diff --git a/tekton/release-resolvers/release.yaml b/tekton/release-resolvers/release.yaml index ddc7d11..780d062 100644 --- a/tekton/release-resolvers/release.yaml +++ b/tekton/release-resolvers/release.yaml @@ -56,7 +56,7 @@ rules: verbs: ["get", "list"] # Read-only access to these. - apiGroups: [""] - resources: ["secrets"] + resources: ["secrets", "serviceaccounts"] verbs: ["get", "list", "watch"] --- @@ -208,6 +208,8 @@ metadata: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines data: + # the default service account name to use for bundle requests. + default-service-account: "default" # The default layer kind in the bundle image. default-kind: "task" @@ -583,12 +585,12 @@ metadata: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.65.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # labels below are related to istio and should not be used for resource lookup - version: "v0.56.0" + version: "v0.65.2" spec: replicas: 1 selector: @@ -603,13 +605,13 @@ spec: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.65.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-resolvers - version: "v0.56.0" + version: "v0.65.2" spec: affinity: podAntiAffinity: @@ -626,7 +628,7 @@ spec: serviceAccountName: tekton-pipelines-resolvers containers: - name: controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.56.0@sha256:8c0598a04420caa0ee3aeb6fef7521f93f4c41f7308ccb0c616167dc1d5fa00a + image: ghcr.io/tektoncd/pipeline/resolvers-ff86b24f130c42b88983d3c13993056d:v0.65.2@sha256:02a8c277174284468d17be2f79fa7d1a2fb5abfcfb262e7fcd8fadebe64efd7c resources: requests: cpu: 100m @@ -698,13 +700,13 @@ metadata: app.kubernetes.io/name: resolvers app.kubernetes.io/component: resolvers app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.65.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-remote-resolvers - version: "v0.56.0" + version: "v0.65.2" name: tekton-pipelines-remote-resolvers namespace: tekton-pipelines-resolvers spec: diff --git a/tekton/release/release.yaml b/tekton/release/release.yaml index 7589787..9e77abc 100644 --- a/tekton/release/release.yaml +++ b/tekton/release/release.yaml @@ -584,8 +584,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" spec: group: tekton.dev preserveUnknownFields: false @@ -616,14 +616,6 @@ spec: - tekton - tekton-pipelines scope: Cluster - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1beta1"] - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines --- # Copyright 2020 The Tekton Authors @@ -647,8 +639,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" spec: group: tekton.dev preserveUnknownFields: false @@ -715,8 +707,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" spec: group: tekton.dev preserveUnknownFields: false @@ -794,8 +786,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" spec: group: tekton.dev preserveUnknownFields: false @@ -1007,13 +999,31 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" spec: group: tekton.dev preserveUnknownFields: false versions: - name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1beta1 served: true storage: true schema: @@ -1062,8 +1072,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" spec: group: tekton.dev preserveUnknownFields: false @@ -1144,8 +1154,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" spec: group: tekton.dev preserveUnknownFields: false @@ -1254,8 +1264,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" - version: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" + version: "v0.65.2" spec: group: tekton.dev versions: @@ -1306,7 +1316,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # The data is populated at install time. --- apiVersion: admissionregistration.k8s.io/v1 @@ -1317,7 +1327,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1336,7 +1346,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1355,7 +1365,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1543,6 +1553,11 @@ data: # no default-resolver-type is specified by default default-resolver-type: + # default-imagepullbackoff-timeout contains the default duration to wait + # before requeuing the TaskRun to retry, specifying 0 here is equivalent to fail fast + # possible values could be 1m, 5m, 10s, 1h, etc + # default-imagepullbackoff-timeout: "5m" + # default-container-resource-requirements allow users to update default resource requirements # to a init-containers and containers of a pods create by the controller # Onet: All the resource requirements are applied to init-containers and containers @@ -1757,8 +1772,7 @@ data: enforce-nonfalsifiability: "none" # Setting this flag will determine how Tekton pipelines will handle extracting results from the task. # Acceptable values are "termination-message" or "sidecar-logs". - # "sidecar-logs" is an experimental feature and thus should still be considered - # an alpha feature. + # "sidecar-logs" is now a beta feature. results-from: "termination-message" # Setting this flag will determine the upper limit of each task result # This flag is optional and only associated with the previous flag, results-from @@ -1776,8 +1790,21 @@ data: # Setting this flag to "true" will enable the use of StepActions in Steps # This feature is in preview mode and not implemented yet. Please check #7259 for updates. enable-step-actions: "false" + # Setting this flag to "true" will enable the use of Artifacts in Steps + # This feature is in preview mode and not implemented yet. Please check #7693 for updates. + enable-artifacts: "false" # Setting this flag to "true" will enable the built-in param input validation via param enum. enable-param-enum: "false" + # Setting this flag to "pipeline,pipelinerun,taskrun" will prevent users from creating + # embedded spec Taskruns or Pipelineruns for Pipeline, Pipelinerun and taskrun + # respectively. We can specify "pipeline" to disable for Pipeline resource only. + # "pipelinerun" for Pipelinerun and "taskrun" for Taskrun. Or a combination of + # these. + disable-inline-spec: "" + # Setting this flag to "true" will enable the use of concise resolver syntax + enable-concise-resolver-syntax: "false" + # Setthing this flag to "true" will enable native Kubernetes Sidecar support + enable-kubernetes-sidecar: "false" --- # Copyright 2021 The Tekton Authors @@ -1808,7 +1835,7 @@ data: # this ConfigMap such that even if we don't have access to # other resources in the namespace we still can have access to # this ConfigMap. - version: "v0.56.0" + version: "v0.65.2" --- # Copyright 2020 Tekton Authors LLC @@ -2087,6 +2114,7 @@ data: metrics.pipelinerun.level: "pipeline" metrics.pipelinerun.duration-type: "histogram" metrics.count.enable-reason: "false" + metrics.running-pipelinerun.level: "" --- # Copyright 2020 Tekton Authors LLC @@ -2238,12 +2266,12 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.65.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # labels below are related to istio and should not be used for resource lookup - version: "v0.56.0" + version: "v0.65.2" spec: replicas: 1 selector: @@ -2258,13 +2286,13 @@ spec: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.65.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.56.0" + version: "v0.65.2" spec: affinity: nodeAffinity: @@ -2278,11 +2306,11 @@ spec: serviceAccountName: tekton-pipelines-controller containers: - name: tekton-pipelines-controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.56.0@sha256:fc5669e1bbabbf24b0ee4591ff20793643d778942e91ae52b3f7cca26d81a99b + image: ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36:v0.65.2@sha256:099747541c95d5806a37a51201fc600034dcddba3c14fac0760914b76b51a1f4 args: [ # These images are built on-demand by `ko resolve` and are replaced # by image references by digest. - "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.56.0@sha256:381ca58f0f911b6954530ea820bdda12850e535db9c6a85a17a02e3dd49345fb", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.56.0@sha256:4e627be53f78f30f73084ea0695d97397930d6f12d4cfab28d97b1aa57842881", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.56.0@sha256:4db16701d6e54d80cbb7b51e021d3f5698196d08d2f1ff33728154807ef1fe86", "-workingdirinit-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit:v0.56.0@sha256:c488368eff45a745dd58e65f526d746abcad431796bb0e719ecf2d5f71491692", + "-entrypoint-image", "ghcr.io/tektoncd/pipeline/entrypoint-bff0a22da108bc2f16c818c97641a296:v0.65.2@sha256:854bda25e588b84405a0693c7a4f5995fc62d8a3f32f277364e1bc8acd50b5c5", "-nop-image", "ghcr.io/tektoncd/pipeline/nop-8eac7c133edad5df719dc37b36b62482:v0.65.2@sha256:433028be86d6817ad7f24e988a2cd2facf09895cc13c0140e304db37220ed71e", "-sidecarlogresults-image", "ghcr.io/tektoncd/pipeline/sidecarlogresults-7501c6a20d741631510a448b48ab098f:v0.65.2@sha256:fb7900f99dcc25210c1cb2b9b38941e949a6cc2a1b66e93afb04f6622a1a04f9", "-workingdirinit-image", "ghcr.io/tektoncd/pipeline/workingdirinit-0c558922ec6a1b739e550e349f2d5fc1:v0.65.2@sha256:1d5cb618fb87149cb80f69f9388d8a76829bd9a12f0f6a476d3c7bf7aab00335", # The shell image must allow root in order to create directories and copy files to PVCs. # cgr.dev/chainguard/busybox as of April 14 2022 # image shall not contains tag, so it will be supported on a runtime like cri-o @@ -2323,6 +2351,7 @@ spec: value: tekton.dev/pipeline securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true capabilities: drop: - "ALL" @@ -2370,13 +2399,13 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.65.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.56.0" + version: "v0.65.2" name: tekton-pipelines-controller namespace: tekton-pipelines spec: @@ -2420,12 +2449,12 @@ metadata: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.65.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # labels below are related to istio and should not be used for resource lookup - version: "v0.56.0" + version: "v0.65.2" spec: replicas: 1 selector: @@ -2440,13 +2469,13 @@ spec: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.65.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # labels below are related to istio and should not be used for resource lookup app: tekton-events-controller - version: "v0.56.0" + version: "v0.65.2" spec: affinity: nodeAffinity: @@ -2460,7 +2489,7 @@ spec: serviceAccountName: tekton-events-controller containers: - name: tekton-events-controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events:v0.56.0@sha256:c7fe97153fc32ea3eae343bcaf96761c9b0d80c8098ee35922550f0caf6887e0 + image: ghcr.io/tektoncd/pipeline/events-a9042f7efb0cbade2a868a1ee5ddd52c:v0.65.2@sha256:35d011c27209ec90277d70e7bd250377673f5b24c7b645e315ee8b4fe2a95725 args: [] volumeMounts: - name: config-logging @@ -2489,6 +2518,7 @@ spec: value: /etc/ssl/certs securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true capabilities: drop: - "ALL" @@ -2536,13 +2566,13 @@ metadata: app.kubernetes.io/name: events app.kubernetes.io/component: events app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.65.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # labels below are related to istio and should not be used for resource lookup app: tekton-events-controller - version: "v0.56.0" + version: "v0.65.2" name: tekton-events-controller namespace: tekton-pipelines spec: @@ -2586,12 +2616,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.65.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # labels below are related to istio and should not be used for resource lookup - version: "v0.56.0" + version: "v0.65.2" spec: minReplicas: 1 maxReplicas: 5 @@ -2634,12 +2664,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.65.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # labels below are related to istio and should not be used for resource lookup - version: "v0.56.0" + version: "v0.65.2" spec: selector: matchLabels: @@ -2653,13 +2683,13 @@ spec: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.65.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.56.0" + version: "v0.65.2" spec: affinity: nodeAffinity: @@ -2686,7 +2716,7 @@ spec: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.56.0@sha256:99824836bb47c1d9e21efdeff56e02b9426fe2323a22625b7af4f66a4028a5b4 + image: ghcr.io/tektoncd/pipeline/webhook-d4749e605405422fd87700164e31b2d1:v0.65.2@sha256:8379b21b994f115d2b5a656ca2c387578f2201621fd4f638fa05f0b95ba3ad8c # Resource request required for autoscaler to take any action for a metric resources: requests: @@ -2736,6 +2766,7 @@ spec: value: tekton.dev/pipeline securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true capabilities: drop: - "ALL" @@ -2780,13 +2811,13 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.56.0" + app.kubernetes.io/version: "v0.65.2" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.56.0" + pipeline.tekton.dev/release: "v0.65.2" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.56.0" + version: "v0.65.2" name: tekton-pipelines-webhook namespace: tekton-pipelines spec: