Documentation
¶
Index ¶
Constants ¶
View Source
const ( AppName = "tekton-pipelines" WebhookName = "webhook" WebhookFullName = AppName + "-" + WebhookName ControllerName = "controller" ControllerFullName = AppName + "-" + ControllerName ResolversName = "resolvers" ResolversFullName = AppName + "-" + ResolversName Version = "v0.46.0" WebhookPort = 8443 WebhookImage = "" /* 143-byte string literal not displayed */ ControllerImage = "" /* 146-byte string literal not displayed */ ResolversImage = "" /* 145-byte string literal not displayed */ )
Variables ¶
View Source
var ( PipelinesNS = kubeutil.Namespace( AppName, kubeutil.MergeLabels( labelsPipelines, map[string]string{ kubeutil.NSLabelPodSecurityEnforce: kubeutil.NSValuePodSecurityRestricted, }, ), nil, ) ResolversNS = kubeutil.Namespace( ResolversFullName, kubeutil.MergeLabels( labelsResolvers, map[string]string{ kubeutil.NSLabelPodSecurityEnforce: kubeutil.NSValuePodSecurityRestricted, }, ), nil, ) )
View Source
var AggregateEditCR = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Labels: kubeutil.MergeLabels( labelsPipelines, map[string]string{ kubeutil.LabelRbacAggregateToAdmin: "true", kubeutil.LabelRbacAggregateToEdit: "true", }, ), Name: "tekton-aggregate-edit", }, Rules: []rbacv1.PolicyRule{ { APIGroups: []string{"tekton.dev"}, Resources: []string{ "tasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "runs", "customruns", }, Verbs: []string{ "create", "delete", "deletecollection", "get", "list", "patch", "update", "watch", }, }, }, TypeMeta: kubeutil.TypeClusterRoleV1, }
View Source
var AggregateViewCR = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Labels: kubeutil.MergeLabels( labelsPipelines, map[string]string{ kubeutil.LabelRbacAggregateToView: "true", }, ), Name: "tekton-aggregate-view", }, Rules: []rbacv1.PolicyRule{ { APIGroups: []string{"tekton.dev"}, Resources: []string{ "tasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "runs", "customruns", }, Verbs: []string{"get", "list", "watch"}, }, }, TypeMeta: kubeutil.TypeClusterRoleV1, }
View Source
var BundleResolverConfigCM = &corev1.ConfigMap{ Data: map[string]string{ "default-kind": "task", "default-service-account": "default", }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsResolvers, Name: "bundleresolver-config", Namespace: ResolversNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var ClusterResolverConfigCM = &corev1.ConfigMap{ Data: map[string]string{ "allowed-namespaces": "", "blocked-namespaces": "", "default-kind": "task", "default-namespace": "", }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsResolvers, Name: "cluster-resolver-config", Namespace: ResolversNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var ClusterTasksDevCRD = &apiextensionsv1.CustomResourceDefinition{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app.kubernetes.io/instance": "default", "app.kubernetes.io/part-of": "tekton-pipelines", "pipeline.tekton.dev/release": "v0.45.0", "version": "v0.45.0", }, Name: "clustertasks.tekton.dev", }, Spec: apiextensionsv1.CustomResourceDefinitionSpec{ Conversion: &apiextensionsv1.CustomResourceConversion{ Strategy: apiextensionsv1.ConversionStrategyType("Webhook"), Webhook: &apiextensionsv1.WebhookConversion{ ClientConfig: &apiextensionsv1.WebhookClientConfig{ Service: &apiextensionsv1.ServiceReference{ Name: "tekton-pipelines-webhook", Namespace: "tekton-pipelines", }, }, ConversionReviewVersions: []string{"v1beta1"}, }, }, Group: "tekton.dev", Names: apiextensionsv1.CustomResourceDefinitionNames{ Categories: []string{"tekton", "tekton-pipelines"}, Kind: "ClusterTask", Plural: "clustertasks", Singular: "clustertask", }, Scope: apiextensionsv1.ResourceScope("Cluster"), Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ { Name: "v1beta1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Storage: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, }, }, TypeMeta: metav1.TypeMeta{ APIVersion: "apiextensions.k8s.io/v1", Kind: "CustomResourceDefinition", }, }
View Source
var ConfigDefaultsCM = &corev1.ConfigMap{ Data: map[string]string{ "_example": ` ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that "kubectl edit" this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # default-timeout-minutes contains the default number of # minutes to use for TaskRun and PipelineRun, if none is specified. default-timeout-minutes: "60" # 60 minutes # default-service-account contains the default service account name # to use for TaskRun and PipelineRun, if none is specified. default-service-account: "default" # default-managed-by-label-value contains the default value given to the # "app.kubernetes.io/managed-by" label applied to all Pods created for # TaskRuns. If a user's requested TaskRun specifies another value for this # label, the user's request supercedes. default-managed-by-label-value: "tekton-pipelines" # default-pod-template contains the default pod template to use for # TaskRun and PipelineRun. If a pod template is specified on the # PipelineRun, the default-pod-template is merged with that one. # default-pod-template: # default-affinity-assistant-pod-template contains the default pod template # to use for affinity assistant pods. If a pod template is specified on the # PipelineRun, the default-affinity-assistant-pod-template is merged with # that one. # default-affinity-assistant-pod-template: # default-cloud-events-sink contains the default CloudEvents sink to be # used for TaskRun and PipelineRun, when no sink is specified. # Note that right now it is still not possible to set a PipelineRun or # TaskRun specific sink, so the default is the only option available. # If no sink is specified, no CloudEvent is generated # default-cloud-events-sink: # default-task-run-workspace-binding contains the default workspace # configuration provided for any Workspaces that a Task declares # but that a TaskRun does not explicitly provide. # default-task-run-workspace-binding: | # emptyDir: {} # default-max-matrix-combinations-count contains the default maximum number # of combinations from a Matrix, if none is specified. default-max-matrix-combinations-count: "256" # default-forbidden-env contains comma seperated environment variables that cannot be # overridden by podTemplate. default-forbidden-env: `, }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsPipelines, Name: "config-defaults", Namespace: PipelinesNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var ConfigLeaderElectionCM = &corev1.ConfigMap{ Data: map[string]string{ "_example": ` ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that "kubectl edit" this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # lease-duration is how long non-leaders will wait to try to acquire the # lock; 15 seconds is the value used by core kubernetes controllers. lease-duration: "60s" # renew-deadline is how long a leader will try to renew the lease before # giving up; 10 seconds is the value used by core kubernetes controllers. renew-deadline: "40s" # retry-period is how long the leader election client waits between tries of # actions; 2 seconds is the value used by core kubernetes controllers. retry-period: "10s" # buckets is the number of buckets used to partition key space of each # Reconciler. If this number is M and the replica number of the controller # is N, the N replicas will compete for the M buckets. The owner of a # bucket will take care of the reconciling for the keys partitioned into # that bucket. buckets: "1" `, }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsPipelines, Name: "config-leader-election", Namespace: PipelinesNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var ConfigLeaderElectionResolversCM = &corev1.ConfigMap{ Data: map[string]string{ "_example": ` ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that "kubectl edit" this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # lease-duration is how long non-leaders will wait to try to acquire the # lock; 15 seconds is the value used by core kubernetes controllers. lease-duration: "60s" # renew-deadline is how long a leader will try to renew the lease before # giving up; 10 seconds is the value used by core kubernetes controllers. renew-deadline: "40s" # retry-period is how long the leader election client waits between tries of # actions; 2 seconds is the value used by core kubernetes controllers. retry-period: "10s" # buckets is the number of buckets used to partition key space of each # Reconciler. If this number is M and the replica number of the controller # is N, the N replicas will compete for the M buckets. The owner of a # bucket will take care of the reconciling for the keys partitioned into # that bucket. buckets: "1" `, }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsResolvers, Name: "config-leader-election", Namespace: ResolversNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var ConfigLoggingCM = &corev1.ConfigMap{ Data: map[string]string{ "loglevel.controller": "info", "loglevel.webhook": "info", "zap-logger-config": ` { "level": "info", "development": false, "sampling": { "initial": 100, "thereafter": 100 }, "outputPaths": ["stdout"], "errorOutputPaths": ["stderr"], "encoding": "json", "encoderConfig": { "timeKey": "timestamp", "levelKey": "severity", "nameKey": "logger", "callerKey": "caller", "messageKey": "message", "stacktraceKey": "stacktrace", "lineEnding": "", "levelEncoder": "", "timeEncoder": "iso8601", "durationEncoder": "", "callerEncoder": "" } } `, }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsPipelines, Name: "config-logging", Namespace: PipelinesNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var ConfigLoggingResolversCM = &corev1.ConfigMap{ Data: map[string]string{ "loglevel.controller": "info", "loglevel.webhook": "info", "zap-logger-config": ` { "level": "info", "development": false, "sampling": { "initial": 100, "thereafter": 100 }, "outputPaths": ["stdout"], "errorOutputPaths": ["stderr"], "encoding": "json", "encoderConfig": { "timeKey": "timestamp", "levelKey": "severity", "nameKey": "logger", "callerKey": "caller", "messageKey": "message", "stacktraceKey": "stacktrace", "lineEnding": "", "levelEncoder": "", "timeEncoder": "iso8601", "durationEncoder": "", "callerEncoder": "" } } `, }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsResolvers, Name: "config-logging", Namespace: ResolversNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var ConfigObservabilityCM = &corev1.ConfigMap{ Data: map[string]string{ "_example": ` ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that "kubectl edit" this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # metrics.backend-destination field specifies the system metrics destination. # It supports either prometheus (the default) or stackdriver. # Note: Using Stackdriver will incur additional charges. metrics.backend-destination: prometheus # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This # field is optional. When running on GCE, application default credentials will be # used and metrics will be sent to the cluster's project if this field is # not provided. metrics.stackdriver-project-id: "<your stackdriver project id>" # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed # to send metrics to Stackdriver using "global" resource type and custom # metric type. Setting this flag to "true" could cause extra Stackdriver # charge. If metrics.backend-destination is not Stackdriver, this is # ignored. metrics.allow-stackdriver-custom-metrics: "false" metrics.taskrun.level: "task" metrics.taskrun.duration-type: "histogram" metrics.pipelinerun.level: "pipeline" metrics.pipelinerun.duration-type: "histogram" `, }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsPipelines, Name: "config-observability", Namespace: PipelinesNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var ConfigObservabilityResolversCM = &corev1.ConfigMap{ Data: map[string]string{ "_example": ` ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that "kubectl edit" this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # metrics.backend-destination field specifies the system metrics destination. # It supports either prometheus (the default) or stackdriver. # Note: Using stackdriver will incur additional charges metrics.backend-destination: prometheus # metrics.request-metrics-backend-destination specifies the request metrics # destination. If non-empty, it enables queue proxy to send request metrics. # Currently supported values: prometheus, stackdriver. metrics.request-metrics-backend-destination: prometheus # metrics.stackdriver-project-id field specifies the stackdriver project ID. This # field is optional. When running on GCE, application default credentials will be # used if this field is not provided. metrics.stackdriver-project-id: "<your stackdriver project id>" # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to # Stackdriver using "global" resource type and custom metric type if the # metrics are not supported by "knative_revision" resource type. Setting this # flag to "true" could cause extra Stackdriver charge. # If metrics.backend-destination is not Stackdriver, this is ignored. metrics.allow-stackdriver-custom-metrics: "false" `, }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsResolvers, Name: "config-observability", Namespace: ResolversNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var ConfigRegistryCertCM = &corev1.ConfigMap{ Data: nil, ObjectMeta: metav1.ObjectMeta{ Labels: labelsPipelines, Name: "config-registry-cert", Namespace: PipelinesNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var ConfigSpireCM = &corev1.ConfigMap{ Data: map[string]string{ "_example": ` ################################ # # # EXAMPLE CONFIGURATION # # # ################################ # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible # to users that "kubectl edit" this config map. # # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. # # spire-trust-domain specifies the SPIRE trust domain to use. # spire-trust-domain: "example.org" # # spire-socket-path specifies the SPIRE agent socket for SPIFFE workload API. # spire-socket-path: "unix:///spiffe-workload-api/spire-agent.sock" # # spire-server-addr specifies the SPIRE server address for workload/node registration. # spire-server-addr: "spire-server.spire.svc.cluster.local:8081" # # spire-node-alias-prefix specifies the SPIRE node alias prefix to use. # spire-node-alias-prefix: "/tekton-node/" `, }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsPipelines, Name: "config-spire", Namespace: PipelinesNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var ConfigWebhookPipelineDevValidatingwebhookconfigurations = &admissionregistrationv1.ValidatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{ Labels: kubeutil.MergeLabels(labelsWebhook, labelsVersion), Name: "config.webhook.pipeline.tekton.dev", }, TypeMeta: kubeutil.TypeValidatingWebhookConfigurationV1, Webhooks: []admissionregistrationv1.ValidatingWebhook{ { AdmissionReviewVersions: []string{"v1"}, ClientConfig: admissionregistrationv1.WebhookClientConfig{ Service: &admissionregistrationv1.ServiceReference{ Name: WebhookFullName, Namespace: PipelinesNS.Name, }, }, FailurePolicy: P(admissionregistrationv1.Fail), Name: "config.webhook.pipeline.tekton.dev", ObjectSelector: &metav1.LabelSelector{MatchLabels: map[string]string{kubeutil.AppLabelPartOf: "tekton-pipelines"}}, SideEffects: P(admissionregistrationv1.SideEffectClassNone), }, }, }
View Source
var CustomRunsDevCRD = &apiextensionsv1.CustomResourceDefinition{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app.kubernetes.io/instance": "default", "app.kubernetes.io/part-of": "tekton-pipelines", "pipeline.tekton.dev/release": "v0.45.0", "version": "v0.45.0", }, Name: "customruns.tekton.dev", }, Spec: apiextensionsv1.CustomResourceDefinitionSpec{ Group: "tekton.dev", Names: apiextensionsv1.CustomResourceDefinitionNames{ Categories: []string{"tekton", "tekton-pipelines"}, Kind: "CustomRun", Plural: "customruns", Singular: "customrun", }, Scope: apiextensionsv1.ResourceScope("Namespaced"), Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ { AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ { JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status", Name: "Succeeded", Type: "string", }, { JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason", Name: "Reason", Type: "string", }, { JSONPath: ".status.startTime", Name: "StartTime", Type: "date", }, { JSONPath: ".status.completionTime", Name: "CompletionTime", Type: "date", }, }, Name: "v1beta1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Storage: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, }, }, TypeMeta: metav1.TypeMeta{ APIVersion: "apiextensions.k8s.io/v1", Kind: "CustomResourceDefinition", }, }
View Source
var FeatureFlagsCM = &corev1.ConfigMap{ Data: map[string]string{ "await-sidecar-readiness": "true", "custom-task-version": "v1beta1", "disable-affinity-assistant": "false", "disable-creds-init": "false", "enable-api-fields": "stable", "enable-provenance-in-status": "false", "enable-tekton-oci-bundles": "false", "enforce-nonfalsifiablity": "none", "require-git-ssh-secret-known-hosts": "false", "resource-verification-mode": "skip", "running-in-environment-with-injected-sidecars": "true", "send-cloudevents-for-runs": "false", }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsPipelines, Name: "feature-flags", Namespace: PipelinesNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var GitResolverConfigCM = &corev1.ConfigMap{ Data: map[string]string{ "api-token-secret-key": "", "api-token-secret-name": "", "api-token-secret-namespace": "default", "default-org": "", "default-revision": "main", "default-url": "https://github.com/tektoncd/catalog.git", "fetch-timeout": "1m", "scm-type": "github", "server-url": "", }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsResolvers, Name: "git-resolver-config", Namespace: ResolversNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var HubresolverConfigCM = &corev1.ConfigMap{ Data: map[string]string{ "default-artifact-hub-pipeline-catalog": "tekton-catalog-pipelines", "default-artifact-hub-task-catalog": "tekton-catalog-tasks", "default-kind": "task", "default-tekton-hub-catalog": "Tekton", "default-type": "artifact", }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsResolvers, Name: "hubresolver-config", Namespace: ResolversNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var PipelineResourcesDevCRD = &apiextensionsv1.CustomResourceDefinition{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app.kubernetes.io/instance": "default", "app.kubernetes.io/part-of": "tekton-pipelines", "pipeline.tekton.dev/release": "v0.45.0", "version": "v0.45.0", }, Name: "pipelineresources.tekton.dev", }, Spec: apiextensionsv1.CustomResourceDefinitionSpec{ Group: "tekton.dev", Names: apiextensionsv1.CustomResourceDefinitionNames{ Categories: []string{"tekton", "tekton-pipelines"}, Kind: "PipelineResource", Plural: "pipelineresources", Singular: "pipelineresource", }, Scope: apiextensionsv1.ResourceScope("Namespaced"), Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ { Name: "v1alpha1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Storage: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, }, }, TypeMeta: metav1.TypeMeta{ APIVersion: "apiextensions.k8s.io/v1", Kind: "CustomResourceDefinition", }, }
View Source
var PipelineRunsDevCRD = &apiextensionsv1.CustomResourceDefinition{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app.kubernetes.io/instance": "default", "app.kubernetes.io/part-of": "tekton-pipelines", "pipeline.tekton.dev/release": "v0.45.0", "version": "v0.45.0", }, Name: "pipelineruns.tekton.dev", }, Spec: apiextensionsv1.CustomResourceDefinitionSpec{ Conversion: &apiextensionsv1.CustomResourceConversion{ Strategy: apiextensionsv1.ConversionStrategyType("Webhook"), Webhook: &apiextensionsv1.WebhookConversion{ ClientConfig: &apiextensionsv1.WebhookClientConfig{ Service: &apiextensionsv1.ServiceReference{ Name: "tekton-pipelines-webhook", Namespace: "tekton-pipelines", }, }, ConversionReviewVersions: []string{"v1beta1", "v1"}, }, }, Group: "tekton.dev", Names: apiextensionsv1.CustomResourceDefinitionNames{ Categories: []string{"tekton", "tekton-pipelines"}, Kind: "PipelineRun", Plural: "pipelineruns", ShortNames: []string{"pr", "prs"}, Singular: "pipelinerun", }, Scope: apiextensionsv1.ResourceScope("Namespaced"), Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ { AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ { JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status", Name: "Succeeded", Type: "string", }, { JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason", Name: "Reason", Type: "string", }, { JSONPath: ".status.startTime", Name: "StartTime", Type: "date", }, { JSONPath: ".status.completionTime", Name: "CompletionTime", Type: "date", }, }, Name: "v1beta1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Storage: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, { AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ { JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status", Name: "Succeeded", Type: "string", }, { JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason", Name: "Reason", Type: "string", }, { JSONPath: ".status.startTime", Name: "StartTime", Type: "date", }, { JSONPath: ".status.completionTime", Name: "CompletionTime", Type: "date", }, }, Name: "v1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, }, }, TypeMeta: metav1.TypeMeta{ APIVersion: "apiextensions.k8s.io/v1", Kind: "CustomResourceDefinition", }, }
View Source
var PipelinesControllerClusterAccessCR = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Labels: labelsController, Name: "tekton-pipelines-controller-cluster-access", }, Rules: []rbacv1.PolicyRule{ { APIGroups: []string{}, Resources: []string{"pods"}, Verbs: []string{"list", "watch"}, }, { APIGroups: []string{"tekton.dev"}, Resources: []string{ "tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "runs", "customruns", }, Verbs: []string{ "get", "list", "create", "update", "delete", "patch", "watch", }, }, { APIGroups: []string{"tekton.dev"}, Resources: []string{"verificationpolicies"}, Verbs: []string{"get", "list", "watch"}, }, { APIGroups: []string{"tekton.dev"}, Resources: []string{ "taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers", "customruns/finalizers", }, Verbs: []string{ "get", "list", "create", "update", "delete", "patch", "watch", }, }, { APIGroups: []string{"tekton.dev"}, Resources: []string{ "tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status", "runs/status", "customruns/status", "verificationpolicies/status", }, Verbs: []string{ "get", "list", "create", "update", "delete", "patch", "watch", }, }, { APIGroups: []string{"resolution.tekton.dev"}, Resources: []string{ "resolutionrequests", "resolutionrequests/status", }, Verbs: []string{ "get", "list", "create", "update", "delete", "patch", "watch", }, }, }, TypeMeta: kubeutil.TypeClusterRoleV1, }
View Source
var PipelinesControllerDeploy = &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Labels: kubeutil.MergeLabels( map[string]string{kubeutil.AppLabelName: ControllerName}, labelsController, labelsVersion, ), Name: ControllerFullName, Namespace: PipelinesNS.Name, }, Spec: appsv1.DeploymentSpec{ Replicas: P(int32(1)), Selector: &metav1.LabelSelector{ MatchLabels: kubeutil.MergeLabels( map[string]string{kubeutil.AppLabelName: ControllerName}, labelsController, ), }, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: kubeutil.MergeLabels( map[string]string{ "app": ControllerFullName, kubeutil.AppLabelName: ControllerName, }, labelsController, labelsVersion, ), }, Spec: corev1.PodSpec{ Affinity: &corev1.Affinity{ NodeAffinity: &corev1.NodeAffinity{ RequiredDuringSchedulingIgnoredDuringExecution: &corev1.NodeSelector{ NodeSelectorTerms: []corev1.NodeSelectorTerm{kubeutil.NotInWindows}, }, }, }, Containers: []corev1.Container{ { Args: []string{ "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.46.0@sha256:36114bab6037563667aa0620037e7a063ffe00f432866a293807f8029eddd645", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.46.0@sha256:1b9ad2522b5a5ea0c51ac43e2838ea1535de9d9c82c7864ed9a88553db434a29", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.46.0@sha256:4bc1d0dc796a2a85a72d431344b80a2ac93f259fdd199d17ebc6d31b52a571d6", "-workingdirinit-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.46.0@sha256:b066c05c1565675a573563557d2cd91bea48217091a3beda639f0dbdea5910bc", "-shell-image", "cgr.dev/chainguard/busybox@sha256:19f02276bf8dbdd62f069b922f10c65262cc34b710eea26ff928129a736be791", "-shell-image-win", "mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6", }, Env: []corev1.EnvVar{ { Name: "SYSTEM_NAMESPACE", ValueFrom: &corev1.EnvVarSource{FieldRef: &corev1.ObjectFieldSelector{FieldPath: "metadata.namespace"}}, }, { Name: "CONFIG_DEFAULTS_NAME", Value: ConfigDefaultsCM.Name, }, { Name: "CONFIG_LOGGING_NAME", Value: ConfigLoggingCM.Name, }, { Name: "CONFIG_OBSERVABILITY_NAME", Value: ConfigObservabilityCM.Name, }, { Name: "CONFIG_FEATURE_FLAGS_NAME", Value: FeatureFlagsCM.Name, }, { Name: "CONFIG_LEADERELECTION_NAME", Value: ConfigLeaderElectionCM.Name, }, { Name: "CONFIG_SPIRE", Value: ConfigSpireCM.Name, }, { Name: "SSL_CERT_FILE", Value: "/etc/config-registry-cert/cert", }, { Name: "SSL_CERT_DIR", Value: "/etc/ssl/certs", }, { Name: "METRICS_DOMAIN", Value: "tekton.dev/pipeline", }, }, Image: ControllerImage, LivenessProbe: &corev1.Probe{ InitialDelaySeconds: int32(5), PeriodSeconds: int32(10), ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/health", Port: intstr.IntOrString{ StrVal: "probes", Type: intstr.Type(int64(1)), }, Scheme: corev1.URISchemeHTTP, }, }, TimeoutSeconds: int32(5), }, Name: ControllerFullName, Ports: []corev1.ContainerPort{ { ContainerPort: int32(9090), Name: "metrics", }, { ContainerPort: int32(8008), Name: "profiling", }, { ContainerPort: int32(8080), Name: "probes", }, }, ReadinessProbe: &corev1.Probe{ InitialDelaySeconds: int32(5), PeriodSeconds: int32(10), ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/readiness", Port: intstr.IntOrString{ StrVal: "probes", Type: intstr.Type(int64(1)), }, Scheme: corev1.URISchemeHTTP, }, }, TimeoutSeconds: int32(5), }, SecurityContext: &corev1.SecurityContext{ Capabilities: &corev1.Capabilities{Drop: []corev1.Capability{corev1.Capability("ALL")}}, RunAsGroup: P(int64(65532)), RunAsNonRoot: P(true), RunAsUser: P(int64(65532)), SeccompProfile: &corev1.SeccompProfile{Type: corev1.SeccompProfileTypeRuntimeDefault}, }, VolumeMounts: []corev1.VolumeMount{ { MountPath: "/etc/config-logging", Name: ConfigLoggingCM.Name, }, { MountPath: "/etc/config-registry-cert", Name: ConfigRegistryCertCM.Name, }, }, }, }, ServiceAccountName: PipelinesControllerSA.Name, Volumes: []corev1.Volume{ { Name: ConfigLoggingCM.Name, VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: ConfigLoggingCM.Name}}}, }, { Name: ConfigRegistryCertCM.Name, VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: ConfigRegistryCertCM.Name}}}, }, }, }, }, }, TypeMeta: kubeutil.TypeDeploymentV1, }
View Source
var PipelinesControllerRole = &rbacv1.Role{ ObjectMeta: metav1.ObjectMeta{ Labels: labelsController, Name: ControllerFullName, Namespace: PipelinesNS.Name, }, Rules: []rbacv1.PolicyRule{ { APIGroups: []string{}, Resources: []string{"configmaps"}, Verbs: []string{"list", "watch"}, }, { APIGroups: []string{}, ResourceNames: []string{ ConfigLoggingCM.Name, ConfigObservabilityCM.Name, ConfigLeaderElectionCM.Name, ConfigRegistryCertCM.Name, FeatureFlagsCM.Name, }, Resources: []string{"configmaps"}, Verbs: []string{"get"}, }, }, TypeMeta: kubeutil.TypeRoleV1, }
View Source
var PipelinesControllerSA = kubeutil.ServiceAccount( ControllerFullName, PipelinesNS.Name, labelsController, nil, )
View Source
var PipelinesControllerSVC = &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app": "tekton-pipelines-controller", "app.kubernetes.io/component": "controller", "app.kubernetes.io/instance": "default", "app.kubernetes.io/name": "controller", "app.kubernetes.io/part-of": "tekton-pipelines", "app.kubernetes.io/version": "v0.45.0", "pipeline.tekton.dev/release": "v0.45.0", "version": "v0.45.0", }, Name: "tekton-pipelines-controller", Namespace: "tekton-pipelines", }, Spec: corev1.ServiceSpec{ Ports: []corev1.ServicePort{ { Name: "http-metrics", Port: int32(9090), Protocol: corev1.Protocol("TCP"), TargetPort: intstr.IntOrString{IntVal: int32(9090)}, }, { Name: "http-profiling", Port: int32(8008), TargetPort: intstr.IntOrString{IntVal: int32(8008)}, }, { Name: "probes", Port: int32(8080), }, }, Selector: map[string]string{ "app.kubernetes.io/component": "controller", "app.kubernetes.io/instance": "default", "app.kubernetes.io/name": "controller", "app.kubernetes.io/part-of": "tekton-pipelines", }, }, TypeMeta: metav1.TypeMeta{ APIVersion: "v1", Kind: "Service", }, }
View Source
var PipelinesControllerTenantAccessCR = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Labels: labelsController, Name: "tekton-pipelines-controller-tenant-access", }, Rules: []rbacv1.PolicyRule{ { APIGroups: []string{}, Resources: []string{"pods", "persistentvolumeclaims"}, Verbs: []string{ "get", "list", "create", "update", "delete", "patch", "watch", }, }, { APIGroups: []string{}, Resources: []string{"events"}, Verbs: []string{"create", "update", "patch"}, }, { APIGroups: []string{}, Resources: []string{ "configmaps", "limitranges", "secrets", "serviceaccounts", }, Verbs: []string{"get", "list", "watch"}, }, { APIGroups: []string{"apps"}, Resources: []string{"statefulsets"}, Verbs: []string{ "get", "list", "create", "update", "delete", "patch", "watch", }, }, }, TypeMeta: kubeutil.TypeClusterRoleV1, }
View Source
var PipelinesDevCRD = &apiextensionsv1.CustomResourceDefinition{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app.kubernetes.io/instance": "default", "app.kubernetes.io/part-of": "tekton-pipelines", "pipeline.tekton.dev/release": "v0.45.0", "version": "v0.45.0", }, Name: "pipelines.tekton.dev", }, Spec: apiextensionsv1.CustomResourceDefinitionSpec{ Conversion: &apiextensionsv1.CustomResourceConversion{ Strategy: apiextensionsv1.ConversionStrategyType("Webhook"), Webhook: &apiextensionsv1.WebhookConversion{ ClientConfig: &apiextensionsv1.WebhookClientConfig{ Service: &apiextensionsv1.ServiceReference{ Name: "tekton-pipelines-webhook", Namespace: "tekton-pipelines", }, }, ConversionReviewVersions: []string{"v1beta1", "v1"}, }, }, Group: "tekton.dev", Names: apiextensionsv1.CustomResourceDefinitionNames{ Categories: []string{"tekton", "tekton-pipelines"}, Kind: "Pipeline", Plural: "pipelines", Singular: "pipeline", }, Scope: apiextensionsv1.ResourceScope("Namespaced"), Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ { Name: "v1beta1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Storage: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, { Name: "v1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, }, }, TypeMeta: metav1.TypeMeta{ APIVersion: "apiextensions.k8s.io/v1", Kind: "CustomResourceDefinition", }, }
View Source
var PipelinesInfoCM = &corev1.ConfigMap{ Data: map[string]string{ "version": "v0.45.0", }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsPipelines, Name: "pipelines-info", Namespace: PipelinesNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var PipelinesInfoRole = &rbacv1.Role{ ObjectMeta: metav1.ObjectMeta{ Labels: labelsPipelines, Name: "tekton-pipelines-info", Namespace: PipelinesNS.Name, }, Rules: []rbacv1.PolicyRule{ { APIGroups: []string{}, ResourceNames: []string{"pipelines-info"}, Resources: []string{"configmaps"}, Verbs: []string{"get"}, }, }, TypeMeta: kubeutil.TypeRoleV1, }
View Source
var PipelinesLeaderElectionRole = &rbacv1.Role{ ObjectMeta: metav1.ObjectMeta{ Labels: labelsPipelines, Name: "tekton-pipelines-leader-election", Namespace: PipelinesNS.Name, }, Rules: []rbacv1.PolicyRule{ { APIGroups: []string{"coordination.k8s.io"}, Resources: []string{"leases"}, Verbs: []string{ "get", "list", "create", "update", "delete", "patch", "watch", }, }, }, TypeMeta: kubeutil.TypeRoleV1, }
View Source
var PipelinesRemoteResolversDeploy = &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Labels: kubeutil.MergeLabels( map[string]string{kubeutil.AppLabelName: ResolversName}, labelsResolvers, labelsVersion, ), Name: ResolversFullName, Namespace: ResolversNS.Name, }, Spec: appsv1.DeploymentSpec{ Replicas: P(int32(1)), Selector: &metav1.LabelSelector{ MatchLabels: kubeutil.MergeLabels( map[string]string{kubeutil.AppLabelName: ResolversName}, labelsResolvers, ), }, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: kubeutil.MergeLabels( map[string]string{ "app": ResolversFullName, kubeutil.AppLabelName: ResolversName, }, labelsResolvers, labelsVersion, ), }, Spec: corev1.PodSpec{ Affinity: &corev1.Affinity{ PodAntiAffinity: &corev1.PodAntiAffinity{ PreferredDuringSchedulingIgnoredDuringExecution: []corev1.WeightedPodAffinityTerm{ { PodAffinityTerm: corev1.PodAffinityTerm{ LabelSelector: &metav1.LabelSelector{ MatchLabels: kubeutil.MergeLabels( map[string]string{kubeutil.AppLabelName: ResolversName}, labelsResolvers, ), }, TopologyKey: kubeutil.LabelHostname, }, Weight: int32(100), }, }, }, }, Containers: []corev1.Container{ { Env: []corev1.EnvVar{ { Name: "SYSTEM_NAMESPACE", ValueFrom: &corev1.EnvVarSource{FieldRef: &corev1.ObjectFieldSelector{FieldPath: "metadata.namespace"}}, }, { Name: "CONFIG_LOGGING_NAME", Value: ConfigLoggingResolversCM.Name, }, { Name: "CONFIG_OBSERVABILITY_NAME", Value: ConfigObservabilityResolversCM.Name, }, { Name: "CONFIG_FEATURE_FLAGS_NAME", Value: ResolversFeatureFlagsCM.Name, }, { Name: "CONFIG_LEADERELECTION_NAME", Value: ConfigLeaderElectionResolversCM.Name, }, { Name: "METRICS_DOMAIN", Value: "tekton.dev/resolution", }, { Name: "ARTIFACT_HUB_API", Value: "https://artifacthub.io/", }, }, Image: ResolversImage, Name: ResolversName, Ports: []corev1.ContainerPort{ { ContainerPort: int32(9090), Name: "metrics", }, }, Resources: kubeutil.Resources( "100m", "100Mi", "1000m", "4Gi", ), SecurityContext: &corev1.SecurityContext{ Capabilities: &corev1.Capabilities{Drop: []corev1.Capability{corev1.Capability("ALL")}}, ReadOnlyRootFilesystem: P(true), RunAsNonRoot: P(true), SeccompProfile: &corev1.SeccompProfile{Type: corev1.SeccompProfileTypeRuntimeDefault}, }, }, }, ServiceAccountName: PipelinesResolversSA.Name, }, }, }, TypeMeta: kubeutil.TypeDeploymentV1, }
View Source
var PipelinesResolversNamespaceRbacRole = &rbacv1.Role{ ObjectMeta: metav1.ObjectMeta{ Labels: labelsResolvers, Name: "tekton-pipelines-resolvers-namespace-rbac", Namespace: ResolversNS.Name, }, Rules: []rbacv1.PolicyRule{ { APIGroups: []string{}, Resources: []string{"configmaps", "secrets"}, Verbs: []string{"get", "list", "update", "watch"}, }, { APIGroups: []string{"coordination.k8s.io"}, Resources: []string{"leases"}, Verbs: []string{ "get", "list", "create", "update", "delete", "patch", "watch", }, }, }, TypeMeta: kubeutil.TypeRoleV1, }
View Source
var PipelinesResolversResolutionRequestUpdatesCR = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Labels: labelsResolvers, Name: "tekton-pipelines-resolvers-resolution-request-updates", }, Rules: []rbacv1.PolicyRule{ { APIGroups: []string{"resolution.tekton.dev"}, Resources: []string{ "resolutionrequests", "resolutionrequests/status", }, Verbs: []string{"get", "list", "watch", "update", "patch"}, }, { APIGroups: []string{"tekton.dev"}, Resources: []string{"tasks", "pipelines"}, Verbs: []string{"get", "list"}, }, { APIGroups: []string{}, Resources: []string{"secrets"}, Verbs: []string{"get", "list", "watch"}, }, }, TypeMeta: kubeutil.TypeClusterRoleV1, }
View Source
var PipelinesResolversSA = kubeutil.ServiceAccount( ResolversFullName, ResolversNS.Name, labelsResolvers, nil, )
View Source
var PipelinesWebhookClusterAccessCR = &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Labels: labelsWebhook, Name: "tekton-pipelines-webhook-cluster-access", }, Rules: []rbacv1.PolicyRule{ { APIGroups: []string{"apiextensions.k8s.io"}, ResourceNames: []string{ PipelinesDevCRD.Name, RunsDevCRD.Name, TasksDevCRD.Name, ClusterTasksDevCRD.Name, TaskRunsDevCRD.Name, PipelineResourcesDevCRD.Name, ResolutionRequestsCRD.Name, CustomRunsDevCRD.Name, VerificationPoliciesDevCRD.Name, }, Resources: []string{ "customresourcedefinitions", "customresourcedefinitions/status", }, Verbs: []string{"get", "update", "patch"}, }, { APIGroups: []string{"apiextensions.k8s.io"}, Resources: []string{"customresourcedefinitions"}, Verbs: []string{"list", "watch"}, }, { APIGroups: []string{"admissionregistration.k8s.io"}, Resources: []string{ "mutatingwebhookconfigurations", "validatingwebhookconfigurations", }, Verbs: []string{"list", "watch"}, }, { APIGroups: []string{"admissionregistration.k8s.io"}, ResourceNames: []string{"webhook.pipeline.tekton.dev"}, Resources: []string{"mutatingwebhookconfigurations"}, Verbs: []string{"get", "update", "delete"}, }, { APIGroups: []string{"admissionregistration.k8s.io"}, ResourceNames: []string{ "validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev", }, Resources: []string{"validatingwebhookconfigurations"}, Verbs: []string{"get", "update", "delete"}, }, { APIGroups: []string{}, ResourceNames: []string{"tekton-pipelines"}, Resources: []string{"namespaces"}, Verbs: []string{"get"}, }, { APIGroups: []string{}, ResourceNames: []string{"tekton-pipelines"}, Resources: []string{"namespaces/finalizers"}, Verbs: []string{"update"}, }, }, TypeMeta: kubeutil.TypeClusterRoleV1, }
View Source
var PipelinesWebhookDeploy = &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Labels: kubeutil.MergeLabels( map[string]string{kubeutil.AppLabelName: WebhookName}, labelsWebhook, labelsVersion, ), Name: WebhookFullName, Namespace: PipelinesNS.Name, }, Spec: appsv1.DeploymentSpec{ Selector: &metav1.LabelSelector{ MatchLabels: kubeutil.MergeLabels( map[string]string{kubeutil.AppLabelName: WebhookName}, labelsWebhook, ), }, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: kubeutil.MergeLabels( map[string]string{ "app": WebhookFullName, kubeutil.AppLabelName: WebhookName, }, labelsWebhook, labelsVersion, ), }, Spec: corev1.PodSpec{ Affinity: &corev1.Affinity{ NodeAffinity: &corev1.NodeAffinity{ RequiredDuringSchedulingIgnoredDuringExecution: &corev1.NodeSelector{ NodeSelectorTerms: []corev1.NodeSelectorTerm{ kubeutil.NotInWindows, }, }, }, PodAntiAffinity: &corev1.PodAntiAffinity{ PreferredDuringSchedulingIgnoredDuringExecution: []corev1.WeightedPodAffinityTerm{ { PodAffinityTerm: corev1.PodAffinityTerm{ LabelSelector: &metav1.LabelSelector{ MatchLabels: kubeutil.MergeLabels( map[string]string{kubeutil.AppLabelName: WebhookName}, labelsWebhook, ), }, TopologyKey: kubeutil.LabelHostname, }, Weight: int32(100), }, }, }, }, Containers: []corev1.Container{ { Env: []corev1.EnvVar{ { Name: "SYSTEM_NAMESPACE", ValueFrom: &corev1.EnvVarSource{FieldRef: &corev1.ObjectFieldSelector{FieldPath: "metadata.namespace"}}, }, { Name: "CONFIG_LOGGING_NAME", Value: ConfigLoggingCM.Name, }, { Name: "CONFIG_OBSERVABILITY_NAME", Value: ConfigObservabilityCM.Name, }, { Name: "CONFIG_LEADERELECTION_NAME", Value: ConfigLeaderElectionCM.Name, }, { Name: "CONFIG_FEATURE_FLAGS_NAME", Value: FeatureFlagsCM.Name, }, { Name: "WEBHOOK_PORT", Value: fmt.Sprintf("%d", WebhookPort), }, { Name: "WEBHOOK_ADMISSION_CONTROLLER_NAME", Value: "webhook.pipeline.tekton.dev", }, { Name: "WEBHOOK_SERVICE_NAME", Value: WebhookFullName, }, { Name: "WEBHOOK_SECRET_NAME", Value: WebhookCertsSecrets.Name, }, { Name: "METRICS_DOMAIN", Value: "tekton.dev/pipeline", }, }, Image: WebhookImage, LivenessProbe: &corev1.Probe{ InitialDelaySeconds: int32(5), PeriodSeconds: int32(10), ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/health", Port: intstr.IntOrString{ StrVal: "probes", Type: intstr.Type(int64(1)), }, Scheme: corev1.URISchemeHTTP, }, }, TimeoutSeconds: int32(5), }, Name: WebhookName, Ports: []corev1.ContainerPort{ { ContainerPort: int32(9090), Name: "metrics", }, { ContainerPort: int32(8008), Name: "profiling", }, { ContainerPort: int32(WebhookPort), Name: "https-webhook", }, { ContainerPort: int32(8080), Name: "probes", }, }, ReadinessProbe: &corev1.Probe{ InitialDelaySeconds: int32(5), PeriodSeconds: int32(10), ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/readiness", Port: intstr.IntOrString{ StrVal: "probes", Type: intstr.Type(int64(1)), }, Scheme: corev1.URISchemeHTTP, }, }, TimeoutSeconds: int32(5), }, Resources: kubeutil.Resources( "100m", "100Mi", "500m", "500Mi", ), SecurityContext: &corev1.SecurityContext{ Capabilities: &corev1.Capabilities{Drop: []corev1.Capability{corev1.Capability("ALL")}}, RunAsGroup: P(int64(65532)), RunAsNonRoot: P(true), RunAsUser: P(int64(65532)), SeccompProfile: &corev1.SeccompProfile{Type: corev1.SeccompProfileTypeRuntimeDefault}, }, }, }, ServiceAccountName: WebhookFullName, }, }, }, TypeMeta: kubeutil.TypeDeploymentV1, }
View Source
var PipelinesWebhookHPA = &autoscalingv2.HorizontalPodAutoscaler{ ObjectMeta: metav1.ObjectMeta{ Labels: kubeutil.MergeLabels( map[string]string{kubeutil.AppLabelName: WebhookName}, labelsWebhook, labelsVersion, ), Name: WebhookFullName, Namespace: PipelinesNS.Name, }, Spec: autoscalingv2.HorizontalPodAutoscalerSpec{ MaxReplicas: int32(5), Metrics: []autoscalingv2.MetricSpec{ { Resource: &autoscalingv2.ResourceMetricSource{ Name: corev1.ResourceCPU, Target: autoscalingv2.MetricTarget{ AverageUtilization: P(int32(100)), Type: autoscalingv2.UtilizationMetricType, }, }, Type: autoscalingv2.ResourceMetricSourceType, }, }, MinReplicas: P(int32(1)), ScaleTargetRef: autoscalingv2.CrossVersionObjectReference{ APIVersion: PipelinesWebhookDeploy.APIVersion, Kind: PipelinesWebhookDeploy.Kind, Name: PipelinesWebhookDeploy.Name, }, }, TypeMeta: kubeutil.TypeHorizontalPodAutoscalerV2, }
View Source
var PipelinesWebhookRole = &rbacv1.Role{ ObjectMeta: metav1.ObjectMeta{ Labels: labelsWebhook, Name: WebhookFullName, Namespace: PipelinesNS.Name, }, Rules: []rbacv1.PolicyRule{ { APIGroups: []string{}, Resources: []string{"configmaps"}, Verbs: []string{"list", "watch"}, }, { APIGroups: []string{}, ResourceNames: []string{ ConfigLoggingCM.Name, ConfigObservabilityCM.Name, ConfigLeaderElectionCM.Name, FeatureFlagsCM.Name, }, Resources: []string{"configmaps"}, Verbs: []string{"get"}, }, { APIGroups: []string{}, Resources: []string{"secrets"}, Verbs: []string{"list", "watch"}, }, { APIGroups: []string{}, ResourceNames: []string{WebhookCertsSecrets.Name}, Resources: []string{"secrets"}, Verbs: []string{"get", "update"}, }, }, TypeMeta: kubeutil.TypeRoleV1, }
View Source
var PipelinesWebhookSA = kubeutil.ServiceAccount( WebhookFullName, PipelinesNS.Name, labelsWebhook, nil, )
View Source
var PipelinesWebhookSVC = &corev1.Service{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app": "tekton-pipelines-webhook", "app.kubernetes.io/component": "webhook", "app.kubernetes.io/instance": "default", "app.kubernetes.io/name": "webhook", "app.kubernetes.io/part-of": "tekton-pipelines", "app.kubernetes.io/version": "v0.45.0", "pipeline.tekton.dev/release": "v0.45.0", "version": "v0.45.0", }, Name: "tekton-pipelines-webhook", Namespace: "tekton-pipelines", }, Spec: corev1.ServiceSpec{ Ports: []corev1.ServicePort{ { Name: "http-metrics", Port: int32(9090), TargetPort: intstr.IntOrString{IntVal: int32(9090)}, }, { Name: "http-profiling", Port: int32(8008), TargetPort: intstr.IntOrString{IntVal: int32(8008)}, }, { Name: "https-webhook", Port: int32(443), TargetPort: intstr.IntOrString{ StrVal: "https-webhook", Type: intstr.Type(int64(1)), }, }, { Name: "probes", Port: int32(8080), }, }, Selector: map[string]string{ "app.kubernetes.io/component": "webhook", "app.kubernetes.io/instance": "default", "app.kubernetes.io/name": "webhook", "app.kubernetes.io/part-of": "tekton-pipelines", }, }, TypeMeta: metav1.TypeMeta{ APIVersion: "v1", Kind: "Service", }, }
View Source
var ResolutionRequestsCRD = &apiextensionsv1.CustomResourceDefinition{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{"resolution.tekton.dev/release": "devel"}, Name: "resolutionrequests.resolution.tekton.dev", }, Spec: apiextensionsv1.CustomResourceDefinitionSpec{ Conversion: &apiextensionsv1.CustomResourceConversion{ Strategy: apiextensionsv1.ConversionStrategyType("Webhook"), Webhook: &apiextensionsv1.WebhookConversion{ ClientConfig: &apiextensionsv1.WebhookClientConfig{ Service: &apiextensionsv1.ServiceReference{ Name: "tekton-pipelines-webhook", Namespace: "tekton-pipelines", }, }, ConversionReviewVersions: []string{"v1alpha1", "v1beta1"}, }, }, Group: "resolution.tekton.dev", Names: apiextensionsv1.CustomResourceDefinitionNames{ Categories: []string{"tekton", "tekton-pipelines"}, Kind: "ResolutionRequest", Plural: "resolutionrequests", ShortNames: []string{"resolutionrequest", "resolutionrequests"}, Singular: "resolutionrequest", }, Scope: apiextensionsv1.ResourceScope("Namespaced"), Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ { AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ { JSONPath: ".status.conditions[?(@.type=='Succeeded')].status", Name: "Succeeded", Type: "string", }, { JSONPath: ".status.conditions[?(@.type=='Succeeded')].reason", Name: "Reason", Type: "string", }, }, Deprecated: true, Name: "v1alpha1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, { AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ { JSONPath: ".metadata.ownerReferences[0].kind", Name: "OwnerKind", Type: "string", }, { JSONPath: ".metadata.ownerReferences[0].name", Name: "Owner", Type: "string", }, { JSONPath: ".status.conditions[?(@.type=='Succeeded')].status", Name: "Succeeded", Type: "string", }, { JSONPath: ".status.conditions[?(@.type=='Succeeded')].reason", Name: "Reason", Type: "string", }, { JSONPath: ".metadata.creationTimestamp", Name: "StartTime", Type: "string", }, { JSONPath: ".status.conditions[?(@.type=='Succeeded')].lastTransitionTime", Name: "EndTime", Type: "string", }, }, Name: "v1beta1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Storage: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, }, }, TypeMeta: metav1.TypeMeta{ APIVersion: "apiextensions.k8s.io/v1", Kind: "CustomResourceDefinition", }, }
View Source
var ResolversFeatureFlagsCM = &corev1.ConfigMap{ Data: map[string]string{ "enable-bundles-resolver": "true", "enable-cluster-resolver": "true", "enable-git-resolver": "true", "enable-hub-resolver": "true", }, ObjectMeta: metav1.ObjectMeta{ Labels: labelsResolvers, Name: "resolvers-feature-flags", Namespace: ResolversNS.Name, }, TypeMeta: kubeutil.TypeConfigMapV1, }
View Source
var RunsDevCRD = &apiextensionsv1.CustomResourceDefinition{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app.kubernetes.io/instance": "default", "app.kubernetes.io/part-of": "tekton-pipelines", "pipeline.tekton.dev/release": "v0.45.0", "version": "v0.45.0", }, Name: "runs.tekton.dev", }, Spec: apiextensionsv1.CustomResourceDefinitionSpec{ Group: "tekton.dev", Names: apiextensionsv1.CustomResourceDefinitionNames{ Categories: []string{"tekton", "tekton-pipelines"}, Kind: "Run", Plural: "runs", Singular: "run", }, Scope: apiextensionsv1.ResourceScope("Namespaced"), Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ { AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ { JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status", Name: "Succeeded", Type: "string", }, { JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason", Name: "Reason", Type: "string", }, { JSONPath: ".status.startTime", Name: "StartTime", Type: "date", }, { JSONPath: ".status.completionTime", Name: "CompletionTime", Type: "date", }, }, Name: "v1alpha1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Storage: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, }, }, TypeMeta: metav1.TypeMeta{ APIVersion: "apiextensions.k8s.io/v1", Kind: "CustomResourceDefinition", }, }
View Source
var TaskRunsDevCRD = &apiextensionsv1.CustomResourceDefinition{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app.kubernetes.io/instance": "default", "app.kubernetes.io/part-of": "tekton-pipelines", "pipeline.tekton.dev/release": "v0.45.0", "version": "v0.45.0", }, Name: "taskruns.tekton.dev", }, Spec: apiextensionsv1.CustomResourceDefinitionSpec{ Conversion: &apiextensionsv1.CustomResourceConversion{ Strategy: apiextensionsv1.ConversionStrategyType("Webhook"), Webhook: &apiextensionsv1.WebhookConversion{ ClientConfig: &apiextensionsv1.WebhookClientConfig{ Service: &apiextensionsv1.ServiceReference{ Name: "tekton-pipelines-webhook", Namespace: "tekton-pipelines", }, }, ConversionReviewVersions: []string{"v1beta1", "v1"}, }, }, Group: "tekton.dev", Names: apiextensionsv1.CustomResourceDefinitionNames{ Categories: []string{"tekton", "tekton-pipelines"}, Kind: "TaskRun", Plural: "taskruns", ShortNames: []string{"tr", "trs"}, Singular: "taskrun", }, Scope: apiextensionsv1.ResourceScope("Namespaced"), Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ { AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ { JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status", Name: "Succeeded", Type: "string", }, { JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason", Name: "Reason", Type: "string", }, { JSONPath: ".status.startTime", Name: "StartTime", Type: "date", }, { JSONPath: ".status.completionTime", Name: "CompletionTime", Type: "date", }, }, Name: "v1beta1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Storage: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, { AdditionalPrinterColumns: []apiextensionsv1.CustomResourceColumnDefinition{ { JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status", Name: "Succeeded", Type: "string", }, { JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason", Name: "Reason", Type: "string", }, { JSONPath: ".status.startTime", Name: "StartTime", Type: "date", }, { JSONPath: ".status.completionTime", Name: "CompletionTime", Type: "date", }, }, Name: "v1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, }, }, TypeMeta: metav1.TypeMeta{ APIVersion: "apiextensions.k8s.io/v1", Kind: "CustomResourceDefinition", }, }
View Source
var TasksDevCRD = &apiextensionsv1.CustomResourceDefinition{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app.kubernetes.io/instance": "default", "app.kubernetes.io/part-of": "tekton-pipelines", "pipeline.tekton.dev/release": "v0.45.0", "version": "v0.45.0", }, Name: "tasks.tekton.dev", }, Spec: apiextensionsv1.CustomResourceDefinitionSpec{ Conversion: &apiextensionsv1.CustomResourceConversion{ Strategy: apiextensionsv1.ConversionStrategyType("Webhook"), Webhook: &apiextensionsv1.WebhookConversion{ ClientConfig: &apiextensionsv1.WebhookClientConfig{ Service: &apiextensionsv1.ServiceReference{ Name: "tekton-pipelines-webhook", Namespace: "tekton-pipelines", }, }, ConversionReviewVersions: []string{"v1beta1", "v1"}, }, }, Group: "tekton.dev", Names: apiextensionsv1.CustomResourceDefinitionNames{ Categories: []string{"tekton", "tekton-pipelines"}, Kind: "Task", Plural: "tasks", Singular: "task", }, Scope: apiextensionsv1.ResourceScope("Namespaced"), Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ { Name: "v1beta1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Storage: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, { Name: "v1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Subresources: &apiextensionsv1.CustomResourceSubresources{}, }, }, }, TypeMeta: metav1.TypeMeta{ APIVersion: "apiextensions.k8s.io/v1", Kind: "CustomResourceDefinition", }, }
View Source
var ValidationWebhookPipelineDevValidatingwebhookconfigurations = &admissionregistrationv1.ValidatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{ Labels: kubeutil.MergeLabels(labelsWebhook, labelsVersion), Name: "validation.webhook.pipeline.tekton.dev", }, TypeMeta: kubeutil.TypeValidatingWebhookConfigurationV1, Webhooks: []admissionregistrationv1.ValidatingWebhook{ { AdmissionReviewVersions: []string{"v1"}, ClientConfig: admissionregistrationv1.WebhookClientConfig{ Service: &admissionregistrationv1.ServiceReference{ Name: WebhookFullName, Namespace: PipelinesNS.Name, }, }, FailurePolicy: P(admissionregistrationv1.Fail), Name: "validation.webhook.pipeline.tekton.dev", SideEffects: P(admissionregistrationv1.SideEffectClassNone), }, }, }
View Source
var VerificationPoliciesDevCRD = &apiextensionsv1.CustomResourceDefinition{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app.kubernetes.io/instance": "default", "app.kubernetes.io/part-of": "tekton-pipelines", "pipeline.tekton.dev/release": "v0.45.0", "version": "v0.45.0", }, Name: "verificationpolicies.tekton.dev", }, Spec: apiextensionsv1.CustomResourceDefinitionSpec{ Group: "tekton.dev", Names: apiextensionsv1.CustomResourceDefinitionNames{ Categories: []string{"tekton", "tekton-pipelines"}, Kind: "VerificationPolicy", Plural: "verificationpolicies", Singular: "verificationpolicy", }, Scope: apiextensionsv1.ResourceScope("Namespaced"), Versions: []apiextensionsv1.CustomResourceDefinitionVersion{ { Name: "v1alpha1", Schema: &apiextensionsv1.CustomResourceValidation{ OpenAPIV3Schema: &apiextensionsv1.JSONSchemaProps{ Type: "object", XPreserveUnknownFields: P(true), }, }, Served: true, Storage: true, }, }, }, TypeMeta: metav1.TypeMeta{ APIVersion: "apiextensions.k8s.io/v1", Kind: "CustomResourceDefinition", }, }
View Source
var WebhookCertsSecrets = &corev1.Secret{ Data: nil, ObjectMeta: metav1.ObjectMeta{ Labels: kubeutil.MergeLabels(labelsWebhook, labelsVersion), Name: "webhook-certs", Namespace: PipelinesNS.Name, }, TypeMeta: kubeutil.TypeSecretV1, } // TODO: SECRETS SHOULD BE STORED ELSEWHERE THAN IN THE CODE!!!!
View Source
var WebhookPipelineDevMutatingwebhookconfigurations = &admissionregistrationv1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{ Labels: kubeutil.MergeLabels(labelsWebhook, labelsVersion), Name: "webhook.pipeline.tekton.dev", }, TypeMeta: kubeutil.TypeMutatingWebhookConfigurationV1, Webhooks: []admissionregistrationv1.MutatingWebhook{ { AdmissionReviewVersions: []string{"v1"}, ClientConfig: admissionregistrationv1.WebhookClientConfig{ Service: &admissionregistrationv1.ServiceReference{ Name: WebhookFullName, Namespace: PipelinesNS.Name, }, }, FailurePolicy: P(admissionregistrationv1.Fail), Name: "webhook.pipeline.tekton.dev", SideEffects: P(admissionregistrationv1.SideEffectClassNone), }, }, }
Functions ¶
Types ¶
type CRD ¶
type CRD struct {
ClusterTasksDevCRD *apiextensionsv1.CustomResourceDefinition
CustomRunsDevCRD *apiextensionsv1.CustomResourceDefinition
PipelineRunsDevCRD *apiextensionsv1.CustomResourceDefinition
PipelinesDevCRD *apiextensionsv1.CustomResourceDefinition
ResolutionRequestsResolutionDevCRD *apiextensionsv1.CustomResourceDefinition
RunsDevCRD *apiextensionsv1.CustomResourceDefinition
TaskRunsDevCRD *apiextensionsv1.CustomResourceDefinition
TasksDevCRD *apiextensionsv1.CustomResourceDefinition
VerificationPoliciesDevCRD *apiextensionsv1.CustomResourceDefinition
}
type Tekton ¶
type Tekton struct {
kube.App
CRD
PipelinesNS *corev1.Namespace
ResolversNS *corev1.Namespace
AggregateEditCR *rbacv1.ClusterRole
AggregateViewCR *rbacv1.ClusterRole
BundleResolverConfigCM *corev1.ConfigMap
ClusterResolverConfigCM *corev1.ConfigMap
ConfigDefaultsCM *corev1.ConfigMap
ConfigLeaderElectionCM *corev1.ConfigMap
ConfigLeaderElectionResolversCM *corev1.ConfigMap
ConfigLoggingCM *corev1.ConfigMap
ConfigLoggingResolversCM *corev1.ConfigMap
ConfigObservabilityCM *corev1.ConfigMap
ConfigObservabilityResolversCM *corev1.ConfigMap
ConfigRegistryCertCM *corev1.ConfigMap
ConfigSpireCM *corev1.ConfigMap
FeatureFlagsCM *corev1.ConfigMap
GitResolverConfigCM *corev1.ConfigMap
HubResolverConfigCM *corev1.ConfigMap
PipelinesControllerClusterAccessCR *rbacv1.ClusterRole
PipelinesControllerClusterAccessCRB *rbacv1.ClusterRoleBinding
PipelinesControllerDeploy *appsv1.Deployment
PipelinesControllerLeaderElectionRB *rbacv1.RoleBinding
PipelinesControllerRB *rbacv1.RoleBinding
PipelinesControllerRole *rbacv1.Role
PipelinesControllerSA *corev1.ServiceAccount
PipelinesControllerSVC *corev1.Service
PipelinesControllerTenantAccessCR *rbacv1.ClusterRole
PipelinesControllerTenantAccessCRB *rbacv1.ClusterRoleBinding
PipelinesInfoCM *corev1.ConfigMap
PipelinesInfoRB *rbacv1.RoleBinding
PipelinesInfoRole *rbacv1.Role
PipelinesLeaderElectionRole *rbacv1.Role
PipelinesRemoteResolversDeploy *appsv1.Deployment
PipelinesResolversCRB *rbacv1.ClusterRoleBinding
PipelinesResolversNamespaceRbacRB *rbacv1.RoleBinding
PipelinesResolversNamespaceRbacRole *rbacv1.Role
PipelinesResolversResolutionRequestUpdatesCR *rbacv1.ClusterRole
PipelinesResolversSA *corev1.ServiceAccount
PipelinesWebhookClusterAccessCR *rbacv1.ClusterRole
PipelinesWebhookClusterAccessCRB *rbacv1.ClusterRoleBinding
PipelinesWebhookDeploy *appsv1.Deployment
PipelinesWebhookHPA *autoscalingv2.HorizontalPodAutoscaler
PipelinesWebhookLeaderelectionRB *rbacv1.RoleBinding
PipelinesWebhookRB *rbacv1.RoleBinding
PipelinesWebhookRole *rbacv1.Role
PipelinesWebhookSA *corev1.ServiceAccount
PipelinesWebhookSVC *corev1.Service
ResolversFeatureFlagsCM *corev1.ConfigMap
WebhookCertsSecrets *corev1.Secret
ValidatePipelineWebhook *admissionregistrationv1.ValidatingWebhookConfiguration
ValidateConfigPipelineWebhook *admissionregistrationv1.ValidatingWebhookConfiguration
MutatePipelineWebhook *admissionregistrationv1.MutatingWebhookConfiguration
}
Tekton contains kubernetes manifests
Source Files
Click to show internal directories.
Click to hide internal directories.