apiVersion: v1 kind: ServiceAccount metadata: labels: app: tekton-webhooks-extension name: tekton-webhooks-extension namespace: tekton-pipelines --- apiVersion: v1 kind: ServiceAccount metadata: labels: app: tekton-webhooks-extension name: tekton-webhooks-extension-eventlistener namespace: tekton-pipelines --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: tekton-webhooks-extension-minimal namespace: tekton-pipelines rules: - apiGroups: - extensions resources: - ingresses - ingresses/status verbs: - delete - create - patch - get - list - update - watch - apiGroups: - "" resources: - pods - services verbs: - get - list - create - update - delete - patch - watch - apiGroups: - "" resources: - pods/log - namespaces - events verbs: - get - list - watch - apiGroups: - "" resources: - secrets - configmaps verbs: - get - list - create - delete - update - watch - apiGroups: - extensions - apps resources: - deployments verbs: - get - list - create - update - delete - patch - watch - apiGroups: - tekton.dev resources: - tasks - clustertasks - taskruns - pipelines - pipelineruns - pipelineresources - conditions verbs: - get - list - create - update - delete - patch - watch - apiGroups: - triggers.tekton.dev resources: - eventlisteners - triggerbindings - triggertemplates verbs: - get - list - create - update - delete - patch - watch - apiGroups: - tekton.dev resources: - taskruns/finalizers - pipelineruns/finalizers - tasks/status - clustertasks/status - taskruns/status - pipelines/status - pipelineruns/status verbs: - get - list - create - update - delete - patch - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: tekton-triggers-minimal rules: - apiGroups: - tekton.dev resources: - tasks - taskruns verbs: - get - apiGroups: - triggers.tekton.dev resources: - triggerbindings - triggertemplates - eventlisteners verbs: - get - apiGroups: - tekton.dev resources: - pipelineruns - pipelineresources - taskruns verbs: - create - apiGroups: - "" resources: - configmaps verbs: - list - get - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: tekton-webhooks-extension-minimal-cluster-powers rules: - apiGroups: - "" resources: - serviceaccounts verbs: - get - list - watch - apiGroups: - tekton.dev resources: - pipelines - pipelineruns verbs: - get - list - watch - apiGroups: - triggers.tekton.dev resources: - pipelines - pipelineruns - tasks - taskruns verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: tekton-webhooks-extension-minimal namespace: tekton-pipelines roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: tekton-webhooks-extension-minimal subjects: - kind: ServiceAccount name: tekton-webhooks-extension namespace: tekton-pipelines --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tekton-webhooks-extension-eventlistener-minimal roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: tekton-triggers-minimal subjects: - kind: ServiceAccount name: tekton-webhooks-extension-eventlistener namespace: tekton-pipelines --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: tekton-webhooks-extension-minimal-cluster-powers roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: tekton-webhooks-extension-minimal-cluster-powers subjects: - kind: ServiceAccount name: tekton-webhooks-extension namespace: tekton-pipelines --- apiVersion: v1 kind: Service metadata: name: tekton-webhooks-extension-validator namespace: tekton-pipelines spec: ports: - port: 80 protocol: TCP targetPort: 8080 selector: app: tekton-webhooks-extension-validator type: ClusterIP --- apiVersion: v1 kind: Service metadata: annotations: tekton-dashboard-bundle-location: web/extension.33e1ae7b.js tekton-dashboard-display-name: Webhooks tekton-dashboard-endpoints: webhooks.web labels: app: webhooks-extension tekton-dashboard-extension: "true" name: webhooks-extension namespace: tekton-pipelines spec: ports: - port: 8080 targetPort: 8080 selector: app: webhooks-extension type: NodePort --- apiVersion: apps/v1 kind: Deployment metadata: name: tekton-webhooks-extension-validator namespace: tekton-pipelines spec: replicas: 1 selector: matchLabels: app: tekton-webhooks-extension-validator template: metadata: labels: app: tekton-webhooks-extension-validator spec: containers: - env: - name: INSTALLED_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: gcr.io/tekton-releases/github.com/tektoncd/experimental/webhooks-extension/cmd/interceptor@sha256:f029e6b5bbeae6efaff1ebd4db6d8bce17cfed3ed93ed8999428c6fb1e09a946 name: validate serviceAccountName: tekton-webhooks-extension --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: webhooks-extension name: webhooks-extension namespace: tekton-pipelines spec: replicas: 1 selector: matchLabels: app: webhooks-extension template: metadata: labels: app: webhooks-extension spec: containers: - env: - name: PORT value: "8080" - name: INSTALLED_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: DOCKER_REGISTRY_LOCATION value: DOCKER_REPO - name: WEB_RESOURCES_DIR value: web - name: WEBHOOK_CALLBACK_URL value: http://listener.IPADDRESS.nip.io - name: SSL_VERIFICATION_ENABLED value: "false" - name: SERVICE_ACCOUNT valueFrom: fieldRef: fieldPath: spec.serviceAccountName image: gcr.io/tekton-releases/github.com/tektoncd/experimental/webhooks-extension/cmd/extension@sha256:b76dedeb9dae1a88fe359fab3ac6cac058d7bf9d41906b9b22a20f67e671dd7c imagePullPolicy: Always livenessProbe: httpGet: path: /liveness port: 8080 name: webhooks-extension ports: - containerPort: 8080 readinessProbe: httpGet: path: /readiness port: 8080 serviceAccountName: tekton-webhooks-extension ---