Compare commits
	
		
			21 Commits
		
	
	
		
			0d20f06cc7
			...
			increase_c
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 1e2ffc0717 | |||
| 2143baff65 | |||
| 15afc432d2 | |||
| 4a383437f3 | |||
| d42758f54c | |||
| 7a4b1c96bc | |||
| f18a30cd3e | |||
| 34fd00ae91 | |||
| 2f5659def7 | |||
| 0f0c30b9be | |||
| 471b6bc67e | |||
| f0d29be3f7 | |||
| 43c8b7b61e | |||
| e01e72641d | |||
| f64125d0b2 | |||
| 7ae4597187 | |||
| 3f3b1a7067 | |||
| e883d43d77 | |||
| 54354e3550 | |||
| b511c7e579 | |||
| 7741daa25a | 
							
								
								
									
										10
									
								
								Makefile
									
									
									
									
									
								
							
							
						
						
									
										10
									
								
								Makefile
									
									
									
									
									
								
							| @@ -17,7 +17,7 @@ format: | |||||||
|  |  | ||||||
| .PHONY: run-tests # Runs all tests | .PHONY: run-tests # Runs all tests | ||||||
| run-tests: | run-tests: | ||||||
| 	@echo "⚠️ 'run-tests' unimplemented" | 	@cd terraform && terraform plan | ||||||
|  |  | ||||||
| .PHONY: fetch-deps # Fetch all project dependencies | .PHONY: fetch-deps # Fetch all project dependencies | ||||||
| fetch-deps: | fetch-deps: | ||||||
| @@ -41,11 +41,9 @@ run: | |||||||
|  |  | ||||||
| .PHONY: ci # Perform CI specific tasks to perform on a pull request | .PHONY: ci # Perform CI specific tasks to perform on a pull request | ||||||
| ci: | ci: | ||||||
| 	@cd terraform | 	@PLAN=$(cd terraform && terraform plan ./terraform) && curl -X "POST" "https://git.cluster.fun/api/v1/repos/AverageMarcus/${REPO}/issues/${PR_ID}/comments?access_token=${ACCESS_TOKEN}" \ | ||||||
| 	@PLAN=$(terraform plan) |  | ||||||
| 	@curl -X "POST" "https://git.cluster.fun/api/v1/repos/AverageMarcus/${REPO}/issues/${PR_ID}/comments?access_token=${ACCESS_TOKEN}" \ |  | ||||||
| 		-H 'Content-Type: application/json; charset=utf-8' \ | 		-H 'Content-Type: application/json; charset=utf-8' \ | ||||||
| 		-d $'{"body": "<details><summary>Terraform Plan:</summary>'$PLAN'</details>"}' | 		-d $'{"body": "<details><summary>Terraform Plan:</summary>'"$PLAN"'</details>"}' | ||||||
|  |  | ||||||
| .PHONY: release # Release the latest version of the application | .PHONY: release # Release the latest version of the application | ||||||
| release: | release: | ||||||
| @@ -60,4 +58,4 @@ help: | |||||||
| 	@echo "-----------------------------------" | 	@echo "-----------------------------------" | ||||||
| 	@grep '^.PHONY: .* #' Makefile | sed 's/\.PHONY: \(.*\) # \(.*\)/\1	\2/' | expand -t20 | 	@grep '^.PHONY: .* #' Makefile | sed 's/\.PHONY: \(.*\) # \(.*\)/\1	\2/' | expand -t20 | ||||||
|  |  | ||||||
| default: test build | default: test | ||||||
|   | |||||||
| @@ -36,8 +36,11 @@ spec: | |||||||
|           name: web |           name: web | ||||||
|         resources: |         resources: | ||||||
|           limits: |           limits: | ||||||
|             memory: 20Mi |             memory: 10Mi | ||||||
|             cpu: 10m |  | ||||||
|  |           requests: | ||||||
|  |             memory: 10Mi | ||||||
|  |  | ||||||
| --- | --- | ||||||
| apiVersion: extensions/v1beta1 | apiVersion: extensions/v1beta1 | ||||||
| kind: Ingress | kind: Ingress | ||||||
|   | |||||||
| @@ -39,6 +39,11 @@ spec: | |||||||
|         ports: |         ports: | ||||||
|         - containerPort: 8000 |         - containerPort: 8000 | ||||||
|           name: web |           name: web | ||||||
|  |         resources: | ||||||
|  |           limits: | ||||||
|  |             memory: 200Mi | ||||||
|  |           requests: | ||||||
|  |             memory: 200Mi | ||||||
| --- | --- | ||||||
| apiVersion: extensions/v1beta1 | apiVersion: extensions/v1beta1 | ||||||
| kind: Ingress | kind: Ingress | ||||||
|   | |||||||
| @@ -39,6 +39,11 @@ spec: | |||||||
|         ports: |         ports: | ||||||
|         - containerPort: 80 |         - containerPort: 80 | ||||||
|           name: web |           name: web | ||||||
|  |         resources: | ||||||
|  |           limits: | ||||||
|  |             memory: 283Mi | ||||||
|  |           requests: | ||||||
|  |             memory: 283Mi | ||||||
| --- | --- | ||||||
| apiVersion: extensions/v1beta1 | apiVersion: extensions/v1beta1 | ||||||
| kind: Ingress | kind: Ingress | ||||||
|   | |||||||
| @@ -64,6 +64,11 @@ spec: | |||||||
|         ports: |         ports: | ||||||
|         - containerPort: 8080 |         - containerPort: 8080 | ||||||
|           protocol: TCP |           protocol: TCP | ||||||
|  |         resources: | ||||||
|  |           limits: | ||||||
|  |             memory: 50Mi | ||||||
|  |           requests: | ||||||
|  |             memory: 50Mi | ||||||
| --- | --- | ||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| kind: Service | kind: Service | ||||||
|   | |||||||
| @@ -22,10 +22,10 @@ spec: | |||||||
|     installCRDs: "true" |     installCRDs: "true" | ||||||
|     resources: |     resources: | ||||||
|       requests: |       requests: | ||||||
|         cpu: 10m |  | ||||||
|         memory: 32Mi |         memory: 32Mi | ||||||
|       limits: |       limits: | ||||||
|         cpu: 20m |  | ||||||
|         memory: 64Mi |         memory: 64Mi | ||||||
|  |  | ||||||
| --- | --- | ||||||
|   | |||||||
| @@ -23,7 +23,7 @@ metadata: | |||||||
|   name: cors-proxy |   name: cors-proxy | ||||||
|   namespace: cors-proxy |   namespace: cors-proxy | ||||||
| spec: | spec: | ||||||
|   replicas: 2 |   replicas: 1 | ||||||
|   selector: |   selector: | ||||||
|     matchLabels: |     matchLabels: | ||||||
|       app: cors-proxy |       app: cors-proxy | ||||||
|   | |||||||
| @@ -54,6 +54,11 @@ spec: | |||||||
|         ports: |         ports: | ||||||
|         - containerPort: 80 |         - containerPort: 80 | ||||||
|           name: web |           name: web | ||||||
|  |         resources: | ||||||
|  |           limits: | ||||||
|  |             memory: 50Mi | ||||||
|  |           requests: | ||||||
|  |             memory: 50Mi | ||||||
| --- | --- | ||||||
| apiVersion: extensions/v1beta1 | apiVersion: extensions/v1beta1 | ||||||
| kind: Ingress | kind: Ingress | ||||||
|   | |||||||
							
								
								
									
										115
									
								
								manifests/downloads.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										115
									
								
								manifests/downloads.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,115 @@ | |||||||
|  | apiVersion: v1 | ||||||
|  | kind: Namespace | ||||||
|  | metadata: | ||||||
|  |   name: downloads | ||||||
|  | --- | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Secret | ||||||
|  | metadata: | ||||||
|  |   name: downloads-auth | ||||||
|  |   namespace: downloads | ||||||
|  |   annotations: | ||||||
|  |     kube-1password: mr6spkkx7n3memkbute6ojaarm | ||||||
|  |     kube-1password/vault: Kubernetes | ||||||
|  | type: Opaque | ||||||
|  | --- | ||||||
|  | apiVersion: apps/v1 | ||||||
|  | kind: Deployment | ||||||
|  | metadata: | ||||||
|  |   name: downloads-auth | ||||||
|  |   namespace: downloads | ||||||
|  |   labels: | ||||||
|  |     app: downloads-auth | ||||||
|  | spec: | ||||||
|  |   replicas: 1 | ||||||
|  |   selector: | ||||||
|  |     matchLabels: | ||||||
|  |       app: downloads-auth | ||||||
|  |   template: | ||||||
|  |     metadata: | ||||||
|  |       labels: | ||||||
|  |         app: downloads-auth | ||||||
|  |     spec: | ||||||
|  |       containers: | ||||||
|  |       - args: | ||||||
|  |         - --cookie-secure=false | ||||||
|  |         - --provider=oidc | ||||||
|  |         - --provider-display-name=Auth0 | ||||||
|  |         - --upstream=http://inlets.inlets.svc.cluster.local | ||||||
|  |         - --http-address=$(HOST_IP):8080 | ||||||
|  |         - --redirect-url=https://downloads.cluster.fun/oauth2/callback | ||||||
|  |         - --email-domain=* | ||||||
|  |         - --pass-basic-auth=false | ||||||
|  |         - --pass-access-token=false | ||||||
|  |         - --oidc-issuer-url=https://marcusnoble.eu.auth0.com/ | ||||||
|  |         - --cookie-secret=KDGD6rrK6cBmryyZ4wcJ9xAUNW9AQN | ||||||
|  |         env: | ||||||
|  |         - name: HOST_IP | ||||||
|  |           valueFrom: | ||||||
|  |             fieldRef: | ||||||
|  |               apiVersion: v1 | ||||||
|  |               fieldPath: status.podIP | ||||||
|  |         - name: OAUTH2_PROXY_CLIENT_ID | ||||||
|  |           valueFrom: | ||||||
|  |             secretKeyRef: | ||||||
|  |               key: username | ||||||
|  |               name: downloads-auth | ||||||
|  |         - name: OAUTH2_PROXY_CLIENT_SECRET | ||||||
|  |           valueFrom: | ||||||
|  |             secretKeyRef: | ||||||
|  |               key: password | ||||||
|  |               name: downloads-auth | ||||||
|  |         image: quay.io/oauth2-proxy/oauth2-proxy:v5.1.1 | ||||||
|  |         name: oauth-proxy | ||||||
|  |         ports: | ||||||
|  |         - containerPort: 8080 | ||||||
|  |           protocol: TCP | ||||||
|  |         resources: | ||||||
|  |           limits: | ||||||
|  |             memory: 250Mi | ||||||
|  |           requests: | ||||||
|  |             memory: 250Mi | ||||||
|  | --- | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Service | ||||||
|  | metadata: | ||||||
|  |   name: downloads-auth | ||||||
|  |   namespace: downloads | ||||||
|  |   labels: | ||||||
|  |     app: downloads-auth | ||||||
|  | spec: | ||||||
|  |   ports: | ||||||
|  |   - name: http | ||||||
|  |     port: 80 | ||||||
|  |     protocol: TCP | ||||||
|  |     targetPort: 8080 | ||||||
|  |   selector: | ||||||
|  |     app: downloads-auth | ||||||
|  |   type: ClusterIP | ||||||
|  | --- | ||||||
|  | apiVersion: extensions/v1beta1 | ||||||
|  | kind: Ingress | ||||||
|  | metadata: | ||||||
|  |   name: downloads-auth | ||||||
|  |   namespace: downloads | ||||||
|  |   labels: | ||||||
|  |     app: downloads-auth | ||||||
|  |   annotations: | ||||||
|  |     cert-manager.io/cluster-issuer: letsencrypt | ||||||
|  |     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||||
|  |     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||||
|  |     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||||
|  | spec: | ||||||
|  |   tls: | ||||||
|  |   - hosts: | ||||||
|  |     - downloads.cluster.fun | ||||||
|  |     secretName: downloads-ingress | ||||||
|  |   rules: | ||||||
|  |   - host: downloads.cluster.fun | ||||||
|  |     http: | ||||||
|  |       paths: | ||||||
|  |       - path: / | ||||||
|  |         backend: | ||||||
|  |           serviceName: downloads-auth | ||||||
|  |           servicePort: 80 | ||||||
|  |  | ||||||
| @@ -1,67 +0,0 @@ | |||||||
| apiVersion: v1 |  | ||||||
| kind: Namespace |  | ||||||
| metadata: |  | ||||||
|   name: ghost |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| apiVersion: helm.fluxcd.io/v1 |  | ||||||
| kind: HelmRelease |  | ||||||
| metadata: |  | ||||||
|   name: ghost |  | ||||||
|   namespace: ghost |  | ||||||
| spec: |  | ||||||
|   chart: |  | ||||||
|     repository: https://charts.bitnami.com/bitnami |  | ||||||
|     name: ghost |  | ||||||
|     version: 10.0.2 |  | ||||||
|   maxHistory: 4 |  | ||||||
|   values: |  | ||||||
|     ghostHost: www.chloehiggins.co.uk |  | ||||||
|     ghostUsername: chloe |  | ||||||
|     ghostEmail: ghost@chloes.email |  | ||||||
|     ghostBlogTitle: "Chloe's Website" |  | ||||||
|     service: |  | ||||||
|       type: ClusterIP |  | ||||||
|     mariadb: |  | ||||||
|       master: |  | ||||||
|         persistence: |  | ||||||
|           enabled: true |  | ||||||
|           size: 1Gi |  | ||||||
|     persistence: |  | ||||||
|       enabled: true |  | ||||||
|       size: 1Gi |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|  |  | ||||||
| apiVersion: extensions/v1beta1 |  | ||||||
| kind: Ingress |  | ||||||
| metadata: |  | ||||||
|   name: ghost |  | ||||||
|   namespace: ghost |  | ||||||
|   annotations: |  | ||||||
|     cert-manager.io/cluster-issuer: letsencrypt |  | ||||||
|     traefik.ingress.kubernetes.io/frontend-entry-points: http,https |  | ||||||
|     traefik.ingress.kubernetes.io/redirect-entry-point: https |  | ||||||
|     traefik.ingress.kubernetes.io/redirect-permanent: "true" |  | ||||||
| spec: |  | ||||||
|   tls: |  | ||||||
|   - hosts: |  | ||||||
|     - www.chloehiggins.co.uk |  | ||||||
|     - chloehiggins.co.uk |  | ||||||
|     secretName: ghost-ingress |  | ||||||
|   rules: |  | ||||||
|   - host: www.chloehiggins.co.uk |  | ||||||
|     http: |  | ||||||
|       paths: |  | ||||||
|       - path: / |  | ||||||
|         backend: |  | ||||||
|           serviceName: ghost-ghost |  | ||||||
|           servicePort: 80 |  | ||||||
|   - host: chloehiggins.co.uk |  | ||||||
|     http: |  | ||||||
|       paths: |  | ||||||
|       - path: / |  | ||||||
|         backend: |  | ||||||
|           serviceName: ghost-ghost |  | ||||||
|           servicePort: 80 |  | ||||||
| @@ -80,7 +80,7 @@ spec: | |||||||
|         resources: |         resources: | ||||||
|           requests: |           requests: | ||||||
|             memory: 400Mi |             memory: 400Mi | ||||||
|             cpu: 10m |  | ||||||
|         volumeMounts: |         volumeMounts: | ||||||
|         - mountPath: /data |         - mountPath: /data | ||||||
|           name: git-data |           name: git-data | ||||||
|   | |||||||
| @@ -37,25 +37,21 @@ spec: | |||||||
|       resources: |       resources: | ||||||
|         requests: |         requests: | ||||||
|           memory: 64Mi |           memory: 64Mi | ||||||
|           cpu: 10m |  | ||||||
|     core: |     core: | ||||||
|       resources: |       resources: | ||||||
|         requests: |         requests: | ||||||
|           memory: 64Mi |           memory: 64Mi | ||||||
|           cpu: 10m |  | ||||||
|     jobservice: |     jobservice: | ||||||
|       resources: |       resources: | ||||||
|         requests: |         requests: | ||||||
|           memory: 64Mi |           memory: 64Mi | ||||||
|           cpu: 10m |  | ||||||
|     registry: |     registry: | ||||||
|       registry: |       registry: | ||||||
|         resources: |         resources: | ||||||
|           requests: |           requests: | ||||||
|             memory: 64Mi |             memory: 64Mi | ||||||
|             cpu: 10m |  | ||||||
|       controller: |       controller: | ||||||
|         resources: |         resources: | ||||||
|           requests: |           requests: | ||||||
|             memory: 64Mi |             memory: 64Mi | ||||||
|             cpu: 10m |  | ||||||
|   | |||||||
| @@ -77,3 +77,27 @@ spec: | |||||||
|         backend: |         backend: | ||||||
|           serviceName: inlets |           serviceName: inlets | ||||||
|           servicePort: 80 |           servicePort: 80 | ||||||
|  | --- | ||||||
|  | apiVersion: extensions/v1beta1 | ||||||
|  | kind: Ingress | ||||||
|  | metadata: | ||||||
|  |   name: pyload | ||||||
|  |   namespace: inlets | ||||||
|  |   annotations: | ||||||
|  |     cert-manager.io/cluster-issuer: letsencrypt | ||||||
|  |     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||||
|  |     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||||
|  |     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||||
|  | spec: | ||||||
|  |   tls: | ||||||
|  |   - hosts: | ||||||
|  |     - pyload.cluster.fun | ||||||
|  |     secretName: pyload-ingress | ||||||
|  |   rules: | ||||||
|  |   - host: pyload.cluster.fun | ||||||
|  |     http: | ||||||
|  |       paths: | ||||||
|  |       - path: / | ||||||
|  |         backend: | ||||||
|  |           serviceName: inlets | ||||||
|  |           servicePort: 80 | ||||||
|   | |||||||
| @@ -53,11 +53,11 @@ data: | |||||||
|   rules.yaml: |- |   rules.yaml: |- | ||||||
|     rules: |     rules: | ||||||
|       - id: tekton-tasks |       - id: tekton-tasks | ||||||
|         # remove deployments and statefulsets without a label "application" |  | ||||||
|         resources: |         resources: | ||||||
|           - pods |           - pods | ||||||
|  |           - pipelineruns | ||||||
|         jmespath: "(metadata.labels.\"tekton.dev/pipeline\")" |         jmespath: "(metadata.labels.\"tekton.dev/pipeline\")" | ||||||
|         ttl: 1h |         ttl: 3h | ||||||
|  |  | ||||||
| --- | --- | ||||||
|  |  | ||||||
| @@ -93,7 +93,6 @@ spec: | |||||||
|           limits: |           limits: | ||||||
|             memory: 100Mi |             memory: 100Mi | ||||||
|           requests: |           requests: | ||||||
|             cpu: 5m |  | ||||||
|             memory: 100Mi |             memory: 100Mi | ||||||
|         securityContext: |         securityContext: | ||||||
|           readOnlyRootFilesystem: true |           readOnlyRootFilesystem: true | ||||||
|   | |||||||
| @@ -58,4 +58,4 @@ spec: | |||||||
|     resources: |     resources: | ||||||
|       requests: |       requests: | ||||||
|         memory: 500Mi |         memory: 500Mi | ||||||
|         cpu: 50m |  | ||||||
|   | |||||||
							
								
								
									
										114
									
								
								manifests/nodered.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										114
									
								
								manifests/nodered.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,114 @@ | |||||||
|  | apiVersion: v1 | ||||||
|  | kind: Namespace | ||||||
|  | metadata: | ||||||
|  |   name: node-red | ||||||
|  | --- | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Secret | ||||||
|  | metadata: | ||||||
|  |   name: node-red | ||||||
|  |   namespace: node-red | ||||||
|  |   annotations: | ||||||
|  |     kube-1password: to62npgx5vvlknphuytg7qgrny | ||||||
|  |     kube-1password/vault: Kubernetes | ||||||
|  |     kube-1password/secret-text-key: settings.js | ||||||
|  | type: Opaque | ||||||
|  | --- | ||||||
|  | kind: PersistentVolumeClaim | ||||||
|  | apiVersion: v1 | ||||||
|  | metadata: | ||||||
|  |   name: node-red | ||||||
|  |   namespace: node-red | ||||||
|  | spec: | ||||||
|  |   accessModes: | ||||||
|  |     - ReadWriteOnce | ||||||
|  |   resources: | ||||||
|  |     requests: | ||||||
|  |       storage: 5Gi | ||||||
|  | --- | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: Service | ||||||
|  | metadata: | ||||||
|  |   name: node-red | ||||||
|  |   namespace: node-red | ||||||
|  | spec: | ||||||
|  |   type: ClusterIP | ||||||
|  |   ports: | ||||||
|  |   - port: 80 | ||||||
|  |     targetPort: web | ||||||
|  |     name: web | ||||||
|  |   selector: | ||||||
|  |     app: node-red | ||||||
|  | --- | ||||||
|  | apiVersion: apps/v1 | ||||||
|  | kind: Deployment | ||||||
|  | metadata: | ||||||
|  |   name: node-red | ||||||
|  |   namespace: node-red | ||||||
|  | spec: | ||||||
|  |   replicas: 1 | ||||||
|  |   selector: | ||||||
|  |     matchLabels: | ||||||
|  |       app: node-red | ||||||
|  |   template: | ||||||
|  |     metadata: | ||||||
|  |       labels: | ||||||
|  |         app: node-red | ||||||
|  |     spec: | ||||||
|  |       securityContext: | ||||||
|  |         fsGroup: 1000 | ||||||
|  |       initContainers: | ||||||
|  |       - name: config-copy | ||||||
|  |         image: bash:latest | ||||||
|  |         imagePullPolicy: IfNotPresent | ||||||
|  |         args: | ||||||
|  |           - -c | ||||||
|  |           - | | ||||||
|  |             cp /config/settings.js /data/ | ||||||
|  |         volumeMounts: | ||||||
|  |           - name: config | ||||||
|  |             mountPath: /config/settings.js | ||||||
|  |             subPath: settings.js | ||||||
|  |           - name: data | ||||||
|  |             mountPath: /data | ||||||
|  |       containers: | ||||||
|  |       - name: web | ||||||
|  |         image: nodered/node-red:latest-12 | ||||||
|  |         imagePullPolicy: Always | ||||||
|  |         ports: | ||||||
|  |         - containerPort: 1880 | ||||||
|  |           name: web | ||||||
|  |         volumeMounts: | ||||||
|  |           - name: data | ||||||
|  |             mountPath: /data | ||||||
|  |       volumes: | ||||||
|  |         - name: config | ||||||
|  |           secret: | ||||||
|  |             secretName: node-red | ||||||
|  |         - name: data | ||||||
|  |           persistentVolumeClaim: | ||||||
|  |             claimName: node-red | ||||||
|  | --- | ||||||
|  | apiVersion: extensions/v1beta1 | ||||||
|  | kind: Ingress | ||||||
|  | metadata: | ||||||
|  |   name: node-red | ||||||
|  |   namespace: node-red | ||||||
|  |   annotations: | ||||||
|  |     cert-manager.io/cluster-issuer: letsencrypt | ||||||
|  |     traefik.ingress.kubernetes.io/frontend-entry-points: http,https | ||||||
|  |     traefik.ingress.kubernetes.io/redirect-entry-point: https | ||||||
|  |     traefik.ingress.kubernetes.io/redirect-permanent: "true" | ||||||
|  | spec: | ||||||
|  |   tls: | ||||||
|  |   - hosts: | ||||||
|  |     - nodered.cluster.fun | ||||||
|  |     secretName: node-red-ingress | ||||||
|  |   rules: | ||||||
|  |   - host: nodered.cluster.fun | ||||||
|  |     http: | ||||||
|  |       paths: | ||||||
|  |       - path: / | ||||||
|  |         backend: | ||||||
|  |           serviceName: node-red | ||||||
|  |           servicePort: 80 | ||||||
| @@ -23,7 +23,7 @@ metadata: | |||||||
|   name: qr |   name: qr | ||||||
|   namespace: qr |   namespace: qr | ||||||
| spec: | spec: | ||||||
|   replicas: 2 |   replicas: 1 | ||||||
|   selector: |   selector: | ||||||
|     matchLabels: |     matchLabels: | ||||||
|       app: qr |       app: qr | ||||||
| @@ -39,6 +39,11 @@ spec: | |||||||
|         ports: |         ports: | ||||||
|         - containerPort: 8080 |         - containerPort: 8080 | ||||||
|           name: web |           name: web | ||||||
|  |         resources: | ||||||
|  |           limits: | ||||||
|  |             memory: 100Mi | ||||||
|  |           requests: | ||||||
|  |             memory: 100Mi | ||||||
| --- | --- | ||||||
| apiVersion: extensions/v1beta1 | apiVersion: extensions/v1beta1 | ||||||
| kind: Ingress | kind: Ingress | ||||||
|   | |||||||
| @@ -65,6 +65,11 @@ spec: | |||||||
|         ports: |         ports: | ||||||
|         - containerPort: 8080 |         - containerPort: 8080 | ||||||
|           name: web |           name: web | ||||||
|  |         resources: | ||||||
|  |           limits: | ||||||
|  |             memory: 308Mi | ||||||
|  |           requests: | ||||||
|  |             memory: 308Mi | ||||||
|         volumeMounts: |         volumeMounts: | ||||||
|           - mountPath: /data |           - mountPath: /data | ||||||
|             name: storage |             name: storage | ||||||
|   | |||||||
| @@ -14,3 +14,62 @@ spec: | |||||||
|       port: 443 |       port: 443 | ||||||
|       name: https |       name: https | ||||||
|   type: LoadBalancer |   type: LoadBalancer | ||||||
|  |  | ||||||
|  | --- | ||||||
|  |  | ||||||
|  | apiVersion: apps/v1 | ||||||
|  | kind: DaemonSet | ||||||
|  | metadata: | ||||||
|  |   labels: | ||||||
|  |     k8s-app: traefik-ingress-lb | ||||||
|  |     k8s.scw.cloud/ingress: traefik | ||||||
|  |     k8s.scw.cloud/object: DaemonSet | ||||||
|  |     k8s.scw.cloud/system: ingress | ||||||
|  |   name: ingress-traefik | ||||||
|  |   namespace: kube-system | ||||||
|  | spec: | ||||||
|  |   revisionHistoryLimit: 10 | ||||||
|  |   selector: | ||||||
|  |     matchLabels: | ||||||
|  |       k8s-app: traefik-ingress-lb | ||||||
|  |   template: | ||||||
|  |     metadata: | ||||||
|  |       labels: | ||||||
|  |         k8s-app: traefik-ingress-lb | ||||||
|  |         name: ingress-traefik | ||||||
|  |     spec: | ||||||
|  |       containers: | ||||||
|  |       - args: | ||||||
|  |         - --api | ||||||
|  |         - --kubernetes | ||||||
|  |         - --logLevel=INFO | ||||||
|  |         - --defaultentrypoints=http,https | ||||||
|  |         - --entrypoints=Name:https Address::443 TLS | ||||||
|  |         - --entrypoints=Name:http Address::80 | ||||||
|  |         - --accesslog | ||||||
|  |         - --accesslog.format=json | ||||||
|  |         image: docker.io/traefik:1.7 | ||||||
|  |         imagePullPolicy: IfNotPresent | ||||||
|  |         name: ingress-traefik | ||||||
|  |         ports: | ||||||
|  |         - containerPort: 80 | ||||||
|  |           hostPort: 80 | ||||||
|  |           name: http | ||||||
|  |           protocol: TCP | ||||||
|  |         - containerPort: 443 | ||||||
|  |           hostPort: 443 | ||||||
|  |           name: https | ||||||
|  |           protocol: TCP | ||||||
|  |         - containerPort: 8080 | ||||||
|  |           name: admin | ||||||
|  |           protocol: TCP | ||||||
|  |         securityContext: | ||||||
|  |           capabilities: | ||||||
|  |             add: | ||||||
|  |             - NET_BIND_SERVICE | ||||||
|  |             drop: | ||||||
|  |             - ALL | ||||||
|  |       dnsPolicy: ClusterFirst | ||||||
|  |       restartPolicy: Always | ||||||
|  |       serviceAccount: ingress-traefik | ||||||
|  |       serviceAccountName: ingress-traefik | ||||||
|   | |||||||
| @@ -4,6 +4,17 @@ metadata: | |||||||
|   name: twitter-profile-pic |   name: twitter-profile-pic | ||||||
| --- | --- | ||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
|  | kind: Secret | ||||||
|  | metadata: | ||||||
|  |   name: twitter-profile-pic | ||||||
|  |   namespace: twitter-profile-pic | ||||||
|  |   annotations: | ||||||
|  |     kube-1password: d2rt56v47q2wij47qgj27umrky | ||||||
|  |     kube-1password/vault: Kubernetes | ||||||
|  |     kube-1password/secret-text-key: .env | ||||||
|  | type: Opaque | ||||||
|  | --- | ||||||
|  | apiVersion: v1 | ||||||
| kind: Service | kind: Service | ||||||
| metadata: | metadata: | ||||||
|   name: twitter-profile-pic |   name: twitter-profile-pic | ||||||
| @@ -23,7 +34,7 @@ metadata: | |||||||
|   name: twitter-profile-pic |   name: twitter-profile-pic | ||||||
|   namespace: twitter-profile-pic |   namespace: twitter-profile-pic | ||||||
| spec: | spec: | ||||||
|   replicas: 2 |   replicas: 1 | ||||||
|   selector: |   selector: | ||||||
|     matchLabels: |     matchLabels: | ||||||
|       app: twitter-profile-pic |       app: twitter-profile-pic | ||||||
| @@ -39,6 +50,19 @@ spec: | |||||||
|         ports: |         ports: | ||||||
|         - containerPort: 9090 |         - containerPort: 9090 | ||||||
|           name: web |           name: web | ||||||
|  |         resources: | ||||||
|  |           limits: | ||||||
|  |             memory: 250Mi | ||||||
|  |           requests: | ||||||
|  |             memory: 250Mi | ||||||
|  |         volumeMounts: | ||||||
|  |           - name: dotenv | ||||||
|  |             mountPath: /app/.env | ||||||
|  |             subPath: .env | ||||||
|  |       volumes: | ||||||
|  |       - name: dotenv | ||||||
|  |         secret: | ||||||
|  |           secretName: twitter-profile-pic | ||||||
| --- | --- | ||||||
| apiVersion: extensions/v1beta1 | apiVersion: extensions/v1beta1 | ||||||
| kind: Ingress | kind: Ingress | ||||||
|   | |||||||
| @@ -34,6 +34,9 @@ spec: | |||||||
|   - port: 80 |   - port: 80 | ||||||
|     targetPort: 8080 |     targetPort: 8080 | ||||||
|     name: web |     name: web | ||||||
|  |   - port: 8000 | ||||||
|  |     targetPort: 8000 | ||||||
|  |     name: noauth | ||||||
|   selector: |   selector: | ||||||
|     app: website-to-remarkable |     app: website-to-remarkable | ||||||
| --- | --- | ||||||
| @@ -92,6 +95,11 @@ spec: | |||||||
|         ports: |         ports: | ||||||
|         - containerPort: 8080 |         - containerPort: 8080 | ||||||
|           protocol: TCP |           protocol: TCP | ||||||
|  |         resources: | ||||||
|  |           limits: | ||||||
|  |             memory: 125Mi | ||||||
|  |           requests: | ||||||
|  |             memory: 125Mi | ||||||
|       - name: web |       - name: web | ||||||
|         image: docker.cluster.fun/averagemarcus/website-to-remarkable:latest |         image: docker.cluster.fun/averagemarcus/website-to-remarkable:latest | ||||||
|         imagePullPolicy: Always |         imagePullPolicy: Always | ||||||
|   | |||||||
| @@ -11,6 +11,7 @@ | |||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
| # See the License for the specific language governing permissions and | # See the License for the specific language governing permissions and | ||||||
| # limitations under the License. | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| kind: Namespace | kind: Namespace | ||||||
| metadata: | metadata: | ||||||
| @@ -30,6 +31,7 @@ metadata: | |||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
| # See the License for the specific language governing permissions and | # See the License for the specific language governing permissions and | ||||||
| # limitations under the License. | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: policy/v1beta1 | apiVersion: policy/v1beta1 | ||||||
| kind: PodSecurityPolicy | kind: PodSecurityPolicy | ||||||
| metadata: | metadata: | ||||||
| @@ -60,24 +62,34 @@ spec: | |||||||
|       max: 65535 |       max: 65535 | ||||||
|  |  | ||||||
| --- | --- | ||||||
|  | # Copyright 2020 The Tekton Authors | ||||||
|  | # | ||||||
|  | # Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  | # you may not use this file except in compliance with the License. | ||||||
|  | # You may obtain a copy of the License at | ||||||
|  | # | ||||||
|  | #     https://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  | # | ||||||
|  | # Unless required by applicable law or agreed to in writing, software | ||||||
|  | # distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  | # See the License for the specific language governing permissions and | ||||||
|  | # limitations under the License. | ||||||
|  |  | ||||||
| kind: ClusterRole | kind: ClusterRole | ||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| metadata: | metadata: | ||||||
|   name: tekton-pipelines-admin |   name: tekton-pipelines-controller-cluster-access | ||||||
| rules: | rules: | ||||||
| - apiGroups: [""] | - apiGroups: [""] | ||||||
|   resources: ["pods", "pods/log", "namespaces", "secrets", "events", "serviceaccounts", |   # Namespace access is required because the controller timeout handling logic | ||||||
|     "configmaps", "persistentvolumeclaims", "limitranges"] |   # iterates over all namespaces and times out any PipelineRuns that have expired. | ||||||
|   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] |   # Pod access is required because the taskrun controller wants to be updated when | ||||||
| - apiGroups: ["apps"] |   # a Pod underlying a TaskRun changes state. | ||||||
|   resources: ["deployments"] |   resources: ["namespaces", "pods"] | ||||||
|   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] |   verbs: ["list", "watch"] | ||||||
| - apiGroups: ["apps"] |   # Controller needs cluster access to all of the CRDs that it is responsible for | ||||||
|   resources: ["deployments/finalizers"] |   # managing. | ||||||
|   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] |  | ||||||
| - apiGroups: ["admissionregistration.k8s.io"] |  | ||||||
|   resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] |  | ||||||
|   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] |  | ||||||
| - apiGroups: ["tekton.dev"] | - apiGroups: ["tekton.dev"] | ||||||
|   resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", |   resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", | ||||||
|     "conditions"] |     "conditions"] | ||||||
| @@ -93,6 +105,118 @@ rules: | |||||||
|   resources: ["podsecuritypolicies"] |   resources: ["podsecuritypolicies"] | ||||||
|   resourceNames: ["tekton-pipelines"] |   resourceNames: ["tekton-pipelines"] | ||||||
|   verbs: ["use"] |   verbs: ["use"] | ||||||
|  | --- | ||||||
|  | kind: ClusterRole | ||||||
|  | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
|  | metadata: | ||||||
|  |   # This is the access that the controller needs on a per-namespace basis. | ||||||
|  |   name: tekton-pipelines-controller-tenant-access | ||||||
|  | rules: | ||||||
|  | - apiGroups: [""] | ||||||
|  |   resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps", | ||||||
|  |     "persistentvolumeclaims", "limitranges"] | ||||||
|  |   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] | ||||||
|  |   # Unclear if this access is actually required.  Simply a hold-over from the previous | ||||||
|  |   # incarnation of the controller's ClusterRole. | ||||||
|  | - apiGroups: ["apps"] | ||||||
|  |   resources: ["deployments"] | ||||||
|  |   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] | ||||||
|  | - apiGroups: ["apps"] | ||||||
|  |   resources: ["deployments/finalizers"] | ||||||
|  |   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] | ||||||
|  | --- | ||||||
|  | kind: ClusterRole | ||||||
|  | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
|  | metadata: | ||||||
|  |   name: tekton-pipelines-webhook-cluster-access | ||||||
|  | rules: | ||||||
|  | - # The webhook needs to be able to list and update customresourcedefinitions, | ||||||
|  |   # mainly to update the webhook certificates. | ||||||
|  |   apiGroups: ["apiextensions.k8s.io"] | ||||||
|  |   resources: ["customresourcedefinitions", "customresourcedefinitions/status"] | ||||||
|  |   verbs: ["get", "list", "update", "patch", "watch"] | ||||||
|  | - apiGroups: ["admissionregistration.k8s.io"] | ||||||
|  |   # The webhook performs a reconciliation on these two resources and continuously | ||||||
|  |   # updates configuration. | ||||||
|  |   resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] | ||||||
|  |   # knative starts informers on these things, which is why we need get, list and watch. | ||||||
|  |   verbs: ["list", "watch"] | ||||||
|  | - apiGroups: ["admissionregistration.k8s.io"] | ||||||
|  |   resources: ["mutatingwebhookconfigurations"] | ||||||
|  |   # This mutating webhook is responsible for applying defaults to tekton objects | ||||||
|  |   # as they are received. | ||||||
|  |   resourceNames: ["webhook.pipeline.tekton.dev"] | ||||||
|  |   # When there are changes to the configs or secrets, knative updates the mutatingwebhook config | ||||||
|  |   # with the updated certificates or the refreshed set of rules. | ||||||
|  |   verbs: ["get", "update"] | ||||||
|  | - apiGroups: ["admissionregistration.k8s.io"] | ||||||
|  |   resources: ["validatingwebhookconfigurations"] | ||||||
|  |   # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns. | ||||||
|  |   # config.webhook.pipeline.tekton.dev validates the logging configuration against knative's logging structure | ||||||
|  |   resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"] | ||||||
|  |   # When there are changes to the configs or secrets, knative updates the validatingwebhook config | ||||||
|  |   # with the updated certificates or the refreshed set of rules. | ||||||
|  |   verbs: ["get", "update"] | ||||||
|  | - apiGroups: ["policy"] | ||||||
|  |   resources: ["podsecuritypolicies"] | ||||||
|  |   resourceNames: ["tekton-pipelines"] | ||||||
|  |   verbs: ["use"] | ||||||
|  |  | ||||||
|  | --- | ||||||
|  | # Copyright 2020 The Tekton Authors | ||||||
|  | # | ||||||
|  | # Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  | # you may not use this file except in compliance with the License. | ||||||
|  | # You may obtain a copy of the License at | ||||||
|  | # | ||||||
|  | #     https://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  | # | ||||||
|  | # Unless required by applicable law or agreed to in writing, software | ||||||
|  | # distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  | # See the License for the specific language governing permissions and | ||||||
|  | # limitations under the License. | ||||||
|  |  | ||||||
|  | kind: Role | ||||||
|  | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
|  | metadata: | ||||||
|  |   name: tekton-pipelines-controller | ||||||
|  |   namespace: tekton-pipelines | ||||||
|  | rules: | ||||||
|  | - apiGroups: [""] | ||||||
|  |   resources: ["configmaps"] | ||||||
|  |   verbs: ["list", "watch"] | ||||||
|  | - # The controller needs access to these configmaps for logging information and runtime configuration. | ||||||
|  |   apiGroups: [""] | ||||||
|  |   resources: ["configmaps"] | ||||||
|  |   verbs: ["get"] | ||||||
|  |   resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", | ||||||
|  |     "config-artifact-pvc", "feature-flags", "config-leader-election"] | ||||||
|  | --- | ||||||
|  | kind: Role | ||||||
|  | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
|  | metadata: | ||||||
|  |   name: tekton-pipelines-webhook | ||||||
|  |   namespace: tekton-pipelines | ||||||
|  | rules: | ||||||
|  | - apiGroups: [""] | ||||||
|  |   resources: ["configmaps"] | ||||||
|  |   verbs: ["list", "watch"] | ||||||
|  | - # The webhook needs access to these configmaps for logging information. | ||||||
|  |   apiGroups: [""] | ||||||
|  |   resources: ["configmaps"] | ||||||
|  |   verbs: ["get"] | ||||||
|  |   resourceNames: ["config-logging", "config-observability"] | ||||||
|  | - apiGroups: [""] | ||||||
|  |   resources: ["secrets"] | ||||||
|  |   verbs: ["list", "watch"] | ||||||
|  | - # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever | ||||||
|  |   # the secret changes it updates the webhook configurations with the certificates | ||||||
|  |   # stored in the secret. | ||||||
|  |   apiGroups: [""] | ||||||
|  |   resources: ["secrets"] | ||||||
|  |   verbs: ["get", "update"] | ||||||
|  |   resourceNames: ["webhook-certs"] | ||||||
|  |  | ||||||
| --- | --- | ||||||
| # Copyright 2019 The Tekton Authors | # Copyright 2019 The Tekton Authors | ||||||
| @@ -113,6 +237,12 @@ kind: ServiceAccount | |||||||
| metadata: | metadata: | ||||||
|   name: tekton-pipelines-controller |   name: tekton-pipelines-controller | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
|  | --- | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: ServiceAccount | ||||||
|  | metadata: | ||||||
|  |   name: tekton-pipelines-webhook | ||||||
|  |   namespace: tekton-pipelines | ||||||
|  |  | ||||||
| --- | --- | ||||||
| # Copyright 2019 The Tekton Authors | # Copyright 2019 The Tekton Authors | ||||||
| @@ -128,17 +258,91 @@ metadata: | |||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
| # See the License for the specific language governing permissions and | # See the License for the specific language governing permissions and | ||||||
| # limitations under the License. | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: rbac.authorization.k8s.io/v1beta1 | apiVersion: rbac.authorization.k8s.io/v1beta1 | ||||||
| kind: ClusterRoleBinding | kind: ClusterRoleBinding | ||||||
| metadata: | metadata: | ||||||
|   name: tekton-pipelines-controller-admin |   name: tekton-pipelines-controller-cluster-access | ||||||
| subjects: | subjects: | ||||||
| - kind: ServiceAccount | - kind: ServiceAccount | ||||||
|   name: tekton-pipelines-controller |   name: tekton-pipelines-controller | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
| roleRef: | roleRef: | ||||||
|   kind: ClusterRole |   kind: ClusterRole | ||||||
|   name: tekton-pipelines-admin |   name: tekton-pipelines-controller-cluster-access | ||||||
|  |   apiGroup: rbac.authorization.k8s.io | ||||||
|  | --- | ||||||
|  | # If this ClusterRoleBinding is replaced with a RoleBinding | ||||||
|  | # then the ClusterRole would be namespaced. The access described by | ||||||
|  | # the tekton-pipelines-controller-tenant-access ClusterRole would | ||||||
|  | # be scoped to individual tenant namespaces. | ||||||
|  | apiVersion: rbac.authorization.k8s.io/v1beta1 | ||||||
|  | kind: ClusterRoleBinding | ||||||
|  | metadata: | ||||||
|  |   name: tekton-pipelines-controller-tenant-access | ||||||
|  | subjects: | ||||||
|  | - kind: ServiceAccount | ||||||
|  |   name: tekton-pipelines-controller | ||||||
|  |   namespace: tekton-pipelines | ||||||
|  | roleRef: | ||||||
|  |   kind: ClusterRole | ||||||
|  |   name: tekton-pipelines-controller-tenant-access | ||||||
|  |   apiGroup: rbac.authorization.k8s.io | ||||||
|  | --- | ||||||
|  | apiVersion: rbac.authorization.k8s.io/v1beta1 | ||||||
|  | kind: ClusterRoleBinding | ||||||
|  | metadata: | ||||||
|  |   name: tekton-pipelines-webhook-cluster-access | ||||||
|  | subjects: | ||||||
|  | - kind: ServiceAccount | ||||||
|  |   name: tekton-pipelines-webhook | ||||||
|  |   namespace: tekton-pipelines | ||||||
|  | roleRef: | ||||||
|  |   kind: ClusterRole | ||||||
|  |   name: tekton-pipelines-webhook-cluster-access | ||||||
|  |   apiGroup: rbac.authorization.k8s.io | ||||||
|  |  | ||||||
|  | --- | ||||||
|  | # Copyright 2020 The Tekton Authors | ||||||
|  | # | ||||||
|  | # Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  | # you may not use this file except in compliance with the License. | ||||||
|  | # You may obtain a copy of the License at | ||||||
|  | # | ||||||
|  | #     http://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  | # | ||||||
|  | # Unless required by applicable law or agreed to in writing, software | ||||||
|  | # distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  | # See the License for the specific language governing permissions and | ||||||
|  | # limitations under the License. | ||||||
|  |  | ||||||
|  | apiVersion: rbac.authorization.k8s.io/v1beta1 | ||||||
|  | kind: RoleBinding | ||||||
|  | metadata: | ||||||
|  |   name: tekton-pipelines-controller | ||||||
|  |   namespace: tekton-pipelines | ||||||
|  | subjects: | ||||||
|  | - kind: ServiceAccount | ||||||
|  |   name: tekton-pipelines-controller | ||||||
|  |   namespace: tekton-pipelines | ||||||
|  | roleRef: | ||||||
|  |   kind: Role | ||||||
|  |   name: tekton-pipelines-controller | ||||||
|  |   apiGroup: rbac.authorization.k8s.io | ||||||
|  | --- | ||||||
|  | apiVersion: rbac.authorization.k8s.io/v1beta1 | ||||||
|  | kind: RoleBinding | ||||||
|  | metadata: | ||||||
|  |   name: tekton-pipelines-webhook | ||||||
|  |   namespace: tekton-pipelines | ||||||
|  | subjects: | ||||||
|  | - kind: ServiceAccount | ||||||
|  |   name: tekton-pipelines-webhook | ||||||
|  |   namespace: tekton-pipelines | ||||||
|  | roleRef: | ||||||
|  |   kind: Role | ||||||
|  |   name: tekton-pipelines-webhook | ||||||
|   apiGroup: rbac.authorization.k8s.io |   apiGroup: rbac.authorization.k8s.io | ||||||
|  |  | ||||||
| --- | --- | ||||||
| @@ -155,12 +359,28 @@ roleRef: | |||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
| # See the License for the specific language governing permissions and | # See the License for the specific language governing permissions and | ||||||
| # limitations under the License. | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: apiextensions.k8s.io/v1beta1 | apiVersion: apiextensions.k8s.io/v1beta1 | ||||||
| kind: CustomResourceDefinition | kind: CustomResourceDefinition | ||||||
| metadata: | metadata: | ||||||
|   name: clustertasks.tekton.dev |   name: clustertasks.tekton.dev | ||||||
|  |   labels: | ||||||
|  |     pipeline.tekton.dev/release: "devel" | ||||||
|  |     version: "devel" | ||||||
| spec: | spec: | ||||||
|   group: tekton.dev |   group: tekton.dev | ||||||
|  |   preserveUnknownFields: false | ||||||
|  |   validation: | ||||||
|  |     openAPIV3Schema: | ||||||
|  |       type: object | ||||||
|  |       # One can use x-kubernetes-preserve-unknown-fields: true | ||||||
|  |       # at the root of the schema (and inside any properties, additionalProperties) | ||||||
|  |       # to get the traditional CRD behaviour that nothing is pruned, despite | ||||||
|  |       # setting spec.preserveUnknownProperties: false. | ||||||
|  |       # | ||||||
|  |       # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ | ||||||
|  |       # See issue: https://github.com/knative/serving/issues/912 | ||||||
|  |       x-kubernetes-preserve-unknown-fields: true | ||||||
|   versions: |   versions: | ||||||
|   - name: v1alpha1 |   - name: v1alpha1 | ||||||
|     served: true |     served: true | ||||||
| @@ -179,7 +399,12 @@ spec: | |||||||
|   # starts to increment |   # starts to increment | ||||||
|   subresources: |   subresources: | ||||||
|     status: {} |     status: {} | ||||||
|   version: v1alpha1 |   conversion: | ||||||
|  |     strategy: Webhook | ||||||
|  |     webhookClientConfig: | ||||||
|  |       service: | ||||||
|  |         name: tekton-pipelines-webhook | ||||||
|  |         namespace: tekton-pipelines | ||||||
|  |  | ||||||
| --- | --- | ||||||
| # Copyright 2019 The Tekton Authors | # Copyright 2019 The Tekton Authors | ||||||
| @@ -195,10 +420,14 @@ spec: | |||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
| # See the License for the specific language governing permissions and | # See the License for the specific language governing permissions and | ||||||
| # limitations under the License. | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: apiextensions.k8s.io/v1beta1 | apiVersion: apiextensions.k8s.io/v1beta1 | ||||||
| kind: CustomResourceDefinition | kind: CustomResourceDefinition | ||||||
| metadata: | metadata: | ||||||
|   name: conditions.tekton.dev |   name: conditions.tekton.dev | ||||||
|  |   labels: | ||||||
|  |     pipeline.tekton.dev/release: "devel" | ||||||
|  |     version: "devel" | ||||||
| spec: | spec: | ||||||
|   group: tekton.dev |   group: tekton.dev | ||||||
|   names: |   names: | ||||||
| @@ -228,6 +457,7 @@ spec: | |||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
| # See the License for the specific language governing permissions and | # See the License for the specific language governing permissions and | ||||||
| # limitations under the License. | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: apiextensions.k8s.io/v1beta1 | apiVersion: apiextensions.k8s.io/v1beta1 | ||||||
| kind: CustomResourceDefinition | kind: CustomResourceDefinition | ||||||
| metadata: | metadata: | ||||||
| @@ -264,12 +494,28 @@ spec: | |||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
| # See the License for the specific language governing permissions and | # See the License for the specific language governing permissions and | ||||||
| # limitations under the License. | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: apiextensions.k8s.io/v1beta1 | apiVersion: apiextensions.k8s.io/v1beta1 | ||||||
| kind: CustomResourceDefinition | kind: CustomResourceDefinition | ||||||
| metadata: | metadata: | ||||||
|   name: pipelines.tekton.dev |   name: pipelines.tekton.dev | ||||||
|  |   labels: | ||||||
|  |     pipeline.tekton.dev/release: "devel" | ||||||
|  |     version: "devel" | ||||||
| spec: | spec: | ||||||
|   group: tekton.dev |   group: tekton.dev | ||||||
|  |   preserveUnknownFields: false | ||||||
|  |   validation: | ||||||
|  |     openAPIV3Schema: | ||||||
|  |       type: object | ||||||
|  |       # One can use x-kubernetes-preserve-unknown-fields: true | ||||||
|  |       # at the root of the schema (and inside any properties, additionalProperties) | ||||||
|  |       # to get the traditional CRD behaviour that nothing is pruned, despite | ||||||
|  |       # setting spec.preserveUnknownProperties: false. | ||||||
|  |       # | ||||||
|  |       # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ | ||||||
|  |       # See issue: https://github.com/knative/serving/issues/912 | ||||||
|  |       x-kubernetes-preserve-unknown-fields: true | ||||||
|   versions: |   versions: | ||||||
|   - name: v1alpha1 |   - name: v1alpha1 | ||||||
|     served: true |     served: true | ||||||
| @@ -288,7 +534,12 @@ spec: | |||||||
|   # starts to increment |   # starts to increment | ||||||
|   subresources: |   subresources: | ||||||
|     status: {} |     status: {} | ||||||
|   version: v1alpha1 |   conversion: | ||||||
|  |     strategy: Webhook | ||||||
|  |     webhookClientConfig: | ||||||
|  |       service: | ||||||
|  |         name: tekton-pipelines-webhook | ||||||
|  |         namespace: tekton-pipelines | ||||||
|  |  | ||||||
| --- | --- | ||||||
| # Copyright 2019 The Tekton Authors | # Copyright 2019 The Tekton Authors | ||||||
| @@ -304,12 +555,28 @@ spec: | |||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
| # See the License for the specific language governing permissions and | # See the License for the specific language governing permissions and | ||||||
| # limitations under the License. | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: apiextensions.k8s.io/v1beta1 | apiVersion: apiextensions.k8s.io/v1beta1 | ||||||
| kind: CustomResourceDefinition | kind: CustomResourceDefinition | ||||||
| metadata: | metadata: | ||||||
|   name: pipelineruns.tekton.dev |   name: pipelineruns.tekton.dev | ||||||
|  |   labels: | ||||||
|  |     pipeline.tekton.dev/release: "devel" | ||||||
|  |     version: "devel" | ||||||
| spec: | spec: | ||||||
|   group: tekton.dev |   group: tekton.dev | ||||||
|  |   preserveUnknownFields: false | ||||||
|  |   validation: | ||||||
|  |     openAPIV3Schema: | ||||||
|  |       type: object | ||||||
|  |       # One can use x-kubernetes-preserve-unknown-fields: true | ||||||
|  |       # at the root of the schema (and inside any properties, additionalProperties) | ||||||
|  |       # to get the traditional CRD behaviour that nothing is pruned, despite | ||||||
|  |       # setting spec.preserveUnknownProperties: false. | ||||||
|  |       # | ||||||
|  |       # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ | ||||||
|  |       # See issue: https://github.com/knative/serving/issues/912 | ||||||
|  |       x-kubernetes-preserve-unknown-fields: true | ||||||
|   versions: |   versions: | ||||||
|   - name: v1alpha1 |   - name: v1alpha1 | ||||||
|     served: true |     served: true | ||||||
| @@ -344,7 +611,12 @@ spec: | |||||||
|   # starts to increment |   # starts to increment | ||||||
|   subresources: |   subresources: | ||||||
|     status: {} |     status: {} | ||||||
|   version: v1alpha1 |   conversion: | ||||||
|  |     strategy: Webhook | ||||||
|  |     webhookClientConfig: | ||||||
|  |       service: | ||||||
|  |         name: tekton-pipelines-webhook | ||||||
|  |         namespace: tekton-pipelines | ||||||
|  |  | ||||||
| --- | --- | ||||||
| # Copyright 2019 The Tekton Authors | # Copyright 2019 The Tekton Authors | ||||||
| @@ -360,10 +632,14 @@ spec: | |||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
| # See the License for the specific language governing permissions and | # See the License for the specific language governing permissions and | ||||||
| # limitations under the License. | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: apiextensions.k8s.io/v1beta1 | apiVersion: apiextensions.k8s.io/v1beta1 | ||||||
| kind: CustomResourceDefinition | kind: CustomResourceDefinition | ||||||
| metadata: | metadata: | ||||||
|   name: pipelineresources.tekton.dev |   name: pipelineresources.tekton.dev | ||||||
|  |   labels: | ||||||
|  |     pipeline.tekton.dev/release: "devel" | ||||||
|  |     version: "devel" | ||||||
| spec: | spec: | ||||||
|   group: tekton.dev |   group: tekton.dev | ||||||
|   names: |   names: | ||||||
| @@ -393,12 +669,28 @@ spec: | |||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
| # See the License for the specific language governing permissions and | # See the License for the specific language governing permissions and | ||||||
| # limitations under the License. | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: apiextensions.k8s.io/v1beta1 | apiVersion: apiextensions.k8s.io/v1beta1 | ||||||
| kind: CustomResourceDefinition | kind: CustomResourceDefinition | ||||||
| metadata: | metadata: | ||||||
|   name: tasks.tekton.dev |   name: tasks.tekton.dev | ||||||
|  |   labels: | ||||||
|  |     pipeline.tekton.dev/release: "devel" | ||||||
|  |     version: "devel" | ||||||
| spec: | spec: | ||||||
|   group: tekton.dev |   group: tekton.dev | ||||||
|  |   preserveUnknownFields: false | ||||||
|  |   validation: | ||||||
|  |     openAPIV3Schema: | ||||||
|  |       type: object | ||||||
|  |       # One can use x-kubernetes-preserve-unknown-fields: true | ||||||
|  |       # at the root of the schema (and inside any properties, additionalProperties) | ||||||
|  |       # to get the traditional CRD behaviour that nothing is pruned, despite | ||||||
|  |       # setting spec.preserveUnknownProperties: false. | ||||||
|  |       # | ||||||
|  |       # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ | ||||||
|  |       # See issue: https://github.com/knative/serving/issues/912 | ||||||
|  |       x-kubernetes-preserve-unknown-fields: true | ||||||
|   versions: |   versions: | ||||||
|   - name: v1alpha1 |   - name: v1alpha1 | ||||||
|     served: true |     served: true | ||||||
| @@ -417,7 +709,12 @@ spec: | |||||||
|   # starts to increment |   # starts to increment | ||||||
|   subresources: |   subresources: | ||||||
|     status: {} |     status: {} | ||||||
|   version: v1alpha1 |   conversion: | ||||||
|  |     strategy: Webhook | ||||||
|  |     webhookClientConfig: | ||||||
|  |       service: | ||||||
|  |         name: tekton-pipelines-webhook | ||||||
|  |         namespace: tekton-pipelines | ||||||
|  |  | ||||||
| --- | --- | ||||||
| # Copyright 2019 The Tekton Authors | # Copyright 2019 The Tekton Authors | ||||||
| @@ -433,12 +730,28 @@ spec: | |||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
| # See the License for the specific language governing permissions and | # See the License for the specific language governing permissions and | ||||||
| # limitations under the License. | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: apiextensions.k8s.io/v1beta1 | apiVersion: apiextensions.k8s.io/v1beta1 | ||||||
| kind: CustomResourceDefinition | kind: CustomResourceDefinition | ||||||
| metadata: | metadata: | ||||||
|   name: taskruns.tekton.dev |   name: taskruns.tekton.dev | ||||||
|  |   labels: | ||||||
|  |     pipeline.tekton.dev/release: "devel" | ||||||
|  |     version: "devel" | ||||||
| spec: | spec: | ||||||
|   group: tekton.dev |   group: tekton.dev | ||||||
|  |   preserveUnknownFields: false | ||||||
|  |   validation: | ||||||
|  |     openAPIV3Schema: | ||||||
|  |       type: object | ||||||
|  |       # One can use x-kubernetes-preserve-unknown-fields: true | ||||||
|  |       # at the root of the schema (and inside any properties, additionalProperties) | ||||||
|  |       # to get the traditional CRD behaviour that nothing is pruned, despite | ||||||
|  |       # setting spec.preserveUnknownProperties: false. | ||||||
|  |       # | ||||||
|  |       # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ | ||||||
|  |       # See issue: https://github.com/knative/serving/issues/912 | ||||||
|  |       x-kubernetes-preserve-unknown-fields: true | ||||||
|   versions: |   versions: | ||||||
|   - name: v1alpha1 |   - name: v1alpha1 | ||||||
|     served: true |     served: true | ||||||
| @@ -473,7 +786,12 @@ spec: | |||||||
|   # starts to increment |   # starts to increment | ||||||
|   subresources: |   subresources: | ||||||
|     status: {} |     status: {} | ||||||
|   version: v1alpha1 |   conversion: | ||||||
|  |     strategy: Webhook | ||||||
|  |     webhookClientConfig: | ||||||
|  |       service: | ||||||
|  |         name: tekton-pipelines-webhook | ||||||
|  |         namespace: tekton-pipelines | ||||||
|  |  | ||||||
| --- | --- | ||||||
| # Copyright 2020 The Tekton Authors | # Copyright 2020 The Tekton Authors | ||||||
| @@ -498,20 +816,6 @@ metadata: | |||||||
|   labels: |   labels: | ||||||
|     pipeline.tekton.dev/release: devel |     pipeline.tekton.dev/release: devel | ||||||
| # The data is populated at install time. | # The data is populated at install time. | ||||||
|  |  | ||||||
| # Copyright 2020 The Tekton Authors |  | ||||||
| # |  | ||||||
| # Licensed under the Apache License, Version 2.0 (the "License"); |  | ||||||
| # you may not use this file except in compliance with the License. |  | ||||||
| # You may obtain a copy of the License at |  | ||||||
| # |  | ||||||
| #     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| # |  | ||||||
| # Unless required by applicable law or agreed to in writing, software |  | ||||||
| # distributed under the License is distributed on an "AS IS" BASIS, |  | ||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |  | ||||||
| # See the License for the specific language governing permissions and |  | ||||||
| # limitations under the License. |  | ||||||
| --- | --- | ||||||
| apiVersion: admissionregistration.k8s.io/v1beta1 | apiVersion: admissionregistration.k8s.io/v1beta1 | ||||||
| kind: ValidatingWebhookConfiguration | kind: ValidatingWebhookConfiguration | ||||||
| @@ -529,20 +833,6 @@ webhooks: | |||||||
|   failurePolicy: Fail |   failurePolicy: Fail | ||||||
|   sideEffects: None |   sideEffects: None | ||||||
|   name: validation.webhook.pipeline.tekton.dev |   name: validation.webhook.pipeline.tekton.dev | ||||||
|  |  | ||||||
| # Copyright 2020 The Tekton Authors |  | ||||||
| # |  | ||||||
| # Licensed under the Apache License, Version 2.0 (the "License"); |  | ||||||
| # you may not use this file except in compliance with the License. |  | ||||||
| # You may obtain a copy of the License at |  | ||||||
| # |  | ||||||
| #     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| # |  | ||||||
| # Unless required by applicable law or agreed to in writing, software |  | ||||||
| # distributed under the License is distributed on an "AS IS" BASIS, |  | ||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |  | ||||||
| # See the License for the specific language governing permissions and |  | ||||||
| # limitations under the License. |  | ||||||
| --- | --- | ||||||
| apiVersion: admissionregistration.k8s.io/v1beta1 | apiVersion: admissionregistration.k8s.io/v1beta1 | ||||||
| kind: MutatingWebhookConfiguration | kind: MutatingWebhookConfiguration | ||||||
| @@ -560,20 +850,6 @@ webhooks: | |||||||
|   failurePolicy: Fail |   failurePolicy: Fail | ||||||
|   sideEffects: None |   sideEffects: None | ||||||
|   name: webhook.pipeline.tekton.dev |   name: webhook.pipeline.tekton.dev | ||||||
|  |  | ||||||
| # Copyright 2020 The Tekton Authors |  | ||||||
| # |  | ||||||
| # Licensed under the Apache License, Version 2.0 (the "License"); |  | ||||||
| # you may not use this file except in compliance with the License. |  | ||||||
| # You may obtain a copy of the License at |  | ||||||
| # |  | ||||||
| #     https://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
| # |  | ||||||
| # Unless required by applicable law or agreed to in writing, software |  | ||||||
| # distributed under the License is distributed on an "AS IS" BASIS, |  | ||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |  | ||||||
| # See the License for the specific language governing permissions and |  | ||||||
| # limitations under the License. |  | ||||||
| --- | --- | ||||||
| apiVersion: admissionregistration.k8s.io/v1beta1 | apiVersion: admissionregistration.k8s.io/v1beta1 | ||||||
| kind: ValidatingWebhookConfiguration | kind: ValidatingWebhookConfiguration | ||||||
| @@ -597,6 +873,20 @@ webhooks: | |||||||
|       operator: Exists |       operator: Exists | ||||||
|  |  | ||||||
| --- | --- | ||||||
|  | # Copyright 2019 The Tekton Authors | ||||||
|  | # | ||||||
|  | # Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  | # you may not use this file except in compliance with the License. | ||||||
|  | # You may obtain a copy of the License at | ||||||
|  | # | ||||||
|  | #     https://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  | # | ||||||
|  | # Unless required by applicable law or agreed to in writing, software | ||||||
|  | # distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  | # See the License for the specific language governing permissions and | ||||||
|  | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: ClusterRole | kind: ClusterRole | ||||||
| metadata: | metadata: | ||||||
| @@ -625,6 +915,20 @@ rules: | |||||||
|   - watch |   - watch | ||||||
|  |  | ||||||
| --- | --- | ||||||
|  | # Copyright 2019 The Tekton Authors | ||||||
|  | # | ||||||
|  | # Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  | # you may not use this file except in compliance with the License. | ||||||
|  | # You may obtain a copy of the License at | ||||||
|  | # | ||||||
|  | #     https://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  | # | ||||||
|  | # Unless required by applicable law or agreed to in writing, software | ||||||
|  | # distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  | # See the License for the specific language governing permissions and | ||||||
|  | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: ClusterRole | kind: ClusterRole | ||||||
| metadata: | metadata: | ||||||
| @@ -800,6 +1104,33 @@ data: | |||||||
|   # info. |   # info. | ||||||
|   disable-working-directory-overwrite: "false" |   disable-working-directory-overwrite: "false" | ||||||
|  |  | ||||||
|  | --- | ||||||
|  | # Copyright 2020 Tekton Authors LLC | ||||||
|  | # | ||||||
|  | # Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  | # you may not use this file except in compliance with the License. | ||||||
|  | # You may obtain a copy of the License at | ||||||
|  | # | ||||||
|  | #     https://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  | # | ||||||
|  | # Unless required by applicable law or agreed to in writing, software | ||||||
|  | # distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  | # See the License for the specific language governing permissions and | ||||||
|  | # limitations under the License. | ||||||
|  |  | ||||||
|  | apiVersion: v1 | ||||||
|  | kind: ConfigMap | ||||||
|  | metadata: | ||||||
|  |   name: config-leader-election | ||||||
|  |   namespace: tekton-pipelines | ||||||
|  | data: | ||||||
|  |   # An inactive but valid configuration follows; see example. | ||||||
|  |   resourceLock: "leases" | ||||||
|  |   leaseDuration: "15s" | ||||||
|  |   renewDeadline: "10s" | ||||||
|  |   retryPeriod: "2s" | ||||||
|  |  | ||||||
| --- | --- | ||||||
| # Copyright 2019 Tekton Authors LLC | # Copyright 2019 Tekton Authors LLC | ||||||
| # | # | ||||||
| @@ -920,6 +1251,7 @@ data: | |||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
| # See the License for the specific language governing permissions and | # See the License for the specific language governing permissions and | ||||||
| # limitations under the License. | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: apps/v1 | apiVersion: apps/v1 | ||||||
| kind: Deployment | kind: Deployment | ||||||
| metadata: | metadata: | ||||||
| @@ -928,8 +1260,8 @@ metadata: | |||||||
|   labels: |   labels: | ||||||
|     app.kubernetes.io/name: tekton-pipelines |     app.kubernetes.io/name: tekton-pipelines | ||||||
|     app.kubernetes.io/component: controller |     app.kubernetes.io/component: controller | ||||||
|     pipeline.tekton.dev/release: "v0.11.2" |     pipeline.tekton.dev/release: "v0.12.1" | ||||||
|     version: "v0.11.2" |     version: "v0.12.1" | ||||||
| spec: | spec: | ||||||
|   replicas: 1 |   replicas: 1 | ||||||
|   selector: |   selector: | ||||||
| @@ -944,21 +1276,27 @@ spec: | |||||||
|         app.kubernetes.io/name: tekton-pipelines |         app.kubernetes.io/name: tekton-pipelines | ||||||
|         app.kubernetes.io/component: controller |         app.kubernetes.io/component: controller | ||||||
|         # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml |         # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml | ||||||
|         pipeline.tekton.dev/release: "v0.11.2" |         pipeline.tekton.dev/release: "v0.12.1" | ||||||
|         version: "v0.11.2" |         version: "v0.12.1" | ||||||
|     spec: |     spec: | ||||||
|       serviceAccountName: tekton-pipelines-controller |       serviceAccountName: tekton-pipelines-controller | ||||||
|       containers: |       containers: | ||||||
|       - name: tekton-pipelines-controller |       - name: tekton-pipelines-controller | ||||||
|         image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.11.2@sha256:0791513ec1176da38c403eb81220406e987f78f3e58608bd57be1adc45bc9aac |         image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.12.1@sha256:0ca86ec6f246f49c1ac643357fd1c8e73a474aaa216548807b1216a9ff12f7be | ||||||
|         args: ["-kubeconfig-writer-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.11.2@sha256:d01fa1db8abcad318d05e62e35153a91c6c995949e52133520d9e4735e9a486c", |         args: [ | ||||||
|           "-creds-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/creds-init:v0.11.2@sha256:ced427e48b143bc821aedd4a0936fa2caef3f208d70efe68ccba786c12b2c943", |           # These images are built on-demand by `ko resolve` and are replaced | ||||||
|           "-git-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.11.2@sha256:bee98bfe6807e8f4e0a31b4e786fd1f7f459e653ed1a22b1a25999f33fa9134a", |           # by image references by digest. | ||||||
|           "-nop-image", "tianon/true", "-shell-image", "busybox", "-gsutil-image", |           "-kubeconfig-writer-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.12.1@sha256:67dcd447b0c624befa12843ce9cc0bcfc502179bdb28d59563d761a7f3968509", | ||||||
|           "google/cloud-sdk", "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.11.2@sha256:bc5beb48ca4f87013ccb466bf739d6c99ef9f1ddf51899c73ead99f242b4e57d", |           "-creds-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/creds-init:v0.12.1@sha256:6266d023172dde7fa421f626074b4e7eedc7d7d5ff561c033d6d63ebfff4a2f2", | ||||||
|           "-imagedigest-exporter-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.11.2@sha256:7a03343deaeaa6b2d779df37417f9bf76cb5f67b36dd298e5bb69a0f625a2b38", |           "-git-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.12.1@sha256:d82c78288699dd6ee40c852b146cb3bd89b322b42fb3bc4feec28ea54bb7b36c", | ||||||
|           "-pr-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.11.2@sha256:3a395509e0d75786eafe96f68d22afc7c4d23a2a76ffc77218b25e8c6c81f6ba", |           "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.12.1@sha256:7f3db925f7660673a74b0e1030e65540adea36fe361ab7f06f5b5c47cdcef47d", | ||||||
|           "-build-gcs-fetcher-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher:v0.11.2@sha256:a020c8510b15870a5b059708197ac7c4ef0d1cbd668eb0872105ad658d509f67"] |           "-imagedigest-exporter-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.12.1@sha256:e8f08214baad9054bbed7be2b8617c6964b9a1c5405cf59eabcc3d3267a6253f", | ||||||
|  |           "-pr-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.12.1@sha256:71e0226346e0d3d57af7c35b6cb907d42d3142e845b0f865ba0c86d3e248f3cb", | ||||||
|  |           "-build-gcs-fetcher-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher:v0.12.1@sha256:ae5721bf0d883947c3c13f519ca26129792f4058d5f9dfedd50174d9e7acb2bc", | ||||||
|  |           # These images are pulled from Dockerhub, by digest, as of April 15, 2020. | ||||||
|  |           "-nop-image", "tianon/true@sha256:009cce421096698832595ce039aa13fa44327d96beedb84282a69d3dbcf5a81b", | ||||||
|  |           "-shell-image", "busybox@sha256:a2490cec4484ee6c1068ba3a05f89934010c85242f736280b35343483b2264b6", | ||||||
|  |           "-gsutil-image", "google/cloud-sdk@sha256:6e8676464c7581b2dc824956b112a61c95e4144642bec035e6db38e3384cae2e"] | ||||||
|         volumeMounts: |         volumeMounts: | ||||||
|         - name: config-logging |         - name: config-logging | ||||||
|           mountPath: /etc/config-logging |           mountPath: /etc/config-logging | ||||||
| @@ -967,10 +1305,21 @@ spec: | |||||||
|           valueFrom: |           valueFrom: | ||||||
|             fieldRef: |             fieldRef: | ||||||
|               fieldPath: metadata.namespace |               fieldPath: metadata.namespace | ||||||
|         - name: CONFIG_LOGGING_NAME |         - # If you are changing these names, you will also need to update | ||||||
|  |           # the controller's Role in 200-role.yaml to include the new | ||||||
|  |           # values in the "configmaps" "get" rule. | ||||||
|  |           name: CONFIG_LOGGING_NAME | ||||||
|           value: config-logging |           value: config-logging | ||||||
|         - name: CONFIG_OBSERVABILITY_NAME |         - name: CONFIG_OBSERVABILITY_NAME | ||||||
|           value: config-observability |           value: config-observability | ||||||
|  |         - name: CONFIG_ARTIFACT_BUCKET_NAME | ||||||
|  |           value: config-artifact-bucket | ||||||
|  |         - name: CONFIG_ARTIFACT_PVC_NAME | ||||||
|  |           value: config-artifact-pvc | ||||||
|  |         - name: CONFIG_FEATURE_FLAGS_NAME | ||||||
|  |           value: feature-flags | ||||||
|  |         - name: CONFIG_LEADERELECTION_NAME | ||||||
|  |           value: config-leader-election | ||||||
|         - name: METRICS_DOMAIN |         - name: METRICS_DOMAIN | ||||||
|           value: tekton.dev/pipeline |           value: tekton.dev/pipeline | ||||||
|       volumes: |       volumes: | ||||||
| @@ -983,8 +1332,8 @@ kind: Service | |||||||
| metadata: | metadata: | ||||||
|   labels: |   labels: | ||||||
|     app: tekton-pipelines-controller |     app: tekton-pipelines-controller | ||||||
|     pipeline.tekton.dev/release: "v0.11.2" |     pipeline.tekton.dev/release: "v0.12.1" | ||||||
|     version: "v0.11.2" |     version: "v0.12.1" | ||||||
|   name: tekton-pipelines-controller |   name: tekton-pipelines-controller | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
| spec: | spec: | ||||||
| @@ -1022,8 +1371,8 @@ metadata: | |||||||
|   labels: |   labels: | ||||||
|     app.kubernetes.io/name: tekton-pipelines |     app.kubernetes.io/name: tekton-pipelines | ||||||
|     app.kubernetes.io/component: webhook-controller |     app.kubernetes.io/component: webhook-controller | ||||||
|     pipeline.tekton.dev/release: "v0.11.2" |     pipeline.tekton.dev/release: "v0.12.1" | ||||||
|     version: "v0.11.2" |     version: "v0.12.1" | ||||||
| spec: | spec: | ||||||
|   replicas: 1 |   replicas: 1 | ||||||
|   selector: |   selector: | ||||||
| @@ -1039,26 +1388,33 @@ spec: | |||||||
|         role: webhook |         role: webhook | ||||||
|         app.kubernetes.io/name: tekton-pipelines |         app.kubernetes.io/name: tekton-pipelines | ||||||
|         app.kubernetes.io/component: webhook-controller |         app.kubernetes.io/component: webhook-controller | ||||||
|         pipeline.tekton.dev/release: "v0.11.2" |         pipeline.tekton.dev/release: "v0.12.1" | ||||||
|         version: "v0.11.2" |         version: "v0.12.1" | ||||||
|     spec: |     spec: | ||||||
|       serviceAccountName: tekton-pipelines-controller |       serviceAccountName: tekton-pipelines-webhook | ||||||
|       containers: |       containers: | ||||||
|       - name: webhook |       - name: webhook | ||||||
|         # This is the Go import path for the binary that is containerized |         # This is the Go import path for the binary that is containerized | ||||||
|         # and substituted here. |         # and substituted here. | ||||||
|         image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.11.2@sha256:9826548f3bd8cc0c4187ca0ab5ab8114009874625828a23301c1f60be4f294fa |         image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.12.1@sha256:69f065d493244dbd50563b96f5474bf6590821a6308fd8c69c5ef06cf4d988b2 | ||||||
|         env: |         env: | ||||||
|         - name: SYSTEM_NAMESPACE |         - name: SYSTEM_NAMESPACE | ||||||
|           valueFrom: |           valueFrom: | ||||||
|             fieldRef: |             fieldRef: | ||||||
|               fieldPath: metadata.namespace |               fieldPath: metadata.namespace | ||||||
|         - name: CONFIG_LOGGING_NAME |         - # If you are changing these names, you will also need to update | ||||||
|  |           # the webhook's Role in 200-role.yaml to include the new | ||||||
|  |           # values in the "configmaps" "get" rule. | ||||||
|  |           name: CONFIG_LOGGING_NAME | ||||||
|           value: config-logging |           value: config-logging | ||||||
|         - name: CONFIG_OBSERVABILITY_NAME |         - name: CONFIG_OBSERVABILITY_NAME | ||||||
|           value: config-observability |           value: config-observability | ||||||
|  |         - name: CONFIG_LEADERELECTION_NAME | ||||||
|  |           value: config-leader-election | ||||||
|         - name: WEBHOOK_SERVICE_NAME |         - name: WEBHOOK_SERVICE_NAME | ||||||
|           value: tekton-pipelines-webhook |           value: tekton-pipelines-webhook | ||||||
|  |         - name: WEBHOOK_SECRET_NAME | ||||||
|  |           value: webhook-certs | ||||||
|         - name: METRICS_DOMAIN |         - name: METRICS_DOMAIN | ||||||
|           value: tekton.dev/pipeline |           value: tekton.dev/pipeline | ||||||
|         securityContext: |         securityContext: | ||||||
| @@ -1077,8 +1433,8 @@ metadata: | |||||||
|   labels: |   labels: | ||||||
|     app: tekton-pipelines-webhook |     app: tekton-pipelines-webhook | ||||||
|     role: webhook |     role: webhook | ||||||
|     pipeline.tekton.dev/release: v0.11.2 |     pipeline.tekton.dev/release: v0.12.1 | ||||||
|     version: "v0.11.2" |     version: "v0.12.1" | ||||||
|   name: tekton-pipelines-webhook |   name: tekton-pipelines-webhook | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
| spec: | spec: | ||||||
|   | |||||||
| @@ -16,6 +16,9 @@ apiVersion: policy/v1beta1 | |||||||
| kind: PodSecurityPolicy | kind: PodSecurityPolicy | ||||||
| metadata: | metadata: | ||||||
|   name: tekton-triggers |   name: tekton-triggers | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
| spec: | spec: | ||||||
|   privileged: false |   privileged: false | ||||||
|   allowPrivilegeEscalation: false |   allowPrivilegeEscalation: false | ||||||
| @@ -60,6 +63,9 @@ kind: ClusterRole | |||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| metadata: | metadata: | ||||||
|   name: tekton-triggers-admin |   name: tekton-triggers-admin | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
| rules: | rules: | ||||||
| - apiGroups: [""] | - apiGroups: [""] | ||||||
|   resources: ["configmaps", "secrets", "services"] |   resources: ["configmaps", "secrets", "services"] | ||||||
| @@ -103,6 +109,9 @@ kind: ServiceAccount | |||||||
| metadata: | metadata: | ||||||
|   name: tekton-triggers-controller |   name: tekton-triggers-controller | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|  |  | ||||||
| --- | --- | ||||||
| # Copyright 2019 The Tekton Authors | # Copyright 2019 The Tekton Authors | ||||||
| @@ -123,6 +132,9 @@ apiVersion: rbac.authorization.k8s.io/v1beta1 | |||||||
| kind: ClusterRoleBinding | kind: ClusterRoleBinding | ||||||
| metadata: | metadata: | ||||||
|   name: tekton-triggers-controller-admin |   name: tekton-triggers-controller-admin | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
| subjects: | subjects: | ||||||
| - kind: ServiceAccount | - kind: ServiceAccount | ||||||
|   name: tekton-triggers-controller |   name: tekton-triggers-controller | ||||||
| @@ -151,6 +163,11 @@ apiVersion: apiextensions.k8s.io/v1beta1 | |||||||
| kind: CustomResourceDefinition | kind: CustomResourceDefinition | ||||||
| metadata: | metadata: | ||||||
|   name: clustertriggerbindings.triggers.tekton.dev |   name: clustertriggerbindings.triggers.tekton.dev | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|  |     triggers.tekton.dev/release: "devel" | ||||||
|  |     version: "devel" | ||||||
| spec: | spec: | ||||||
|   group: triggers.tekton.dev |   group: triggers.tekton.dev | ||||||
|   scope: Cluster |   scope: Cluster | ||||||
| @@ -190,6 +207,11 @@ apiVersion: apiextensions.k8s.io/v1beta1 | |||||||
| kind: CustomResourceDefinition | kind: CustomResourceDefinition | ||||||
| metadata: | metadata: | ||||||
|   name: eventlisteners.triggers.tekton.dev |   name: eventlisteners.triggers.tekton.dev | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|  |     triggers.tekton.dev/release: "devel" | ||||||
|  |     version: "devel" | ||||||
| spec: | spec: | ||||||
|   group: triggers.tekton.dev |   group: triggers.tekton.dev | ||||||
|   scope: Namespaced |   scope: Namespaced | ||||||
| @@ -231,6 +253,11 @@ apiVersion: apiextensions.k8s.io/v1beta1 | |||||||
| kind: CustomResourceDefinition | kind: CustomResourceDefinition | ||||||
| metadata: | metadata: | ||||||
|   name: triggerbindings.triggers.tekton.dev |   name: triggerbindings.triggers.tekton.dev | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|  |     triggers.tekton.dev/release: "devel" | ||||||
|  |     version: "devel" | ||||||
| spec: | spec: | ||||||
|   group: triggers.tekton.dev |   group: triggers.tekton.dev | ||||||
|   scope: Namespaced |   scope: Namespaced | ||||||
| @@ -272,6 +299,11 @@ apiVersion: apiextensions.k8s.io/v1beta1 | |||||||
| kind: CustomResourceDefinition | kind: CustomResourceDefinition | ||||||
| metadata: | metadata: | ||||||
|   name: triggertemplates.triggers.tekton.dev |   name: triggertemplates.triggers.tekton.dev | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|  |     triggers.tekton.dev/release: "devel" | ||||||
|  |     version: "devel" | ||||||
| spec: | spec: | ||||||
|   group: triggers.tekton.dev |   group: triggers.tekton.dev | ||||||
|   scope: Namespaced |   scope: Namespaced | ||||||
| @@ -315,6 +347,9 @@ metadata: | |||||||
|   name: triggers-webhook-certs |   name: triggers-webhook-certs | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
|   labels: |   labels: | ||||||
|  |     app.kubernetes.io/component: webhook | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|     triggers.tekton.dev/release: devel |     triggers.tekton.dev/release: devel | ||||||
| # The data is populated at install time. | # The data is populated at install time. | ||||||
| --- | --- | ||||||
| @@ -323,6 +358,9 @@ kind: ValidatingWebhookConfiguration | |||||||
| metadata: | metadata: | ||||||
|   name: validation.webhook.triggers.tekton.dev |   name: validation.webhook.triggers.tekton.dev | ||||||
|   labels: |   labels: | ||||||
|  |     app.kubernetes.io/component: webhook | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|     triggers.tekton.dev/release: devel |     triggers.tekton.dev/release: devel | ||||||
| webhooks: | webhooks: | ||||||
| - admissionReviewVersions: | - admissionReviewVersions: | ||||||
| @@ -340,6 +378,9 @@ kind: MutatingWebhookConfiguration | |||||||
| metadata: | metadata: | ||||||
|   name: webhook.triggers.tekton.dev |   name: webhook.triggers.tekton.dev | ||||||
|   labels: |   labels: | ||||||
|  |     app.kubernetes.io/component: webhook | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|     triggers.tekton.dev/release: devel |     triggers.tekton.dev/release: devel | ||||||
| webhooks: | webhooks: | ||||||
| - admissionReviewVersions: | - admissionReviewVersions: | ||||||
| @@ -357,6 +398,9 @@ kind: ValidatingWebhookConfiguration | |||||||
| metadata: | metadata: | ||||||
|   name: config.webhook.triggers.tekton.dev |   name: config.webhook.triggers.tekton.dev | ||||||
|   labels: |   labels: | ||||||
|  |     app.kubernetes.io/component: webhook | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|     triggers.tekton.dev/release: devel |     triggers.tekton.dev/release: devel | ||||||
| webhooks: | webhooks: | ||||||
| - admissionReviewVersions: | - admissionReviewVersions: | ||||||
| @@ -374,16 +418,32 @@ webhooks: | |||||||
|       operator: Exists |       operator: Exists | ||||||
|  |  | ||||||
| --- | --- | ||||||
|  | # Copyright 2019 The Tekton Authors | ||||||
|  | # | ||||||
|  | # Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  | # you may not use this file except in compliance with the License. | ||||||
|  | # You may obtain a copy of the License at | ||||||
|  | # | ||||||
|  | #     http://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  | # | ||||||
|  | # Unless required by applicable law or agreed to in writing, software | ||||||
|  | # distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  | # See the License for the specific language governing permissions and | ||||||
|  | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: ClusterRole | kind: ClusterRole | ||||||
| metadata: | metadata: | ||||||
|   name: tekton-triggers-aggregate-edit |   name: tekton-triggers-aggregate-edit | ||||||
|   labels: |   labels: | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|     rbac.authorization.k8s.io/aggregate-to-edit: "true" |     rbac.authorization.k8s.io/aggregate-to-edit: "true" | ||||||
|     rbac.authorization.k8s.io/aggregate-to-admin: "true" |     rbac.authorization.k8s.io/aggregate-to-admin: "true" | ||||||
| rules: | rules: | ||||||
| - apiGroups: | - apiGroups: | ||||||
|   - tekton.dev |   - triggers.tekton.dev | ||||||
|   resources: |   resources: | ||||||
|   - clustertriggerbindings |   - clustertriggerbindings | ||||||
|   - eventlisteners |   - eventlisteners | ||||||
| @@ -400,15 +460,31 @@ rules: | |||||||
|   - watch |   - watch | ||||||
|  |  | ||||||
| --- | --- | ||||||
|  | # Copyright 2019 The Tekton Authors | ||||||
|  | # | ||||||
|  | # Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  | # you may not use this file except in compliance with the License. | ||||||
|  | # You may obtain a copy of the License at | ||||||
|  | # | ||||||
|  | #     http://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  | # | ||||||
|  | # Unless required by applicable law or agreed to in writing, software | ||||||
|  | # distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  | # See the License for the specific language governing permissions and | ||||||
|  | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: rbac.authorization.k8s.io/v1 | apiVersion: rbac.authorization.k8s.io/v1 | ||||||
| kind: ClusterRole | kind: ClusterRole | ||||||
| metadata: | metadata: | ||||||
|   name: tekton-triggers-aggregate-view |   name: tekton-triggers-aggregate-view | ||||||
|   labels: |   labels: | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|     rbac.authorization.k8s.io/aggregate-to-view: "true" |     rbac.authorization.k8s.io/aggregate-to-view: "true" | ||||||
| rules: | rules: | ||||||
| - apiGroups: | - apiGroups: | ||||||
|   - tekton.dev |   - triggers.tekton.dev | ||||||
|   resources: |   resources: | ||||||
|   - clustertriggerbindings |   - clustertriggerbindings | ||||||
|   - eventlisteners |   - eventlisteners | ||||||
| @@ -439,6 +515,9 @@ kind: ConfigMap | |||||||
| metadata: | metadata: | ||||||
|   name: config-logging-triggers |   name: config-logging-triggers | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
| data: | data: | ||||||
|   # Common configuration for all knative codebase |   # Common configuration for all knative codebase | ||||||
|   zap-logger-config: | |   zap-logger-config: | | ||||||
| @@ -491,6 +570,9 @@ kind: ConfigMap | |||||||
| metadata: | metadata: | ||||||
|   name: config-observability-triggers |   name: config-observability-triggers | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
| data: | data: | ||||||
|   _example: | |   _example: | | ||||||
|     ################################ |     ################################ | ||||||
| @@ -544,9 +626,14 @@ apiVersion: v1 | |||||||
| kind: Service | kind: Service | ||||||
| metadata: | metadata: | ||||||
|   labels: |   labels: | ||||||
|  |     app.kubernetes.io/name: controller | ||||||
|  |     app.kubernetes.io/component: controller | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/version: v0.5.0 | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|  |     triggers.tekton.dev/release: "v0.5.0" | ||||||
|     app: tekton-triggers-controller |     app: tekton-triggers-controller | ||||||
|     version: "v0.4.0" |     version: "v0.5.0" | ||||||
|     triggers.tekton.dev/release: "v0.4.0" |  | ||||||
|   name: tekton-triggers-controller |   name: tekton-triggers-controller | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
| spec: | spec: | ||||||
| @@ -556,7 +643,10 @@ spec: | |||||||
|     protocol: TCP |     protocol: TCP | ||||||
|     targetPort: 9090 |     targetPort: 9090 | ||||||
|   selector: |   selector: | ||||||
|     app: tekton-triggers-controller |     app.kubernetes.io/name: controller | ||||||
|  |     app.kubernetes.io/component: controller | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|  |  | ||||||
| --- | --- | ||||||
| # Copyright 2019 The Tekton Authors | # Copyright 2019 The Tekton Authors | ||||||
| @@ -579,30 +669,41 @@ metadata: | |||||||
|   name: tekton-triggers-controller |   name: tekton-triggers-controller | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
|   labels: |   labels: | ||||||
|     app.kubernetes.io/name: tekton-triggers |     app.kubernetes.io/name: controller | ||||||
|     app.kubernetes.io/component: controller |     app.kubernetes.io/component: controller | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/version: v0.5.0 | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|     # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml |     # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml | ||||||
|     triggers.tekton.dev/release: "v0.4.0" |     triggers.tekton.dev/release: "v0.5.0" | ||||||
| spec: | spec: | ||||||
|   replicas: 1 |   replicas: 1 | ||||||
|   selector: |   selector: | ||||||
|     matchLabels: |     matchLabels: | ||||||
|       app: tekton-triggers-controller |       app.kubernetes.io/name: controller | ||||||
|  |       app.kubernetes.io/component: controller | ||||||
|  |       app.kubernetes.io/instance: default | ||||||
|  |       app.kubernetes.io/part-of: tekton-triggers | ||||||
|   template: |   template: | ||||||
|     metadata: |     metadata: | ||||||
|       annotations: |       annotations: | ||||||
|         cluster-autoscaler.kubernetes.io/safe-to-evict: "false" |         cluster-autoscaler.kubernetes.io/safe-to-evict: "false" | ||||||
|       labels: |       labels: | ||||||
|  |         app.kubernetes.io/name: controller | ||||||
|  |         app.kubernetes.io/component: controller | ||||||
|  |         app.kubernetes.io/instance: default | ||||||
|  |         app.kubernetes.io/version: v0.5.0 | ||||||
|  |         app.kubernetes.io/part-of: tekton-triggers | ||||||
|         app: tekton-triggers-controller |         app: tekton-triggers-controller | ||||||
|         triggers.tekton.dev/release: "v0.4.0" |         triggers.tekton.dev/release: "v0.5.0" | ||||||
|         # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml |         # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml | ||||||
|         version: "v0.4.0" |         version: "v0.5.0" | ||||||
|     spec: |     spec: | ||||||
|       serviceAccountName: tekton-triggers-controller |       serviceAccountName: tekton-triggers-controller | ||||||
|       containers: |       containers: | ||||||
|       - name: tekton-triggers-controller |       - name: tekton-triggers-controller | ||||||
|         image: gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controller@sha256:bf3517ddccace756e39cee0f0012bbe879c6b28d962a1c904a415e7c60ce5bc2 |         image: gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controller@sha256:5d71b1706da0e1a1673e3bdb1e230b28534698e1cb5b8604540083024fd7d58d | ||||||
|         args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink@sha256:76c208ec1d73d9733dcaf850240e1b3990e5977709a03c2bd98ad5b20fab9867", |         args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink@sha256:ddb43420d5e51065aeb730dc06ce555822590ebfd5b820835f875e3159d99901", | ||||||
|           "-el-port", "8080", "-period-seconds", "10", "-failure-threshold", "1"] |           "-el-port", "8080", "-period-seconds", "10", "-failure-threshold", "1"] | ||||||
|         env: |         env: | ||||||
|         - name: SYSTEM_NAMESPACE |         - name: SYSTEM_NAMESPACE | ||||||
| @@ -617,22 +718,44 @@ spec: | |||||||
|           value: tekton.dev/triggers |           value: tekton.dev/triggers | ||||||
|  |  | ||||||
| --- | --- | ||||||
|  | # Copyright 2019 The Tekton Authors | ||||||
|  | # | ||||||
|  | # Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  | # you may not use this file except in compliance with the License. | ||||||
|  | # You may obtain a copy of the License at | ||||||
|  | # | ||||||
|  | #     http://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  | # | ||||||
|  | # Unless required by applicable law or agreed to in writing, software | ||||||
|  | # distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  | # See the License for the specific language governing permissions and | ||||||
|  | # limitations under the License. | ||||||
|  |  | ||||||
| apiVersion: v1 | apiVersion: v1 | ||||||
| kind: Service | kind: Service | ||||||
| metadata: | metadata: | ||||||
|   labels: |  | ||||||
|     app: tekton-triggers-webhook |  | ||||||
|     version: "v0.4.0" |  | ||||||
|     triggers.tekton.dev/release: "v0.4.0" |  | ||||||
|   name: tekton-triggers-webhook |   name: tekton-triggers-webhook | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
|  |   labels: | ||||||
|  |     app.kubernetes.io/name: webhook | ||||||
|  |     app.kubernetes.io/component: webhook | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/version: v0.5.0 | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|  |     app: tekton-triggers-webhook | ||||||
|  |     version: "v0.5.0" | ||||||
|  |     triggers.tekton.dev/release: "v0.5.0" | ||||||
| spec: | spec: | ||||||
|   ports: |   ports: | ||||||
|   - name: https-webhook |   - name: https-webhook | ||||||
|     port: 443 |     port: 443 | ||||||
|     targetPort: 8443 |     targetPort: 8443 | ||||||
|   selector: |   selector: | ||||||
|     app: tekton-triggers-webhook |     app.kubernetes.io/name: webhook | ||||||
|  |     app.kubernetes.io/component: webhook | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|  |  | ||||||
| --- | --- | ||||||
| # Copyright 2019 The Tekton Authors | # Copyright 2019 The Tekton Authors | ||||||
| @@ -655,34 +778,42 @@ metadata: | |||||||
|   name: tekton-triggers-webhook |   name: tekton-triggers-webhook | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
|   labels: |   labels: | ||||||
|     app.kubernetes.io/name: tekton-triggers |     app.kubernetes.io/name: webhook | ||||||
|     app.kubernetes.io/component: webhook-controller |     app.kubernetes.io/component: webhook | ||||||
|  |     app.kubernetes.io/instance: default | ||||||
|  |     app.kubernetes.io/version: v0.5.0 | ||||||
|  |     app.kubernetes.io/part-of: tekton-triggers | ||||||
|     # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml |     # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml | ||||||
|     triggers.tekton.dev/release: "v0.4.0" |     triggers.tekton.dev/release: "v0.5.0" | ||||||
| spec: | spec: | ||||||
|   replicas: 1 |   replicas: 1 | ||||||
|   selector: |   selector: | ||||||
|     matchLabels: |     matchLabels: | ||||||
|       app: tekton-triggers-webhook |       app.kubernetes.io/name: webhook | ||||||
|  |       app.kubernetes.io/component: webhook | ||||||
|  |       app.kubernetes.io/instance: default | ||||||
|  |       app.kubernetes.io/part-of: tekton-triggers | ||||||
|   template: |   template: | ||||||
|     metadata: |     metadata: | ||||||
|       annotations: |       annotations: | ||||||
|         cluster-autoscaler.kubernetes.io/safe-to-evict: "false" |         cluster-autoscaler.kubernetes.io/safe-to-evict: "false" | ||||||
|       labels: |       labels: | ||||||
|  |         app.kubernetes.io/name: webhook | ||||||
|  |         app.kubernetes.io/component: webhook | ||||||
|  |         app.kubernetes.io/instance: default | ||||||
|  |         app.kubernetes.io/version: v0.5.0 | ||||||
|  |         app.kubernetes.io/part-of: tekton-triggers | ||||||
|         app: tekton-triggers-webhook |         app: tekton-triggers-webhook | ||||||
|         triggers.tekton.dev/release: "v0.4.0" |         triggers.tekton.dev/release: "v0.5.0" | ||||||
|         # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml |         # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml | ||||||
|         version: "v0.4.0" |         version: "v0.5.0" | ||||||
|         role: webhook |  | ||||||
|         app.kubernetes.io/name: tekton-triggers |  | ||||||
|         app.kubernetes.io/component: webhook-controller |  | ||||||
|     spec: |     spec: | ||||||
|       serviceAccountName: tekton-triggers-controller |       serviceAccountName: tekton-triggers-controller | ||||||
|       containers: |       containers: | ||||||
|       - name: webhook |       - name: webhook | ||||||
|         # This is the Go import path for the binary that is containerized |         # This is the Go import path for the binary that is containerized | ||||||
|         # and substituted here. |         # and substituted here. | ||||||
|         image: gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/webhook@sha256:d7f1526a9294e671c500f0071b61e050262fb27fb633b54d764a556969855764 |         image: gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/webhook@sha256:c6986c68804ce3832bd1894249a39d37a0a46b3458a1cb29697a17b37df674ef | ||||||
|         env: |         env: | ||||||
|         - name: SYSTEM_NAMESPACE |         - name: SYSTEM_NAMESPACE | ||||||
|           valueFrom: |           valueFrom: | ||||||
| @@ -692,6 +823,8 @@ spec: | |||||||
|           value: config-logging-triggers |           value: config-logging-triggers | ||||||
|         - name: WEBHOOK_SERVICE_NAME |         - name: WEBHOOK_SERVICE_NAME | ||||||
|           value: tekton-triggers-webhook |           value: tekton-triggers-webhook | ||||||
|  |         - name: WEBHOOK_SECRET_NAME | ||||||
|  |           value: triggers-webhook-certs | ||||||
|         - name: METRICS_DOMAIN |         - name: METRICS_DOMAIN | ||||||
|           value: tekton.dev/triggers |           value: tekton.dev/triggers | ||||||
|         ports: |         ports: | ||||||
|   | |||||||
| @@ -261,7 +261,7 @@ apiVersion: v1 | |||||||
| kind: Service | kind: Service | ||||||
| metadata: | metadata: | ||||||
|   annotations: |   annotations: | ||||||
|     tekton-dashboard-bundle-location: web/extension.c591f714.js |     tekton-dashboard-bundle-location: web/extension.33e1ae7b.js | ||||||
|     tekton-dashboard-display-name: Webhooks |     tekton-dashboard-display-name: Webhooks | ||||||
|     tekton-dashboard-endpoints: webhooks.web |     tekton-dashboard-endpoints: webhooks.web | ||||||
|   labels: |   labels: | ||||||
| @@ -298,7 +298,7 @@ spec: | |||||||
|           valueFrom: |           valueFrom: | ||||||
|             fieldRef: |             fieldRef: | ||||||
|               fieldPath: metadata.namespace |               fieldPath: metadata.namespace | ||||||
|         image: gcr.io/tekton-releases/github.com/tektoncd/experimental/webhooks-extension/cmd/interceptor@sha256:657d40a9116ef0b6f886f94fa7980755e3267dd34017f2fd9b713b63ddfc0d55 |         image: gcr.io/tekton-releases/github.com/tektoncd/experimental/webhooks-extension/cmd/interceptor@sha256:f029e6b5bbeae6efaff1ebd4db6d8bce17cfed3ed93ed8999428c6fb1e09a946 | ||||||
|         name: validate |         name: validate | ||||||
|       serviceAccountName: tekton-webhooks-extension |       serviceAccountName: tekton-webhooks-extension | ||||||
| --- | --- | ||||||
| @@ -339,7 +339,7 @@ spec: | |||||||
|           valueFrom: |           valueFrom: | ||||||
|             fieldRef: |             fieldRef: | ||||||
|               fieldPath: spec.serviceAccountName |               fieldPath: spec.serviceAccountName | ||||||
|         image: gcr.io/tekton-releases/github.com/tektoncd/experimental/webhooks-extension/cmd/extension@sha256:e7bcffbd2db6b874dbb4b4e71fc0c089acf7ccb803df896d9592063b649ac292 |         image: gcr.io/tekton-releases/github.com/tektoncd/experimental/webhooks-extension/cmd/extension@sha256:b76dedeb9dae1a88fe359fab3ac6cac058d7bf9d41906b9b22a20f67e671dd7c | ||||||
|         imagePullPolicy: Always |         imagePullPolicy: Always | ||||||
|         livenessProbe: |         livenessProbe: | ||||||
|           httpGet: |           httpGet: | ||||||
| @@ -354,303 +354,3 @@ spec: | |||||||
|             port: 8080 |             port: 8080 | ||||||
|       serviceAccountName: tekton-webhooks-extension |       serviceAccountName: tekton-webhooks-extension | ||||||
| --- | --- | ||||||
| apiVersion: tekton.dev/v1beta1 |  | ||||||
| kind: Task |  | ||||||
| metadata: |  | ||||||
|   name: monitor-task |  | ||||||
|   namespace: tekton-pipelines |  | ||||||
| spec: |  | ||||||
|   params: |  | ||||||
|   - description: The statuses url |  | ||||||
|     name: statusesurl |  | ||||||
|     type: string |  | ||||||
|   - default: Success |  | ||||||
|     description: The text to use in the situation where a PipelineRun has succeeded. |  | ||||||
|     name: commentsuccess |  | ||||||
|     type: string |  | ||||||
|   - default: Failed |  | ||||||
|     description: The text to use in the situation where a PipelineRun has failed. |  | ||||||
|     name: commentfailure |  | ||||||
|     type: string |  | ||||||
|   - default: Unknown |  | ||||||
|     description: The text to use in the situation where a PipelineRun has timed out. |  | ||||||
|     name: commenttimeout |  | ||||||
|     type: string |  | ||||||
|   - default: Missing |  | ||||||
|     description: The text to use in the situation where a PipelineRun cannot be found. |  | ||||||
|     name: commentmissing |  | ||||||
|     type: string |  | ||||||
|   - default: http://localhost:9097/ |  | ||||||
|     description: The URL to the PipelineRuns page of the dashboard |  | ||||||
|     name: dashboard-url |  | ||||||
|     type: string |  | ||||||
|   - default: github |  | ||||||
|     description: The Git provider ("github" or "gitlab") |  | ||||||
|     name: provider |  | ||||||
|     type: string |  | ||||||
|   - description: The Git API URL for the repository |  | ||||||
|     name: apiurl |  | ||||||
|     type: string |  | ||||||
|   - default: "false" |  | ||||||
|     description: Whether or not to verify SSL Certificates from the git server ("true" |  | ||||||
|       or "false") |  | ||||||
|     name: insecure-skip-tls-verify |  | ||||||
|     type: string |  | ||||||
|   - description: The secret containing the access token to access the git server |  | ||||||
|     name: secret |  | ||||||
|     type: string |  | ||||||
|   resources: |  | ||||||
|     inputs: |  | ||||||
|     - name: pull-request |  | ||||||
|       type: pullRequest |  | ||||||
|     outputs: |  | ||||||
|     - name: pull-request |  | ||||||
|       type: pullRequest |  | ||||||
|   steps: |  | ||||||
|   - args: |  | ||||||
|     - -ce |  | ||||||
|     - "set -e\ncat <<EOF | python\nimport time, os, json, requests, pprint, shutil, |  | ||||||
|       distutils.util\nfrom kubernetes import client, config\ndef diff(li1, li2): \n |  | ||||||
|       \ li_dif = [i for i in li1 + li2 if i not in li1 or i not in li2] \n  return |  | ||||||
|       li_dif\nconfig.load_incluster_config()\napi_instance = client.CustomObjectsApi(client.ApiClient(client.Configuration()))\ngitPRcontext |  | ||||||
|       = \"Tekton\"\ngitPRurl = \"\"  \nif not \"$URL\".startswith(\"http\"):\n  pipelineRunURLPrefix |  | ||||||
|       = \"http://\" + \"$URL\"\nelse:\n  pipelineRunURLPrefix = \"$URL\"    \nverifySSL |  | ||||||
|       = not bool(distutils.util.strtobool(\"$SKIPSSLVERIFY\"))\nif \"$GITPROVIDER\" |  | ||||||
|       == \"github\":\n  statusurl = \"$STATUSES_URL\"\n  pendingData = {\n    \"state\": |  | ||||||
|       \"pending\",\n    \"description\": \"pipelines in progress\",\n    \"target_url\": |  | ||||||
|       pipelineRunURLPrefix + \"/#/pipelineruns\",\n    \"context\": \"Tekton\"\n  }\n |  | ||||||
|       \ resp = requests.post(statusurl, json.dumps(pendingData), headers = {'Content-Type': |  | ||||||
|       'application/json', 'Authorization': \"Token $GITTOKEN\"}, verify=verifySSL)\n |  | ||||||
|       \ print(resp)\nif \"$GITPROVIDER\" == \"gitlab\":\n  statusurl = \"$GITAPIURL\" |  | ||||||
|       + \"/\" + \"$STATUSES_URL\" + \"?state=pending&name=Tekton&target_url=\" + pipelineRunURLPrefix |  | ||||||
|       + \"/#/pipelineruns\"\n  resp = requests.post(statusurl, headers = {'Authorization': |  | ||||||
|       \"Bearer $GITTOKEN\"}, verify=verifySSL)\n  print(resp)\nlabelToCheck = \"triggers.tekton.dev/triggers-eventid=$EVENTID\"\nrunsPassed |  | ||||||
|       = []\nrunsFailed = []\nrunsIncomplete = []\nrunsMissing = []\nfailed = 0\ni |  | ||||||
|       = range(180)\ninitial_runs = api_instance.list_cluster_custom_object(\"tekton.dev\", |  | ||||||
|       \"v1beta1\", \"pipelineruns\", label_selector=labelToCheck)[\"items\"]\nfor |  | ||||||
|       x in i:\n    time.sleep( 10 )\n    runsPassed = []\n    runsFailed = []\n    runsIncomplete |  | ||||||
|       = []\n    # To test this we need a webhook that will kick off two Pipelines\n |  | ||||||
|       \   # We will then delete one PipelineRun and observe it is correctly picked |  | ||||||
|       up as missing\n    # This is easiest done by reopening an existing PullRequest\n |  | ||||||
|       \   # It's important to delete the PipelineRun only after the monitor task is |  | ||||||
|       already running because \n    # the first thing it's going to do is figure out |  | ||||||
|       the PipelineRuns to watch over\n    failed = 0\n    \n    found_runs = api_instance.list_cluster_custom_object(\"tekton.dev\", |  | ||||||
|       \"v1beta1\", \"pipelineruns\", label_selector=labelToCheck)[\"items\"]\n    missingRuns |  | ||||||
|       = diff(initial_runs, found_runs)\n    if len(missingRuns) > 0:\n      for missingRun |  | ||||||
|       in missingRuns:\n        pr = missingRun[\"metadata\"][\"name\"]\n        namespace |  | ||||||
|       = missingRun[\"metadata\"][\"namespace\"]\n        pipeline = missingRun[\"spec\"][\"pipelineRef\"][\"name\"]\n |  | ||||||
|       \       link = pipelineRunURLPrefix + \"/#/namespaces/\" + namespace + \"/pipelineruns/\"\n |  | ||||||
|       \       data = \"[**$COMMENT_MISSING**](\" + link + \") | \" + pipeline + \" |  | ||||||
|       | \" + pr + \" | \" + namespace\n        if data not in runsMissing:\n          # |  | ||||||
|       Don't add duplicates. Fear not, once this run is found it'll be removed\n          runsMissing.append(data)\n |  | ||||||
|       \   if len(found_runs) > 0:\n      for entry in found_runs:\n        pr = entry[\"metadata\"][\"name\"]\n |  | ||||||
|       \       namespace = entry[\"metadata\"][\"namespace\"]\n        pipeline = entry[\"spec\"][\"pipelineRef\"][\"name\"]\n |  | ||||||
|       \       link = pipelineRunURLPrefix + \"/#/namespaces/\" + namespace + \"/pipelineruns/\" |  | ||||||
|       + pr\n        missingLink = pipelineRunURLPrefix + \"/#/namespaces/\" + namespace |  | ||||||
|       + \"/pipelineruns/\"\n        missingDataEntry = \"[**$COMMENT_MISSING**](\" |  | ||||||
|       + missingLink + \") | \" + pipeline + \" | \" + pr + \" | \" + namespace\n        if |  | ||||||
|       missingDataEntry in runsMissing:\n          runsMissing.remove(missingDataEntry)\n |  | ||||||
|       \       print(\"Checking PipelineRun \" + pr + \" in namespace \" + namespace)\n |  | ||||||
|       \       if entry[\"status\"][\"conditions\"][0][\"status\"] == u'True' and entry[\"status\"][\"conditions\"][0][\"type\"] |  | ||||||
|       == u'Succeeded':\n          print(\"Success - pipelinerun \" + pr + \" in namespace |  | ||||||
|       \" + namespace)\n          runsPassed.append(\"[**$COMMENT_SUCCESS**](\" + link |  | ||||||
|       + \") | \" + pipeline + \" | \" +  pr + \" | \" + namespace)\n          continue\n |  | ||||||
|       \       if entry[\"status\"][\"conditions\"][0][\"status\"] == u'False' and |  | ||||||
|       entry[\"status\"][\"conditions\"][0][\"type\"] == u'Succeeded':\n          failed |  | ||||||
|       =+ 1\n          print(\"Failed - PipelineRun \" + pr + \" in namespace \" + |  | ||||||
|       namespace)\n          runsFailed.append(\"[**$COMMENT_FAILURE**](\" + link + |  | ||||||
|       \") | \" + pipeline + \" | \" + pr + \" | \" + namespace)\n          continue\n |  | ||||||
|       \       link = pipelineRunURLPrefix + \"/#/namespaces/\" + namespace + \"/pipelineruns/\" |  | ||||||
|       + pr\n        runsIncomplete.append(\"[**$COMMENT_TIMEOUT**](\" + link + \") |  | ||||||
|       | \" + pipeline + \" | \" + pr + \" | \" + namespace)\n      if len(runsIncomplete) |  | ||||||
|       == 0:\n        break\n    else:\n      break\ngitPRdescription = \"All pipelines |  | ||||||
|       succeeded!\"\ngitPRcode = \"success\"\nif failed > 0:\n  gitPRdescription = |  | ||||||
|       str(failed) + \" pipeline(s) failed!\"\n  gitPRcode = \"failure\"\nif len(runsMissing) |  | ||||||
|       > 0:\n  gitPRdescription = \"Pipeline(s) missing!\"\n  gitPRcode = \"failure\"\nif |  | ||||||
|       len(runsIncomplete) > 0:\n  print(\"Some PipelineRuns had not completed when |  | ||||||
|       the monitor reached its timeout\")\n  gitPRdescription = \"timed out monitoring |  | ||||||
|       PipelineRuns\"\n  gitPRcode = \"error\"\n\nresults = runsPassed + runsFailed |  | ||||||
|       + runsIncomplete + runsMissing\n\nif (results == []):\n  gitPRdescription = |  | ||||||
|       \"No PipelineRuns were ever found for my PullRequest!\"\n  gitPRcode = \"error\"\n |  | ||||||
|       \ data = \"**$COMMENT_MISSING** | N/A | No PipelineRuns were ever detected, |  | ||||||
|       failing the build | N/A\"\n  runsMissing.append(data)    \n       \n  results |  | ||||||
|       = runsMissing\n\ncomment = (\"## Tekton Status Report \\n\\n\"\n           \"Status |  | ||||||
|       | Pipeline | PipelineRun | Namespace\\n\"\n           \":----- | :------- | |  | ||||||
|       :--------------- | :--------\\n\"\n           ) + \"\\n\".join(results)\n\nshutil.copyfile(\"/workspace/pull-request/pr.json\",\"/workspace/output/pull-request/pr.json\")\n# |  | ||||||
|       Preserve existing comments\nshutil.copytree(\"/workspace/pull-request/comments\",\"/workspace/output/pull-request/comments\")\nhandle |  | ||||||
|       = open(\"/workspace/output/pull-request/comments/newcomment.json\", 'w')\nhandle.write(comment)\nhandle.close()\nif |  | ||||||
|       not \"$URL\".startswith(\"http\"):\n  detailsURL = \"http://\" + \"$URL\" + |  | ||||||
|       \"/#/pipelineruns\"\nelse:\n  detailsURL = \"$URL\" + \"/#/pipelineruns\"\nprint(\"Set |  | ||||||
|       details url to \" + detailsURL)\nstatus = json.dumps(dict(Label=gitPRcontext,state=gitPRcode,Desc=gitPRdescription,Target=detailsURL))\nprint(\"Setting |  | ||||||
|       status to \" + status)\nif not os.path.exists(\"/workspace/output/pull-request/status\"):\n |  | ||||||
|       \ os.makedirs(\"/workspace/output/pull-request/status\")\nhandle = open(\"/workspace/output/pull-request/status/Tekton.json\", |  | ||||||
|       'w')\nhandle.write(status)\nhandle.close()\nif not os.path.exists(\"/workspace/output/pull-request/labels\"):\n |  | ||||||
|       \ shutil.copytree(\"/workspace/pull-request/labels\",\"/workspace/output/pull-request/labels\")\nshutil.copyfile(\"/workspace/pull-request/base.json\",\"/workspace/output/pull-request/base.json\") |  | ||||||
|       \nshutil.copyfile(\"/workspace/pull-request/head.json\",\"/workspace/output/pull-request/head.json\")\nEOF\n" |  | ||||||
|     command: |  | ||||||
|     - /bin/bash |  | ||||||
|     env: |  | ||||||
|     - name: EVENTID |  | ||||||
|       valueFrom: |  | ||||||
|         fieldRef: |  | ||||||
|           fieldPath: metadata.labels['triggers.tekton.dev/triggers-eventid'] |  | ||||||
|     - name: COMMENT_SUCCESS |  | ||||||
|       value: $(inputs.params.commentsuccess) |  | ||||||
|     - name: COMMENT_FAILURE |  | ||||||
|       value: $(inputs.params.commentfailure) |  | ||||||
|     - name: COMMENT_TIMEOUT |  | ||||||
|       value: $(inputs.params.commenttimeout) |  | ||||||
|     - name: COMMENT_MISSING |  | ||||||
|       value: $(inputs.params.commentmissing) |  | ||||||
|     - name: URL |  | ||||||
|       value: $(inputs.params.dashboard-url) |  | ||||||
|     - name: STATUSES_URL |  | ||||||
|       value: $(inputs.params.statusesurl) |  | ||||||
|     - name: GITPROVIDER |  | ||||||
|       value: $(inputs.params.provider) |  | ||||||
|     - name: GITAPIURL |  | ||||||
|       value: $(inputs.params.apiurl) |  | ||||||
|     - name: SKIPSSLVERIFY |  | ||||||
|       value: $(inputs.params.insecure-skip-tls-verify) |  | ||||||
|     - name: GITTOKEN |  | ||||||
|       valueFrom: |  | ||||||
|         secretKeyRef: |  | ||||||
|           key: accessToken |  | ||||||
|           name: $(inputs.params.secret) |  | ||||||
|     image: maiwj/kubernetes-python-client@sha256:74a868a0dff5c8ada64472db3efd09d205d4f877d14d2d3226511adbb25cfea3 |  | ||||||
|     name: check |  | ||||||
| --- |  | ||||||
| apiVersion: triggers.tekton.dev/v1alpha1 |  | ||||||
| kind: TriggerBinding |  | ||||||
| metadata: |  | ||||||
|   name: monitor-task-github-binding |  | ||||||
|   namespace: tekton-pipelines |  | ||||||
| spec: |  | ||||||
|   params: |  | ||||||
|   - name: pullrequesturl |  | ||||||
|     value: $(body.pull_request.html_url) |  | ||||||
|   - name: statusesurl |  | ||||||
|     value: $(body.pull_request.statuses_url) |  | ||||||
| --- |  | ||||||
| apiVersion: triggers.tekton.dev/v1alpha1 |  | ||||||
| kind: TriggerBinding |  | ||||||
| metadata: |  | ||||||
|   name: monitor-task-gitlab-binding |  | ||||||
|   namespace: tekton-pipelines |  | ||||||
| spec: |  | ||||||
|   params: |  | ||||||
|   - name: pullrequesturl |  | ||||||
|     value: $(body.object_attributes.url) |  | ||||||
|   - name: statusesurl |  | ||||||
|     value: projects/$(body.project.id)/statuses/$(body.object_attributes.last_commit.id) |  | ||||||
| --- |  | ||||||
| apiVersion: triggers.tekton.dev/v1alpha1 |  | ||||||
| kind: TriggerTemplate |  | ||||||
| metadata: |  | ||||||
|   name: monitor-task-template |  | ||||||
|   namespace: tekton-pipelines |  | ||||||
| spec: |  | ||||||
|   params: |  | ||||||
|   - description: The pull request url |  | ||||||
|     name: pullrequesturl |  | ||||||
|     type: string |  | ||||||
|   - description: The statuses url |  | ||||||
|     name: statusesurl |  | ||||||
|     type: string |  | ||||||
|   - default: github-secrets |  | ||||||
|     description: The git secret name |  | ||||||
|     name: gitsecretname |  | ||||||
|     type: string |  | ||||||
|   - default: token |  | ||||||
|     description: The git secret key name |  | ||||||
|     name: gitsecretkeyname |  | ||||||
|     type: string |  | ||||||
|   - default: Success |  | ||||||
|     description: The text of the success comment |  | ||||||
|     name: commentsuccess |  | ||||||
|     type: string |  | ||||||
|   - default: Failed |  | ||||||
|     description: The text of the failure comment |  | ||||||
|     name: commentfailure |  | ||||||
|     type: string |  | ||||||
|   - default: Unknown |  | ||||||
|     description: The text of the timeout comment |  | ||||||
|     name: commenttimeout |  | ||||||
|     type: string |  | ||||||
|   - default: Missing |  | ||||||
|     description: The text of the missing comment |  | ||||||
|     name: commentmissing |  | ||||||
|     type: string |  | ||||||
|   - default: http://localhost:9097/ |  | ||||||
|     description: The URL to the pipelineruns page of the dashboard |  | ||||||
|     name: dashboardurl |  | ||||||
|     type: string |  | ||||||
|   - default: github |  | ||||||
|     description: The git provider, "github" or "gitlab" |  | ||||||
|     name: provider |  | ||||||
|     type: string |  | ||||||
|   - default: "" |  | ||||||
|     description: The git api URL for the repository |  | ||||||
|     name: apiurl |  | ||||||
|     type: string |  | ||||||
|   - default: "false" |  | ||||||
|     description: Whether or not to skip SSL validation of certificates ("true" or |  | ||||||
|       "false") |  | ||||||
|     name: insecure-skip-tls-verify |  | ||||||
|     type: string |  | ||||||
|   resourcetemplates: |  | ||||||
|   - apiVersion: tekton.dev/v1alpha1 |  | ||||||
|     kind: PipelineResource |  | ||||||
|     metadata: |  | ||||||
|       name: pull-request-$(uid) |  | ||||||
|       namespace: tekton-pipelines |  | ||||||
|     spec: |  | ||||||
|       params: |  | ||||||
|       - name: url |  | ||||||
|         value: $(params.pullrequesturl) |  | ||||||
|       - name: insecure-skip-tls-verify |  | ||||||
|         value: $(params.insecure-skip-tls-verify) |  | ||||||
|       secrets: |  | ||||||
|       - fieldName: authToken |  | ||||||
|         secretKey: $(params.gitsecretkeyname) |  | ||||||
|         secretName: $(params.gitsecretname) |  | ||||||
|       type: pullRequest |  | ||||||
|   - apiVersion: tekton.dev/v1beta1 |  | ||||||
|     kind: TaskRun |  | ||||||
|     metadata: |  | ||||||
|       generateName: monitor-taskrun- |  | ||||||
|       namespace: tekton-pipelines |  | ||||||
|     spec: |  | ||||||
|       params: |  | ||||||
|       - name: commentsuccess |  | ||||||
|         value: $(params.commentsuccess) |  | ||||||
|       - name: commentfailure |  | ||||||
|         value: $(params.commentfailure) |  | ||||||
|       - name: commenttimeout |  | ||||||
|         value: $(params.commenttimeout) |  | ||||||
|       - name: dashboard-url |  | ||||||
|         value: $(params.dashboardurl) |  | ||||||
|       - name: secret |  | ||||||
|         value: $(params.gitsecretname) |  | ||||||
|       - name: statusesurl |  | ||||||
|         value: $(params.statusesurl) |  | ||||||
|       - name: provider |  | ||||||
|         value: $(params.provider) |  | ||||||
|       - name: apiurl |  | ||||||
|         value: $(params.apiurl) |  | ||||||
|       - name: insecure-skip-tls-verify |  | ||||||
|         value: $(params.insecure-skip-tls-verify) |  | ||||||
|       resources: |  | ||||||
|         inputs: |  | ||||||
|         - name: pull-request |  | ||||||
|           resourceRef: |  | ||||||
|             name: pull-request-$(uid) |  | ||||||
|         outputs: |  | ||||||
|         - name: pull-request |  | ||||||
|           resourceRef: |  | ||||||
|             name: pull-request-$(uid) |  | ||||||
|       serviceAccountName: tekton-webhooks-extension |  | ||||||
|       taskRef: |  | ||||||
|         name: monitor-task |  | ||||||
|  |  | ||||||
| --- |  | ||||||
|   | |||||||
| @@ -49,7 +49,6 @@ rules: | |||||||
| - apiGroups: | - apiGroups: | ||||||
|   - "" |   - "" | ||||||
|   resources: |   resources: | ||||||
|   - secrets |  | ||||||
|   - configmaps |   - configmaps | ||||||
|   verbs: |   verbs: | ||||||
|   - create |   - create | ||||||
| @@ -125,6 +124,17 @@ rules: | |||||||
|   - delete |   - delete | ||||||
|   - patch |   - patch | ||||||
|   - add |   - add | ||||||
|  | - apiGroups: | ||||||
|  |   - "" | ||||||
|  |   resources: | ||||||
|  |   - secrets | ||||||
|  |   verbs: | ||||||
|  |   - get | ||||||
|  |   - list | ||||||
|  |   - watch | ||||||
|  |   - create | ||||||
|  |   - update | ||||||
|  |   - delete | ||||||
| - apiGroups: | - apiGroups: | ||||||
|   - apiextensions.k8s.io |   - apiextensions.k8s.io | ||||||
|   resources: |   resources: | ||||||
| @@ -184,7 +194,6 @@ rules: | |||||||
| - apiGroups: | - apiGroups: | ||||||
|   - "" |   - "" | ||||||
|   resources: |   resources: | ||||||
|   - secrets |  | ||||||
|   - configmaps |   - configmaps | ||||||
|   verbs: |   verbs: | ||||||
|   - get |   - get | ||||||
| @@ -272,8 +281,8 @@ kind: Service | |||||||
| metadata: | metadata: | ||||||
|   labels: |   labels: | ||||||
|     app: tekton-dashboard |     app: tekton-dashboard | ||||||
|     dashboard.tekton.dev/release: v0.6.1 |     dashboard.tekton.dev/release: v0.6.1.5 | ||||||
|     version: v0.6.1 |     version: v0.6.1.5 | ||||||
|   name: tekton-dashboard |   name: tekton-dashboard | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
| spec: | spec: | ||||||
| @@ -290,8 +299,8 @@ kind: Deployment | |||||||
| metadata: | metadata: | ||||||
|   labels: |   labels: | ||||||
|     app: tekton-dashboard |     app: tekton-dashboard | ||||||
|     dashboard.tekton.dev/release: v0.6.1 |     dashboard.tekton.dev/release: v0.6.1.5 | ||||||
|     version: v0.6.1 |     version: v0.6.1.5 | ||||||
|   name: tekton-dashboard |   name: tekton-dashboard | ||||||
|   namespace: tekton-pipelines |   namespace: tekton-pipelines | ||||||
| spec: | spec: | ||||||
| @@ -313,13 +322,17 @@ spec: | |||||||
|           value: "false" |           value: "false" | ||||||
|         - name: WEB_RESOURCES_DIR |         - name: WEB_RESOURCES_DIR | ||||||
|           value: /var/run/ko/web |           value: /var/run/ko/web | ||||||
|         - name: PIPELINE_RUN_SERVICE_ACCOUNT |         - name: CSRF_SECURE_COOKIE | ||||||
|           value: "" |           value: "false" | ||||||
|  |         - name: TRIGGERS_NAMESPACE | ||||||
|  |           value: tekton-pipelines | ||||||
|  |         - name: PIPELINE_NAMESPACE | ||||||
|  |           value: tekton-pipelines | ||||||
|         - name: INSTALLED_NAMESPACE |         - name: INSTALLED_NAMESPACE | ||||||
|           valueFrom: |           valueFrom: | ||||||
|             fieldRef: |             fieldRef: | ||||||
|               fieldPath: metadata.namespace |               fieldPath: metadata.namespace | ||||||
|         image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:de969ff4ced12c94701bd039137edf5fc66bbc5ccd19f09324c1d7fcfc47e5f1 |         image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:ca22f87e8bec86cf91833aa3996cf9d316313628870eb74c1ea9a73bea77c83d | ||||||
|         livenessProbe: |         livenessProbe: | ||||||
|           httpGet: |           httpGet: | ||||||
|             path: /health |             path: /health | ||||||
| @@ -332,78 +345,5 @@ spec: | |||||||
|             path: /readiness |             path: /readiness | ||||||
|             port: 9097 |             port: 9097 | ||||||
|       serviceAccountName: tekton-dashboard |       serviceAccountName: tekton-dashboard | ||||||
| --- |  | ||||||
| apiVersion: tekton.dev/v1beta1 |  | ||||||
| kind: Pipeline |  | ||||||
| metadata: |  | ||||||
|   name: pipeline0 |  | ||||||
|   namespace: tekton-pipelines |  | ||||||
| spec: |  | ||||||
|   params: |  | ||||||
|   - default: /workspace/git-source |  | ||||||
|     description: The path to the resource files to apply |  | ||||||
|     name: pathToResourceFiles |  | ||||||
|     type: string |  | ||||||
|   - default: . |  | ||||||
|     description: The directory from which resources are to be applied |  | ||||||
|     name: apply-directory |  | ||||||
|     type: string |  | ||||||
|   - default: tekton-pipelines |  | ||||||
|     description: The namespace in which to create the resources being imported |  | ||||||
|     name: target-namespace |  | ||||||
|     type: string |  | ||||||
|   resources: |  | ||||||
|   - name: git-source |  | ||||||
|     type: git |  | ||||||
|   tasks: |  | ||||||
|   - name: pipeline0-task |  | ||||||
|     params: |  | ||||||
|     - name: pathToResourceFiles |  | ||||||
|       value: $(params.pathToResourceFiles) |  | ||||||
|     - name: apply-directory |  | ||||||
|       value: $(params.apply-directory) |  | ||||||
|     - name: target-namespace |  | ||||||
|       value: $(params.target-namespace) |  | ||||||
|     resources: |  | ||||||
|       inputs: |  | ||||||
|       - name: git-source |  | ||||||
|         resource: git-source |  | ||||||
|     taskRef: |  | ||||||
|       name: pipeline0-task |  | ||||||
| --- |  | ||||||
| apiVersion: tekton.dev/v1beta1 |  | ||||||
| kind: Task |  | ||||||
| metadata: |  | ||||||
|   name: pipeline0-task |  | ||||||
|   namespace: tekton-pipelines |  | ||||||
| spec: |  | ||||||
|   params: |  | ||||||
|   - default: /workspace/git-source |  | ||||||
|     description: The path to the resource files to apply |  | ||||||
|     name: pathToResourceFiles |  | ||||||
|     type: string |  | ||||||
|   - default: . |  | ||||||
|     description: The directory from which resources are to be applied |  | ||||||
|     name: apply-directory |  | ||||||
|     type: string |  | ||||||
|   - default: tekton-pipelines |  | ||||||
|     description: The namespace where created resources will go |  | ||||||
|     name: target-namespace |  | ||||||
|     type: string |  | ||||||
|   resources: |  | ||||||
|     inputs: |  | ||||||
|     - name: git-source |  | ||||||
|       type: git |  | ||||||
|   steps: |  | ||||||
|   - args: |  | ||||||
|     - apply |  | ||||||
|     - -f |  | ||||||
|     - $(inputs.params.pathToResourceFiles)/$(inputs.params.apply-directory) |  | ||||||
|     - -n |  | ||||||
|     - $(inputs.params.target-namespace) |  | ||||||
|     command: |  | ||||||
|     - kubectl |  | ||||||
|     image: lachlanevenson/k8s-kubectl@sha256:9713d6c1c6d83bdd4b3744d295fd0efce8f6cc149eb3083e86ae0911aa52ee73 |  | ||||||
|     name: kubectl-apply |  | ||||||
|  |  | ||||||
| --- | --- | ||||||
|   | |||||||
| @@ -24,12 +24,12 @@ spec: | |||||||
|   - name: deploy-master |   - name: deploy-master | ||||||
|     interceptors: |     interceptors: | ||||||
|     - cel: |     - cel: | ||||||
|         filter: "header.match('X-GitHub-Event', 'push') && split(body.ref, '/')[2] == body.repository.default_branch" |         filter: "header.match('X-GitHub-Event', 'push') && body.ref.split('/')[2] == body.repository.default_branch" | ||||||
|         overlays: |         overlays: | ||||||
|         - key: commit_sha |         - key: commit_sha | ||||||
|           expression: "body.after" |           expression: "body.after" | ||||||
|         - key: branch |         - key: branch | ||||||
|           expression: "split(body.ref, '/')[2]" |           expression: "body.ref.split('/')[2]" | ||||||
|         - key: ref |         - key: ref | ||||||
|           expression: "body.ref" |           expression: "body.ref" | ||||||
|         - key: number |         - key: number | ||||||
|   | |||||||
| @@ -11,6 +11,8 @@ spec: | |||||||
|       type: string |       type: string | ||||||
|     - name: projectname |     - name: projectname | ||||||
|       type: string |       type: string | ||||||
|  |     - name: prid | ||||||
|  |       type: string | ||||||
|   resources: |   resources: | ||||||
|     - name: git-source |     - name: git-source | ||||||
|       type: git |       type: git | ||||||
| @@ -37,6 +39,12 @@ spec: | |||||||
|       params: |       params: | ||||||
|         - name: TARGET |         - name: TARGET | ||||||
|           value: "test" |           value: "test" | ||||||
|  |         - name: REPO | ||||||
|  |           value: $(params.projectname) | ||||||
|  |         - name: PR_ID | ||||||
|  |           value: $(params.prid) | ||||||
|  |         - name: SHA | ||||||
|  |           value: $(params.gitrevision) | ||||||
|       resources: |       resources: | ||||||
|         inputs: |         inputs: | ||||||
|           - name: src |           - name: src | ||||||
| @@ -53,6 +61,12 @@ spec: | |||||||
|       params: |       params: | ||||||
|         - name: TARGET |         - name: TARGET | ||||||
|           value: "build" |           value: "build" | ||||||
|  |         - name: REPO | ||||||
|  |           value: $(params.projectname) | ||||||
|  |         - name: PR_ID | ||||||
|  |           value: $(params.prid) | ||||||
|  |         - name: SHA | ||||||
|  |           value: $(params.gitrevision) | ||||||
|       resources: |       resources: | ||||||
|         inputs: |         inputs: | ||||||
|           - name: src |           - name: src | ||||||
| @@ -73,6 +87,8 @@ spec: | |||||||
|           value: $(params.projectname) |           value: $(params.projectname) | ||||||
|         - name: PR_ID |         - name: PR_ID | ||||||
|           value: $(params.prid) |           value: $(params.prid) | ||||||
|  |         - name: SHA | ||||||
|  |           value: $(params.gitrevision) | ||||||
|       resources: |       resources: | ||||||
|         inputs: |         inputs: | ||||||
|           - name: src |           - name: src | ||||||
|   | |||||||
| @@ -14,7 +14,7 @@ spec: | |||||||
|     default: "pending" |     default: "pending" | ||||||
|   steps: |   steps: | ||||||
|   - name: pr-status-update |   - name: pr-status-update | ||||||
|     image: docker.cluster.fun/averagemarcus/gitea-pr-state:latest |     image: docker.cluster.fun/averagemarcus/gitea-pr-status:latest | ||||||
|     env: |     env: | ||||||
|     - name: ACCESS_TOKEN |     - name: ACCESS_TOKEN | ||||||
|       valueFrom: |       valueFrom: | ||||||
| @@ -22,6 +22,6 @@ spec: | |||||||
|           name: gitea-access-token |           name: gitea-access-token | ||||||
|           key: access-token |           key: access-token | ||||||
|     args: |     args: | ||||||
|     - "$(params.REPO)" |     - "AverageMarcus/$(params.REPO)" | ||||||
|     - "$(params.SHA)" |     - "$(params.SHA)" | ||||||
|     - "$(params.STATE)" |     - "$(params.STATE)" | ||||||
|   | |||||||
| @@ -22,7 +22,7 @@ spec: | |||||||
|   - apiVersion: tekton.dev/v1beta1 |   - apiVersion: tekton.dev/v1beta1 | ||||||
|     kind: PipelineRun |     kind: PipelineRun | ||||||
|     metadata: |     metadata: | ||||||
|       generateName: deploy-project- |       generateName: deploy-$(params.projectname)- | ||||||
|     spec: |     spec: | ||||||
|       pipelineRef: |       pipelineRef: | ||||||
|         name: deploy-project |         name: deploy-project | ||||||
|   | |||||||
| @@ -21,7 +21,7 @@ spec: | |||||||
|     - apiVersion: tekton.dev/v1beta1 |     - apiVersion: tekton.dev/v1beta1 | ||||||
|       kind: PipelineRun |       kind: PipelineRun | ||||||
|       metadata: |       metadata: | ||||||
|         generateName: pr-project- |         generateName: pr-$(params.projectname)- | ||||||
|       spec: |       spec: | ||||||
|         pipelineRef: |         pipelineRef: | ||||||
|           name: pr-project |           name: pr-project | ||||||
|   | |||||||
| @@ -22,7 +22,7 @@ spec: | |||||||
|   - apiVersion: tekton.dev/v1beta1 |   - apiVersion: tekton.dev/v1beta1 | ||||||
|     kind: PipelineRun |     kind: PipelineRun | ||||||
|     metadata: |     metadata: | ||||||
|       generateName: project-tag- |       generateName: tag-$(params.projectname)- | ||||||
|     spec: |     spec: | ||||||
|       pipelineRef: |       pipelineRef: | ||||||
|         name: project-tag |         name: project-tag | ||||||
|   | |||||||
| @@ -1,7 +1,7 @@ | |||||||
| resource "scaleway_k8s_cluster_beta" "k8s-cluster" { | resource "scaleway_k8s_cluster_beta" "k8s-cluster" { | ||||||
|   name             = "cluster-fun" |   name             = "cluster-fun" | ||||||
|   description      = "" |   description      = "" | ||||||
|   version          = "1.18.2" |   version          = "1.18.3" | ||||||
|   cni              = "weave" |   cni              = "weave" | ||||||
|   enable_dashboard = false |   enable_dashboard = false | ||||||
|   ingress          = "traefik" |   ingress          = "traefik" | ||||||
| @@ -19,9 +19,13 @@ resource "scaleway_k8s_pool_beta" "k8s-cluster-pool-1" { | |||||||
|   node_type   = "DEV1-M" |   node_type   = "DEV1-M" | ||||||
|   size        = 1 |   size        = 1 | ||||||
|   min_size    = 1 |   min_size    = 1 | ||||||
|   max_size    = 2 |   max_size    = 3 | ||||||
|   autoscaling = true |   autoscaling = true | ||||||
|   autohealing = true |   autohealing = true | ||||||
|  |  | ||||||
|  |   lifecycle { | ||||||
|  |     ignore_changes = [size] | ||||||
|  |   } | ||||||
| } | } | ||||||
|  |  | ||||||
| output "api_server" { | output "api_server" { | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user