diff --git a/src/tektoncd/base/release.yaml b/src/tektoncd/base/release.yaml index 94497169..0da9e5da 100644 --- a/src/tektoncd/base/release.yaml +++ b/src/tektoncd/base/release.yaml @@ -49,19 +49,23 @@ rules: # Controller needs to watch Pods created by TaskRuns to see them progress. resources: ["pods"] verbs: ["list", "watch"] + - apiGroups: [""] + # Controller needs to get the list of cordoned nodes over the course of a single run + resources: ["nodes"] + verbs: ["list"] # Controller needs cluster access to all of the CRDs that it is responsible for # managing. - apiGroups: ["tekton.dev"] - resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "runs", "customruns"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["tekton.dev"] resources: ["verificationpolicies"] verbs: ["get", "list", "watch"] - apiGroups: ["tekton.dev"] - resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers", "customruns/finalizers"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "customruns/finalizers"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["tekton.dev"] - resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "runs/status", "customruns/status", "verificationpolicies/status"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "customruns/status", "verificationpolicies/status"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] # resolution.tekton.dev - apiGroups: ["resolution.tekton.dev"] @@ -112,7 +116,6 @@ rules: resourceNames: - pipelines.tekton.dev - pipelineruns.tekton.dev - - runs.tekton.dev - tasks.tekton.dev - clustertasks.tekton.dev - taskruns.tekton.dev @@ -485,8 +488,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.46.0" - version: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" + version: "v0.47.3" spec: group: tekton.dev preserveUnknownFields: false @@ -548,8 +551,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.46.0" - version: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" + version: "v0.47.3" spec: group: tekton.dev preserveUnknownFields: false @@ -616,8 +619,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.46.0" - version: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" + version: "v0.47.3" spec: group: tekton.dev preserveUnknownFields: false @@ -695,8 +698,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.46.0" - version: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" + version: "v0.47.3" spec: group: tekton.dev preserveUnknownFields: false @@ -886,74 +889,6 @@ spec: name: tekton-pipelines-webhook namespace: tekton-pipelines ---- -# Copyright 2020 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: runs.tekton.dev - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.46.0" - version: "v0.46.0" -spec: - group: tekton.dev - preserveUnknownFields: false - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime - - name: CompletionTime - type: date - jsonPath: .status.completionTime - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - names: - kind: Run - plural: runs - singular: run - categories: - - tekton - - tekton-pipelines - scope: Namespaced - --- # Copyright 2019 The Tekton Authors # @@ -976,8 +911,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.46.0" - version: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" + version: "v0.47.3" spec: group: tekton.dev preserveUnknownFields: false @@ -1058,8 +993,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.46.0" - version: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" + version: "v0.47.3" spec: group: tekton.dev preserveUnknownFields: false @@ -1168,8 +1103,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.46.0" - version: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" + version: "v0.47.3" spec: group: tekton.dev versions: @@ -1220,7 +1155,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" # The data is populated at install time. --- apiVersion: admissionregistration.k8s.io/v1 @@ -1231,7 +1166,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1250,7 +1185,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1269,7 +1204,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1534,19 +1469,16 @@ data: # Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a # CloudEvents sink is configured in the config-defaults config map send-cloudevents-for-runs: "false" - # Setting this flag to "enforce" will enforce verification of tasks/pipeline. Failing to verify - # will fail the taskrun/pipelinerun. "warn" will only log the err message and "skip" - # will skip the whole verification - resource-verification-mode: "skip" + # This flag affects the behavior of taskruns and pipelineruns in cases where no VerificationPolicies match them. + # If it is set to "fail", TaskRuns and PipelineRuns will fail verification if no matching policies are found. + # If it is set to "warn", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and an error will be logged. + # If it is set to "ignore", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and no error will be logged. + trusted-resources-verification-no-match-policy: "ignore" # Setting this flag to "true" enables populating the "provenance" field in TaskRun # and PipelineRun status. This field contains metadata about resources used # in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline # definition was fetched. enable-provenance-in-status: "false" - # Setting this flag will determine the version for custom tasks created by PipelineRuns. - # Acceptable values are "v1beta1" and "v1alpha1". - # The default is "v1beta1". - custom-task-version: "v1beta1" # Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance. # If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance. # If set to "none", then Tekton will not have non-falsifiable provenance. @@ -1582,7 +1514,7 @@ data: # this ConfigMap such that even if we don't have access to # other resources in the namespace we still can have access to # this ConfigMap. - version: "v0.46.0" + version: "v0.47.3" --- # Copyright 2020 Tekton Authors LLC @@ -1855,12 +1787,12 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.46.0" + app.kubernetes.io/version: "v0.47.3" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" # labels below are related to istio and should not be used for resource lookup - version: "v0.46.0" + version: "v0.47.3" spec: replicas: 1 selector: @@ -1875,13 +1807,13 @@ spec: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.46.0" + app.kubernetes.io/version: "v0.47.3" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.46.0" + version: "v0.47.3" spec: affinity: nodeAffinity: @@ -1895,11 +1827,11 @@ spec: serviceAccountName: tekton-pipelines-controller containers: - name: tekton-pipelines-controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.46.0@sha256:d67fb2fb69ec38571ce3f71ce09571154e4b5db9b4cf71d69c2cb32455a4f8b4 + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.47.3@sha256:cfbca9c19a8e7fe4f68b80499c9d921a03240ae2185d6f7d536c33b1177138ca args: [ # These images are built on-demand by `ko resolve` and are replaced # by image references by digest. - "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.46.0@sha256:36114bab6037563667aa0620037e7a063ffe00f432866a293807f8029eddd645", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.46.0@sha256:1b9ad2522b5a5ea0c51ac43e2838ea1535de9d9c82c7864ed9a88553db434a29", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.46.0@sha256:4bc1d0dc796a2a85a72d431344b80a2ac93f259fdd199d17ebc6d31b52a571d6", "-workingdirinit-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.46.0@sha256:b066c05c1565675a573563557d2cd91bea48217091a3beda639f0dbdea5910bc", + "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.47.3@sha256:3f9bc08c3d61c47fa43e6225aaa0df83ee26de73b37a247c8a4ed55392400bc2", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.47.3@sha256:92755ff9cdaacbdbee440f1e9b6b7e43cbc89b1882d0f646ed6e5658325730c5", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.47.3@sha256:145904e64c1aa4cf39d2ff4fbf2125c76d0627fcbdcc5dd24b7e208a28cb9638", "-workingdirinit-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.47.3@sha256:602ba2e60b059f9227f0e1604c750b0afc016064d718a6f0c22ae34cb6b14103", # The shell image must allow root in order to create directories and copy files to PVCs. # cgr.dev/chainguard/busybox as of April 14 2022 # image shall not contains tag, so it will be supported on a runtime like cri-o @@ -1998,13 +1930,13 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.46.0" + app.kubernetes.io/version: "v0.47.3" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.46.0" + version: "v0.47.3" name: tekton-pipelines-controller namespace: tekton-pipelines spec: @@ -2583,12 +2515,12 @@ metadata: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.46.0" + app.kubernetes.io/version: "v0.47.3" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" # labels below are related to istio and should not be used for resource lookup - version: "v0.46.0" + version: "v0.47.3" spec: replicas: 1 selector: @@ -2603,13 +2535,13 @@ spec: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.46.0" + app.kubernetes.io/version: "v0.47.3" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-resolvers - version: "v0.46.0" + version: "v0.47.3" spec: affinity: podAntiAffinity: @@ -2626,7 +2558,7 @@ spec: serviceAccountName: tekton-pipelines-resolvers containers: - name: controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.46.0@sha256:f57448b914c72c03cbf36228134cc9ed24e28fef6d2e0d6d72c34908f38d8742 + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.47.3@sha256:ea46db5fd1c6c1774762fee57cb49aef6a9a6ba862c85232c8a89f1ab67b43fd resources: requests: cpu: 100m @@ -2692,12 +2624,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.46.0" + app.kubernetes.io/version: "v0.47.3" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" # labels below are related to istio and should not be used for resource lookup - version: "v0.46.0" + version: "v0.47.3" spec: minReplicas: 1 maxReplicas: 5 @@ -2740,12 +2672,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.46.0" + app.kubernetes.io/version: "v0.47.3" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" # labels below are related to istio and should not be used for resource lookup - version: "v0.46.0" + version: "v0.47.3" spec: selector: matchLabels: @@ -2759,13 +2691,13 @@ spec: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.46.0" + app.kubernetes.io/version: "v0.47.3" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.46.0" + version: "v0.47.3" spec: affinity: nodeAffinity: @@ -2792,7 +2724,7 @@ spec: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.46.0@sha256:5dc383dc1bd71d81180e0e4da68be966ebf383cfd0ac9f53a72cff11463e7f59 + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.47.3@sha256:20fe883b019e80fecddbb97a86d6773925c7b6727cf5e8e7007c47416bd9ebf7 # Resource request required for autoscaler to take any action for a metric resources: requests: @@ -2881,13 +2813,13 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.46.0" + app.kubernetes.io/version: "v0.47.3" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.46.0" + pipeline.tekton.dev/release: "v0.47.3" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.46.0" + version: "v0.47.3" name: tekton-pipelines-webhook namespace: tekton-pipelines spec: