Documentation ¶
Index ¶
- Constants
- Variables
- func CheckAlphaOrBetaAPIFields(ctx context.Context) bool
- func EnableAlphaAPIFields(ctx context.Context) context.Context
- func EnableBetaAPIFields(ctx context.Context) context.Context
- func EnableStableAPIFields(ctx context.Context) context.Context
- func GetDefaultsConfigName() string
- func GetFeatureFlagsConfigName() string
- func GetMetricsConfigName() string
- func GetSpireConfigName() string
- func GetVerificationNoMatchPolicy(ctx context.Context) string
- func IsSpireEnabled(ctx context.Context) bool
- func NewSpireConfigFromConfigMap(configMap *corev1.ConfigMap) (*sc.SpireConfig, error)
- func NewSpireConfigFromMap(data map[string]string) (*sc.SpireConfig, error)
- func ToContext(ctx context.Context, c *Config) context.Context
- type Config
- type Defaults
- type FeatureFlags
- type Metrics
- type Store
Constants ¶
const ( // DefaultTimeoutMinutes is used when no timeout is specified. DefaultTimeoutMinutes = 60 // NoTimeoutDuration is used when a pipeline or task should never time out. NoTimeoutDuration = 0 * time.Minute // DefaultServiceAccountValue is the SA used when one is not specified. DefaultServiceAccountValue = "default" // DefaultManagedByLabelValue is the value for the managed-by label that is used by default. DefaultManagedByLabelValue = "tekton-pipelines" // DefaultCloudEventSinkValue is the default value for cloud event sinks. DefaultCloudEventSinkValue = "" // DefaultMaxMatrixCombinationsCount is used when no max matrix combinations count is specified. DefaultMaxMatrixCombinationsCount = 256 // DefaultResolverTypeValue is used when no default resolver type is specified DefaultResolverTypeValue = "" )
const ( // StableAPIFields is the value used for "enable-api-fields" when only stable APIs should be usable. StableAPIFields = "stable" // AlphaAPIFields is the value used for "enable-api-fields" when alpha APIs should be usable as well. AlphaAPIFields = "alpha" // BetaAPIFields is the value used for "enable-api-fields" when beta APIs should be usable as well. BetaAPIFields = "beta" // FailNoMatchPolicy is the value used for "trusted-resources-verification-no-match-policy" to fail TaskRun or PipelineRun // when no matching policies are found FailNoMatchPolicy = "fail" // WarnNoMatchPolicy is the value used for "trusted-resources-verification-no-match-policy" to log warning and skip verification // when no matching policies are found WarnNoMatchPolicy = "warn" // IgnoreNoMatchPolicy is the value used for "trusted-resources-verification-no-match-policy" to skip verification // when no matching policies are found IgnoreNoMatchPolicy = "ignore" // ResultExtractionMethodTerminationMessage is the value used for "results-from" as a way to extract results from tasks using kubernetes termination message. ResultExtractionMethodTerminationMessage = "termination-message" // ResultExtractionMethodSidecarLogs is the value used for "results-from" as a way to extract results from tasks using sidecar logs. ResultExtractionMethodSidecarLogs = "sidecar-logs" // DefaultDisableAffinityAssistant is the default value for "disable-affinity-assistant". DefaultDisableAffinityAssistant = false // DefaultDisableCredsInit is the default value for "disable-creds-init". DefaultDisableCredsInit = false // DefaultRunningInEnvWithInjectedSidecars is the default value for "running-in-environment-with-injected-sidecars". DefaultRunningInEnvWithInjectedSidecars = true // DefaultAwaitSidecarReadiness is the default value for "await-sidecar-readiness". DefaultAwaitSidecarReadiness = true // DefaultRequireGitSSHSecretKnownHosts is the default value for "require-git-ssh-secret-known-hosts". DefaultRequireGitSSHSecretKnownHosts = false // DefaultEnableTektonOciBundles is the default value for "enable-tekton-oci-bundles". DefaultEnableTektonOciBundles = false // DefaultEnableAPIFields is the default value for "enable-api-fields". DefaultEnableAPIFields = BetaAPIFields // DefaultSendCloudEventsForRuns is the default value for "send-cloudevents-for-runs". DefaultSendCloudEventsForRuns = false // EnforceNonfalsifiabilityWithSpire is the value used for "enable-nonfalsifiability" when SPIRE is used to enable non-falsifiability. EnforceNonfalsifiabilityWithSpire = "spire" // EnforceNonfalsifiabilityNone is the value used for "enable-nonfalsifiability" when non-falsifiability is not enabled. EnforceNonfalsifiabilityNone = "" // DefaultEnforceNonfalsifiability is the default value for "enforce-nonfalsifiability". DefaultEnforceNonfalsifiability = EnforceNonfalsifiabilityNone // DefaultNoMatchPolicyConfig is the default value for "trusted-resources-verification-no-match-policy". DefaultNoMatchPolicyConfig = IgnoreNoMatchPolicy // DefaultEnableProvenanceInStatus is the default value for "enable-provenance-status". DefaultEnableProvenanceInStatus = true // DefaultResultExtractionMethod is the default value for ResultExtractionMethod DefaultResultExtractionMethod = ResultExtractionMethodTerminationMessage // DefaultMaxResultSize is the default value in bytes for the size of a result DefaultMaxResultSize = 4096 // DefaultSetSecurityContext is the default value for "set-security-context" DefaultSetSecurityContext = false )
const ( // DefaultTaskrunLevel determines to what level to aggregate metrics // when it isn't specified in configmap DefaultTaskrunLevel = TaskrunLevelAtTask // TaskrunLevelAtTaskrun specify that aggregation will be done at // taskrun level TaskrunLevelAtTaskrun = "taskrun" // TaskrunLevelAtTask specify that aggregation will be done at task level TaskrunLevelAtTask = "task" // TaskrunLevelAtNS specify that aggregation will be done at namespace level TaskrunLevelAtNS = "namespace" // DefaultPipelinerunLevel determines to what level to aggregate metrics // when it isn't specified in configmap DefaultPipelinerunLevel = PipelinerunLevelAtPipeline // PipelinerunLevelAtPipelinerun specify that aggregation will be done at // pipelinerun level PipelinerunLevelAtPipelinerun = "pipelinerun" // PipelinerunLevelAtPipeline specify that aggregation will be done at // pipeline level PipelinerunLevelAtPipeline = "pipeline" // PipelinerunLevelAtNS specify that aggregation will be done at // namespace level PipelinerunLevelAtNS = "namespace" // DefaultDurationTaskrunType determines what type // of metrics to use when we don't specify one in // configmap DefaultDurationTaskrunType = "histogram" // DurationTaskrunTypeHistogram specify that histogram // type metrics need to be use for Duration of Taskrun DurationTaskrunTypeHistogram = "histogram" // DurationTaskrunTypeLastValue specify that lastValue or // gauge type metrics need to be use for Duration of Taskrun DurationTaskrunTypeLastValue = "lastvalue" // DefaultDurationPipelinerunType determines what type // of metrics to use when we don't specify one in // configmap DefaultDurationPipelinerunType = "histogram" // DurationPipelinerunTypeHistogram specify that histogram // type metrics need to be use for Duration of Pipelinerun DurationPipelinerunTypeHistogram = "histogram" // DurationPipelinerunTypeLastValue specify that lastValue or // gauge type metrics need to be use for Duration of Pipelinerun DurationPipelinerunTypeLastValue = "lastvalue" )
const ( // SpireConfigMapName is the name of the trusted resources configmap SpireConfigMapName = "config-spire" // SpireTrustDomain is the key to extract out the SPIRE trust domain to use SpireTrustDomain = "spire-trust-domain" // SpireSocketPath is the key to extract out the SPIRE agent socket for SPIFFE workload API SpireSocketPath = "spire-socket-path" // SpireServerAddr is the key to extract out the SPIRE server address for workload/node registration SpireServerAddr = "spire-server-addr" // SpireNodeAliasPrefix is the key to extract out the SPIRE node alias prefix to use SpireNodeAliasPrefix = "spire-node-alias-prefix" // SpireTrustDomainDefault is the default value for the SpireTrustDomain SpireTrustDomainDefault = "example.org" // SpireSocketPathDefault is the default value for the SpireSocketPath SpireSocketPathDefault = "unix:///spiffe-workload-api/spire-agent.sock" // SpireServerAddrDefault is the default value for the SpireServerAddr SpireServerAddrDefault = "spire-server.spire.svc.cluster.local:8081" // SpireNodeAliasPrefixDefault is the default value for the SpireNodeAliasPrefix SpireNodeAliasPrefixDefault = "/tekton-node/" )
Variables ¶
var DefaultConfig, _ = NewDefaultsFromMap(map[string]string{})
DefaultConfig holds all the default configurations for the config.
var DefaultFeatureFlags, _ = NewFeatureFlagsFromMap(map[string]string{})
DefaultFeatureFlags holds all the default configurations for the feature flags configmap.
var DefaultMetrics, _ = newMetricsFromMap(map[string]string{})
DefaultMetrics holds all the default configurations for the metrics.
var DefaultSpire, _ = NewSpireConfigFromMap(map[string]string{})
DefaultSpire hols all the default configurations for the spire.
Functions ¶
func CheckAlphaOrBetaAPIFields ¶ added in v0.45.0
CheckAlphaOrBetaAPIFields return true if the enable-api-fields is either set to alpha or set to beta
func EnableAlphaAPIFields ¶ added in v0.38.0
EnableAlphaAPIFields enables alpha features in an existing context (for use in testing)
func EnableBetaAPIFields ¶ added in v0.41.0
EnableBetaAPIFields enables beta features in an existing context (for use in testing)
func EnableStableAPIFields ¶ added in v0.45.0
EnableStableAPIFields enables stable features in an existing context (for use in testing)
func GetDefaultsConfigName ¶ added in v0.12.0
func GetDefaultsConfigName() string
GetDefaultsConfigName returns the name of the configmap containing all defined defaults.
func GetFeatureFlagsConfigName ¶ added in v0.14.0
func GetFeatureFlagsConfigName() string
GetFeatureFlagsConfigName returns the name of the configmap containing all feature flags.
func GetMetricsConfigName ¶ added in v0.28.0
func GetMetricsConfigName() string
GetMetricsConfigName returns the name of the configmap containing all customizations for the storage bucket.
func GetSpireConfigName ¶ added in v0.45.0
func GetSpireConfigName() string
GetSpireConfigName returns the name of Spire ConfigMap
func GetVerificationNoMatchPolicy ¶ added in v0.47.0
GetVerificationNoMatchPolicy returns the "trusted-resources-verification-no-match-policy" value
func IsSpireEnabled ¶ added in v0.47.0
IsSpireEnabled checks if non-falsifiable provenance is enforced through SPIRE
func NewSpireConfigFromConfigMap ¶ added in v0.45.0
func NewSpireConfigFromConfigMap(configMap *corev1.ConfigMap) (*sc.SpireConfig, error)
NewSpireConfigFromConfigMap creates a Config from the supplied ConfigMap
func NewSpireConfigFromMap ¶ added in v0.45.0
func NewSpireConfigFromMap(data map[string]string) (*sc.SpireConfig, error)
NewSpireConfigFromMap creates a Config from the supplied map
Types ¶
type Config ¶
type Config struct { Defaults *Defaults FeatureFlags *FeatureFlags Metrics *Metrics SpireConfig *sc.SpireConfig }
Config holds the collection of configurations that we attach to contexts. +k8s:deepcopy-gen=false
func FromContext ¶
FromContext extracts a Config from the provided context.
func FromContextOrDefaults ¶
FromContextOrDefaults is like FromContext, but when no Config is attached it returns a Config populated with the defaults for each of the Config fields.
type Defaults ¶
type Defaults struct { DefaultTimeoutMinutes int DefaultServiceAccount string DefaultManagedByLabelValue string DefaultPodTemplate *pod.Template DefaultAAPodTemplate *pod.AffinityAssistantTemplate DefaultCloudEventsSink string DefaultTaskRunWorkspaceBinding string DefaultMaxMatrixCombinationsCount int DefaultForbiddenEnv []string DefaultResolverType string }
Defaults holds the default configurations +k8s:deepcopy-gen=true
func NewDefaultsFromConfigMap ¶
NewDefaultsFromConfigMap returns a Config for the given configmap
func NewDefaultsFromMap ¶
NewDefaultsFromMap returns a Config given a map corresponding to a ConfigMap
func (*Defaults) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Defaults.
func (*Defaults) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type FeatureFlags ¶ added in v0.14.0
type FeatureFlags struct { DisableAffinityAssistant bool DisableCredsInit bool RunningInEnvWithInjectedSidecars bool RequireGitSSHSecretKnownHosts bool EnableTektonOCIBundles bool ScopeWhenExpressionsToTask bool EnableAPIFields string SendCloudEventsForRuns bool AwaitSidecarReadiness bool EnforceNonfalsifiability string // VerificationNoMatchPolicy is the feature flag for "trusted-resources-verification-no-match-policy" // VerificationNoMatchPolicy can be set to "ignore", "warn" and "fail" values. // ignore: skip trusted resources verification when no matching verification policies found // warn: skip trusted resources verification when no matching verification policies found and log a warning // fail: fail the taskrun or pipelines run if no matching verification policies found VerificationNoMatchPolicy string EnableProvenanceInStatus bool ResultExtractionMethod string MaxResultSize int SetSecurityContext bool }
FeatureFlags holds the features configurations +k8s:deepcopy-gen=true
func NewFeatureFlagsFromConfigMap ¶ added in v0.14.0
func NewFeatureFlagsFromConfigMap(config *corev1.ConfigMap) (*FeatureFlags, error)
NewFeatureFlagsFromConfigMap returns a Config for the given configmap
func NewFeatureFlagsFromMap ¶ added in v0.14.0
func NewFeatureFlagsFromMap(cfgMap map[string]string) (*FeatureFlags, error)
NewFeatureFlagsFromMap returns a Config given a map corresponding to a ConfigMap
func (*FeatureFlags) DeepCopy ¶ added in v0.14.0
func (in *FeatureFlags) DeepCopy() *FeatureFlags
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureFlags.
func (*FeatureFlags) DeepCopyInto ¶ added in v0.14.0
func (in *FeatureFlags) DeepCopyInto(out *FeatureFlags)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Metrics ¶ added in v0.28.0
type Metrics struct { TaskrunLevel string PipelinerunLevel string DurationTaskrunType string DurationPipelinerunType string }
Metrics holds the configurations for the metrics +k8s:deepcopy-gen=true
func NewMetricsFromConfigMap ¶ added in v0.28.0
NewMetricsFromConfigMap returns a Config for the given configmap
func (*Metrics) DeepCopy ¶ added in v0.28.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metrics.
func (*Metrics) DeepCopyInto ¶ added in v0.28.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Store ¶
type Store struct {
*configmap.UntypedStore
}
Store is a typed wrapper around configmap.Untyped store to handle our configmaps. +k8s:deepcopy-gen=false
func NewStore ¶
NewStore creates a new store of Configs and optionally calls functions when ConfigMaps are updated.