates resource requirements of init-containers and containers which has empty resource resource requirements + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "256Mi" + # cpu: "500m" gitResolverConfig: # The maximum amount of time a single anonymous cloning resolution may take. fetch-timeout: "1m" @@ -151,10 +217,24 @@ featureFlags: # # The default behaviour is for Tekton to create Affinity Assistants # - # See more in the workspace documentation about Affinity Assistant - # https://github.com/tektoncd/pipeline/blob/main/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline + # See more in the Affinity Assistant documentation + # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md # or https://github.com/tektoncd/pipeline/pull/2630 for more info. + # + # Note: This feature flag is deprecated and will be removed in release v0.60. Consider using `coschedule` feature flag to configure Affinity Assistant behavior. disable-affinity-assistant: "false" + # Setting this flag will determine how PipelineRun Pods are scheduled with Affinity Assistant. + # Acceptable values are "workspaces" (default), "pipelineruns", "isolate-pipelinerun", or "disabled". + # + # Setting it to "workspaces" will schedule all the taskruns sharing the same PVC-based workspace in a pipelinerun to the same node. + # Setting it to "pipelineruns" will schedule all the taskruns in a pipelinerun to the same node. + # Setting it to "isolate-pipelinerun" will schedule all the taskruns in a pipelinerun to the same node, + # and only allows one pipelinerun to run on a node at a time. + # Setting it to "disabled" will not apply any coschedule policy. + # + # See more in the Affinity Assistant documentation + # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md + coschedule: "workspaces" # Setting this flag to "true" will prevent Tekton scanning attached # service accounts and injecting any credentials it finds into your # Steps. @@ -195,23 +275,59 @@ featureFlags: # This is an experimental feature and thus should still be considered # an alpha feature. enable-tekton-oci-bundles: "false" - # Setting this flag to "true" enables the use of custom tasks from - # within pipelines. - # This is an experimental feature and thus should still be considered - # an alpha feature. - enable-custom-tasks: "false" # Setting this flag will determine which gated features are enabled. # Acceptable values are "stable", "beta", or "alpha". - enable-api-fields: "stable" - # Setting this flag to "true" enables CloudEvents for Runs, as long as a + enable-api-fields: "beta" + # Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a # CloudEvents sink is configured in the config-defaults config map send-cloudevents-for-runs: "false" - # Setting this flag to "enforce" will enforce verification of tasks/pipeline. Failing to verify - # will fail the taskrun/pipelinerun. "warn" will only log the err message and "skip" - # will skip the whole verification - resource-verification-mode: "skip" + # This flag affects the behavior of taskruns and pipelineruns in cases where no VerificationPolicies match them. + # If it is set to "fail", TaskRuns and PipelineRuns will fail verification if no matching policies are found. + # If it is set to "warn", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and an error will be logged. + # If it is set to "ignore", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and no error will be logged. + trusted-resources-verification-no-match-policy: "ignore" # Setting this flag to "true" enables populating the "provenance" field in TaskRun # and PipelineRun status. This field contains metadata about resources used # in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline # definition was fetched. - enable-provenance-in-status: "false" + enable-provenance-in-status: "true" + # Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance. + # If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance. + # If set to "none", then Tekton will not have non-falsifiable provenance. + # This is an experimental feature and thus should still be considered an alpha feature. + enforce-nonfalsifiability: "none" + # Setting this flag will determine how Tekton pipelines will handle extracting results from the task. + # Acceptable values are "termination-message" or "sidecar-logs". + # "sidecar-logs" is now a beta feature. + results-from: "termination-message" + # Setting this flag will determine the upper limit of each task result + # This flag is optional and only associated with the previous flag, results-from + # When results-from is set to "sidecar-logs", this flag can be used to configure the upper limit of a task result + # max-result-size: "4096" + # Setting this flag to "true" will limit privileges for containers injected by Tekton into TaskRuns. + # This allows TaskRuns to run in namespaces with "restricted" pod security standards. + # Not all Kubernetes implementations support this option. + set-security-context: "false" + # Setting this flag to "true" will keep pod on cancellation + # allowing examination of the logs on the pods from cancelled taskruns + keep-pod-on-cancel: "false" + # Setting this flag to "true" will enable the CEL evaluation in WhenExpression + enable-cel-in-whenexpression: "false" + # Setting this flag to "true" will enable the use of StepActions in Steps + # This feature is in preview mode and not implemented yet. Please check #7259 for updates. + enable-step-actions: "false" + # Setting this flag to "true" will enable the use of Artifacts in Steps + # This feature is in preview mode and not implemented yet. Please check #7693 for updates. + enable-artifacts: "false" + # Setting this flag to "true" will enable the built-in param input validation via param enum. + enable-param-enum: "false" + # Setting this flag to "pipeline,pipelinerun,taskrun" will prevent users from creating + # embedded spec Taskruns or Pipelineruns for Pipeline, Pipelinerun and taskrun + # respectively. We can specify "pipeline" to disable for Pipeline resource only. + # "pipelinerun" for Pipelinerun and "taskrun" for Taskrun. Or a combination of + # these. + disable-inline-spec: "" + # Setting this flag to "true" will enable the use of concise resolver syntax + enable-concise-resolver-syntax: "false" + # Setthing this flag to "true" will enable native Kubernetes Sidecar support + enable-kubernetes-sidecar: "false"