From 513625074a8a6362ff7fb82023365c843013237e Mon Sep 17 00:00:00 2001 From: Marcus Noble Date: Thu, 23 Dec 2021 18:47:00 +0000 Subject: [PATCH] Removed Tekton Signed-off-by: Marcus Noble --- tekton/1-Install/1-pipeline.yaml | 1456 -------------------- tekton/1-Install/2-triggers.yaml | 838 ----------- tekton/1-Install/3-webhooks.yaml | 356 ----- tekton/1-Install/4-dashboard.yaml | 349 ----- tekton/1-Install/5-dashboard-ingress.yaml | 105 -- tekton/2-Setup/docker-creds.yaml | 23 - tekton/2-Setup/eventlistener-rbac.yaml | 39 - tekton/2-Setup/gitea-creds.yaml | 26 - tekton/2-Setup/kubeconfig-creds.yaml | 10 - tekton/2-Setup/serviceaccounts.yaml | 19 - tekton/README.md | 32 - tekton/bindings/gitea.yaml | 21 - tekton/conditions/has-makefile.yaml | 12 - tekton/conditions/public-project.yaml | 23 - tekton/eventlisteners/webhook.yaml | 55 - tekton/pipelines/deploy.yaml | 128 -- tekton/pipelines/pr.yaml | 111 -- tekton/pipelines/tag.yaml | 53 - tekton/tasks/docker-build-and-publish.yaml | 64 - tekton/tasks/kubectl-apply-files.yaml | 14 - tekton/tasks/kubectl-apply-inline.yaml | 14 - tekton/tasks/kubectl-patch-image.yaml | 25 - tekton/tasks/make.yaml | 48 - tekton/tasks/pr-status.yaml | 27 - tekton/triggertemplates/deploy.yaml | 49 - tekton/triggertemplates/pr.yaml | 46 - tekton/triggertemplates/tag.yaml | 51 - 27 files changed, 3994 deletions(-) delete mode 100644 tekton/1-Install/1-pipeline.yaml delete mode 100644 tekton/1-Install/2-triggers.yaml delete mode 100644 tekton/1-Install/3-webhooks.yaml delete mode 100644 tekton/1-Install/4-dashboard.yaml delete mode 100644 tekton/1-Install/5-dashboard-ingress.yaml delete mode 100644 tekton/2-Setup/docker-creds.yaml delete mode 100644 tekton/2-Setup/eventlistener-rbac.yaml delete mode 100644 tekton/2-Setup/gitea-creds.yaml delete mode 100644 tekton/2-Setup/kubeconfig-creds.yaml delete mode 100644 tekton/2-Setup/serviceaccounts.yaml delete mode 100644 tekton/README.md delete mode 100644 tekton/bindings/gitea.yaml delete mode 100644 tekton/conditions/has-makefile.yaml delete mode 100644 tekton/conditions/public-project.yaml delete mode 100644 tekton/eventlisteners/webhook.yaml delete mode 100644 tekton/pipelines/deploy.yaml delete mode 100644 tekton/pipelines/pr.yaml delete mode 100644 tekton/pipelines/tag.yaml delete mode 100644 tekton/tasks/docker-build-and-publish.yaml delete mode 100644 tekton/tasks/kubectl-apply-files.yaml delete mode 100644 tekton/tasks/kubectl-apply-inline.yaml delete mode 100644 tekton/tasks/kubectl-patch-image.yaml delete mode 100644 tekton/tasks/make.yaml delete mode 100644 tekton/tasks/pr-status.yaml delete mode 100644 tekton/triggertemplates/deploy.yaml delete mode 100644 tekton/triggertemplates/pr.yaml delete mode 100644 tekton/triggertemplates/tag.yaml diff --git a/tekton/1-Install/1-pipeline.yaml b/tekton/1-Install/1-pipeline.yaml deleted file mode 100644 index b556be6..0000000 --- a/tekton/1-Install/1-pipeline.yaml +++ /dev/null @@ -1,1456 +0,0 @@ -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Namespace -metadata: - name: tekton-pipelines - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: tekton-pipelines -spec: - privileged: false - allowPrivilegeEscalation: false - volumes: - - 'emptyDir' - - 'configMap' - - 'secret' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - ---- -# Copyright 2020 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-controller-cluster-access -rules: -- apiGroups: [""] - # Namespace access is required because the controller timeout handling logic - # iterates over all namespaces and times out any PipelineRuns that have expired. - # Pod access is required because the taskrun controller wants to be updated when - # a Pod underlying a TaskRun changes state. - resources: ["namespaces", "pods"] - verbs: ["list", "watch"] - # Controller needs cluster access to all of the CRDs that it is responsible for - # managing. -- apiGroups: ["tekton.dev"] - resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", - "conditions"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] -- apiGroups: ["tekton.dev"] - resources: ["taskruns/finalizers", "pipelineruns/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] -- apiGroups: ["tekton.dev"] - resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", - "pipelineruns/status", "pipelineresources/status"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] -- apiGroups: ["policy"] - resources: ["podsecuritypolicies"] - resourceNames: ["tekton-pipelines"] - verbs: ["use"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - # This is the access that the controller needs on a per-namespace basis. - name: tekton-pipelines-controller-tenant-access -rules: -- apiGroups: [""] - resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps", - "persistentvolumeclaims", "limitranges"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - # Unclear if this access is actually required. Simply a hold-over from the previous - # incarnation of the controller's ClusterRole. -- apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] -- apiGroups: ["apps"] - resources: ["deployments/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-webhook-cluster-access -rules: -- # The webhook needs to be able to list and update customresourcedefinitions, - # mainly to update the webhook certificates. - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions", "customresourcedefinitions/status"] - verbs: ["get", "list", "update", "patch", "watch"] -- apiGroups: ["admissionregistration.k8s.io"] - # The webhook performs a reconciliation on these two resources and continuously - # updates configuration. - resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] - # knative starts informers on these things, which is why we need get, list and watch. - verbs: ["list", "watch"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - # This mutating webhook is responsible for applying defaults to tekton objects - # as they are received. - resourceNames: ["webhook.pipeline.tekton.dev"] - # When there are changes to the configs or secrets, knative updates the mutatingwebhook config - # with the updated certificates or the refreshed set of rules. - verbs: ["get", "update"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns. - # config.webhook.pipeline.tekton.dev validates the logging configuration against knative's logging structure - resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"] - # When there are changes to the configs or secrets, knative updates the validatingwebhook config - # with the updated certificates or the refreshed set of rules. - verbs: ["get", "update"] -- apiGroups: ["policy"] - resources: ["podsecuritypolicies"] - resourceNames: ["tekton-pipelines"] - verbs: ["use"] - ---- -# Copyright 2020 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-controller - namespace: tekton-pipelines -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["list", "watch"] -- # The controller needs access to these configmaps for logging information and runtime configuration. - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] - resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", - "config-artifact-pvc", "feature-flags", "config-leader-election"] ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-webhook - namespace: tekton-pipelines -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["list", "watch"] -- # The webhook needs access to these configmaps for logging information. - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] - resourceNames: ["config-logging", "config-observability"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["list", "watch"] -- # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever - # the secret changes it updates the webhook configurations with the certificates - # stored in the secret. - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "update"] - resourceNames: ["webhook-certs"] - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tekton-pipelines-controller - namespace: tekton-pipelines ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tekton-pipelines-controller-cluster-access -subjects: -- kind: ServiceAccount - name: tekton-pipelines-controller - namespace: tekton-pipelines -roleRef: - kind: ClusterRole - name: tekton-pipelines-controller-cluster-access - apiGroup: rbac.authorization.k8s.io ---- -# If this ClusterRoleBinding is replaced with a RoleBinding -# then the ClusterRole would be namespaced. The access described by -# the tekton-pipelines-controller-tenant-access ClusterRole would -# be scoped to individual tenant namespaces. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tekton-pipelines-controller-tenant-access -subjects: -- kind: ServiceAccount - name: tekton-pipelines-controller - namespace: tekton-pipelines -roleRef: - kind: ClusterRole - name: tekton-pipelines-controller-tenant-access - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tekton-pipelines-webhook-cluster-access -subjects: -- kind: ServiceAccount - name: tekton-pipelines-webhook - namespace: tekton-pipelines -roleRef: - kind: ClusterRole - name: tekton-pipelines-webhook-cluster-access - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: tekton-pipelines-controller - namespace: tekton-pipelines -subjects: -- kind: ServiceAccount - name: tekton-pipelines-controller - namespace: tekton-pipelines -roleRef: - kind: Role - name: tekton-pipelines-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: tekton-pipelines-webhook - namespace: tekton-pipelines -subjects: -- kind: ServiceAccount - name: tekton-pipelines-webhook - namespace: tekton-pipelines -roleRef: - kind: Role - name: tekton-pipelines-webhook - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clustertasks.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - preserveUnknownFields: false - validation: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - versions: - - name: v1alpha1 - served: true - storage: true - - name: v1beta1 - served: true - storage: false - names: - kind: ClusterTask - plural: clustertasks - categories: - - tekton - - tekton-pipelines - scope: Cluster - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - conversion: - strategy: Webhook - webhookClientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: conditions.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - names: - kind: Condition - plural: conditions - categories: - - tekton - - tekton-pipelines - scope: Namespaced - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - version: v1alpha1 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - version: v1alpha1 - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - shortNames: - - img - scope: Namespaced - subresources: - status: {} - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: pipelines.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - preserveUnknownFields: false - validation: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - versions: - - name: v1alpha1 - served: true - storage: true - - name: v1beta1 - served: true - storage: false - names: - kind: Pipeline - plural: pipelines - categories: - - tekton - - tekton-pipelines - scope: Namespaced - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - conversion: - strategy: Webhook - webhookClientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: pipelineruns.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - preserveUnknownFields: false - validation: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - versions: - - name: v1alpha1 - served: true - storage: true - - name: v1beta1 - served: true - storage: false - names: - kind: PipelineRun - plural: pipelineruns - categories: - - tekton - - tekton-pipelines - shortNames: - - pr - - prs - scope: Namespaced - additionalPrinterColumns: - - name: Succeeded - type: string - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - JSONPath: .status.startTime - - name: CompletionTime - type: date - JSONPath: .status.completionTime - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - conversion: - strategy: Webhook - webhookClientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: pipelineresources.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - names: - kind: PipelineResource - plural: pipelineresources - categories: - - tekton - - tekton-pipelines - scope: Namespaced - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - version: v1alpha1 - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: tasks.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - preserveUnknownFields: false - validation: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - versions: - - name: v1alpha1 - served: true - storage: true - - name: v1beta1 - served: true - storage: false - names: - kind: Task - plural: tasks - categories: - - tekton - - tekton-pipelines - scope: Namespaced - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - conversion: - strategy: Webhook - webhookClientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: taskruns.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - preserveUnknownFields: false - validation: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - versions: - - name: v1alpha1 - served: true - storage: true - - name: v1beta1 - served: true - storage: false - names: - kind: TaskRun - plural: taskruns - categories: - - tekton - - tekton-pipelines - shortNames: - - tr - - trs - scope: Namespaced - additionalPrinterColumns: - - name: Succeeded - type: string - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - JSONPath: .status.startTime - - name: CompletionTime - type: date - JSONPath: .status.completionTime - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - conversion: - strategy: Webhook - webhookClientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -# Copyright 2020 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: webhook-certs - namespace: tekton-pipelines - labels: - pipeline.tekton.dev/release: devel -# The data is populated at install time. ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.pipeline.tekton.dev - labels: - pipeline.tekton.dev/release: devel -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - failurePolicy: Fail - sideEffects: None - name: validation.webhook.pipeline.tekton.dev ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.pipeline.tekton.dev - labels: - pipeline.tekton.dev/release: devel -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - failurePolicy: Fail - sideEffects: None - name: webhook.pipeline.tekton.dev ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.pipeline.tekton.dev - labels: - pipeline.tekton.dev/release: devel -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - failurePolicy: Fail - sideEffects: None - name: config.webhook.pipeline.tekton.dev - namespaceSelector: - matchExpressions: - - key: pipeline.tekton.dev/release - operator: Exists - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tekton-aggregate-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: -- apiGroups: - - tekton.dev - resources: - - tasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - - conditions - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tekton-aggregate-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: - - tekton.dev - resources: - - tasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - - conditions - verbs: - - get - - list - - watch - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-artifact-bucket - namespace: tekton-pipelines -# data: -# # location of the gcs bucket to be used for artifact storage -# location: "gs://bucket-name" -# # name of the secret that will contain the credentials for the service account -# # with access to the bucket -# bucket.service.account.secret.name: -# # The key in the secret with the required service account json -# bucket.service.account.secret.key: - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-artifact-pvc - namespace: tekton-pipelines -# data: -# # size of the PVC volume -# size: 5Gi -# -# # storage class of the PVC volume -# storageClassName: storage-class-name - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-defaults - namespace: tekton-pipelines -data: - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # default-timeout-minutes contains the default number of - # minutes to use for TaskRun and PipelineRun, if none is specified. - default-timeout-minutes: "60" # 60 minutes - - # default-service-account contains the default service account name - # to use for TaskRun and PipelineRun, if none is specified. - default-service-account: "default" - - # default-managed-by-label-value contains the default value given to the - # "app.kubernetes.io/managed-by" label applied to all Pods created for - # TaskRuns. If a user's requested TaskRun specifies another value for this - # label, the user's request supercedes. - default-managed-by-label-value: "tekton-pipelines" - - # default-pod-template contains the default pod template to use - # TaskRun and PipelineRun, if none is specified. If a pod template - # is specified, the default pod template is ignored. - # default-pod-template: - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: feature-flags - namespace: tekton-pipelines -data: - # Setting this flag to "true" will prevent Tekton overriding your - # Task container's $HOME environment variable. - # - # The default behaviour currently is for Tekton to override the - # $HOME environment variable but this will change in an upcoming - # release. - # - # See https://github.com/tektoncd/pipeline/issues/2013 for more - # info. - disable-home-env-overwrite: "false" - # Setting this flag to "true" will prevent Tekton overriding your - # Task container's working directory. - # - # The default behaviour currently is for Tekton to override the - # working directory if not set by the user but this will change - # in an upcoming release. - # - # See https://github.com/tektoncd/pipeline/issues/1836 for more - # info. - disable-working-directory-overwrite: "false" - ---- -# Copyright 2020 Tekton Authors LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: tekton-pipelines -data: - # An inactive but valid configuration follows; see example. - resourceLock: "leases" - leaseDuration: "15s" - renewDeadline: "10s" - retryPeriod: "2s" - ---- -# Copyright 2019 Tekton Authors LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: tekton-pipelines -data: - # Common configuration for all knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "sampling": { - "initial": 100, - "thereafter": 100 - }, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "", - "levelKey": "level", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "msg", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "", - "durationEncoder": "", - "callerEncoder": "" - } - } - # Log level overrides - loglevel.controller: "info" - loglevel.webhook: "info" - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: tekton-pipelines -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using Stackdriver will incur additional charges. - metrics.backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used and metrics will be sent to the cluster's project if this field is - # not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed - # to send metrics to Stackdriver using "global" resource type and custom - # metric type. Setting this flag to "true" could cause extra Stackdriver - # charge. If metrics.backend-destination is not Stackdriver, this is - # ignored. - metrics.allow-stackdriver-custom-metrics: "false" - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tekton-pipelines-controller - namespace: tekton-pipelines - labels: - app.kubernetes.io/name: tekton-pipelines - app.kubernetes.io/component: controller - pipeline.tekton.dev/release: "v0.12.1" - version: "v0.12.1" -spec: - replicas: 1 - selector: - matchLabels: - app: tekton-pipelines-controller - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: tekton-pipelines-controller - app.kubernetes.io/name: tekton-pipelines - app.kubernetes.io/component: controller - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.12.1" - version: "v0.12.1" - spec: - serviceAccountName: tekton-pipelines-controller - containers: - - name: tekton-pipelines-controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.12.1@sha256:0ca86ec6f246f49c1ac643357fd1c8e73a474aaa216548807b1216a9ff12f7be - args: [ - # These images are built on-demand by `ko resolve` and are replaced - # by image references by digest. - "-kubeconfig-writer-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.12.1@sha256:67dcd447b0c624befa12843ce9cc0bcfc502179bdb28d59563d761a7f3968509", - "-creds-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/creds-init:v0.12.1@sha256:6266d023172dde7fa421f626074b4e7eedc7d7d5ff561c033d6d63ebfff4a2f2", - "-git-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.12.1@sha256:d82c78288699dd6ee40c852b146cb3bd89b322b42fb3bc4feec28ea54bb7b36c", - "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.12.1@sha256:7f3db925f7660673a74b0e1030e65540adea36fe361ab7f06f5b5c47cdcef47d", - "-imagedigest-exporter-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.12.1@sha256:e8f08214baad9054bbed7be2b8617c6964b9a1c5405cf59eabcc3d3267a6253f", - "-pr-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.12.1@sha256:71e0226346e0d3d57af7c35b6cb907d42d3142e845b0f865ba0c86d3e248f3cb", - "-build-gcs-fetcher-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher:v0.12.1@sha256:ae5721bf0d883947c3c13f519ca26129792f4058d5f9dfedd50174d9e7acb2bc", - # These images are pulled from Dockerhub, by digest, as of April 15, 2020. - "-nop-image", "tianon/true@sha256:009cce421096698832595ce039aa13fa44327d96beedb84282a69d3dbcf5a81b", - "-shell-image", "busybox@sha256:a2490cec4484ee6c1068ba3a05f89934010c85242f736280b35343483b2264b6", - "-gsutil-image", "google/cloud-sdk@sha256:6e8676464c7581b2dc824956b112a61c95e4144642bec035e6db38e3384cae2e"] - volumeMounts: - - name: config-logging - mountPath: /etc/config-logging - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - # If you are changing these names, you will also need to update - # the controller's Role in 200-role.yaml to include the new - # values in the "configmaps" "get" rule. - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: CONFIG_ARTIFACT_BUCKET_NAME - value: config-artifact-bucket - - name: CONFIG_ARTIFACT_PVC_NAME - value: config-artifact-pvc - - name: CONFIG_FEATURE_FLAGS_NAME - value: feature-flags - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - volumes: - - name: config-logging - configMap: - name: config-logging ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: tekton-pipelines-controller - pipeline.tekton.dev/release: "v0.12.1" - version: "v0.12.1" - name: tekton-pipelines-controller - namespace: tekton-pipelines -spec: - ports: - - name: http-metrics - port: 9090 - protocol: TCP - targetPort: 9090 - selector: - app: tekton-pipelines-controller - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - # Note: the Deployment name must be the same as the Service name specified in - # config/400-webhook-service.yaml. If you change this name, you must also - # change the value of WEBHOOK_SERVICE_NAME below. - name: tekton-pipelines-webhook - namespace: tekton-pipelines - labels: - app.kubernetes.io/name: tekton-pipelines - app.kubernetes.io/component: webhook-controller - pipeline.tekton.dev/release: "v0.12.1" - version: "v0.12.1" -spec: - replicas: 1 - selector: - matchLabels: - app: tekton-pipelines-webhook - role: webhook - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: tekton-pipelines-webhook - role: webhook - app.kubernetes.io/name: tekton-pipelines - app.kubernetes.io/component: webhook-controller - pipeline.tekton.dev/release: "v0.12.1" - version: "v0.12.1" - spec: - serviceAccountName: tekton-pipelines-webhook - containers: - - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.12.1@sha256:69f065d493244dbd50563b96f5474bf6590821a6308fd8c69c5ef06cf4d988b2 - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - # If you are changing these names, you will also need to update - # the webhook's Role in 200-role.yaml to include the new - # values in the "configmaps" "get" rule. - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: WEBHOOK_SERVICE_NAME - value: tekton-pipelines-webhook - - name: WEBHOOK_SECRET_NAME - value: webhook-certs - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - securityContext: - allowPrivilegeEscalation: false - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: tekton-pipelines-webhook - role: webhook - pipeline.tekton.dev/release: v0.12.1 - version: "v0.12.1" - name: tekton-pipelines-webhook - namespace: tekton-pipelines -spec: - ports: - - # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: tekton-pipelines-webhook - role: webhook - ---- diff --git a/tekton/1-Install/2-triggers.yaml b/tekton/1-Install/2-triggers.yaml deleted file mode 100644 index 2178773..0000000 --- a/tekton/1-Install/2-triggers.yaml +++ /dev/null @@ -1,838 +0,0 @@ -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: tekton-triggers - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers -spec: - privileged: false - allowPrivilegeEscalation: false - volumes: - - 'emptyDir' - - 'configMap' - - 'secret' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-triggers-admin - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers -rules: -- apiGroups: [""] - resources: ["configmaps", "secrets", "services"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] -- apiGroups: ["apps"] - resources: ["deployments", "deployments/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] -- apiGroups: ["triggers.tekton.dev"] - resources: ["clustertriggerbindings", "eventlisteners", "triggerbindings", "triggertemplates", - "eventlisteners/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] -- apiGroups: ["triggers.tekton.dev"] - resources: ["clustertriggerbindings/status", "eventlisteners/status", "triggerbindings/status", - "triggertemplates/status"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] -- apiGroups: ["policy"] - resources: ["podsecuritypolicies"] - resourceNames: ["tekton-triggers"] - verbs: ["use"] - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tekton-triggers-controller - namespace: tekton-pipelines - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tekton-triggers-controller-admin - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers -subjects: -- kind: ServiceAccount - name: tekton-triggers-controller - namespace: tekton-pipelines -roleRef: - kind: ClusterRole - name: tekton-triggers-admin - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clustertriggerbindings.triggers.tekton.dev - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - triggers.tekton.dev/release: "devel" - version: "devel" -spec: - group: triggers.tekton.dev - scope: Cluster - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: ClusterTriggerBinding - plural: clustertriggerbindings - singular: clustertriggerbinding - shortNames: - - ctb - categories: - - tekton - - tekton-triggers - subresources: - status: {} - version: v1alpha1 - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: eventlisteners.triggers.tekton.dev - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - triggers.tekton.dev/release: "devel" - version: "devel" -spec: - group: triggers.tekton.dev - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: EventListener - plural: eventlisteners - singular: eventlistener - shortNames: - - el - categories: - - tekton - - tekton-triggers - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - version: v1alpha1 - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: triggerbindings.triggers.tekton.dev - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - triggers.tekton.dev/release: "devel" - version: "devel" -spec: - group: triggers.tekton.dev - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: TriggerBinding - plural: triggerbindings - singular: triggerbinding - shortNames: - - tb - categories: - - tekton - - tekton-triggers - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - version: v1alpha1 - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: triggertemplates.triggers.tekton.dev - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - triggers.tekton.dev/release: "devel" - version: "devel" -spec: - group: triggers.tekton.dev - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - names: - kind: TriggerTemplate - plural: triggertemplates - singular: triggertemplate - shortNames: - - tt - categories: - - tekton - - tekton-triggers - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - version: v1alpha1 - ---- -# Copyright 2020 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: triggers-webhook-certs - namespace: tekton-pipelines - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - triggers.tekton.dev/release: devel -# The data is populated at install time. ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.triggers.tekton.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - triggers.tekton.dev/release: devel -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: tekton-triggers-webhook - namespace: tekton-pipelines - failurePolicy: Fail - sideEffects: None - name: validation.webhook.triggers.tekton.dev ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.triggers.tekton.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - triggers.tekton.dev/release: devel -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: tekton-triggers-webhook - namespace: tekton-pipelines - failurePolicy: Fail - sideEffects: None - name: webhook.triggers.tekton.dev ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.triggers.tekton.dev - labels: - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - triggers.tekton.dev/release: devel -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: tekton-triggers-webhook - namespace: tekton-pipelines - failurePolicy: Fail - sideEffects: None - name: config.webhook.triggers.tekton.dev - namespaceSelector: - matchExpressions: - - key: triggers.tekton.dev/release - operator: Exists - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tekton-triggers-aggregate-edit - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: -- apiGroups: - - triggers.tekton.dev - resources: - - clustertriggerbindings - - eventlisteners - - triggerbindings - - triggertemplates - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tekton-triggers-aggregate-view - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: - - triggers.tekton.dev - resources: - - clustertriggerbindings - - eventlisteners - - triggerbindings - - triggertemplates - verbs: - - get - - list - - watch - ---- -# Copyright 2019 Tekton Authors LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging-triggers - namespace: tekton-pipelines - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers -data: - # Common configuration for all knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "sampling": { - "initial": 100, - "thereafter": 100 - }, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "", - "levelKey": "level", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "msg", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "", - "durationEncoder": "", - "callerEncoder": "" - } - } - # Log level overrides - loglevel.controller: "info" - loglevel.webhook: "info" - loglevel.eventlistener: "info" - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability-triggers - namespace: tekton-pipelines - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_revision" resource type. Setting this - # flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - ---- -# Copyright 2019 Tekton Authors LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/name: controller - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/version: v0.5.0 - app.kubernetes.io/part-of: tekton-triggers - triggers.tekton.dev/release: "v0.5.0" - app: tekton-triggers-controller - version: "v0.5.0" - name: tekton-triggers-controller - namespace: tekton-pipelines -spec: - ports: - - name: http-metrics - port: 9090 - protocol: TCP - targetPort: 9090 - selector: - app.kubernetes.io/name: controller - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tekton-triggers-controller - namespace: tekton-pipelines - labels: - app.kubernetes.io/name: controller - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/version: v0.5.0 - app.kubernetes.io/part-of: tekton-triggers - # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml - triggers.tekton.dev/release: "v0.5.0" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: controller - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app.kubernetes.io/name: controller - app.kubernetes.io/component: controller - app.kubernetes.io/instance: default - app.kubernetes.io/version: v0.5.0 - app.kubernetes.io/part-of: tekton-triggers - app: tekton-triggers-controller - triggers.tekton.dev/release: "v0.5.0" - # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml - version: "v0.5.0" - spec: - serviceAccountName: tekton-triggers-controller - containers: - - name: tekton-triggers-controller - image: gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controller@sha256:5d71b1706da0e1a1673e3bdb1e230b28534698e1cb5b8604540083024fd7d58d - args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink@sha256:ddb43420d5e51065aeb730dc06ce555822590ebfd5b820835f875e3159d99901", - "-el-port", "8080", "-period-seconds", "10", "-failure-threshold", "1"] - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging-triggers - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability-triggers - - name: METRICS_DOMAIN - value: tekton.dev/triggers - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Service -metadata: - name: tekton-triggers-webhook - namespace: tekton-pipelines - labels: - app.kubernetes.io/name: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/version: v0.5.0 - app.kubernetes.io/part-of: tekton-triggers - app: tekton-triggers-webhook - version: "v0.5.0" - triggers.tekton.dev/release: "v0.5.0" -spec: - ports: - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app.kubernetes.io/name: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tekton-triggers-webhook - namespace: tekton-pipelines - labels: - app.kubernetes.io/name: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/version: v0.5.0 - app.kubernetes.io/part-of: tekton-triggers - # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml - triggers.tekton.dev/release: "v0.5.0" -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-triggers - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app.kubernetes.io/name: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: default - app.kubernetes.io/version: v0.5.0 - app.kubernetes.io/part-of: tekton-triggers - app: tekton-triggers-webhook - triggers.tekton.dev/release: "v0.5.0" - # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml - version: "v0.5.0" - spec: - serviceAccountName: tekton-triggers-controller - containers: - - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/webhook@sha256:c6986c68804ce3832bd1894249a39d37a0a46b3458a1cb29697a17b37df674ef - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging-triggers - - name: WEBHOOK_SERVICE_NAME - value: tekton-triggers-webhook - - name: WEBHOOK_SECRET_NAME - value: triggers-webhook-certs - - name: METRICS_DOMAIN - value: tekton.dev/triggers - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 - ---- diff --git a/tekton/1-Install/3-webhooks.yaml b/tekton/1-Install/3-webhooks.yaml deleted file mode 100644 index 7b2f40a..0000000 --- a/tekton/1-Install/3-webhooks.yaml +++ /dev/null @@ -1,356 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: tekton-webhooks-extension - name: tekton-webhooks-extension - namespace: tekton-pipelines ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: tekton-webhooks-extension - name: tekton-webhooks-extension-eventlistener - namespace: tekton-pipelines ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: tekton-webhooks-extension-minimal - namespace: tekton-pipelines -rules: -- apiGroups: - - extensions - resources: - - ingresses - - ingresses/status - verbs: - - delete - - create - - patch - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - pods - - services - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - "" - resources: - - pods/log - - namespaces - - events - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list - - create - - delete - - update - - watch -- apiGroups: - - extensions - - apps - resources: - - deployments - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - tekton.dev - resources: - - tasks - - clustertasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - - conditions - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - triggers.tekton.dev - resources: - - eventlisteners - - triggerbindings - - triggertemplates - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - tekton.dev - resources: - - taskruns/finalizers - - pipelineruns/finalizers - - tasks/status - - clustertasks/status - - taskruns/status - - pipelines/status - - pipelineruns/status - verbs: - - get - - list - - create - - update - - delete - - patch - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tekton-triggers-minimal -rules: -- apiGroups: - - tekton.dev - resources: - - tasks - - taskruns - verbs: - - get -- apiGroups: - - triggers.tekton.dev - resources: - - triggerbindings - - triggertemplates - - eventlisteners - verbs: - - get -- apiGroups: - - tekton.dev - resources: - - pipelineruns - - pipelineresources - - taskruns - verbs: - - create -- apiGroups: - - "" - resources: - - configmaps - verbs: - - list - - get - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tekton-webhooks-extension-minimal-cluster-powers -rules: -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - tekton.dev - resources: - - pipelines - - pipelineruns - verbs: - - get - - list - - watch -- apiGroups: - - triggers.tekton.dev - resources: - - pipelines - - pipelineruns - - tasks - - taskruns - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: tekton-webhooks-extension-minimal - namespace: tekton-pipelines -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: tekton-webhooks-extension-minimal -subjects: -- kind: ServiceAccount - name: tekton-webhooks-extension - namespace: tekton-pipelines ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tekton-webhooks-extension-eventlistener-minimal -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-triggers-minimal -subjects: -- kind: ServiceAccount - name: tekton-webhooks-extension-eventlistener - namespace: tekton-pipelines ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tekton-webhooks-extension-minimal-cluster-powers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-webhooks-extension-minimal-cluster-powers -subjects: -- kind: ServiceAccount - name: tekton-webhooks-extension - namespace: tekton-pipelines ---- -apiVersion: v1 -kind: Service -metadata: - name: tekton-webhooks-extension-validator - namespace: tekton-pipelines -spec: - ports: - - port: 80 - protocol: TCP - targetPort: 8080 - selector: - app: tekton-webhooks-extension-validator - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - tekton-dashboard-bundle-location: web/extension.33e1ae7b.js - tekton-dashboard-display-name: Webhooks - tekton-dashboard-endpoints: webhooks.web - labels: - app: webhooks-extension - tekton-dashboard-extension: "true" - name: webhooks-extension - namespace: tekton-pipelines -spec: - ports: - - port: 8080 - targetPort: 8080 - selector: - app: webhooks-extension - type: NodePort ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tekton-webhooks-extension-validator - namespace: tekton-pipelines -spec: - replicas: 1 - selector: - matchLabels: - app: tekton-webhooks-extension-validator - template: - metadata: - labels: - app: tekton-webhooks-extension-validator - spec: - containers: - - env: - - name: INSTALLED_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: gcr.io/tekton-releases/github.com/tektoncd/experimental/webhooks-extension/cmd/interceptor@sha256:f029e6b5bbeae6efaff1ebd4db6d8bce17cfed3ed93ed8999428c6fb1e09a946 - name: validate - serviceAccountName: tekton-webhooks-extension ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: webhooks-extension - name: webhooks-extension - namespace: tekton-pipelines -spec: - replicas: 1 - selector: - matchLabels: - app: webhooks-extension - template: - metadata: - labels: - app: webhooks-extension - spec: - containers: - - env: - - name: PORT - value: "8080" - - name: INSTALLED_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DOCKER_REGISTRY_LOCATION - value: DOCKER_REPO - - name: WEB_RESOURCES_DIR - value: web - - name: WEBHOOK_CALLBACK_URL - value: http://listener.IPADDRESS.nip.io - - name: SSL_VERIFICATION_ENABLED - value: "false" - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - image: gcr.io/tekton-releases/github.com/tektoncd/experimental/webhooks-extension/cmd/extension@sha256:b76dedeb9dae1a88fe359fab3ac6cac058d7bf9d41906b9b22a20f67e671dd7c - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /liveness - port: 8080 - name: webhooks-extension - ports: - - containerPort: 8080 - readinessProbe: - httpGet: - path: /readiness - port: 8080 - serviceAccountName: tekton-webhooks-extension ---- diff --git a/tekton/1-Install/4-dashboard.yaml b/tekton/1-Install/4-dashboard.yaml deleted file mode 100644 index 7053115..0000000 --- a/tekton/1-Install/4-dashboard.yaml +++ /dev/null @@ -1,349 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: extensions.dashboard.tekton.dev -spec: - group: dashboard.tekton.dev - names: - categories: - - tekton - - tekton-dashboard - kind: Extension - plural: extensions - scope: Namespaced - subresources: - status: {} - version: v1alpha1 ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: tekton-dashboard - name: tekton-dashboard - namespace: tekton-pipelines ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tekton-dashboard-minimal - namespace: tekton-pipelines -rules: -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - update - - patch -- apiGroups: - - "" - resources: - - pods - - services - verbs: - - create - - update - - delete - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - update - - delete -- apiGroups: - - extensions - - apps - resources: - - deployments - verbs: - - create - - update - - delete - - patch -- apiGroups: - - tekton.dev - resources: - - tasks - - clustertasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - - conditions - verbs: - - create - - update - - delete - - patch -- apiGroups: - - tekton.dev - resources: - - taskruns/finalizers - - pipelineruns/finalizers - verbs: - - create - - update - - delete - - patch -- apiGroups: - - tekton.dev - resources: - - tasks/status - - clustertasks/status - - taskruns/status - - pipelines/status - - pipelineruns/status - verbs: - - create - - update - - delete - - patch -- apiGroups: - - dashboard.tekton.dev - resources: - - extensions - verbs: - - create - - update - - delete - - patch -- apiGroups: - - triggers.tekton.dev - resources: - - clustertriggerbindings - - eventlisteners - - triggerbindings - - triggertemplates - verbs: - - create - - update - - delete - - patch - - add -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - delete -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list -- apiGroups: - - security.openshift.io - resources: - - securitycontextconstraints - verbs: - - use -- apiGroups: - - route.openshift.io - resources: - - routes - verbs: - - get - - list -- apiGroups: - - extensions - - apps - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods - - services - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - pods/log - - namespaces - - events - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch -- apiGroups: - - extensions - - apps - resources: - - deployments - verbs: - - get - - list - - watch -- apiGroups: - - tekton.dev - resources: - - tasks - - clustertasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - - conditions - verbs: - - get - - list - - watch -- apiGroups: - - tekton.dev - resources: - - taskruns/finalizers - - pipelineruns/finalizers - verbs: - - get - - list - - watch -- apiGroups: - - tekton.dev - resources: - - tasks/status - - clustertasks/status - - taskruns/status - - pipelines/status - - pipelineruns/status - verbs: - - get - - list - - watch -- apiGroups: - - dashboard.tekton.dev - resources: - - extensions - verbs: - - get - - list - - watch -- apiGroups: - - triggers.tekton.dev - resources: - - clustertriggerbindings - - eventlisteners - - triggerbindings - - triggertemplates - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: tekton-dashboard-minimal -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: tekton-dashboard-minimal -subjects: -- kind: ServiceAccount - name: tekton-dashboard - namespace: tekton-pipelines ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: tekton-dashboard - dashboard.tekton.dev/release: v0.6.1.5 - version: v0.6.1.5 - name: tekton-dashboard - namespace: tekton-pipelines -spec: - ports: - - name: http - port: 9097 - protocol: TCP - targetPort: 9097 - selector: - app: tekton-dashboard ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: tekton-dashboard - dashboard.tekton.dev/release: v0.6.1.5 - version: v0.6.1.5 - name: tekton-dashboard - namespace: tekton-pipelines -spec: - replicas: 1 - selector: - matchLabels: - app: tekton-dashboard - template: - metadata: - labels: - app: tekton-dashboard - name: tekton-dashboard - spec: - containers: - - env: - - name: PORT - value: "9097" - - name: READ_ONLY - value: "false" - - name: WEB_RESOURCES_DIR - value: /var/run/ko/web - - name: CSRF_SECURE_COOKIE - value: "false" - - name: TRIGGERS_NAMESPACE - value: tekton-pipelines - - name: PIPELINE_NAMESPACE - value: tekton-pipelines - - name: INSTALLED_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:ca22f87e8bec86cf91833aa3996cf9d316313628870eb74c1ea9a73bea77c83d - livenessProbe: - httpGet: - path: /health - port: 9097 - name: tekton-dashboard - ports: - - containerPort: 9097 - readinessProbe: - httpGet: - path: /readiness - port: 9097 - serviceAccountName: tekton-dashboard - ---- diff --git a/tekton/1-Install/5-dashboard-ingress.yaml b/tekton/1-Install/5-dashboard-ingress.yaml deleted file mode 100644 index 855a305..0000000 --- a/tekton/1-Install/5-dashboard-ingress.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: tekton-dashboard-auth - namespace: tekton-pipelines - annotations: - kube-1password: mr6spkkx7n3memkbute6ojaarm - kube-1password/vault: Kubernetes -type: Opaque ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tekton-dashboard-auth - namespace: tekton-pipelines - labels: - app: tekton-dashboard-auth -spec: - replicas: 1 - selector: - matchLabels: - app: tekton-dashboard-auth - template: - metadata: - labels: - app: tekton-dashboard-auth - spec: - containers: - - args: - - --cookie-secure=false - - --provider=oidc - - --provider-display-name=Auth0 - - --upstream=http://tekton-dashboard.tekton-pipelines.svc.cluster.local:9097 - - --http-address=$(HOST_IP):8080 - - --redirect-url=https://tekton.cluster.fun/oauth2/callback - - --email-domain=marcusnoble.co.uk - - --pass-basic-auth=false - - --pass-access-token=false - - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ - - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN - env: - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: OAUTH2_PROXY_CLIENT_ID - valueFrom: - secretKeyRef: - key: username - name: tekton-dashboard-auth - - name: OAUTH2_PROXY_CLIENT_SECRET - valueFrom: - secretKeyRef: - key: password - name: tekton-dashboard-auth - image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 - name: oauth-proxy - ports: - - containerPort: 8080 - protocol: TCP ---- -apiVersion: v1 -kind: Service -metadata: - name: tekton-dashboard-auth - namespace: tekton-pipelines - labels: - app: tekton-dashboard-auth -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 8080 - selector: - app: tekton-dashboard-auth - type: ClusterIP ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: tekton-dashboard-auth - namespace: tekton-pipelines - labels: - app: tekton-dashboard-auth - annotations: - cert-manager.io/cluster-issuer: letsencrypt - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -spec: - tls: - - hosts: - - tekton.cluster.fun - secretName: tekton-dashboard-ingress - rules: - - host: tekton.cluster.fun - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: tekton-dashboard-auth - port: - number: 80 diff --git a/tekton/2-Setup/docker-creds.yaml b/tekton/2-Setup/docker-creds.yaml deleted file mode 100644 index 3ec6db4..0000000 --- a/tekton/2-Setup/docker-creds.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: docker-creds - namespace: tekton-pipelines - annotations: - kube-1password: kgpbumszi4stqgyzg4kqrttxam - kube-1password/vault: Kubernetes - tekton.dev/docker-0: https://docker.cluster.fun/averagemarcus -type: Opaque - ---- - -apiVersion: v1 -kind: Secret -metadata: - name: docker-config - namespace: tekton-pipelines - annotations: - kube-1password: i6ngbk5zf4k52xgwdwnfup5bby - kube-1password/vault: Kubernetes - kube-1password/secret-text-key: config.json -type: Opaque diff --git a/tekton/2-Setup/eventlistener-rbac.yaml b/tekton/2-Setup/eventlistener-rbac.yaml deleted file mode 100644 index f60f99a..0000000 --- a/tekton/2-Setup/eventlistener-rbac.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: eventlistener - namespace: tekton-pipelines - ---- - -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: eventlistener - namespace: tekton-pipelines -rules: -- apiGroups: ["triggers.tekton.dev"] - resources: ["eventlisteners", "triggerbindings", "triggertemplates"] - verbs: ["get"] -- apiGroups: [""] - resources: ["configmaps", "secrets", "serviceaccounts"] - verbs: ["get", "list", "watch"] -- apiGroups: ["tekton.dev"] - resources: ["pipelineruns", "pipelineresources", "taskruns"] - verbs: ["create"] - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: eventlistener - namespace: tekton-pipelines -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: eventlistener -subjects: -- kind: ServiceAccount - name: eventlistener - namespace: tekton-pipelines diff --git a/tekton/2-Setup/gitea-creds.yaml b/tekton/2-Setup/gitea-creds.yaml deleted file mode 100644 index 25af380..0000000 --- a/tekton/2-Setup/gitea-creds.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: gitea-access-token - namespace: tekton-pipelines - annotations: - kube-1password: u45tpgj33bnxl6iz3kwgaf44va - kube-1password/vault: Kubernetes - kube-1password/password-key: access-token -type: Opaque - ---- - -apiVersion: v1 -kind: Secret -metadata: - name: gitea-creds - namespace: tekton-pipelines - annotations: - kube-1password: 3jgo56jlsrdxilf2vdp5zsw6lq - kube-1password/vault: Kubernetes - tekton.dev/git-0: https://git.cluster.fun -type: kubernetes.io/basic-auth -data: - username: "" - password: "" diff --git a/tekton/2-Setup/kubeconfig-creds.yaml b/tekton/2-Setup/kubeconfig-creds.yaml deleted file mode 100644 index 22f0748..0000000 --- a/tekton/2-Setup/kubeconfig-creds.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: kubeconfig - namespace: tekton-pipelines - annotations: - kube-1password: ppvndbst3pdqpvfaavgy7mkluq - kube-1password/vault: Kubernetes - kube-1password/secret-text-key: config -type: Opaque diff --git a/tekton/2-Setup/serviceaccounts.yaml b/tekton/2-Setup/serviceaccounts.yaml deleted file mode 100644 index 2975e65..0000000 --- a/tekton/2-Setup/serviceaccounts.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: deploy-project - namespace: tekton-pipelines -secrets: - - name: docker-creds - - name: gitea-creds - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: pr-project - namespace: tekton-pipelines -secrets: - - name: docker-creds - - name: gitea-creds diff --git a/tekton/README.md b/tekton/README.md deleted file mode 100644 index b9b60a3..0000000 --- a/tekton/README.md +++ /dev/null @@ -1,32 +0,0 @@ -# tekton-cicd - -## Features - -- Install Tekton along with Triggers, Webhook support and the dashboard -- Configures an eventlistener for Gitea -- Defines standard PR and Deploy pipelines - -## Install - -```sh -kubectl apply --recursive -f ./ -``` - -## Custom Docker images used - -### gitea-pr-state - -`docker pull docker.cluster.fun/averagemarcus/gitea-pr-state:latest` - -> Sets the state of a commit in Gitea. This is used to set the CI status to pending or success on the PR. - -### ci-builder - -`docker pull docker.cluster.fun/averagemarcus/ci-builder:latest` - -> Used as a general-purpose Docker image with many common build tools included. This is used for running `make test` and `make build` without needing specific CI images for each project. - -## Resources - -- [Tekton](https://tekton.dev/) -- [Tekton Docs](https://tekton.dev/docs/) diff --git a/tekton/bindings/gitea.yaml b/tekton/bindings/gitea.yaml deleted file mode 100644 index bd0f79f..0000000 --- a/tekton/bindings/gitea.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: triggers.tekton.dev/v1alpha1 -kind: TriggerBinding -metadata: - name: gitea-binding - namespace: tekton-pipelines -spec: - params: - - name: gitrevision - value: $(body.commit_sha) - - name: gitref - value: $(body.ref) - - name: gitrepositoryurl - value: $(body.repository.html_url) - - name: gitbranch - value: $(body.branch) - - name: projectname - value: $(body.repository.name) - - name: isprivate - value: $(body.repository.private) - - name: prid - value: $(body.number) diff --git a/tekton/conditions/has-makefile.yaml b/tekton/conditions/has-makefile.yaml deleted file mode 100644 index b3e59b0..0000000 --- a/tekton/conditions/has-makefile.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: tekton.dev/v1alpha1 -kind: Condition -metadata: - name: has-makefile - namespace: tekton-pipelines -spec: - resources: - - name: src - type: git - check: - image: alpine - script: 'test -f $(resources.src.path)/Makefile' diff --git a/tekton/conditions/public-project.yaml b/tekton/conditions/public-project.yaml deleted file mode 100644 index fd897b9..0000000 --- a/tekton/conditions/public-project.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: tekton.dev/v1alpha1 -kind: Condition -metadata: - name: is-public-project - namespace: tekton-pipelines -spec: - params: - - name: isprivate - check: - image: alpine - script: 'test $(params.isprivate) == false' ---- -apiVersion: tekton.dev/v1alpha1 -kind: Condition -metadata: - name: is-private-project - namespace: tekton-pipelines -spec: - params: - - name: isprivate - check: - image: alpine - script: 'test $(params.isprivate) == true' diff --git a/tekton/eventlisteners/webhook.yaml b/tekton/eventlisteners/webhook.yaml deleted file mode 100644 index ea0d01b..0000000 --- a/tekton/eventlisteners/webhook.yaml +++ /dev/null @@ -1,55 +0,0 @@ -apiVersion: triggers.tekton.dev/v1alpha1 -kind: EventListener -metadata: - name: webhook-listener - namespace: tekton-pipelines -spec: - serviceAccountName: eventlistener - triggers: - - name: pull-request - interceptors: - - cel: - filter: "header.match('X-GitHub-Event', 'pull_request') && body.action != 'closed'" - overlays: - - key: commit_sha - expression: "body.pull_request.head.sha" - - key: branch - expression: "body.pull_request.head.ref" - - key: ref - expression: "body.pull_request.head.ref" - bindings: - - name: gitea-binding - template: - name: pr-project - - name: deploy-master - interceptors: - - cel: - filter: "header.match('X-GitHub-Event', 'push') && body.ref.split('/')[2] == body.repository.default_branch" - overlays: - - key: commit_sha - expression: "body.after" - - key: branch - expression: "body.ref.split('/')[2]" - - key: ref - expression: "body.ref" - - key: number - expression: "0" - bindings: - - name: gitea-binding - template: - name: deploy-project - - name: tag - interceptors: - - cel: - filter: "header.match('X-GitHub-Event', 'create') && body.ref_type == 'tag'" - overlays: - - key: commit_sha - expression: "body.sha" - - key: ref - expression: "body.ref" - - key: number - expression: "0" - bindings: - - name: gitea-binding - template: - name: project-tag diff --git a/tekton/pipelines/deploy.yaml b/tekton/pipelines/deploy.yaml deleted file mode 100644 index 7a496db..0000000 --- a/tekton/pipelines/deploy.yaml +++ /dev/null @@ -1,128 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: deploy-project - namespace: tekton-pipelines -spec: - params: - - name: gitbranch - type: string - - name: gitrevision - type: string - - name: projectname - type: string - - name: isprivate - default: "true" - type: string - - name: dockerregistry - type: string - description: The Docker registry to push images to - default: docker.cluster.fun/private - - name: publicdockerregistry - type: string - description: The Docker registry to push images to - default: docker.cluster.fun/averagemarcus - - name: imagetag - type: string - description: The Docker image tag - default: latest - resources: - - name: git-source - type: git - tasks: - - name: build-and-publish-latest - taskRef: - name: docker-build-and-publish - params: - - name: IMAGE - value: $(params.dockerregistry)/$(params.projectname):$(params.imagetag) - resources: - inputs: - - name: src - resource: git-source - - name: build-and-publish-sha - taskRef: - name: docker-build-and-publish - params: - - name: IMAGE - value: $(params.dockerregistry)/$(params.projectname):$(params.gitrevision) - resources: - inputs: - - name: src - resource: git-source - - name: build-and-publish-public - conditions: - - conditionRef: is-public-project - params: - - name: isprivate - value: $(params.isprivate) - taskRef: - name: docker-build-and-publish - params: - - name: IMAGE - value: $(params.publicdockerregistry)/$(params.projectname):$(params.imagetag) - resources: - inputs: - - name: src - resource: git-source - - name: build-and-publish-sha-public - conditions: - - conditionRef: is-public-project - params: - - name: isprivate - value: $(params.isprivate) - taskRef: - name: docker-build-and-publish - params: - - name: IMAGE - value: $(params.publicdockerregistry)/$(params.projectname):$(params.gitrevision) - resources: - inputs: - - name: src - resource: git-source - - name: make-release-public - conditions: - - conditionRef: is-public-project - params: - - name: isprivate - value: $(params.isprivate) - taskRef: - name: make - runAfter: - - build-and-publish-sha-public - params: - - name: TARGET - value: "release" - - name: REPO - value: $(params.projectname) - - name: PR_ID - value: "" - - name: SHA - value: $(params.gitrevision) - resources: - inputs: - - name: src - resource: git-source - - name: make-release-private - conditions: - - conditionRef: is-private-project - params: - - name: isprivate - value: $(params.isprivate) - taskRef: - name: make - runAfter: - - build-and-publish-sha - params: - - name: TARGET - value: "release" - - name: REPO - value: $(params.projectname) - - name: PR_ID - value: "" - - name: SHA - value: $(params.gitrevision) - resources: - inputs: - - name: src - resource: git-source diff --git a/tekton/pipelines/pr.yaml b/tekton/pipelines/pr.yaml deleted file mode 100644 index bf7b9e1..0000000 --- a/tekton/pipelines/pr.yaml +++ /dev/null @@ -1,111 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: pr-project - namespace: tekton-pipelines -spec: - params: - - name: gitbranch - type: string - - name: gitrevision - type: string - - name: projectname - type: string - - name: prid - type: string - resources: - - name: git-source - type: git - tasks: - - name: pr-start - taskRef: - name: pr-status - params: - - name: REPO - value: $(params.projectname) - - name: SHA - value: $(params.gitrevision) - - name: STATE - value: "pending" - - name: make-test - # TODO: Re-enable when conditionals can result in skipped rather than failure - # conditions: - # - conditionRef: has-makefile - # resources: - # - name: src - # resource: git-source - taskRef: - name: make - params: - - name: TARGET - value: "test" - - name: REPO - value: $(params.projectname) - - name: PR_ID - value: $(params.prid) - - name: SHA - value: $(params.gitrevision) - resources: - inputs: - - name: src - resource: git-source - - name: make-build - # TODO: Re-enable when conditionals can result in skipped rather than failure - # conditions: - # - conditionRef: has-makefile - # resources: - # - name: src - # resource: git-source - taskRef: - name: make - params: - - name: TARGET - value: "build" - - name: REPO - value: $(params.projectname) - - name: PR_ID - value: $(params.prid) - - name: SHA - value: $(params.gitrevision) - resources: - inputs: - - name: src - resource: git-source - - name: make-ci - # TODO: Re-enable when conditionals can result in skipped rather than failure - # conditions: - # - conditionRef: has-makefile - # resources: - # - name: src - # resource: git-source - taskRef: - name: make - params: - - name: TARGET - value: "ci" - - name: REPO - value: $(params.projectname) - - name: PR_ID - value: $(params.prid) - - name: SHA - value: $(params.gitrevision) - resources: - inputs: - - name: src - resource: git-source - - name: pr-end - taskRef: - name: pr-status - runAfter: - - pr-start - - make-test - - make-build - - make-ci - params: - - name: REPO - value: $(params.projectname) - - name: SHA - value: $(params.gitrevision) - - name: STATE - value: "success" - diff --git a/tekton/pipelines/tag.yaml b/tekton/pipelines/tag.yaml deleted file mode 100644 index 26aadf6..0000000 --- a/tekton/pipelines/tag.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: project-tag - namespace: tekton-pipelines -spec: - params: - - name: projectname - type: string - - name: isprivate - default: "true" - type: string - - name: dockerregistry - type: string - description: The Docker registry to push images to - default: docker.cluster.fun/private - - name: publicdockerregistry - type: string - description: The Docker registry to push images to - default: docker.cluster.fun/averagemarcus - - name: imagetag - type: string - description: The Docker image tag - default: latest - resources: - - name: git-source - type: git - tasks: - - name: build-and-publish-tag - taskRef: - name: docker-build-and-publish - params: - - name: IMAGE - value: $(params.dockerregistry)/$(params.projectname):$(params.imagetag) - resources: - inputs: - - name: src - resource: git-source - - name: build-and-publish-tag-public - conditions: - - conditionRef: is-public-project - params: - - name: isprivate - value: $(params.isprivate) - taskRef: - name: docker-build-and-publish - params: - - name: IMAGE - value: $(params.publicdockerregistry)/$(params.projectname):$(params.imagetag) - resources: - inputs: - - name: src - resource: git-source diff --git a/tekton/tasks/docker-build-and-publish.yaml b/tekton/tasks/docker-build-and-publish.yaml deleted file mode 100644 index d9faf22..0000000 --- a/tekton/tasks/docker-build-and-publish.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: docker-build-and-publish - namespace: tekton-pipelines -spec: - params: - - name: DOCKERFILE - type: string - description: The path to the dockerfile to build - default: Dockerfile - - name: CONTEXT - type: string - description: The build context used by Docker. - default: . - - name: IMAGE - type: string - resources: - inputs: - - name: src - type: git - results: - - name: IMAGE_DIGEST - description: Digest of the image just built. - steps: - - name: build-and-push - workingDir: /workspace/src - image: moby/buildkit:latest - env: - - name: DOCKER_CONFIG - value: /root/.docker - command: - - sh - - -c - - | - PLATFORMS=$(grep 'PLATFORMS ?= ' Makefile | sed -E 's/^PLATFORMS \?= (.+)$/\1/') - if [ -z $PLATFORMS ]; then - PLATFORMS=linux/amd64 - fi - - buildctl-daemonless.sh --debug \ - build \ - --progress=plain \ - --frontend=dockerfile.v0 \ - --opt filename=$(params.DOCKERFILE) \ - --opt platform=${PLATFORMS} \ - --local context=$(params.CONTEXT) \ - --local dockerfile=. \ - --output type=image,name=$(params.IMAGE),push=true \ - --export-cache type=inline \ - --import-cache type=registry,ref=$(params.IMAGE) - securityContext: - privileged: true - volumeMounts: - - name: docker-config - mountPath: /root/.docker/config.json - subPath: config.json - volumes: - - name: docker-config - secret: - secretName: docker-config - - - diff --git a/tekton/tasks/kubectl-apply-files.yaml b/tekton/tasks/kubectl-apply-files.yaml deleted file mode 100644 index 8aea5f1..0000000 --- a/tekton/tasks/kubectl-apply-files.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: kubectl-apply-files - namespace: tekton-pipelines -spec: - params: - - name: DIRECTORY - description: Directory of kubernetes manifest files - steps: - - name: kubectl-apply - image: gcr.io/cloud-builders/kubectl - script: | - kubectl apply --recursive -f $(params.DIRECTORY) diff --git a/tekton/tasks/kubectl-apply-inline.yaml b/tekton/tasks/kubectl-apply-inline.yaml deleted file mode 100644 index ff83bee..0000000 --- a/tekton/tasks/kubectl-apply-inline.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: kubectl-apply-inline - namespace: tekton-pipelines -spec: - params: - - name: MANIFEST - description: Content of the resource to deploy - steps: - - name: kubectl-apply - image: gcr.io/cloud-builders/kubectl - script: | - echo "$(params.MANIFEST)" | kubectl apply -f - diff --git a/tekton/tasks/kubectl-patch-image.yaml b/tekton/tasks/kubectl-patch-image.yaml deleted file mode 100644 index 869b919..0000000 --- a/tekton/tasks/kubectl-patch-image.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: kubectl-patch-image - namespace: tekton-pipelines -spec: - params: - - name: NAMESPACE - default: "default" - description: The namespace the kubernetes resource is in - - name: RESOURCE_TYPE - default: "deployment" - description: The type of Kubernetes resource - - name: NAME - description: The name of the resource - - name: CONTAINER_NAME - description: The name of the container to patch - default: "*" # defaults to updating _all_ containers - - name: IMAGE - description: The new image to use - steps: - - name: kubectl-patch-image - image: gcr.io/cloud-builders/kubectl - script: | - kubectl --namespace $(params.NAMESPACE) set image $(params.RESOURCE_TYPE) $(params.NAME) $(params.CONTAINER_NAME)=$(params.IMAGE) diff --git a/tekton/tasks/make.yaml b/tekton/tasks/make.yaml deleted file mode 100644 index cea1584..0000000 --- a/tekton/tasks/make.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: make - namespace: tekton-pipelines -spec: - params: - - name: TARGET - description: The make target to run - - name: REPO - description: The name of the repo - - name: PR_ID - description: The ID of the pull request - - name: SHA - description: The commit sha - resources: - inputs: - - name: src - type: git - steps: - - name: make - workingDir: /workspace/src - image: docker.cluster.fun/averagemarcus/ci-builder:latest - script: | - make --dry-run $(params.TARGET) &> /dev/null || (echo "No '$(params.TARGET)' target found, skipping" && exit 0) - make $(params.TARGET) - env: - - name: REPO - value: $(params.REPO) - - name: PR_ID - value: $(params.PR_ID) - - name: SHA - value: $(params.SHA) - - name: ACCESS_TOKEN - valueFrom: - secretKeyRef: - name: gitea-access-token - key: access-token - - name: KUBECONFIG - value: /root/.kube/config - volumeMounts: - - name: kubeconfig - mountPath: /root/.kube/config - subPath: config - volumes: - - name: kubeconfig - secret: - secretName: kubeconfig diff --git a/tekton/tasks/pr-status.yaml b/tekton/tasks/pr-status.yaml deleted file mode 100644 index 80e5201..0000000 --- a/tekton/tasks/pr-status.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: Task -metadata: - name: pr-status - namespace: tekton-pipelines -spec: - params: - - name: REPO - description: The name of the repo - - name: SHA - description: The git SHA to update the status of - - name: STATE - description: The state to set the status to (pending, success, error, failure or warning) - default: "pending" - steps: - - name: pr-status-update - image: docker.cluster.fun/averagemarcus/gitea-pr-status:latest - env: - - name: ACCESS_TOKEN - valueFrom: - secretKeyRef: - name: gitea-access-token - key: access-token - args: - - "AverageMarcus/$(params.REPO)" - - "$(params.SHA)" - - "$(params.STATE)" diff --git a/tekton/triggertemplates/deploy.yaml b/tekton/triggertemplates/deploy.yaml deleted file mode 100644 index cbdd6d6..0000000 --- a/tekton/triggertemplates/deploy.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: triggers.tekton.dev/v1alpha1 -kind: TriggerTemplate -metadata: - name: deploy-project - namespace: tekton-pipelines -spec: - params: - - name: gitrevision - description: The git revision - - name: gitrepositoryurl - description: The git repository url - - name: gitbranch - description: The branch of the PR - - name: gitref - description: The ref of the PR - - name: projectname - description: The name of the git project - - name: isprivate - description: If the git project is set to private - default: "true" - resourcetemplates: - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: deploy-$(params.projectname)- - spec: - pipelineRef: - name: deploy-project - serviceAccountName: deploy-project - params: - - name: gitbranch - value: $(params.gitbranch) - - name: gitref - value: $(params.gitref) - - name: gitrevision - value: $(params.gitrevision) - - name: projectname - value: $(params.projectname) - - name: isprivate - value: $(params.isprivate) - resources: - - name: git-source - resourceSpec: - type: git - params: - - name: revision - value: $(params.gitrevision) - - name: url - value: $(params.gitrepositoryurl) diff --git a/tekton/triggertemplates/pr.yaml b/tekton/triggertemplates/pr.yaml deleted file mode 100644 index f31cbbf..0000000 --- a/tekton/triggertemplates/pr.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: triggers.tekton.dev/v1alpha1 -kind: TriggerTemplate -metadata: - name: pr-project - namespace: tekton-pipelines -spec: - params: - - name: gitrevision - description: The git revision - - name: gitrepositoryurl - description: The git repository url - - name: gitbranch - description: The branch of the PR - - name: gitref - description: The ref of the PR - - name: projectname - description: The name of the git project - - name: prid - description: The number of the PR - resourcetemplates: - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: pr-$(params.projectname)- - spec: - pipelineRef: - name: pr-project - serviceAccountName: pr-project - params: - - name: gitbranch - value: $(params.gitbranch) - - name: gitrevision - value: $(params.gitrevision) - - name: projectname - value: $(params.projectname) - - name: prid - value: $(params.prid) - resources: - - name: git-source - resourceSpec: - type: git - params: - - name: revision - value: $(params.gitrevision) - - name: url - value: $(params.gitrepositoryurl) diff --git a/tekton/triggertemplates/tag.yaml b/tekton/triggertemplates/tag.yaml deleted file mode 100644 index d9ade4b..0000000 --- a/tekton/triggertemplates/tag.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: triggers.tekton.dev/v1alpha1 -kind: TriggerTemplate -metadata: - name: project-tag - namespace: tekton-pipelines -spec: - params: - - name: gitrevision - description: The git revision - - name: gitrepositoryurl - description: The git repository url - - name: gitbranch - description: The branch of the PR - - name: gitref - description: The ref of the PR - - name: projectname - description: The name of the git project - - name: isprivate - description: If the git project is set to private - default: "true" - resourcetemplates: - - apiVersion: tekton.dev/v1beta1 - kind: PipelineRun - metadata: - generateName: tag-$(params.projectname)- - spec: - pipelineRef: - name: project-tag - serviceAccountName: project-tag - params: - - name: gitbranch - value: $(params.gitbranch) - - name: gitref - value: $(params.gitref) - - name: gitrevision - value: $(params.gitrevision) - - name: projectname - value: $(params.projectname) - - name: isprivate - value: $(params.isprivate) - - name: imagetag - value: $(params.gitref) - resources: - - name: git-source - resourceSpec: - type: git - params: - - name: revision - value: $(params.gitrevision) - - name: url - value: $(params.gitrepositoryurl)