From ec4b380bfbc31990f8cc76dde42e4544d8cd3c19 Mon Sep 17 00:00:00 2001 From: sheril5 Date: Tue, 6 Feb 2024 17:28:31 +0530 Subject: [PATCH] added lastest tekton chart and modified argocd cm --- charts/argo-cd/Chart.yaml | 2 +- charts/argo-cd/values.yaml | 8 + charts/tekton/Chart.yaml | 10 +- .../tekton/charts/tekton-pipeline-1.0.2.tgz | Bin 16066 -> 0 bytes .../tekton/templates/pipeline/pipeline.yaml | 3513 +++++++++++++++++ 5 files changed, 3525 insertions(+), 8 deletions(-) delete mode 100644 charts/tekton/charts/tekton-pipeline-1.0.2.tgz create mode 100644 charts/tekton/templates/pipeline/pipeline.yaml diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index 5f295b9..d5bebb9 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -24,4 +24,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 1.0.1 +version: 1.0.2 diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 9a20a13..d7e26d8 100644 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -181,6 +181,14 @@ configs: # -- Timeout to refresh application data as well as target manifests cache timeout.hard.reconciliation: 0s + resource.exclusions: | + - apiGroups: + - "*" + kinds: + - "PipelineRun" + - "TaskRun" + clusters: + - "*" # Dex configuration # dex.config: | diff --git a/charts/tekton/Chart.yaml b/charts/tekton/Chart.yaml index 4998fad..b8235f7 100644 --- a/charts/tekton/Chart.yaml +++ b/charts/tekton/Chart.yaml @@ -15,16 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.42.0" +appVersion: "0.56.0" + -dependencies: -- name: tekton-pipeline - version: '1.0.2' - # This is the binaries repository, as documented in the GitHub repo - repository: 'https://cdfoundation.github.io/tekton-helm-chart/' diff --git a/charts/tekton/charts/tekton-pipeline-1.0.2.tgz b/charts/tekton/charts/tekton-pipeline-1.0.2.tgz deleted file mode 100644 index f6ee782f24c49fe8da5409b35f6bd31ad03165de..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16066 zcmX||V{{&2yM<#kwr#U98?$L_+jjECR%6>m+&F1$+qUg@PQUN0bNFI8^ivBSq{gH@}k;>>yZ_wT&Syvh(+ z+1*UaR-yA*#U~Ibi%<4CiGHR2XEm*7#TaFfDC-HUE%M&nY}v##J$Im z@eN>EmlN4+`po8;t#r3LV&(#cyJ3k4zfZY&>C84_3NzR0ltzM^rWWO}q zW=P~;=y`GP|3&?5RV)SBlp8JK5cX?;i!sK!wuEl7@nZ@BK^B`$zglYklg-c8NfKOl zO2o2|-0N_=m7$Yal6LU3w{mf2#L)B?_qYJNsSAlsWlVuh^&_RTOxXVZI(+`w;N)oH zMe>^KB?Lr-dpzm=%{uxzW^!Zu%u1O-*6^9AzOY`WU7x^lF{z5xZjcj+ZFhY@zpS}Q ztdxLi{j`^XHOm`T&nma`$3U*HDQhl&RFgkC*(u^UAyC>wKXOdgpV2|9-F6{qG=Rpcr2zt zERnrrk@-n`y*vLLTXRkqAv!~`6n0PIm+CBa+WHAwtTj&Y)RBY=Pi_6?k{wj0!Jx|$g+Zzi%vLTQ}B})|Kq^F28AX-J-}` zjX7z{-|fIXq8i%hjaE*Ea8~f!`NqN;(#3n<+fs&;h+)BoVW77WvpP~0Djno0ZWs;< z4Ehz%!sz6fT)jNp2y88B5XqHD4n>uCH<(7wbUJlEz7=8`WuDXM zhW)~C)H|)+n4}+e!N_UvHBCa8C_3PW#JVu8=^=F5xX3?ZxtLJZOyas2rNig~AmWZa~CzFkkP#;S0tK=Vr@-{yf5- z7XBjZ;*cTfwG=(Xp3cbjF7kzA=}vf5wgTJhrIJM)lK%ZK-(O3(2>Yt2rX)cR3U5s_ zmQObI==DF=u|;uipm2j)hWY7t1?fnKfBX?KJdUe4jcd~^nP@1V6tL zGML&Xb+-H^PO!A20E-*qd9cP_K|#~vU)b(ibgL}maDlnZt9L0XnJo52j-Q^Oo37T) zsuqsVGsH*+irDTo>VXnXJ{HrM3%3b!V|`i!O?GfyZBvC%9$oo9vzJu-iwb{`$`=I% zbFREAUze@{+5OXMu9}y8PMp^8;>Nro)YB;&gbkPof+;@!V4MZRnUXnEFPg16@dUdpdA^Xk1Bq>3h|*!3B}7~-Ddkh}#YzBrbWhY8HG|a5*enhSPQ*%JnP)ha z{Z^hx*QPawhk5b%JMK#>Dt`y43%<0#EjvzBzLb?NjgM?+$zF`zNnRNHcclSuTiHz_ zq@J*%&_@s2RdEo63o-N)lz6i*<*X@`a=ujvl=IcHDNj`Mw8+SA2rm|o5X6KlB7$Gc za-sR&@ruYnJ^aU~{TWwNd^*U^mi=@uinPIPP%XsX08^wwHjOEO1ICM-)KUpOQpp;t zdi|sctC8!&i5I6i%8sS|~(#}^V3`pIz6Esv^HM%ZbR~|gMuX0L zW-$lB#_t%?^jzgVoFeUQ>NlzJko9i86Vb#eId@*V9SEw2G%YeXd>6#2R~!RK9~=bfwV#cgToUg>Y_N1z+`vo*m15|db(6vgoCoA-w&iFwea4QW}6McT-y zrP%He5W(>}5)CpvcK#IhTnjfqY}xXz%E=TJ5Qaj|Gc9854Ii)EzfARNni%PDp=-Uz zXsTcp1(Prtbkf0LkQu<`FE*6!>b>at*;1eONGd-DUhM*h8=XzMBpnUDCM%mgb2@*t zN}(wl2_6gh=V%6=Id%Z?=kJZisg6zVn!m&ZW~?9TbCF zx{!@QVL>{`**bb}3#qj6nUUV^eDNBSf;QN^^O#$W1!hg@=lmC5N8O+3PO&O(8+ zNj%s)J`&+V@Uv-?NB+ST=mbj-654`odneR_9p?5N`e@(DT{iY63+-xWF!KtY?FaZU zcw{`pxu``Z>fy$wF19C0f7r-hkzPW!}}pPLfwYqjJZGP#VM9 z=In{vA!WKGC@4agOa9U&)WnQ{fG^FNrHrOW3@$)4$B)CNU>@NG^GhiT+;GW&on2ob$|_KjD>wGJSk^x##F3{^VUQCiwCo|_Mh^}KFVgsNrQXnv zgYO&6>#>WKw`uuUuv%Vk^53i|cYT~QW>~|ZJ+gs7@}V3Bgnko^%==ZtpF2=&ojOAjBFRPlBvyz^l zaJ`3-As_eXs=a1O(w|s*C>Er+$VD-TlwhnmOwTIQR*Awj6|K<_^>$iZOum+O#$zsPQO~l9x8AL}mR&EDH8LjExfEcy ztdH&6FvEm!Zbf8GhWO!H6+mJl{ApTJktV03ZN#i9S=Y3)pq)V`E7TbM8DiQ`5k-Jf zP&*R$4R!)YSS;i>vpmUwoIx>L1&?S+le%_pBSIP4@CgzAY)($W=Ros*Khdn|q_u&5 z(!4%$+i5NILov}O5$KPY@5jBzt6z26@=|6n38}8DX}w* z{2qiurt29K{CHJ~bINuAUjs8?|2cDLL0cUqJjR>5b16xjjUsAhulwI5A(dK*8xrqE zJ1WQG(bdr3guTuq#Y)czHUyP*YVR3peaW57!q9TPiYjdR&K4EaiZ#&ui41wYfnfkP!kwQo2l% z3fGX%U%qk=D%$>@B49@`(Sq)yQ0uBiEf%EX8~(fdmDO;{pEuE%Nibo4;p%n0`Pc{hrwJ`U4Z$RkO1%(@OY9>slT7feKqkR@3ZwL&ut&zAnQ;Ct+} zI(PAD?S|suJ!0b?WR7m*j-CyA2L|oWzm_l;xl-GlS;-1T8oI7gC~;l}ZsO_lX+~ z4b7pq*5PgEe))i=WUo2n2=B^?)!p4~P=HLBT=3iJTyZ?!d+Cg+{um9~aPBa7seV5c zHtCo0kL_;*)Nmp4ke}#vT#kd}zZ0=Ule+7&1T7+b736E5VRb@nESPj;bxMF3tQcD> z5cTg^5XmzzD(LL)>}Z)0(Jx`@`=Q`&7GzY@)bIqF3vBfVPGt$L8J;r4sq^>+$p^$G zMwF$*bW!ITa5KE;V4^>;Wxoz{he7bSJEKAse^SXziDIA05Lj?*`V_cd_;*TP1uC`wn58EUOM0pqh?H;Jq%v zlYzs0@PG_jVR$JZsGjk3u`mQ#s~VF+u7fb*LldR7A($!OXQ`j1)K~zk#|R#_#Xl#V zj^U3HP+};+6>22Shm$cX5x6@x^$0kW>jQ|ufI1irG*`o6ZhZ2%5yi2hNN*fr>2vwQ z_&JIt10#mIQd8PnU~lNQD*m(Gi?)6jbQgu={LNa@iO1eK7b;u3Ho>bLxgPrR9(NJ^ zv`k`NOb2d+gXO+m*|g-7I|u#~E#dG4Zg>9QQ!705m5ODwl>qSvqMtAPBbUw3kPnl; zSwR<@*qq$)Z!#}tLZzxAWVU2NfpHNzk3aI`3t8KX=sL)%!VSfPLdoCXKi_|7J8C6l zJ?yzLmi*4%gGCn zo|fD#lBq=b5`=Yxk#-c#=XcS|Z6O;~W&1~R_YZ}-q&C67Y5 zXdF5U7Y`A}AsXZJ`CqrXA0)4Wn{#HCde`N*{+Ipd^kO{ueoZAoW0PG@ zN%3E*5Ib4)Z4L&o13l6FVz;bsekSeur0FLUpdaj}HM%!2DJhEW`GiY^AHspI=qnv!vV`6ruQi5~xNE^*4bPpLNM z>l*0X2E+_K$KJomd4SVgtvYgg1A296E%R(YcoVc0Ba^Q}L!_PKe%Re`9%=6jpOrrs zH|Q#IF0Abj1~%cAEwSniz}qJzLLinuEWcx|8Mtp7cuveq zSaH}Dy`;u@2gQY)S9AvWZT@#l>~D>NJI*WKro1q!;v{UL(k`?LIStcE7|;InqY~!7 zpuPJh!!sp2VY(pUIz@7h8MSOX4BG{}{zZ=zwX-DqA`b#Md3FeTqeJzKG<+~V%3IWnn(r@(M7-yCbAXAl4P%v#C#dSPn5Wipcw8x;)%BPDfF0c#=cPVpNp;enYAwt!q}W3(ZIfR zm*~Y887@L)EOqu4?1-?{CkppUIatvBV&*T!4+MZJlcM;^ZY#B+_D zgfpp5kA$-G84x;*IHNyfZ_mbiJNXSuNpaqFo?=ZD`G9tLs+Dzm00IdN5KSa%0d`ZM z$PeXjz?B!_3y7}D9&p$Pq`_N7?^7dVfukP)C8Pv%`beTEkT#{9E?v|P}c>|oB zztpaddk|Rin|)tJD5waCmqocI0TQndn0 z*FeTTz<*m`p!(O#n$CwGe;CZe7>L%qANa~@0f-H?4{7?osM#n$^u?Scx)y4u`LFn&)*uCj|E zH1Sz!U?2;plV78j-qTQ0aeBb1)0X|Vk9_YcmJljmfKZ6Er6Sg^SUDFCFC-iBpyulO z?|1fASZ`PA$vN*7Q(2qCkGADOk~-7HT{H!ifar{H8+ZK<&rLpW;;aEDHBz z)lSbH@E>N5ZJpPJfn|EdId(+_b@8X6zx+6k&*UisV-#q-gTU2lfsAK|+x&f6pHHHz zGy$X&>;Vmx59{a3HPHufcW2-T;5FR=wCBt}gScO}6iz|^w(o3Bbg9?{Swm?fniLWg z$}g_&eJp>t5G(ra$?xRXD|1ykIMhEl(caE~!61c1M7_ zsXy4hXOLV6U5(b#IT*wnIH6tmigUu9_PnRvdJ+=A#N!#0Dy?TR{-x5jq#LFz=fJCf z$xRIku?$c&JLAK%)e~}odM6sl;z>>C5^f4<=bx1@`4%nd4Vd{P@(U;zn?d-;JE@ap z{5h<{VGUUZV0Brocve4nvrhL#ed5-CM@589WyRRraT>5MgulCah@>vn5@C-WVDO_02^dn*!%IP&1=KD&uUsNJdem(wWwl>X zJH?_qs~$A7hLj?~Wlz0i9KQ;I@un*)vM0b>Qo5Z0G#>Yh5Jr%N3yUV~)&(QY^EW%u zc>MGGkjPRZ9Hx)53JWWn7jS_K#?{GMw+Q&Hb{Lp2!~*Pit8M_Ba}e7uphnB~Hb7iW z2Eq~CJ2HfPgw(E$gmAD}DAxSmuVK6VUfXX)`Ig< z{=NBs@v9lQHQIw*^bYzQVzLLB?$mYzvF3!vp5}=&oKEf0kx;1DnuxMvi=ZXZLfG46 z6cHVASIt<+$|WN-60Fg;l-&0m5P^=1{N-TEHZ(lK>!nnC6tYh5$$ zR;?GO2qDZjTaOgKphd{U`uTUjFPDdb!3@oe?sj!2Alf~S44iuf!r$2a5G~od;C(DG zC=CG;SC&D9Z&S+epxb>5c-p-2f4txOfMvlan-crT?)H;Fjc^cK0wxmG2+n%ylX#`Q z%g%<^H~ipa>eOg^{$<3S|X*Cl}AJOsLOQ6KM9z1`{`ajINSIM=@*^SJ=`JLqZ(l-*Y_L<0V4R_vhoE50hN45i{CTlS$Q@0XjztkWt<<>mOJDtcT&#@-`^X*D{CJCR;iaDG=WfQ zU`@{U62$YmwRs9UOD+si*4Ck&+g#oom%?!%SZ5^FFIj~ExN(jyH`(}Jl2Bjy; z{@byLlTNoNbkRVmj)7UM-!IxRdk%{5pz)h>x0+}nnQEr!`7{#!R`n_Ly!Q9(_}2@k zc{H>_5CDbj)xeT+dL^>hU5-Vliq2lrO$1m|y|FqeE>1rZiWlN^d2flXjCgoeo$bU# zG?+9&{C3BHF+UWq3PzgR#D9O?aFxT}ih!w%+^u{@{)5SC;$nu_oWqTqLMv=mT?cHd zE))<63>eQYjl(AgglA9wf8=KCIk&nz#8)H$lQ zXR-ZG`d-R-B7#F*>BsLF+n$r93xsgU3l^ybznj5l#e|kfEXP?uj$?DPQ!d?={51{l zbTOqTd?uIWSW6EHCycnus@oPxt%ATF;nH|aCKCygm4M~ADT`ZIz`9~7{fFjAY{0d8 zAK-WJyj4D9w<~&1{rT!Y#|`xFxV4}uN!AV$w-+2PAA%ca-Q7UGWmbAOo9+VvCx=A^ zcyeP0Aoct|CD8LPAdj}PC(($BkFAZ;LGaQr;Ku}LB^8QRqfYk++NlRg!&<8c$q)Ng zLUlaD)<_-k&5D*dA)dfP&sK`(?wUa zO=&%CZ=wbz$G{qir(Zm{IaYlhxTi%>EP-*9Ktvwux5fJ7oeQcHuuw{xOSUVd(HJ$t z`B?c5*FyY)oVRR+&%mp(_*>?@b*~Jkum9j&O=jW+r8=I*k?~$eiRs48z-0PX%QoAR zEo|SnJg|y69b}jm9`!BO<%Qt`#?InrVefC7x%&zfdAE~_gLYQgUkQ|yL5vyT3jule z?4bTd=8rU(Kc7B=ExNcNKL+RE-pOEpTI~Qydb>cV$^UnRPGJDm#|j%b5kDZ&-k(9# zQTy^K-S!1oPJDld!bsrfEttMX2>%f-XAPDk zoU!9?`7m4|HGEgj$nItgj&jG3+xEG+o!f2p5r!m30&irhQ^1vVsTBT{_^E||tu7)3sW9xJ(F${vtx>7jK7FtO# zi{O%z9@Nq~#$8Vl{Sgs?2j$3IORaV3#DPJA6S)R z90Y97fq0zlnMa^r2XuiIT;}eN^4ef^-+D_f_VyNhExvb^=tj(qritOUVV3T3F&b&~ zj-JON4IgdBtoFd{c0WBiXQ-_mdwJ^bNL%_4ugdRRb*765O}}<<(loX@$afJbSBYAykE2|@mJ!+mdS2oBkXq7 z;p*qq2dN3~6Gy3`-8MTD)U+v^tA?*9ahm>ms@!h-6StqF(l9W|nuP=+706;4d~Fa*<=C?RPyvy98iT>QK!NHzAnrB240tAI-*rphg1$`^6l_CF zcReRy2hp4Gj)kGB_~6Ho+xcasV=gHKim5Gp?v7ejW}C9^2EYwK6D` zspgvFR#XE1ZznGATjjxLY>UF^+7rM;z76i4=>52f8(>Ap0CEzI;w1ctnc!$ws+>LC zz|vLjuKNY zl^Yop$pZfN=_K(yMA`8CCzs@Y|CpVqd3%%0H~ZJu&~HmTZGCmZwbFevwW91lvBvN*a}oxju{y)& z4Yw&S|6E(v8k5F6dn&rw#|h+#1Lo@-ZE*ZWmR9z!AifZSAdu|V`Tbz(qmr3*eESC2n(sIvq7!T_84={sJy&FA z$46R#{8fOej|Yx1<~5Wo1e?Dp4_$9n7w^_s!F_<-fSf8X#n4Ie=Vawlvv1$`72bCD z*)yFyIV;XTgU|w(o{E0f=+K@aGXzg`=6sj#k#ziRm^5{JtP=jGZ)zEwk}OMK&xgDE zwwd1}QM*-VA(MV7TM3=qe?3pBvq+wdmir2!U_C{Q)pv>gLoE;ITr^6Mp!!K)1mY8DA@z^a-Jf0FgbAk-NH!@7R_E^Xj49hEW z;!ay`g7TUtK2+bV zJN&ko_Rc(2{uESE*hwJS^2dld%m+zA5Idwq;bZNV%!ZBW6YYkf*D}e&PzfSI9Nau7 z?O&R~#yKL?Na#Yi71E;304e{a?u~WBj<+WIS(AiyVHY{eObxOm-u7QX}-d4wl zf1pdi+snhj+9$pt?mr2zwev=c#U}o7fDY=#!odTk@wff@HVgGlgLOlr{4M{$hnrGWMV@%q>R4qCWw7Ht*Rw}vv6@!)-ib-E0 zBp9qzN0PSKZSmpMsODvC*2JGc_snXz(JyOybZIlrqAR3gnI?%0obU(=*J%Hg=QmWQ z=8K`zZvhwOKQE|=i^#X)InVwtT!l`3v5sdT==Y}if=RonLyi0q8rZ$YaM=0OX}6WA zP)DM3ID}x-$FdlzT%@!cGa)e1Je8+agM~Jh@zqkPTHRHQx7SQt3zNp8R6s4EM;Ge?AMdTnoojy! zO{|mDp}=;vmXQNSK;FY3=!X)UNm~8!TN%62D|d-pPWezC;Nqhd)BbAvRPgx{z@7r& z^2D3@fi4?T&wNt*#X9)F63SHMI5MpUrxU&50b z=O6fkLGi%W-5VgB9nbA=CeiiXuH@##PL)D98F0b`H;90}y0HPbX}imRnpwcpdw1(= zd*6@lDeoh%DL&8y&DQ#Zh+|<+igA2$dV(;Ex#W+iDynTdMM2Ae*PmFW&vwue%sWfw0nYNIu`Zf4_I>QUxBLB#@ zhFJdG-)AnKP#PM&=L2`^h)olM6MuFO1MN!hH5;XeV52^;5g+)7_wR*~Z-$7GFZD-v zGmkNZ$34i}Gxoll*Z%$=EoumQh58xUZO-^680g)=oRzN;jgeK8+V)aqz5T8eRDYHy zIg(4jqjs4ewEA@PO|LOfLFIWd)gi1lA=Dh15*&Advp5R(b&NEIVrg3x911rMi|(Rh zPHrxOfo?{-C&MM`;xMQ=gw6kB!rK4UxA5%EOOAY~bQ4*JKmW{#Pi=j)^a--wMEHsy z7u#SwWI8cm%lSB< zFY!lWl}v~C#5L&Q2xLhCHnQR)&P4gxl3G0vObekWKCU+$?}%?V?HTXhgYU3 zEPOZ39zug;qj@Etq!-{v%TVrFByo|AnPc=zZJbw#4-4%+V*c%4J(7LH!aV;P=sgq> zBJ9x_5gY;Q*B7PCr^g;(IQ}uuoWXZz73KR7?IE>*a_wO@xx?*?b|GVzo$kFu8KFTB zEB|IM6fk9g{mUeWsBu|r{HE2^Y1C{05uOKJLHMiNk(?|BAJ^&~?w(daZk-5XitjF~ zNd0yA4g)!mxHe>OleK<<%vP8$(&y86XP)~ zyeZH%WYj-Hj8eE}kCZh_x4PLt-m|h3@)d0ysZUD=sgU(f?Ho%*qvK~tBq#ay(Y<4CFwA1SDl60V@=^6)yjQ=fh9K>bG2{zK>QOR zoo^&0YzjP$i#Po9^hoP~C+j_?#q@@SHDQ!SQK~1`y$0Xid%ncBFYwcv!EF0tMd6lj zn`j(A%7ZXG5hkoEYODVI-mzgeWOeUI?WiRUB{#FWoi*!pk^jy6LaP3Do_Yid{V;NF z)G5H8zW~Hf0S^0f~Rf+|lCiE%d0rNMQe10%+rgF2GZJ-ao03TG;4)$vscVWz6l98oUG3 zj8OpvwVlhHkb?2z`?ft5tDSKFP^5(c+r14&C`zQUVDQ(a;I@U93O4k})EbqQxnDz+ zQd6JakV|hGKADS2=1;SiKK`JF$@>`0{w636O8CDpa%^X4iRJ=9dmnQVU)}L zGDOiyAOkEfjk&d#V*647zS&r#Z#n;|`voNbiN}dCd%ZM%-BR|wAXdYcVBN$_)au?0 zqA>r7A{;kWn*x=o6HUHuxkGBy6=QK80m&!zcFE?V)>cgXHSX$T|KOl*|0GTfG$iQn zoe}9_c@>=0EA`$MiOBMQJg%VTaa18M1z#cg8bT0f8rAr_agx9`z z_S!!gX}lLq^eiZKPVQz#r*bfQYU|WE4$nenp0Ks}$k$do{Q_A;i-u4KZ?cP1~D0!E1d z->%!1+qD?U3S9-Cu5>I6gD#Gwxf0T|NDMA)M9xl4%O}mc_1kCiJ7$pZ;4tQh?+j~t z*fD)!3t>&Bq?eF?^!ZtJc{3KIxp4Fe8jZG44B&(de&Dz{?e{OUaQ8rPf>jrYPNT!41X!2_z|JcEfZej)Ca|oun!Mg+E~v$prS$kGs1|9C z#8qTQ-_yV!85uTO^c~T(xY}ELng+yrpkQ4fjDd206D6Jl9SJ3la~geH2SrLoy`5Mw zTb=219U2%PTu<48bJ$o$&(5`4KfaJ0m}YF$;gE0mB0Kc$+ZXvPlUKmb4os?c7v*BVT`_o}FhCAjP^cR>y^OyXCAorp1u`W78&S)}! z8cV24Hf~-)!(F=X?da^`wuXU2rPB*OA)GP1I2T7T4N5Lw^@j|KE+PBXC@vS@UYD+CIKE*EaG z+Til`hAHK5mBYl@*5p{2F&t@$c`T*UYSh^R=zH`gRHobI8MoQ=b-uYbE6@sK`Tfzef6@KNoj?YxxKn94OUVg zT(6d&FxD#3=~WKniJfEgb`6pHkgc2~w3#vuxysVo#QKG+9G`e($2d&wcoidA8Hsy` zH#IWuP^;tC#FbG~;#>ZjKSDwdH+!UF}`|ZnV--AQzWe-BwP-t12 zvp?$;TROM?7|-bTWDT2RhL{4Z2jSp>qdmHv+-?eP$U}}%d|Rzt8ZMPn>&v=~$ia5=2 zBH~G+Z%O{=Y-DC%Q!jz^&+Li<$E%t#`Dg2DnSYKyZQZNELj{O!PVz!TAh!)L&9h#t~5!B2tU!3jjkP8MH6QSp4%^m zYfmQG!hDl)H=`r>%Sfd3o5^pk`!*J^$ZiD4T=07b68D9!TC~0@&pTOPHd%)T=AhG~x&B6q^`)^?!?iZ+4yBw@pF)S=^KUXe3cO?As zK7%_we0gaqD5$|_wE4&p-1J~22j}`vh!jFhq>r)qO$uvx{6J;9_B(+HjrQ<}RiKx@ zz3`==hzUfflksFqsg)GkCYS5J<~`CNhzoti549hk+E>3Jl!oOgNFGtr7Ayu5w}F>t z^+j)t+Q;|qIkxb*Y~mV1r~T)-+u7cGvajHhbVsf zCUAz9{n4G$nDVh@|J=muzxdaYvR>E{aC(KYo&fX0LzlP%OZJa|@+{YY!)jlAH*<2Y zZjHn5mga9BEX<(2=LNI%aeP-O&wa+4+O1wO}dXH;BY{@T2=VrXrGjVlfOrfXlV%&rJj?o@&jhglD0XW#&x_?cW z!^tL?boMQSbj6A4-!!)LaxjA0?#Skjai4%%!G9BBovr@p4&L%I^WAcq^Xs&8KQR7% z;{5xWhQzk!I)p!M(LKWYRFN93;E=NsDkWv5%#7FsUuNeSVxc6fp91DE>GI5qL}FV15DJPy81cE)hJWqC&=D-tBzHKClX&+%&>}tKcr`$-b2e z*#E78Wt^?0mbv~<8c;lrIZ@B}6V8?^$uSHWw~s7yi{XuW>mq{zhq#uf=@(*N#FMlu zfyG^QKNQiGr{TJj0rTGT?NvXc=L{!q1GY}*oW``qT<{U|*EV)<2g_%Sss!+p-@udT z#AIzN(4I2?415NIrtkr*Xz6fSl@7887T3Vv7rUN4T{|6cfl1Dv^R{i_^z}0g;B2ng zntzr7Xzt z+#+E=FY6L{9Cb_IyyJnmk3BI-Ms3KX4_4^8|SE1&aLI z1ZeXiu%AI*#ynU5Ts*lWI+O>I$@=dew!GZRA&Yj#A9d39qzA7x^X+aOvTsg3s}h9I z7+pgx#vPxtoAA-!$4|8%sXzDhZ3XT|yGdcNFve1aKe)r)<5M)T(jC_*=_4ODKxFkr zo8Cvv7E_mo(`o2$QU10paw*W5P}vS&mN}pKO6|&QlRgnc+rv%Gv*0e=w0sK*85b*( z#K0^>P-Hm1-sf-;k5xh8jqV|IBF2C8?=P%nE+p?%jIc@JT_KOuU^nk=FPCldlCcIq zX!96;N_)}N%(r6Bx)vM}T$4AQ)NAtlE0W`ZOpj#q;~NM7U;Di$xT|PN11cG-M{&u( z+U@?@BJg6mlJBY273!R2kR@(4`!TxnYf;onk1 z8s*K-ElOv05uy-Z(dwZ}>SHie_!K3~`kkj&271A$kR$K2CVkK?Epq(_9u|TO2;zOT zJOwj#`Xg39Tql#0e+<~S(*+n0bHh*fsH;Cg#8<`0!w03E?muRot-$N0=pz3+uv4Wg#Hb-)mU1pWW7J z3exbaHAJc5HR*OEjveE?TFl~0w`B&Zfdi$enB28DR9h`PZsiaZnC!H^*ngDQWG%8j z_X~`P^<)MzIP|fF-@K4R!7~2PO0mcyjh>hPd95=4a$6?E`c=+H@jyTyUQOrGf<3%b z1+tq^O^5-ak@3bnGrejp#d(UI#U2EEO4v|P;TwBIG6zLbJ;2TT#ujWd09BdyftlaB zQbS&qcmmUx>Qc`$Oum2~nDU;KW>zmRtbd^(ITHix-%pr@*Ar%X|WIjU?8o@9Q zResj9&=o~rvHP8DL*fbFt4Nw3M`viS-{nFvpjV~B!W>&s{BHwQ9IMXxqk{2h(u{^Z zwqnKcit6Cqzvoo-B_)DYn?f7a?!qqr&)AuF?dVelV_j+Kybt>5JX_KSs0O1i(i`8p y@FKg;7~8=I>?~9z#*7IoW1+8@nd#qOesMg0u98!-oh76D03DYh@<13vLHrN!qZyb0 diff --git a/charts/tekton/templates/pipeline/pipeline.yaml b/charts/tekton/templates/pipeline/pipeline.yaml new file mode 100644 index 0000000..f4708fe --- /dev/null +++ b/charts/tekton/templates/pipeline/pipeline.yaml @@ -0,0 +1,3513 @@ +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#apiVersion: v1 +#kind: Namespace +#metadata: + #name: tekton-pipelines + #labels: + # app.kubernetes.io/instance: default + #app.kubernetes.io/part-of: tekton-pipelines + # pod-security.kubernetes.io/enforce: restricted +--- +# Copyright 2020-2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + # Controller needs to watch Pods created by TaskRuns to see them progress. + resources: ["pods"] + verbs: ["list", "watch"] + - apiGroups: [""] + # Controller needs to get the list of cordoned nodes over the course of a single run + resources: ["nodes"] + verbs: ["list"] + # Controller needs cluster access to all of the CRDs that it is responsible for + # managing. + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns", "stepactions"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["verificationpolicies"] + verbs: ["get", "list", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "customruns/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "customruns/status", "verificationpolicies/status", "stepactions/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # resolution.tekton.dev + - apiGroups: ["resolution.tekton.dev"] + resources: ["resolutionrequests", "resolutionrequests/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # This is the access that the controller needs on a per-namespace basis. + name: tekton-pipelines-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # Read-write access to create Pods and PVCs (for Workspaces) + - apiGroups: [""] + resources: ["pods", "persistentvolumeclaims"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # Write permissions to publish events. + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch"] + # Read-only access to these. + - apiGroups: [""] + resources: ["configmaps", "limitranges", "secrets", "serviceaccounts"] + verbs: ["get", "list", "watch"] + # Read-write access to StatefulSets for Affinity Assistant. + - apiGroups: ["apps"] + resources: ["statefulsets"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # The webhook needs to be able to get and update customresourcedefinitions, + # mainly to update the webhook certificates. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "update", "patch"] + resourceNames: + - pipelines.tekton.dev + - pipelineruns.tekton.dev + - tasks.tekton.dev + - clustertasks.tekton.dev + - taskruns.tekton.dev + - resolutionrequests.resolution.tekton.dev + - customruns.tekton.dev + - verificationpolicies.tekton.dev + - stepactions.tekton.dev + # knative.dev/pkg needs list/watch permissions to set up informers for the webhook. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + # The webhook performs a reconciliation on these two resources and continuously + # updates configuration. + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + # knative starts informers on these things, which is why we need get, list and watch. + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + # This mutating webhook is responsible for applying defaults to tekton objects + # as they are received. + resourceNames: ["webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the mutatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update", "delete"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns. + # config.webhook.pipeline.tekton.dev validates the logging configuration against knative's logging structure + resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the validatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update", "delete"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get"] + # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, + # which requires we can Get the system namespace. + resourceNames: ["tekton-pipelines"] + - apiGroups: [""] + resources: ["namespaces/finalizers"] + verbs: ["update"] + # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, + # which requires we can update the system namespace finalizers. + resourceNames: ["tekton-pipelines"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-events-controller-cluster-access + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-controller + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The controller needs access to these configmaps for logging information and runtime configuration. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "feature-flags", "config-leader-election-controller", "config-registry-cert"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The webhook needs access to these configmaps for logging information. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "config-leader-election-webhook", "feature-flags"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["webhook-certs"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-events-controller + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The controller needs access to these configmaps for logging information and runtime configuration. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "feature-flags", "config-leader-election-events", "config-registry-cert"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-leader-election + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: tekton-pipelines-info + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # All system:authenticated users needs to have access + # of the pipelines-info ConfigMap even if they don't + # have access to the other resources present in the + # installed namespace. + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["pipelines-info"] + verbs: ["get"] + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-controller + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-events-controller + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: tekton-pipelines-controller-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +# If this ClusterRoleBinding is replaced with a RoleBinding +# then the ClusterRole would be namespaced. The access described by +# the tekton-pipelines-controller-tenant-access ClusterRole would +# be scoped to individual tenant namespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: tekton-pipelines-controller-tenant-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: tekton-pipelines-webhook-cluster-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-events-controller-cluster-access + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: tekton-events-controller-cluster-access + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-controller + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: tekton-pipelines-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: tekton-pipelines-webhook + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-controller-leaderelection + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-webhook-leaderelection + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-info + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + # Giving all system:authenticated users the access of the + # ConfigMap which contains version information. + - kind: Group + name: system:authenticated + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: tekton-pipelines-info +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-events-controller + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: tekton-pipelines-events-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-events-controller-leaderelection + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustertasks.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.56.0" + version: "v0.56.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: ClusterTask + plural: clustertasks + singular: clustertask + categories: + - tekton + - tekton-pipelines + scope: Cluster + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: customruns.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.56.0" + version: "v0.56.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: CustomRun + plural: customruns + singular: customrun + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelines.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.56.0" + version: "v0.56.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # OpenAPIV3 schema allows Kubernetes to perform validation on the schema fields + # and use the schema in tooling such as `kubectl explain`. + # Using "x-kubernetes-preserve-unknown-fields: true" + # at the root of the schema (or within it) allows arbitrary fields. + # We currently perform our own validation separately. + # See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema + # for more info. + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: Pipeline + plural: pipelines + singular: pipeline + categories: + - tekton + - tekton-pipelines + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelineruns.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.56.0" + version: "v0.56.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: PipelineRun + plural: pipelineruns + singular: pipelinerun + categories: + - tekton + - tekton-pipelines + shortNames: + - pr + - prs + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: resolutionrequests.resolution.tekton.dev + labels: + resolution.tekton.dev/release: devel +spec: + group: resolution.tekton.dev + scope: Namespaced + names: + kind: ResolutionRequest + plural: resolutionrequests + singular: resolutionrequest + categories: + - tekton + - tekton-pipelines + shortNames: + - resolutionrequest + - resolutionrequests + versions: + - name: v1alpha1 + served: true + deprecated: true + storage: false + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type=='Succeeded')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Succeeded')].reason" + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: OwnerKind + type: string + jsonPath: ".metadata.ownerReferences[0].kind" + - name: Owner + type: string + jsonPath: ".metadata.ownerReferences[0].name" + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type=='Succeeded')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Succeeded')].reason" + - name: StartTime + type: string + jsonPath: .metadata.creationTimestamp + - name: EndTime + type: string + jsonPath: .status.conditions[?(@.type=='Succeeded')].lastTransitionTime + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1alpha1", "v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: stepactions.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.56.0" + version: "v0.56.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: StepAction + plural: stepactions + singular: stepaction + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: tasks.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.56.0" + version: "v0.56.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # TODO(#1461): Add OpenAPIV3 schema + # OpenAPIV3 schema allows Kubernetes to perform validation on the schema fields + # and use the schema in tooling such as `kubectl explain`. + # Using "x-kubernetes-preserve-unknown-fields: true" + # at the root of the schema (or within it) allows arbitrary fields. + # We currently perform our own validation separately. + # See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema + # for more info. + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: Task + plural: tasks + singular: task + categories: + - tekton + - tekton-pipelines + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: taskruns.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.56.0" + version: "v0.56.0" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1beta1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: TaskRun + plural: taskruns + singular: taskrun + categories: + - tekton + - tekton-pipelines + shortNames: + - tr + - trs + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: verificationpolicies.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.56.0" + version: "v0.56.0" +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + names: + kind: VerificationPolicy + plural: verificationpolicies + singular: verificationpolicy + categories: + - tekton + - tekton-pipelines + scope: Namespaced + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: webhook-certs + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.56.0" +# The data is populated at install time. +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.56.0" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + failurePolicy: Fail + sideEffects: None + name: validation.webhook.pipeline.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.56.0" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + failurePolicy: Fail + sideEffects: None + name: webhook.pipeline.tekton.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.56.0" +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + failurePolicy: Fail + sideEffects: None + name: config.webhook.pipeline.tekton.dev + objectSelector: + matchLabels: + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2019-2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-edit + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - runs + - customruns + - stepactions + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + +--- +# Copyright 2019-2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-view + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - runs + - customruns + - stepactions + verbs: + - get + - list + - watch + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # default-timeout-minutes contains the default number of + # minutes to use for TaskRun and PipelineRun, if none is specified. + default-timeout-minutes: "60" # 60 minutes + + # default-service-account contains the default service account name + # to use for TaskRun and PipelineRun, if none is specified. + default-service-account: "default" + + # default-managed-by-label-value contains the default value given to the + # "app.kubernetes.io/managed-by" label applied to all Pods created for + # TaskRuns. If a user's requested TaskRun specifies another value for this + # label, the user's request supercedes. + default-managed-by-label-value: "tekton-pipelines" + + # default-pod-template contains the default pod template to use for + # TaskRun and PipelineRun. If a pod template is specified on the + # PipelineRun, the default-pod-template is merged with that one. + # default-pod-template: + + # default-affinity-assistant-pod-template contains the default pod template + # to use for affinity assistant pods. If a pod template is specified on the + # PipelineRun, the default-affinity-assistant-pod-template is merged with + # that one. + # default-affinity-assistant-pod-template: + + # default-cloud-events-sink contains the default CloudEvents sink to be + # used for TaskRun and PipelineRun, when no sink is specified. + # Note that right now it is still not possible to set a PipelineRun or + # TaskRun specific sink, so the default is the only option available. + # If no sink is specified, no CloudEvent is generated + # default-cloud-events-sink: + + # default-task-run-workspace-binding contains the default workspace + # configuration provided for any Workspaces that a Task declares + # but that a TaskRun does not explicitly provide. + # default-task-run-workspace-binding: | + # emptyDir: {} + + # default-max-matrix-combinations-count contains the default maximum number + # of combinations from a Matrix, if none is specified. + default-max-matrix-combinations-count: "256" + + # default-forbidden-env contains comma seperated environment variables that cannot be + # overridden by podTemplate. + default-forbidden-env: + + # default-resolver-type contains the default resolver type to be used in the cluster, + # no default-resolver-type is specified by default + default-resolver-type: + + # default-container-resource-requirements allow users to update default resource requirements + # to a init-containers and containers of a pods create by the controller + # Onet: All the resource requirements are applied to init-containers and containers + # only if the existing resource requirements are empty. + # default-container-resource-requirements: | + # place-scripts: # updates resource requirements of a 'place-scripts' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # prepare: # updates resource requirements of a 'prepare' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "256Mi" + # cpu: "500m" + # + # working-dir-initializer: # updates resource requirements of a 'working-dir-initializer' container + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "512Mi" + # cpu: "500m" + # + # prefix-scripts: # updates resource requirements of containers which starts with 'scripts-' + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # prefix-sidecar-scripts: # updates resource requirements of containers which starts with 'sidecar-scripts-' + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "128Mi" + # cpu: "500m" + # + # default: # updates resource requirements of init-containers and containers which has empty resource resource requirements + # requests: + # memory: "64Mi" + # cpu: "250m" + # limits: + # memory: "256Mi" + # cpu: "500m" + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-events + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # formats contains a comma seperated list of event formats to be used + # the only format supported today is "tektonv1". An empty string is not + # a valid configuration. To disable events, do not specify the sink. + formats: "tektonv1" + + # sink contains the event sink to be used for TaskRun, PipelineRun and + # CustomRun. If no sink is specified, no CloudEvent is generated. + # This setting supercedes the "default-cloud-events-sink" from the + # "config-defaults" config map + sink: "https://events.sink/cdevents" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-flags + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Setting this flag to "true" will prevent Tekton to create an + # Affinity Assistant for every TaskRun sharing a PVC workspace + # + # The default behaviour is for Tekton to create Affinity Assistants + # + # See more in the Affinity Assistant documentation + # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md + # or https://github.com/tektoncd/pipeline/pull/2630 for more info. + # + # Note: This feature flag is deprecated and will be removed in release v0.60. Consider using `coschedule` feature flag to configure Affinity Assistant behavior. + disable-affinity-assistant: "false" + # Setting this flag will determine how PipelineRun Pods are scheduled with Affinity Assistant. + # Acceptable values are "workspaces" (default), "pipelineruns", "isolate-pipelinerun", or "disabled". + # + # Setting it to "workspaces" will schedule all the taskruns sharing the same PVC-based workspace in a pipelinerun to the same node. + # Setting it to "pipelineruns" will schedule all the taskruns in a pipelinerun to the same node. + # Setting it to "isolate-pipelinerun" will schedule all the taskruns in a pipelinerun to the same node, + # and only allows one pipelinerun to run on a node at a time. + # Setting it to "disabled" will not apply any coschedule policy. + # + # See more in the Affinity Assistant documentation + # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md + coschedule: "workspaces" + # Setting this flag to "true" will prevent Tekton scanning attached + # service accounts and injecting any credentials it finds into your + # Steps. + # + # The default behaviour currently is for Tekton to search service + # accounts for secrets matching a specified format and automatically + # mount those into your Steps. + # + # Note: setting this to "true" will prevent PipelineResources from + # working. + # + # See https://github.com/tektoncd/pipeline/issues/2791 for more + # info. + disable-creds-init: "false" + # Setting this flag to "false" will stop Tekton from waiting for a + # TaskRun's sidecar containers to be running before starting the first + # step. This will allow Tasks to be run in environments that don't + # support the DownwardAPI volume type, but may lead to unintended + # behaviour if sidecars are used. + # + # See https://github.com/tektoncd/pipeline/issues/4937 for more info. + await-sidecar-readiness: "true" + # This option should be set to false when Pipelines is running in a + # cluster that does not use injected sidecars such as Istio. Setting + # it to false should decrease the time it takes for a TaskRun to start + # running. For clusters that use injected sidecars, setting this + # option to false can lead to unexpected behavior. + # + # See https://github.com/tektoncd/pipeline/issues/2080 for more info. + running-in-environment-with-injected-sidecars: "true" + # Setting this flag to "true" will require that any Git SSH Secret + # offered to Tekton must have known_hosts included. + # + # See https://github.com/tektoncd/pipeline/issues/2981 for more + # info. + require-git-ssh-secret-known-hosts: "false" + # Setting this flag to "true" enables the use of Tekton OCI bundle. + # This is an experimental feature and thus should still be considered + # an alpha feature. + enable-tekton-oci-bundles: "false" + # Setting this flag will determine which gated features are enabled. + # Acceptable values are "stable", "beta", or "alpha". + enable-api-fields: "beta" + # Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a + # CloudEvents sink is configured in the config-defaults config map + send-cloudevents-for-runs: "false" + # This flag affects the behavior of taskruns and pipelineruns in cases where no VerificationPolicies match them. + # If it is set to "fail", TaskRuns and PipelineRuns will fail verification if no matching policies are found. + # If it is set to "warn", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and an error will be logged. + # If it is set to "ignore", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and no error will be logged. + trusted-resources-verification-no-match-policy: "ignore" + # Setting this flag to "true" enables populating the "provenance" field in TaskRun + # and PipelineRun status. This field contains metadata about resources used + # in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline + # definition was fetched. + enable-provenance-in-status: "true" + # Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance. + # If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance. + # If set to "none", then Tekton will not have non-falsifiable provenance. + # This is an experimental feature and thus should still be considered an alpha feature. + enforce-nonfalsifiability: "none" + # Setting this flag will determine how Tekton pipelines will handle extracting results from the task. + # Acceptable values are "termination-message" or "sidecar-logs". + # "sidecar-logs" is an experimental feature and thus should still be considered + # an alpha feature. + results-from: "termination-message" + # Setting this flag will determine the upper limit of each task result + # This flag is optional and only associated with the previous flag, results-from + # When results-from is set to "sidecar-logs", this flag can be used to configure the upper limit of a task result + # max-result-size: "4096" + # Setting this flag to "true" will limit privileges for containers injected by Tekton into TaskRuns. + # This allows TaskRuns to run in namespaces with "restricted" pod security standards. + # Not all Kubernetes implementations support this option. + set-security-context: "false" + # Setting this flag to "true" will keep pod on cancellation + # allowing examination of the logs on the pods from cancelled taskruns + keep-pod-on-cancel: "false" + # Setting this flag to "true" will enable the CEL evaluation in WhenExpression + enable-cel-in-whenexpression: "false" + # Setting this flag to "true" will enable the use of StepActions in Steps + # This feature is in preview mode and not implemented yet. Please check #7259 for updates. + enable-step-actions: "false" + # Setting this flag to "true" will enable the built-in param input validation via param enum. + enable-param-enum: "false" + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: pipelines-info + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Contains pipelines version which can be queried by external + # tools such as CLI. Elevated permissions are already given to + # this ConfigMap such that even if we don't have access to + # other resources in the namespace we still can have access to + # this ConfigMap. + version: "v0.56.0" + +--- +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-controller + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-events + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2023 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-webhook + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" + metrics.taskrun.level: "task" + metrics.taskrun.duration-type: "histogram" + metrics.pipelinerun.level: "pipeline" + metrics.pipelinerun.duration-type: "histogram" + metrics.count.enable-reason: "false" + +--- +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-registry-cert + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +# data: +# # Registry's self-signed certificate +# cert: | + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-spire + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # spire-trust-domain specifies the SPIRE trust domain to use. + # spire-trust-domain: "example.org" + # + # spire-socket-path specifies the SPIRE agent socket for SPIFFE workload API. + # spire-socket-path: "unix:///spiffe-workload-api/spire-agent.sock" + # + # spire-server-addr specifies the SPIRE server address for workload/node registration. + # spire-server-addr: "spire-server.spire.svc.cluster.local:8081" + # + # spire-node-alias-prefix specifies the SPIRE node alias prefix to use. + # spire-node-alias-prefix: "/tekton-node/" + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-tracing + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # Enable sending traces to defined endpoint by setting this to true + enabled: "true" + # + # API endpoint to send the traces to + # (optional): The default value is given below + endpoint: "http://jaeger-collector.jaeger.svc.cluster.local:14268/api/traces" + # (optional) Name of the k8s secret which contains basic auth credentials + credentialsSecret: "jaeger-creds" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelines-controller + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.56.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.56.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.56.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-controller + version: "v0.56.0" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + serviceAccountName: tekton-pipelines-controller + containers: + - name: tekton-pipelines-controller + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.56.0@sha256:fc5669e1bbabbf24b0ee4591ff20793643d778942e91ae52b3f7cca26d81a99b + args: [ + # These images are built on-demand by `ko resolve` and are replaced + # by image references by digest. + "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.56.0@sha256:381ca58f0f911b6954530ea820bdda12850e535db9c6a85a17a02e3dd49345fb", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.56.0@sha256:4e627be53f78f30f73084ea0695d97397930d6f12d4cfab28d97b1aa57842881", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.56.0@sha256:4db16701d6e54d80cbb7b51e021d3f5698196d08d2f1ff33728154807ef1fe86", "-workingdirinit-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.56.0@sha256:c488368eff45a745dd58e65f526d746abcad431796bb0e719ecf2d5f71491692", + # The shell image must allow root in order to create directories and copy files to PVCs. + # cgr.dev/chainguard/busybox as of April 14 2022 + # image shall not contains tag, so it will be supported on a runtime like cri-o + "-shell-image", "cgr.dev/chainguard/busybox@sha256:19f02276bf8dbdd62f069b922f10c65262cc34b710eea26ff928129a736be791", + # for script mode to work with windows we need a powershell image + # pinning to nanoserver tag as of July 15 2021 + "-shell-image-win", "mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6"] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + - name: config-registry-cert + mountPath: /etc/config-registry-cert + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_DEFAULTS_NAME + value: config-defaults + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-controller + - name: CONFIG_SPIRE + value: config-spire + - name: SSL_CERT_FILE + value: /etc/config-registry-cert/cert + - name: SSL_CERT_DIR + value: /etc/ssl/certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + # User 65532 is the nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + volumes: + - name: config-logging + configMap: + name: config-logging + - name: config-registry-cert + configMap: + name: config-registry-cert +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.56.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-controller + version: "v0.56.0" + name: tekton-pipelines-controller + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-events-controller + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.56.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.56.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.56.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-events-controller + version: "v0.56.0" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + serviceAccountName: tekton-events-controller + containers: + - name: tekton-events-controller + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.56.0@sha256:c7fe97153fc32ea3eae343bcaf96761c9b0d80c8098ee35922550f0caf6887e0 + args: [] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + - name: config-registry-cert + mountPath: /etc/config-registry-cert + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_DEFAULTS_NAME + value: config-defaults + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-events + - name: SSL_CERT_FILE + value: /etc/config-registry-cert/cert + - name: SSL_CERT_DIR + value: /etc/ssl/certs + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + # User 65532 is the nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + volumes: + - name: config-logging + configMap: + name: config-logging + - name: config-registry-cert + configMap: + name: config-registry-cert +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.56.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-events-controller + version: "v0.56.0" + name: tekton-events-controller + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # ClusterRole for resolvers to monitor and update resolutionrequests. + name: tekton-pipelines-resolvers-resolution-request-updates + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: ["resolution.tekton.dev"] + resources: ["resolutionrequests", "resolutionrequests/status"] + verbs: ["get", "list", "watch", "update", "patch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks", "pipelines"] + verbs: ["get", "list"] + # Read-only access to these. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-resolvers-namespace-rbac + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + # Needed to watch and load configuration and secret data. + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "list", "update", "watch"] + # This is needed by leader election to run the controller in HA. + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-resolvers + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-resolvers + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-resolvers + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: tekton-pipelines-resolvers-resolution-request-updates + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-resolvers-namespace-rbac + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-pipelines-resolvers + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: tekton-pipelines-resolvers-namespace-rbac + apiGroup: rbac.authorization.k8s.io + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: bundleresolver-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # The default layer kind in the bundle image. + default-kind: "task" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-resolver-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # The default kind to fetch. + default-kind: "task" + # The default namespace to look for resources in. + default-namespace: "" + # An optional comma-separated list of namespaces which the resolver is allowed to access. Defaults to empty, meaning all namespaces are allowed. + allowed-namespaces: "" + # An optional comma-separated list of namespaces which the resolver is blocked from accessing. Defaults to empty, meaning all namespaces are allowed. + blocked-namespaces: "" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: resolvers-feature-flags + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # Setting this flag to "true" enables remote resolution of Tekton OCI bundles. + enable-bundles-resolver: "true" + # Setting this flag to "true" enables remote resolution of tasks and pipelines via the Tekton Hub. + enable-hub-resolver: "true" + # Setting this flag to "true" enables remote resolution of tasks and pipelines from Git repositories. + enable-git-resolver: "true" + # Setting this flag to "true" enables remote resolution of tasks and pipelines from other namespaces within the cluster. + enable-cluster-resolver: "true" + +--- +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election-resolvers + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging-resolvers + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability-resolvers + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using stackdriver will incur additional charges + metrics.backend-destination: prometheus + + # metrics.request-metrics-backend-destination specifies the request metrics + # destination. If non-empty, it enables queue proxy to send request metrics. + # Currently supported values: prometheus, stackdriver. + metrics.request-metrics-backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used if this field is not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to + # Stackdriver using "global" resource type and custom metric type if the + # metrics are not supported by "knative_revision" resource type. Setting this + # flag to "true" could cause extra Stackdriver charge. + # If metrics.backend-destination is not Stackdriver, this is ignored. + metrics.allow-stackdriver-custom-metrics: "false" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: git-resolver-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # The maximum amount of time a single anonymous cloning resolution may take. + fetch-timeout: "1m" + # The git url to fetch the remote resource from when using anonymous cloning. + default-url: "https://github.com/tektoncd/catalog.git" + # The git revision to fetch the remote resource from with either anonymous cloning or the authenticated API. + default-revision: "main" + # The SCM type to use with the authenticated API. Can be github, gitlab, gitea, bitbucketserver, bitbucketcloud + scm-type: "github" + # The SCM server URL to use with the authenticated API. Not needed when using github.com, gitlab.com, or BitBucket Cloud + server-url: "" + # The Kubernetes secret containing the API token for the SCM provider. Required when using the authenticated API. + api-token-secret-name: "" + # The key in the API token secret containing the actual token. Required when using the authenticated API. + api-token-secret-key: "" + # The namespace containing the API token secret. Defaults to "default". + api-token-secret-namespace: "default" + # The default organization to look for repositories under when using the authenticated API, + # if not specified in the resolver parameters. Optional. + default-org: "" + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: http-resolver-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # The maximum amount of time the http resolver will wait for a response from the server. + fetch-timeout: "1m" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: hubresolver-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + # the default Tekton Hub catalog from where to pull the resource. + default-tekton-hub-catalog: "Tekton" + # the default Artifact Hub Task catalog from where to pull the resource. + default-artifact-hub-task-catalog: "tekton-catalog-tasks" + # the default Artifact Hub Pipeline catalog from where to pull the resource. + default-artifact-hub-pipeline-catalog: "tekton-catalog-pipelines" + # the default layer kind in the hub image. + default-kind: "task" + # the default hub source to pull the resource from. + default-type: "artifact" + +--- +# Copyright 2022 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelines-remote-resolvers + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.56.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.56.0" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.56.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-resolvers + version: "v0.56.0" + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: tekton-pipelines-resolvers + containers: + - name: controller + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.56.0@sha256:8c0598a04420caa0ee3aeb6fef7521f93f4c41f7308ccb0c616167dc1d5fa00a + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 4Gi + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + # This must match the value of the environment variable PROBES_PORT. + - name: probes + containerPort: 8080 + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_LOGGING_NAME + value: config-logging-resolvers + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability-resolvers + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-resolvers + - name: METRICS_DOMAIN + value: tekton.dev/resolution + - name: PROBES_PORT + value: "8080" + # Override this env var to set a private hub api endpoint + - name: ARTIFACT_HUB_API + value: "https://artifacthub.io/" + - name: TEKTON_HUB_API + value: "https://api.hub.tekton.dev/" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - "ALL" + seccompProfile: + type: RuntimeDefault + +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.56.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-remote-resolvers + version: "v0.56.0" + name: tekton-pipelines-remote-resolvers + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.56.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.56.0" +spec: + minReplicas: 1 + maxReplicas: 5 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: tekton-pipelines-webhook + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 100 + +--- +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + # Note: the Deployment name must be the same as the Service name specified in + # config/400-webhook-service.yaml. If you change this name, you must also + # change the value of WEBHOOK_SERVICE_NAME below. + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.56.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.56.0" +spec: + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.56.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-webhook + version: "v0.56.0" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: tekton-pipelines-webhook + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.56.0@sha256:99824836bb47c1d9e21efdeff56e02b9426fe2323a22625b7af4f66a4028a5b4 + # Resource request required for autoscaler to take any action for a metric + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the webhook's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-webhook + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + # If you change PROBES_PORT, you will also need to change the + # containerPort "probes" to the same value. + - name: PROBES_PORT + value: "8080" + # If you change WEBHOOK_PORT, you will also need to change the + # containerPort "https-webhook" to the same value. + - name: WEBHOOK_PORT + value: "8443" + # if you change WEBHOOK_ADMISSION_CONTROLLER_NAME, you will also need to update + # the webhooks.name in 500-webhooks.yaml to include the new names of admission webhooks. + # Additionally, you will also need to change the resource names (metadata.name) of + # "MutatingWebhookConfiguration" and "ValidatingWebhookConfiguration" in 500-webhooks.yaml + # to reflect the change in the name of the admission webhook. + # Followed by changing the webhook's Role in 200-clusterrole.yaml to update the "resourceNames" of + # "mutatingwebhookconfigurations" and "validatingwebhookconfigurations" resources. + - name: WEBHOOK_ADMISSION_CONTROLLER_NAME + value: webhook.pipeline.tekton.dev + - name: WEBHOOK_SERVICE_NAME + value: tekton-pipelines-webhook + - name: WEBHOOK_SECRET_NAME + value: webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + # This must match the value of the environment variable WEBHOOK_PORT. + - name: https-webhook + containerPort: 8443 + # This must match the value of the environment variable PROBES_PORT. + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.56.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-webhook + version: "v0.56.0" + name: tekton-pipelines-webhook + namespace: {{ .Release.Namespace }} +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: metrics + - name: http-profiling + port: 8008 + targetPort: profiling + - name: https-webhook + port: 443 + targetPort: https-webhook + - name: probes + port: 8080 + targetPort: probes + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + +---