From 776db4ebf7a3cebe86aaeed0f3fa2f25af96b71e Mon Sep 17 00:00:00 2001 From: "Ricardo M. Oliveira" Date: Mon, 26 Feb 2024 18:10:50 -0300 Subject: [PATCH] Update kubeflow/kfp-tekton manifests from 2.0.5 Signed-off-by: Ricardo M. Oliveira --- README.md | 2 +- apps/kfp-tekton/upstream/OWNERS | 8 +- apps/kfp-tekton/upstream/README.md | 17 - .../base/cache-deployer/kustomization.yaml | 2 +- .../upstream/base/cache/kustomization.yaml | 2 +- .../generic/pipeline-install-config.yaml | 3 +- .../persistence-agent/cluster-role.yaml | 6 - .../base/metadata/base/kustomization.yaml | 2 +- .../upstream/base/pipeline/kustomization.yaml | 12 +- .../metadata-writer/kustomization.yaml | 2 +- .../ml-pipeline-apiserver-deployment.yaml | 2 + ...-pipeline-persistenceagent-deployment.yaml | 2 + .../ml-pipeline-persistenceagent-role.yaml | 8 +- ...pipeline-scheduledworkflow-deployment.yaml | 2 + .../kustomization.yaml | 27 + .../namespace.yaml | 4 + .../params.yaml | 4 + .../env/gcp/inverse-proxy/kustomization.yaml | 2 +- .../upstream/env/plain/kustomization.yaml | 2 +- .../kustomization.yaml | 9 +- .../tekton-config.yaml | 10 + .../kustomization.yaml | 6 +- .../kustomization.yaml | 6 +- .../application-controller-deployment.yaml | 11 +- .../kfptask/201-clusterrole.yaml | 13 + .../tekton-custom-task/kfptask/201-role.yaml | 28 + .../tekton-custom-task/kustomization.yaml | 22 +- .../pipeline-loops/201-clusterrole.yaml | 2 +- .../pipeline-loops/500-controller.yaml | 2 + .../tekton-dashboard-release.yaml | 21 +- .../base/tektoncd-install/tekton-config.yaml | 3 +- .../base/tektoncd-install/tekton-release.yaml | 858 +++++++++++++++--- 32 files changed, 892 insertions(+), 208 deletions(-) create mode 100644 apps/kfp-tekton/upstream/cluster-scoped-resources-tekton/kustomization.yaml create mode 100644 apps/kfp-tekton/upstream/cluster-scoped-resources-tekton/namespace.yaml create mode 100644 apps/kfp-tekton/upstream/cluster-scoped-resources-tekton/params.yaml create mode 100644 apps/kfp-tekton/upstream/env/platform-agnostic-tekton-multi-user/tekton-config.yaml diff --git a/README.md b/README.md index 3880463743..e6ee4d2891 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ This repo periodically syncs all official Kubeflow components from their respect | KServe | contrib/kserve/kserve | [v0.11.1](https://github.com/kserve/kserve/tree/v0.11.1/install/v0.11.1) | | KServe Models Web App | contrib/kserve/models-web-app | [v0.10.0](https://github.com/kserve/models-web-app/tree/v0.10.0/config) | | Kubeflow Pipelines | apps/pipeline/upstream | [2.0.3](https://github.com/kubeflow/pipelines/tree/2.0.3/manifests/kustomize) | -| Kubeflow Tekton Pipelines | apps/kfp-tekton/upstream | [v2.0.3](https://github.com/kubeflow/kfp-tekton/tree/v2.0.3/manifests/kustomize) | +| Kubeflow Tekton Pipelines | apps/kfp-tekton/upstream | [2.0.5](https://github.com/kubeflow/kfp-tekton/tree/2.0.5/manifests/kustomize) | ======= The following is also a matrix with versions from common components that are diff --git a/apps/kfp-tekton/upstream/OWNERS b/apps/kfp-tekton/upstream/OWNERS index 41cc4556df..6cbeef6afc 100644 --- a/apps/kfp-tekton/upstream/OWNERS +++ b/apps/kfp-tekton/upstream/OWNERS @@ -1,6 +1,6 @@ approvers: - - Tomcli - - yhwang + - Tomcli + - yhwang reviewers: - - Tomcli - - yhwang + - Tomcli + - yhwang diff --git a/apps/kfp-tekton/upstream/README.md b/apps/kfp-tekton/upstream/README.md index 696022afea..c7e44660aa 100644 --- a/apps/kfp-tekton/upstream/README.md +++ b/apps/kfp-tekton/upstream/README.md @@ -12,23 +12,6 @@ To install Kubeflow Pipelines Standalone, follow [Kubeflow Pipelines Standalone There are environment specific installation instructions not covered in the official deployment documentation, they are listed below. -## Kubeflow Pipelines on Tekton (KFP-Tekton) -Project bringing Kubeflow Pipelines and Tekton together. The current code allows you run Kubeflow Pipelines with Tekton backend end to end. -You can use the [Kubeflow Pipelines SDK v2](https://www.kubeflow.org/docs/components/pipelines/v2/introduction/) to compose a ML pipeline, -generate the Intermediate Representation(IR), and run it on KFP-Tekton. - -To install the KFP-Tekton v2 on any Kubernetes cluster, please follow the instructions below: -```bash -cd manifests/kustomize -KFP_ENV=platform-agnostic-tekton -kubectl apply -k cluster-scoped-resources-tekton/ -kubectl wait crd/applications.app.k8s.io --for condition=established --timeout=60s -kubectl apply -k "env/${KFP_ENV}/" -kubectl wait pods -l application-crd-id=kubeflow-pipelines -n kubeflow --for condition=Ready --timeout=1800s -kubectl port-forward -n kubeflow svc/ml-pipeline-ui 8080:80 -``` -Now you can access Kubeflow Pipelines UI in your browser by . - ### (env/platform-agnostic) install on any Kubernetes cluster Install: diff --git a/apps/kfp-tekton/upstream/base/cache-deployer/kustomization.yaml b/apps/kfp-tekton/upstream/base/cache-deployer/kustomization.yaml index de44a30c52..a68c93fd8a 100644 --- a/apps/kfp-tekton/upstream/base/cache-deployer/kustomization.yaml +++ b/apps/kfp-tekton/upstream/base/cache-deployer/kustomization.yaml @@ -8,4 +8,4 @@ commonLabels: app: cache-deployer images: - name: gcr.io/ml-pipeline/cache-deployer - newTag: 2.0.3 + newTag: 2.0.5 diff --git a/apps/kfp-tekton/upstream/base/cache/kustomization.yaml b/apps/kfp-tekton/upstream/base/cache/kustomization.yaml index 24fa04023a..8cafba774c 100644 --- a/apps/kfp-tekton/upstream/base/cache/kustomization.yaml +++ b/apps/kfp-tekton/upstream/base/cache/kustomization.yaml @@ -10,4 +10,4 @@ commonLabels: app: cache-server images: - name: gcr.io/ml-pipeline/cache-server - newTag: 2.0.3 + newTag: 2.0.5 diff --git a/apps/kfp-tekton/upstream/base/installs/generic/pipeline-install-config.yaml b/apps/kfp-tekton/upstream/base/installs/generic/pipeline-install-config.yaml index cd3b48e8ee..5b41da33a0 100644 --- a/apps/kfp-tekton/upstream/base/installs/generic/pipeline-install-config.yaml +++ b/apps/kfp-tekton/upstream/base/installs/generic/pipeline-install-config.yaml @@ -11,7 +11,7 @@ data: until the changes take effect. A quick way to restart all deployments in a namespace: `kubectl rollout restart deployment -n `. appName: pipeline - appVersion: 2.0.3 + appVersion: 2.0.5 dbHost: mysql # relic to be removed after release dbPort: "3306" # relic to be removed after release dbType: mysql @@ -93,3 +93,4 @@ data: ## If this value doesn't include a unit abbreviation, the units will be assumed ## to be nanoseconds. ConMaxLifeTime: "120s" + LOG_LEVEL: "info" diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/cluster-role.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/cluster-role.yaml index 0d2321241a..875ca9e3a0 100644 --- a/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/cluster-role.yaml +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/persistence-agent/cluster-role.yaml @@ -26,12 +26,6 @@ rules: - workflows verbs: - report -- apiGroups: - - '' - resources: - - namespaces - verbs: - - get - apiGroups: - tekton.dev resources: diff --git a/apps/kfp-tekton/upstream/base/metadata/base/kustomization.yaml b/apps/kfp-tekton/upstream/base/metadata/base/kustomization.yaml index 218758b6d6..9f803d0a5e 100644 --- a/apps/kfp-tekton/upstream/base/metadata/base/kustomization.yaml +++ b/apps/kfp-tekton/upstream/base/metadata/base/kustomization.yaml @@ -10,4 +10,4 @@ resources: namespace: kubeflow images: - name: gcr.io/ml-pipeline/metadata-envoy - newTag: 2.0.3 + newTag: 2.0.5 diff --git a/apps/kfp-tekton/upstream/base/pipeline/kustomization.yaml b/apps/kfp-tekton/upstream/base/pipeline/kustomization.yaml index e3d3ce55a2..4133ae41d6 100644 --- a/apps/kfp-tekton/upstream/base/pipeline/kustomization.yaml +++ b/apps/kfp-tekton/upstream/base/pipeline/kustomization.yaml @@ -37,14 +37,14 @@ resources: - kfp-launcher-configmap.yaml images: - name: gcr.io/ml-pipeline/api-server - newTag: 2.0.3 + newTag: 2.0.5 - name: gcr.io/ml-pipeline/persistenceagent - newTag: 2.0.3 + newTag: 2.0.5 - name: gcr.io/ml-pipeline/scheduledworkflow - newTag: 2.0.3 + newTag: 2.0.5 - name: gcr.io/ml-pipeline/frontend - newTag: 2.0.3 + newTag: 2.0.5 - name: gcr.io/ml-pipeline/viewer-crd-controller - newTag: 2.0.3 + newTag: 2.0.5 - name: gcr.io/ml-pipeline/visualization-server - newTag: 2.0.3 + newTag: 2.0.5 diff --git a/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/kustomization.yaml b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/kustomization.yaml index b503511088..5d4cec9dd3 100644 --- a/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/kustomization.yaml +++ b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/kustomization.yaml @@ -7,4 +7,4 @@ resources: - metadata-writer-sa.yaml images: - name: gcr.io/ml-pipeline/metadata-writer - newTag: 2.0.3 + newTag: 2.0.5 diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml index 754adf9057..27f823c68a 100644 --- a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml @@ -17,6 +17,8 @@ spec: spec: containers: - env: + - name: LOG_LEVEL + value: "info" - name: AUTO_UPDATE_PIPELINE_DEFAULT_VERSION valueFrom: configMapKeyRef: diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml index 7e979be070..611560a653 100644 --- a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml @@ -31,6 +31,8 @@ spec: value: "" - name: EXECUTIONTYPE value: Workflow + - name: LOG_LEVEL + value: "info" image: gcr.io/ml-pipeline/persistenceagent:dummy imagePullPolicy: IfNotPresent name: ml-pipeline-persistenceagent diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml index d4eccc7d37..92c36bed10 100644 --- a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-persistenceagent-role.yaml @@ -26,12 +26,6 @@ rules: - workflows verbs: - report -- apiGroups: - - '' - resources: - - namespaces - verbs: - - get - apiGroups: - tekton.dev resources: @@ -55,4 +49,4 @@ rules: - runs verbs: - reportMetrics - - readArtifact \ No newline at end of file + - readArtifact diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml index 75562d1ff4..0c68a5a58c 100644 --- a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml @@ -20,6 +20,8 @@ spec: imagePullPolicy: IfNotPresent name: ml-pipeline-scheduledworkflow env: + - name: LOG_LEVEL + value: "info" - name: NAMESPACE valueFrom: fieldRef: diff --git a/apps/kfp-tekton/upstream/cluster-scoped-resources-tekton/kustomization.yaml b/apps/kfp-tekton/upstream/cluster-scoped-resources-tekton/kustomization.yaml new file mode 100644 index 0000000000..ea1a04a385 --- /dev/null +++ b/apps/kfp-tekton/upstream/cluster-scoped-resources-tekton/kustomization.yaml @@ -0,0 +1,27 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: kubeflow + +resources: +- namespace.yaml +bases: +- ../third-party/application/cluster-scoped +# - ../third-party/argo/installs/namespace/cluster-scoped +- ../base/pipeline/cluster-scoped +- ../base/cache-deployer/cluster-scoped +vars: +# NOTE: var name must be unique globally to allow composition of multiple kustomize +# packages. Therefore, we added prefix `kfp-cluster-scoped-` to distinguish it from +# others. +- name: kfp-cluster-scoped-namespace + objref: + # cache deployer sa's metadata.namespace will be first transformed by namespace field in kustomization.yaml + # so that we only need to change kustomization.yaml's namespace field for namespace customization. + kind: ServiceAccount + name: kubeflow-pipelines-cache-deployer-sa + apiVersion: v1 + fieldref: + fieldpath: metadata.namespace +configurations: +- params.yaml diff --git a/apps/kfp-tekton/upstream/cluster-scoped-resources-tekton/namespace.yaml b/apps/kfp-tekton/upstream/cluster-scoped-resources-tekton/namespace.yaml new file mode 100644 index 0000000000..3c65856e7b --- /dev/null +++ b/apps/kfp-tekton/upstream/cluster-scoped-resources-tekton/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: '$(kfp-cluster-scoped-namespace)' diff --git a/apps/kfp-tekton/upstream/cluster-scoped-resources-tekton/params.yaml b/apps/kfp-tekton/upstream/cluster-scoped-resources-tekton/params.yaml new file mode 100644 index 0000000000..cc253fe266 --- /dev/null +++ b/apps/kfp-tekton/upstream/cluster-scoped-resources-tekton/params.yaml @@ -0,0 +1,4 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: metadata/name + kind: Namespace diff --git a/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/kustomization.yaml b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/kustomization.yaml index 827f961978..9c2d3b3d5c 100644 --- a/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/kustomization.yaml +++ b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: gcr.io/ml-pipeline/inverse-proxy-agent - newTag: 2.0.3 + newTag: 2.0.5 resources: - proxy-configmap.yaml - proxy-deployment.yaml diff --git a/apps/kfp-tekton/upstream/env/plain/kustomization.yaml b/apps/kfp-tekton/upstream/env/plain/kustomization.yaml index 7351fdb810..7bf943cab3 100644 --- a/apps/kfp-tekton/upstream/env/plain/kustomization.yaml +++ b/apps/kfp-tekton/upstream/env/plain/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - ../../cluster-scoped-resources + - ../../cluster-scoped-resources-tekton - ../../base/installs/generic - ../../base/metadata/base - ../../third-party/minio/base diff --git a/apps/kfp-tekton/upstream/env/platform-agnostic-tekton-multi-user/kustomization.yaml b/apps/kfp-tekton/upstream/env/platform-agnostic-tekton-multi-user/kustomization.yaml index ae0681064c..807b318cf1 100644 --- a/apps/kfp-tekton/upstream/env/platform-agnostic-tekton-multi-user/kustomization.yaml +++ b/apps/kfp-tekton/upstream/env/platform-agnostic-tekton-multi-user/kustomization.yaml @@ -15,13 +15,16 @@ commonLabels: images: - name: gcr.io/ml-pipeline/api-server newName: quay.io/aipipeline/apiserver - newTag: 2.0.3 + newTag: 2.0.5 - name: gcr.io/ml-pipeline/persistenceagent newName: quay.io/aipipeline/persistenceagent - newTag: 2.0.3 + newTag: 2.0.5 - name: gcr.io/ml-pipeline/scheduledworkflow newName: quay.io/aipipeline/scheduledworkflow - newTag: 2.0.3 + newTag: 2.0.5 + +patchesStrategicMerge: +- tekton-config.yaml patches: - patch: |- diff --git a/apps/kfp-tekton/upstream/env/platform-agnostic-tekton-multi-user/tekton-config.yaml b/apps/kfp-tekton/upstream/env/platform-agnostic-tekton-multi-user/tekton-config.yaml new file mode 100644 index 0000000000..5707255acd --- /dev/null +++ b/apps/kfp-tekton/upstream/env/platform-agnostic-tekton-multi-user/tekton-config.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-flags + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + running-in-environment-with-injected-sidecars: "true" diff --git a/apps/kfp-tekton/upstream/env/platform-agnostic-tekton/kustomization.yaml b/apps/kfp-tekton/upstream/env/platform-agnostic-tekton/kustomization.yaml index 4414deb8c7..cb9814e88d 100644 --- a/apps/kfp-tekton/upstream/env/platform-agnostic-tekton/kustomization.yaml +++ b/apps/kfp-tekton/upstream/env/platform-agnostic-tekton/kustomization.yaml @@ -13,13 +13,13 @@ resources: images: - name: gcr.io/ml-pipeline/api-server newName: quay.io/aipipeline/apiserver - newTag: 2.0.3 + newTag: 2.0.5 - name: gcr.io/ml-pipeline/persistenceagent newName: quay.io/aipipeline/persistenceagent - newTag: 2.0.3 + newTag: 2.0.5 - name: gcr.io/ml-pipeline/scheduledworkflow newName: quay.io/aipipeline/scheduledworkflow - newTag: 2.0.3 + newTag: 2.0.5 labels: - includeSelectors: true diff --git a/apps/kfp-tekton/upstream/env/platform-openshift-pipelines/kustomization.yaml b/apps/kfp-tekton/upstream/env/platform-openshift-pipelines/kustomization.yaml index b48a5efb69..342bbfe848 100644 --- a/apps/kfp-tekton/upstream/env/platform-openshift-pipelines/kustomization.yaml +++ b/apps/kfp-tekton/upstream/env/platform-openshift-pipelines/kustomization.yaml @@ -64,13 +64,13 @@ patches: images: - name: gcr.io/ml-pipeline/api-server newName: quay.io/aipipeline/apiserver - newTag: 2.0.3 + newTag: 2.0.0 - name: gcr.io/ml-pipeline/persistenceagent newName: quay.io/aipipeline/persistenceagent - newTag: 2.0.3 + newTag: 2.0.0 - name: gcr.io/ml-pipeline/scheduledworkflow newName: quay.io/aipipeline/scheduledworkflow - newTag: 2.0.3 + newTag: 2.0.0 labels: - includeSelectors: true diff --git a/apps/kfp-tekton/upstream/third-party/application/application-controller-deployment.yaml b/apps/kfp-tekton/upstream/third-party/application/application-controller-deployment.yaml index 8cffbb44fd..1f1c589aae 100644 --- a/apps/kfp-tekton/upstream/third-party/application/application-controller-deployment.yaml +++ b/apps/kfp-tekton/upstream/third-party/application/application-controller-deployment.yaml @@ -18,14 +18,9 @@ spec: spec: containers: - command: - - /bin/sh - - -c - # See https://github.com/kubeflow/gcp-blueprints/issues/184. - - | - echo "logs are hidden because volume is too excessive" && - /root/manager 2> /dev/null - # A customized image with https://github.com/kubernetes-sigs/application/pull/127 - image: gcr.io/ml-pipeline/application-crd-controller:1.0-beta-non-cluster-role + - /kube-app-manager + # Built from https://github.com/kubernetes-sigs/application master branch on the date specified in the image tag. + image: gcr.io/ml-pipeline/application-crd-controller:20231101 imagePullPolicy: IfNotPresent name: manager env: diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kfptask/201-clusterrole.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kfptask/201-clusterrole.yaml index bf74ff2b6e..d8da4a5e61 100644 --- a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kfptask/201-clusterrole.yaml +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kfptask/201-clusterrole.yaml @@ -34,6 +34,19 @@ rules: - apiGroups: ["apps"] resources: ["deployments", "deployments/finalizers"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: [""] + resources: ["persistentvolumes", "persistentvolumeclaims"] + verbs: ["*"] + + # Controller needs permission to emit events associated with Run CRs. + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + + # driver needs to access configmaps to get configuration + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "watch", "list"] --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kfptask/201-role.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kfptask/201-role.yaml index 055630eb1a..757ec7c4d6 100644 --- a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kfptask/201-role.yaml +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kfptask/201-role.yaml @@ -33,6 +33,34 @@ rules: resources: ["podsecuritypolicies"] resourceNames: ["tekton-pipelines", "openshift-pipelines"] verbs: ["use"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get"] + - apiGroups: [""] + resources: ["persistentvolumes", persistentvolumeclaims] + verbs: ["*"] + - apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshots"] + verbs: ["create", "delete", "get"] + - apiGroups: [""] + resources: ["pods", "pods/exec", "pods/log", "services"] + verbs: ["*"] + - apiGroups: ["", "apps", "extensions"] + resources: ["deployments", "replicasets"] + verbs: ["*"] + - apiGroups: ["kubeflow.org"] + resources: ["*"] + verbs: ["*"] + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["*"] + - apiGroups: ["machinelearning.seldon.io"] + resources: ["seldondeployments"] + verbs: ["*"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines", "openshift-pipelines"] + verbs: ["use"] --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kustomization.yaml index 55a89408c5..3af66de580 100644 --- a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kustomization.yaml @@ -3,29 +3,31 @@ kind: Kustomization resources: - pipeline-loops -- driver-controller - exit-handler - kfptask +# Deprecated controller +# - driver-controller namespace: tekton-pipelines images: - name: quay.io/aipipeline/pipelineloop-controller - newTag: 1.7.1 + newTag: 1.9.2 - name: quay.io/aipipeline/pipelineloop-webhook - newTag: 1.7.1 - - name: kfp-v2-dev-driver-controller - newName: quay.io/aipipeline/tekton-driver - newTag: 2.0.3 + newTag: 1.9.2 - name: tekton-exithandler-controller newName: quay.io/aipipeline/tekton-exithandler-controller - newTag: 2.0.3 + newTag: 2.0.5 - name: tekton-exithandler-webhook newName: quay.io/aipipeline/tekton-exithandler-webhook - newTag: 2.0.3 + newTag: 2.0.5 - name: tekton-kfptask-controller newName: quay.io/aipipeline/tekton-kfptask-controller - newTag: 2.0.3 + newTag: 2.0.5 - name: tekton-kfptask-webhook newName: quay.io/aipipeline/tekton-kfptask-webhook - newTag: 2.0.3 + newTag: 2.0.5 + # Deprecated controller + # - name: kfp-v2-dev-driver-controller + # newName: quay.io/aipipeline/tekton-driver + # newTag: 2.0.3 diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-clusterrole.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-clusterrole.yaml index 40e18c7253..34281f8b89 100644 --- a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-clusterrole.yaml +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-clusterrole.yaml @@ -15,7 +15,7 @@ rules: resources: ["runs/status", "customruns/status", "taskruns/status", "pipelineruns/status", "runs/finalizers", "customruns/finalizers",] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["custom.tekton.dev"] - resources: ["pipelineloops"] + resources: ["pipelineloops", "kfptasks"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["apps"] resources: ["deployments", "deployments/finalizers"] diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-controller.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-controller.yaml index 9361b0a856..e58fc23b97 100644 --- a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-controller.yaml +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-controller.yaml @@ -42,6 +42,8 @@ spec: - name: tekton-pipelineloop-controller image: quay.io/aipipeline/pipelineloop-controller:nightly env: + - name: KFPV2 + value: "true" - name: SYSTEM_NAMESPACE valueFrom: fieldRef: diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/tekton-dashboard-release.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/tekton-dashboard-release.yaml index d676e22f52..0b7dd653f9 100644 --- a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/tekton-dashboard-release.yaml +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/tekton-dashboard-release.yaml @@ -146,7 +146,7 @@ rules: - taskruns - pipelines - pipelineruns - - runs + - customruns verbs: - get - list @@ -201,7 +201,7 @@ subjects: --- apiVersion: v1 data: - version: v0.32.0 + version: v0.41.0 kind: ConfigMap metadata: labels: @@ -219,9 +219,9 @@ metadata: app.kubernetes.io/instance: default app.kubernetes.io/name: dashboard app.kubernetes.io/part-of: tekton-dashboard - app.kubernetes.io/version: v0.32.0 - dashboard.tekton.dev/release: v0.32.0 - version: v0.32.0 + app.kubernetes.io/version: v0.41.0 + dashboard.tekton.dev/release: v0.41.0 + version: v0.41.0 name: tekton-dashboard namespace: tekton-pipelines spec: @@ -245,9 +245,9 @@ metadata: app.kubernetes.io/instance: default app.kubernetes.io/name: dashboard app.kubernetes.io/part-of: tekton-dashboard - app.kubernetes.io/version: v0.32.0 - dashboard.tekton.dev/release: v0.32.0 - version: v0.32.0 + app.kubernetes.io/version: v0.41.0 + dashboard.tekton.dev/release: v0.41.0 + version: v0.41.0 name: tekton-dashboard namespace: tekton-pipelines spec: @@ -266,7 +266,7 @@ spec: app.kubernetes.io/instance: default app.kubernetes.io/name: dashboard app.kubernetes.io/part-of: tekton-dashboard - app.kubernetes.io/version: v0.32.0 + app.kubernetes.io/version: v0.41.0 name: tekton-dashboard spec: containers: @@ -279,6 +279,7 @@ spec: - --log-level=info - --log-format=json - --namespace= + - --namespaces= - --stream-logs=true - --external-logs= env: @@ -286,7 +287,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.32.0@sha256:f11d6bdd2a1f2bb1e6366e416741ce1754a7695837305c054a0167f3f7b055ca + image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.41.0@sha256:698b458f98789177571182b8d092d49e44cd814ab8bbd3434e6ea66d538196c1 livenessProbe: httpGet: path: /health diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/tekton-config.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/tekton-config.yaml index 181b6c4155..e66f1a50ad 100644 --- a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/tekton-config.yaml +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/tekton-config.yaml @@ -7,5 +7,4 @@ metadata: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines data: - embedded-status: "full" - custom-task-version: "v1beta1" + running-in-environment-with-injected-sidecars: "false" diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/tekton-release.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/tekton-release.yaml index 5153ba0e4e..aa826b6352 100644 --- a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/tekton-release.yaml +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/tekton-release.yaml @@ -56,7 +56,7 @@ rules: # Controller needs cluster access to all of the CRDs that it is responsible for # managing. - apiGroups: ["tekton.dev"] - resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns", "stepactions"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["tekton.dev"] resources: ["verificationpolicies"] @@ -65,7 +65,7 @@ rules: resources: ["taskruns/finalizers", "pipelineruns/finalizers", "customruns/finalizers"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["tekton.dev"] - resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "customruns/status", "verificationpolicies/status"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "customruns/status", "verificationpolicies/status", "stepactions/status"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] # resolution.tekton.dev - apiGroups: ["resolution.tekton.dev"] @@ -122,6 +122,7 @@ rules: - resolutionrequests.resolution.tekton.dev - customruns.tekton.dev - verificationpolicies.tekton.dev + - stepactions.tekton.dev # knative.dev/pkg needs list/watch permissions to set up informers for the webhook. - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -160,6 +161,19 @@ rules: # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources, # which requires we can update the system namespace finalizers. resourceNames: ["tekton-pipelines"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-events-controller-cluster-access + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns"] + verbs: ["get", "list", "watch"] --- # Copyright 2020 The Tekton Authors @@ -193,7 +207,7 @@ rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["get"] - resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", "config-artifact-pvc", "feature-flags", "config-leader-election", "config-registry-cert"] + resourceNames: ["config-logging", "config-observability", "feature-flags", "config-leader-election-controller", "config-registry-cert"] --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 @@ -212,7 +226,7 @@ rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["get"] - resourceNames: ["config-logging", "config-observability", "config-leader-election", "feature-flags"] + resourceNames: ["config-logging", "config-observability", "config-leader-election-webhook", "feature-flags"] - apiGroups: [""] resources: ["secrets"] verbs: ["list", "watch"] @@ -226,6 +240,25 @@ rules: --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-events-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The controller needs access to these configmaps for logging information and runtime configuration. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "feature-flags", "config-leader-election-events", "config-registry-cert"] +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tekton-pipelines-leader-election namespace: tekton-pipelines @@ -289,6 +322,16 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-events-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines --- # Copyright 2019 The Tekton Authors @@ -359,6 +402,23 @@ roleRef: kind: ClusterRole name: tekton-pipelines-webhook-cluster-access apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: tekton-events-controller-cluster-access + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-events-controller-cluster-access + apiGroup: rbac.authorization.k8s.io --- # Copyright 2020 The Tekton Authors @@ -465,6 +525,42 @@ roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: tekton-pipelines-info +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-pipelines-events-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-events-controller + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tekton-events-controller-leaderelection + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +subjects: + - kind: ServiceAccount + name: tekton-events-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io --- # Copyright 2019 The Tekton Authors @@ -488,8 +584,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.47.5" - version: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" + version: "v0.53.2" spec: group: tekton.dev preserveUnknownFields: false @@ -551,8 +647,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.47.5" - version: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" + version: "v0.53.2" spec: group: tekton.dev preserveUnknownFields: false @@ -619,15 +715,15 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.47.5" - version: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" + version: "v0.53.2" spec: group: tekton.dev preserveUnknownFields: false versions: - name: v1beta1 served: true - storage: true + storage: false subresources: status: {} schema: @@ -643,7 +739,7 @@ spec: x-kubernetes-preserve-unknown-fields: true - name: v1 served: true - storage: false + storage: true schema: openAPIV3Schema: type: object @@ -698,15 +794,15 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.47.5" - version: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" + version: "v0.53.2" spec: group: tekton.dev preserveUnknownFields: false versions: - name: v1beta1 served: true - storage: true + storage: false schema: openAPIV3Schema: type: object @@ -737,7 +833,7 @@ spec: status: {} - name: v1 served: true - storage: false + storage: true schema: openAPIV3Schema: type: object @@ -889,6 +985,61 @@ spec: name: tekton-pipelines-webhook namespace: tekton-pipelines +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: stepactions.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.53.2" + version: "v0.53.2" +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: StepAction + plural: stepactions + singular: stepaction + categories: + - tekton + - tekton-pipelines + scope: Namespaced + --- # Copyright 2019 The Tekton Authors # @@ -911,15 +1062,15 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.47.5" - version: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" + version: "v0.53.2" spec: group: tekton.dev preserveUnknownFields: false versions: - name: v1beta1 served: true - storage: true + storage: false schema: openAPIV3Schema: type: object @@ -937,7 +1088,7 @@ spec: status: {} - name: v1 served: true - storage: false + storage: true schema: openAPIV3Schema: type: object @@ -993,15 +1144,15 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.47.5" - version: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" + version: "v0.53.2" spec: group: tekton.dev preserveUnknownFields: false versions: - name: v1beta1 served: true - storage: true + storage: false schema: openAPIV3Schema: type: object @@ -1032,7 +1183,7 @@ spec: status: {} - name: v1 served: true - storage: false + storage: true schema: openAPIV3Schema: type: object @@ -1103,8 +1254,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.47.5" - version: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" + version: "v0.53.2" spec: group: tekton.dev versions: @@ -1155,7 +1306,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" # The data is populated at install time. --- apiVersion: admissionregistration.k8s.io/v1 @@ -1166,7 +1317,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1185,7 +1336,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1204,7 +1355,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1252,6 +1403,7 @@ rules: - pipelineruns - runs - customruns + - stepactions verbs: - create - delete @@ -1295,6 +1447,7 @@ rules: - pipelineruns - runs - customruns + - stepactions verbs: - get - list @@ -1390,6 +1543,57 @@ data: # no default-resolver-type is specified by default default-resolver-type: +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-events + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # formats contains a comma seperated list of event formats to be used + # the only format supported today is "tektonv1". An empty string is not + # a valid configuration. To disable events, do not specify the sink. + formats: "tektonv1" + + # sink contains the event sink to be used for TaskRun, PipelineRun and + # CustomRun. If no sink is specified, no CloudEvent is generated. + # This setting supercedes the "default-cloud-events-sink" from the + # "config-defaults" config map + sink: "https://events.sink/cdevents" + --- # Copyright 2019 The Tekton Authors # @@ -1419,10 +1623,24 @@ data: # # The default behaviour is for Tekton to create Affinity Assistants # - # See more in the workspace documentation about Affinity Assistant - # https://github.com/tektoncd/pipeline/blob/main/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline + # See more in the Affinity Assistant documentation + # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md # or https://github.com/tektoncd/pipeline/pull/2630 for more info. + # + # Note: This feature flag is deprecated and will be removed in release v0.60. Consider using `coschedule` feature flag to configure Affinity Assistant behavior. disable-affinity-assistant: "false" + # Setting this flag will determine how PipelineRun Pods are scheduled with Affinity Assistant. + # Acceptable values are "workspaces" (default), "pipelineruns", "isolate-pipelinerun", or "disabled". + # + # Setting it to "workspaces" will schedule all the taskruns sharing the same PVC-based workspace in a pipelinerun to the same node. + # Setting it to "pipelineruns" will schedule all the taskruns in a pipelinerun to the same node. + # Setting it to "isolate-pipelinerun" will schedule all the taskruns in a pipelinerun to the same node, + # and only allows one pipelinerun to run on a node at a time. + # Setting it to "disabled" will not apply any coschedule policy. + # + # See more in the Affinity Assistant documentation + # https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md + coschedule: "workspaces" # Setting this flag to "true" will prevent Tekton scanning attached # service accounts and injecting any credentials it finds into your # Steps. @@ -1465,7 +1683,7 @@ data: enable-tekton-oci-bundles: "false" # Setting this flag will determine which gated features are enabled. # Acceptable values are "stable", "beta", or "alpha". - enable-api-fields: "stable" + enable-api-fields: "beta" # Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a # CloudEvents sink is configured in the config-defaults config map send-cloudevents-for-runs: "false" @@ -1478,12 +1696,33 @@ data: # and PipelineRun status. This field contains metadata about resources used # in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline # definition was fetched. - enable-provenance-in-status: "false" + enable-provenance-in-status: "true" # Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance. # If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance. # If set to "none", then Tekton will not have non-falsifiable provenance. # This is an experimental feature and thus should still be considered an alpha feature. - enforce-nonfalsifiablity: "none" + enforce-nonfalsifiability: "none" + # Setting this flag will determine how Tekton pipelines will handle extracting results from the task. + # Acceptable values are "termination-message" or "sidecar-logs". + # "sidecar-logs" is an experimental feature and thus should still be considered + # an alpha feature. + results-from: "termination-message" + # Setting this flag will determine the upper limit of each task result + # This flag is optional and only associated with the previous flag, results-from + # When results-from is set to "sidecar-logs", this flag can be used to configure the upper limit of a task result + # max-result-size: "4096" + # Setting this flag to "true" will limit privileges for containers injected by Tekton into TaskRuns. + # This allows TaskRuns to run in namespaces with "restricted" pod security standards. + # Not all Kubernetes implementations support this option. + set-security-context: "false" + # Setting this flag to "true" will keep pod on cancellation + # allowing examination of the logs on the pods from cancelled taskruns + keep-pod-on-cancel: "false" + # Setting this flag to "true" will enable the CEL evaluation in WhenExpression + enable-cel-in-whenexpression: "false" + # Setting this flag to "true" will enable the use of StepActions in Steps + # This feature is in preview mode and not implemented yet. Please check #7259 for updates. + enable-step-actions: "false" --- # Copyright 2021 The Tekton Authors @@ -1514,7 +1753,7 @@ data: # this ConfigMap such that even if we don't have access to # other resources in the namespace we still can have access to # this ConfigMap. - version: "v0.47.5" + version: "v0.53.2" --- # Copyright 2020 Tekton Authors LLC @@ -1534,7 +1773,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: config-leader-election + name: config-leader-election-controller namespace: tekton-pipelines labels: app.kubernetes.io/instance: default @@ -1571,7 +1810,7 @@ data: buckets: "1" --- -# Copyright 2019 Tekton Authors LLC +# Copyright 2023 Tekton Authors LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -1588,43 +1827,44 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: config-logging + name: config-leader-election-events namespace: tekton-pipelines labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines data: - zap-logger-config: | - { - "level": "info", - "development": false, - "sampling": { - "initial": 100, - "thereafter": 100 - }, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "timestamp", - "levelKey": "severity", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "message", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - # Log level overrides - loglevel.controller: "info" - loglevel.webhook: "info" + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" --- -# Copyright 2019 The Tekton Authors +# Copyright 2023 Tekton Authors LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -1641,7 +1881,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: config-observability + name: config-leader-election-webhook namespace: tekton-pipelines labels: app.kubernetes.io/instance: default @@ -1653,7 +1893,6 @@ data: # EXAMPLE CONFIGURATION # # # ################################ - # This block is not actually functional configuration, # but serves to illustrate the available configuration # options and document them in a way that is accessible @@ -1662,14 +1901,122 @@ data: # These sample configuration options may be copied out of # this example block and unindented to be in the data block # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using Stackdriver will incur additional charges. - metrics.backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be + # lease-duration is how long non-leaders will wait to try to acquire the + # lock; 15 seconds is the value used by core kubernetes controllers. + lease-duration: "60s" + # renew-deadline is how long a leader will try to renew the lease before + # giving up; 10 seconds is the value used by core kubernetes controllers. + renew-deadline: "40s" + # retry-period is how long the leader election client waits between tries of + # actions; 2 seconds is the value used by core kubernetes controllers. + retry-period: "10s" + # buckets is the number of buckets used to partition key space of each + # Reconciler. If this number is M and the replica number of the controller + # is N, the N replicas will compete for the M buckets. The owner of a + # bucket will take care of the reconciling for the keys partitioned into + # that bucket. + buckets: "1" + +--- +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" + +--- +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be # used and metrics will be sent to the cluster's project if this field is # not provided. metrics.stackdriver-project-id: "" @@ -1684,6 +2031,7 @@ data: metrics.taskrun.duration-type: "histogram" metrics.pipelinerun.level: "pipeline" metrics.pipelinerun.duration-type: "histogram" + metrics.count.enable-reason: "false" --- # Copyright 2020 Tekton Authors LLC @@ -1763,6 +2111,52 @@ data: # spire-node-alias-prefix specifies the SPIRE node alias prefix to use. # spire-node-alias-prefix: "/tekton-node/" +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-tracing + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # Enable sending traces to defined endpoint by setting this to true + enabled: "true" + # + # API endpoint to send the traces to + # (optional): The default value is given below + endpoint: "http://jaeger-collector.jaeger.svc.cluster.local:14268/api/traces" + --- # Copyright 2019 The Tekton Authors # @@ -1787,12 +2181,12 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.47.5" + app.kubernetes.io/version: "v0.53.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" # labels below are related to istio and should not be used for resource lookup - version: "v0.47.5" + version: "v0.53.2" spec: replicas: 1 selector: @@ -1807,13 +2201,13 @@ spec: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.47.5" + app.kubernetes.io/version: "v0.53.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.47.5" + version: "v0.53.2" spec: affinity: nodeAffinity: @@ -1827,11 +2221,11 @@ spec: serviceAccountName: tekton-pipelines-controller containers: - name: tekton-pipelines-controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.47.5@sha256:19c58e33dcc6729749cb6f3d31421702f0adadeaa36fb9de010b907c00faf003 + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.53.2@sha256:2cab05747826e7c32e2c588f0fefd354e03f643bd33dbe20533eada00562e6b1 args: [ # These images are built on-demand by `ko resolve` and are replaced # by image references by digest. - "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.47.5@sha256:436c52e15153168af571ad9aa9c37ea2c664547d9bd83fe050394d6ef70467f1", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.47.5@sha256:8f030b7c05425bebe21b85ac314880073d1d518d47e367d9da03e04470ab7da5", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.47.5@sha256:ced09b6450a6e31daae98a647ccba668587a5e4ca9f47865fcfacaef2fc22e43", "-workingdirinit-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.47.5@sha256:3a0514058af55aa2122750b590348b37306b72f147e9cc881c632d9d78297f63", + "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.53.2@sha256:7a4269475491e3e9b70e173de6871596e63a9eefd792f2127ca7004145915a76", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.53.2@sha256:1793eb2b13d86e084d603ec174904176e5e68b7161be9ed66786deda8f728f30", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.53.2@sha256:cf55af7c850b6f6b83d7565b728969cc6cf548ae0c72abf7261c42ce07eefe2d", "-workingdirinit-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.53.2@sha256:5c0b96d1f1ac9a5c1d8fa50ba07a1174812190707c4abb939b6c41b0b8e72093", # The shell image must allow root in order to create directories and copy files to PVCs. # cgr.dev/chainguard/busybox as of April 14 2022 # image shall not contains tag, so it will be supported on a runtime like cri-o @@ -1858,14 +2252,10 @@ spec: value: config-logging - name: CONFIG_OBSERVABILITY_NAME value: config-observability - - name: CONFIG_ARTIFACT_BUCKET_NAME - value: config-artifact-bucket - - name: CONFIG_ARTIFACT_PVC_NAME - value: config-artifact-pvc - name: CONFIG_FEATURE_FLAGS_NAME value: feature-flags - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election + value: config-leader-election-controller - name: CONFIG_SPIRE value: config-spire - name: SSL_CERT_FILE @@ -1930,13 +2320,13 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.47.5" + app.kubernetes.io/version: "v0.53.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.47.5" + version: "v0.53.2" name: tekton-pipelines-controller namespace: tekton-pipelines spec: @@ -1956,6 +2346,172 @@ spec: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-events-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.53.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.53.2" + # labels below are related to istio and should not be used for resource lookup + version: "v0.53.2" +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.53.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.53.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-events-controller + version: "v0.53.2" + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: NotIn + values: + - windows + serviceAccountName: tekton-events-controller + containers: + - name: tekton-events-controller + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.53.2@sha256:0cf6f0be5319efdd8909ed8f987837d89146fd0632a744bf6d54bf83e5b13ca0 + args: [] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + - name: config-registry-cert + mountPath: /etc/config-registry-cert + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_DEFAULTS_NAME + value: config-defaults + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election-events + - name: SSL_CERT_FILE + value: /etc/config-registry-cert/cert + - name: SSL_CERT_DIR + value: /etc/ssl/certs + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + # User 65532 is the nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + volumes: + - name: config-logging + configMap: + name: config-logging + - name: config-registry-cert + configMap: + name: config-registry-cert +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.53.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.53.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-events-controller + version: "v0.53.2" + name: tekton-events-controller + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: events + app.kubernetes.io/component: events + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + --- # Copyright 2022 The Tekton Authors # @@ -2257,7 +2813,7 @@ data: apiVersion: v1 kind: ConfigMap metadata: - name: config-leader-election + name: config-leader-election-resolvers namespace: tekton-pipelines-resolvers labels: app.kubernetes.io/component: resolvers @@ -2515,12 +3071,12 @@ metadata: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.47.5" + app.kubernetes.io/version: "v0.53.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" # labels below are related to istio and should not be used for resource lookup - version: "v0.47.5" + version: "v0.53.2" spec: replicas: 1 selector: @@ -2535,13 +3091,13 @@ spec: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.47.5" + app.kubernetes.io/version: "v0.53.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-resolvers - version: "v0.47.5" + version: "v0.53.2" spec: affinity: podAntiAffinity: @@ -2558,7 +3114,7 @@ spec: serviceAccountName: tekton-pipelines-resolvers containers: - name: controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.47.5@sha256:1aabcadc11da3563556369228f2b842a4ead5ef73561718055b83ca12d056f4f + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.53.2@sha256:6578d145acd9cd288e501023429439334de15de8bd77af132c57a1d5f982e940 resources: requests: cpu: 100m @@ -2569,6 +3125,11 @@ spec: ports: - name: metrics containerPort: 9090 + - name: profiling + containerPort: 8008 + # This must match the value of the environment variable PROBES_PORT. + - name: probes + containerPort: 8080 env: - name: SYSTEM_NAMESPACE valueFrom: @@ -2584,12 +3145,16 @@ spec: - name: CONFIG_FEATURE_FLAGS_NAME value: feature-flags - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election + value: config-leader-election-resolvers - name: METRICS_DOMAIN value: tekton.dev/resolution - # Override this env var to set a private hub api endpoint + - name: PROBES_PORT + value: "8080" + # Override this env var to set a private hub api endpoint - name: ARTIFACT_HUB_API value: "https://artifacthub.io/" + - name: TEKTON_HUB_API + value: "https://api.hub.tekton.dev/" securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -2600,6 +3165,53 @@ spec: seccompProfile: type: RuntimeDefault +--- +# Copyright 2023 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.53.2" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.53.2" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-remote-resolvers + version: "v0.53.2" + name: tekton-pipelines-remote-resolvers + namespace: tekton-pipelines-resolvers +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: resolvers + app.kubernetes.io/component: resolvers + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + --- # Copyright 2020 The Tekton Authors # @@ -2624,12 +3236,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.47.5" + app.kubernetes.io/version: "v0.53.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" # labels below are related to istio and should not be used for resource lookup - version: "v0.47.5" + version: "v0.53.2" spec: minReplicas: 1 maxReplicas: 5 @@ -2672,12 +3284,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.47.5" + app.kubernetes.io/version: "v0.53.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" # labels below are related to istio and should not be used for resource lookup - version: "v0.47.5" + version: "v0.53.2" spec: selector: matchLabels: @@ -2691,13 +3303,13 @@ spec: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.47.5" + app.kubernetes.io/version: "v0.53.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.47.5" + version: "v0.53.2" spec: affinity: nodeAffinity: @@ -2724,7 +3336,7 @@ spec: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.47.5@sha256:5816aba3b53ad4a12b943b68046892b64a7d6d704cdb19385b7495796decef94 + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.53.2@sha256:1e8f8be3b51be378747b4589dde970582f50e1e69f59527f0a9aa7a75c5833e3 # Resource request required for autoscaler to take any action for a metric resources: requests: @@ -2746,9 +3358,13 @@ spec: - name: CONFIG_OBSERVABILITY_NAME value: config-observability - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election + value: config-leader-election-webhook - name: CONFIG_FEATURE_FLAGS_NAME value: feature-flags + # If you change PROBES_PORT, you will also need to change the + # containerPort "probes" to the same value. + - name: PROBES_PORT + value: "8080" # If you change WEBHOOK_PORT, you will also need to change the # containerPort "https-webhook" to the same value. - name: WEBHOOK_PORT @@ -2787,6 +3403,7 @@ spec: # This must match the value of the environment variable WEBHOOK_PORT. - name: https-webhook containerPort: 8443 + # This must match the value of the environment variable PROBES_PORT. - name: probes containerPort: 8080 livenessProbe: @@ -2813,13 +3430,13 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.47.5" + app.kubernetes.io/version: "v0.53.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.47.5" + pipeline.tekton.dev/release: "v0.53.2" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.47.5" + version: "v0.53.2" name: tekton-pipelines-webhook namespace: tekton-pipelines spec: @@ -2827,15 +3444,16 @@ spec: # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics port: 9090 - targetPort: 9090 + targetPort: metrics - name: http-profiling port: 8008 - targetPort: 8008 + targetPort: profiling - name: https-webhook port: 443 targetPort: https-webhook - name: probes port: 8080 + targetPort: probes selector: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook