You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ma...@apache.org on 2023/05/10 17:08:30 UTC
[camel-karavan] 02/03: Prototype #762
This is an automated email from the ASF dual-hosted git repository.
marat pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-karavan.git
commit 9887c22207b5b93438f1f27be745dfcc096cc758
Author: Marat Gubaidullin <ma...@gmail.com>
AuthorDate: Wed May 10 13:07:40 2023 -0400
Prototype #762
---
karavan-cli/pom.xml | 89 +
.../org/apache/camel/karavan/cli/CommandUtils.java | 173 ++
.../org/apache/camel/karavan/cli/Constants.java | 52 +
.../org/apache/camel/karavan/cli/KaravanCli.java | 63 +
.../apache/camel/karavan/cli/KaravanConfig.java | 174 ++
.../apache/camel/karavan/cli/ResourceUtils.java | 80 +
.../karavan/cli/resources/KaravanDeployment.java | 138 +
.../camel/karavan/cli/resources/KaravanPvc.java | 75 +
.../camel/karavan/cli/resources/KaravanRole.java | 91 +
.../karavan/cli/resources/KaravanService.java | 71 +
.../cli/resources/KaravanServiceAccount.java | 48 +
.../camel/karavan/cli/resources/KaravanTekton.java | 124 +
.../resources/quarkus-builder-script-kubernetes.sh | 38 +
.../resources/quarkus-builder-script-openshift.sh | 40 +
.../spring-boot-builder-script-kubernetes.sh | 28 +
.../spring-boot-builder-script-openshift.sh | 28 +
karavan-cli/src/main/resources/tekton.yaml | 2841 ++++++++++++++++++++
karavan-operator/src/main/resources/demo.png | Bin 202677 -> 0 bytes
18 files changed, 4153 insertions(+)
diff --git a/karavan-cli/pom.xml b/karavan-cli/pom.xml
new file mode 100644
index 00000000..86635942
--- /dev/null
+++ b/karavan-cli/pom.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.camel.karavan</groupId>
+ <artifactId>karavan-cli</artifactId>
+ <name>karavan-cli</name>
+ <version>3.20.2-SNAPSHOT</version>
+ <packaging>jar</packaging>
+ <properties>
+ <compiler-plugin.version>3.8.1</compiler-plugin.version>
+ <surefire-plugin.version>3.0.0-M9</surefire-plugin.version>
+ <maven.compiler.parameters>true</maven.compiler.parameters>
+ <maven.compiler.source>11</maven.compiler.source>
+ <maven.compiler.target>11</maven.compiler.target>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+ <kubernetes-client.version>6.3.1</kubernetes-client.version>
+ <picocli.version>4.7.3</picocli.version>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>info.picocli</groupId>
+ <artifactId>picocli</artifactId>
+ <version>${picocli.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.fabric8</groupId>
+ <artifactId>kubernetes-client</artifactId>
+ <version>${kubernetes-client.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.fabric8</groupId>
+ <artifactId>openshift-client</artifactId>
+ <version>${kubernetes-client.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.fabric8</groupId>
+ <artifactId>tekton-client</artifactId>
+ <version>${kubernetes-client.version}</version>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-shade-plugin</artifactId>
+ <version>3.4.1</version>
+ <configuration>
+ <transformers>
+ <transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
+ <mainClass>org.apache.camel.karavan.cli.KaravanCli</mainClass>
+ </transformer>
+ </transformers>
+ </configuration>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>shade</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <!-- annotationProcessorPaths requires maven-compiler-plugin version 3.5 or higher -->
+ <version>3.11.0</version>
+ <configuration>
+ <annotationProcessorPaths>
+ <path>
+ <groupId>info.picocli</groupId>
+ <artifactId>picocli-codegen</artifactId>
+ <version>${picocli.version}</version>
+ </path>
+ </annotationProcessorPaths>
+ <compilerArgs>
+ <arg>-Aproject=${project.groupId}/${project.artifactId}</arg>
+ </compilerArgs>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/karavan-cli/src/main/java/org/apache/camel/karavan/cli/CommandUtils.java b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/CommandUtils.java
new file mode 100644
index 00000000..e5e647f8
--- /dev/null
+++ b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/CommandUtils.java
@@ -0,0 +1,173 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.karavan.cli;
+
+import io.fabric8.kubernetes.api.model.*;
+import io.fabric8.kubernetes.api.model.apps.Deployment;
+import io.fabric8.kubernetes.client.KubernetesClient;
+import io.fabric8.kubernetes.client.KubernetesClientBuilder;
+import io.fabric8.openshift.client.OpenShiftClient;
+import io.fabric8.tekton.pipeline.v1beta1.Pipeline;
+import io.fabric8.tekton.pipeline.v1beta1.Task;
+import org.apache.camel.karavan.cli.resources.*;
+
+import java.util.Arrays;
+import java.util.Objects;
+
+public class CommandUtils {
+ private static final Pipeline pipeline = new Pipeline();
+ private static final Task task = new Task();
+
+ public static void installKaravan(KaravanConfig config) {
+ try (KubernetesClient client = new KubernetesClientBuilder().build()) {
+ OpenShiftClient oClient = client.adapt(OpenShiftClient.class);
+ if (oClient.isSupported()) {
+ System.out.println("⭕ Installing Karavan to OpenShift");
+ config.setOpenShift(true);
+ } else {
+ System.out.println("\u2388 Installing Karavan to Kubernetes");
+ config.setOpenShift(false);
+ }
+ install(config, client);
+ }
+ }
+
+ private static void install(KaravanConfig config, KubernetesClient client) {
+ // Check and install Tekton
+ if (!isTektonInstalled(client)) {
+ log("Tekton is not installed");
+ installTekton(config, client);
+ }
+ log("Tekton is installed");
+
+ // Create namespace
+ if (client.namespaces().withName(config.getNamespace()).get() == null) {
+ Namespace ns = new NamespaceBuilder().withNewMetadata().withName(config.getNamespace()).endMetadata().build();
+ ns = client.namespaces().resource(ns).create();
+ log("Namespace " + ns.getMetadata().getName() + " created");
+ } else {
+ log("Namespace " + config.getNamespace() + " already exists");
+ }
+
+ // Check secrets
+ if (!checkKaravanSecrets(config, client)) {
+ logError("Karavan secrets not found. Apply secrets before installation");
+ System.exit(0);
+ }
+ log("Karavan secrets found");
+
+ // Create service accounts
+ createOrReplace(KaravanServiceAccount.getServiceAccount(config), client);
+ createOrReplace(KaravanServiceAccount.getServiceAccountPipeline(config), client);
+ // Create Roles and role bindings
+ createOrReplace(KaravanRole.getRole(config), client);
+ createOrReplace(KaravanRole.getRoleBinding(config), client);
+ createOrReplace(KaravanRole.getRoleBindingView(config), client);
+ createOrReplace(KaravanRole.getRoleDeployer(config), client);
+ createOrReplace(KaravanRole.getRoleBindingPipeline(config), client);
+ // Create PVC
+ createOrReplace(KaravanPvc.getPvcData(config), client);
+ createOrReplace(KaravanPvc.getPvcM2Cache(config), client);
+ createOrReplace(KaravanPvc.getPvcJbangCache(config), client);
+ // Create Tasks and Pipelines
+ Arrays.stream(config.getRuntimes().split(",")).forEach(runtime -> {
+ createOrReplace(KaravanTekton.getTask(config, runtime), client);
+ createOrReplace(KaravanTekton.getPipeline(config, runtime), client);
+ });
+ // Create deployment
+ createOrReplace(KaravanDeployment.getDeployment(config), client);
+ // Create service
+ createOrReplace(KaravanService.getService(config), client);
+ if (config.isOpenShift()) {
+ createOrReplace(KaravanService.getRoute(config), client);
+ }
+ log("Karavan is installed");
+
+ while (!checkReady(config, client)) {
+ try {
+ Thread.sleep(1000);
+ } catch (Exception e) {
+
+ }
+ System.out.print(".");
+ }
+ System.out.println();
+ log("Karavan is ready");
+ }
+
+ public static boolean checkKaravanSecrets(KaravanConfig config, KubernetesClient client) {
+ Secret secret = client.secrets().inNamespace(config.getNamespace()).withName(Constants.NAME).get();
+ return secret != null;
+ }
+
+ public static boolean checkReady(KaravanConfig config, KubernetesClient client) {
+ Deployment deployment = client.apps().deployments().inNamespace(config.getNamespace()).withName(Constants.NAME).get();
+ return deployment.getStatus() != null
+ && Objects.equals(deployment.getStatus().getReadyReplicas(), deployment.getStatus().getReplicas());
+ }
+
+ private static <T extends HasMetadata> void createOrReplace(T is, KubernetesClient client) {
+ try {
+ T result = client.resource(is).createOrReplace();
+ log(result.getKind() + " " + result.getMetadata().getName() + " created");
+ } catch (Exception e) {
+ logError(e.getLocalizedMessage());
+ }
+ }
+
+ private static void installTekton(KaravanConfig config, KubernetesClient client) {
+ System.out.println("⏳ Installing Tekton");
+ client.load(CommandUtils.class.getResourceAsStream("/tekton.yaml")).create().forEach(hasMetadata -> {
+ System.out.println(" - " + hasMetadata.getKind() + " " + hasMetadata.getMetadata().getName());
+ });
+ }
+
+ private static boolean isTektonInstalled(KubernetesClient client) {
+ APIResourceList kinds = client.getApiResources(pipeline.getApiVersion());
+ if (kinds != null && kinds.getResources().stream().anyMatch(res -> res.getKind().equalsIgnoreCase(pipeline.getKind())) &&
+ kinds.getResources().stream().anyMatch(res -> res.getKind().equalsIgnoreCase(task.getKind()))) {
+ if (isOpenShift(client)) {
+ long oper = client.adapt(OpenShiftClient.class).operatorHub().subscriptions().list().getItems().stream()
+ .filter(sub -> sub.getMetadata().getName().contains("openshift-pipelines-operator")).count();
+ return oper > 0;
+ } else {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public static void log(String message) {
+ System.out.println(getOkMessage(message));
+ }
+
+ public static void logError(String message) {
+ System.out.println(getErrorMessage(message));
+ }
+
+ private static String getOkMessage(String message) {
+ return "\uD83D\uDC4D " + message;
+ }
+
+ private static String getErrorMessage(String message) {
+ return "‼\uFE0F" + message;
+ }
+
+ private static boolean isOpenShift(KubernetesClient client) {
+ return client.adapt(OpenShiftClient.class).isSupported();
+ }
+}
diff --git a/karavan-cli/src/main/java/org/apache/camel/karavan/cli/Constants.java b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/Constants.java
new file mode 100644
index 00000000..8aad563b
--- /dev/null
+++ b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/Constants.java
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.karavan.cli;
+
+public final class Constants {
+ public static final String DEFAULT_NAMESPACE = "karavan";
+ public static final String DEFAULT_ENVIRONMENT = "dev";
+ public static final String DEFAULT_RUNTIMES = "quarkus,spring-boot";
+ public static final String DEFAULT_AUTH = "public";
+ public static final String DEFAULT_GIT_PULL_INTERVAL = "off";
+ public static final String DEFAULT_IMAGE_REGISTRY = "image-registry.openshift-image-registry.svc:5000";
+ public static final int DEFAULT_NODE_PORT = 0;
+ public static final int DEFAULT_INSTANCES = 1;
+ public static final String DEFAULT_BUILD_IMAGE = "ghcr.io/apache/camel-karavan-builder";
+
+ public static final String KARAVAN_IMAGE = "ghcr.io/apache/camel-karavan";
+
+ public static final String CRD_GROUP = "camel.apache.org";
+ public static final String CRD_VERSION = "v1";
+ public static final String SHORT_NAME = "karavan";
+ public static final String NAME = "karavan";
+ public static final String PLURAL_NAME = "karavans";
+
+ public static final String SERVICEACCOUNT_KARAVAN = "karavan";
+ public static final String ROLE_KARAVAN = "karavan";
+ public static final String ROLEBINDING_KARAVAN = "karavan";
+ public static final String ROLEBINDING_KARAVAN_VIEW = "karavan-view";
+ public static final String PVC_DATA = "karavan-data";
+ public static final String PVC_M2_CACHE = "karavan-m2-cache";
+ public static final String PVC_JBANG_CACHE = "karavan-jbang-cache";
+
+ public static final String PIPELINE_DEV = "karavan-pipeline-dev-";
+ public static final String TASK_DEV = "karavan-task-dev-";
+
+ public static final String ROLE_PIPELINE_DEPLOYER = "deployer";
+ public static final String SERVICEACCOUNT_PIPELINE = "pipeline";
+ public static final String ROLEBINDING_PIPELINE_DEPLOYER = "pipeline-deployer";
+}
\ No newline at end of file
diff --git a/karavan-cli/src/main/java/org/apache/camel/karavan/cli/KaravanCli.java b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/KaravanCli.java
new file mode 100644
index 00000000..f553dceb
--- /dev/null
+++ b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/KaravanCli.java
@@ -0,0 +1,63 @@
+package org.apache.camel.karavan.cli;
+
+import picocli.CommandLine;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.Callable;
+
+@CommandLine.Command(name = "karavan",
+ mixinStandardHelpOptions = true,
+ version = "Karavan 3.20.2-SNAPSHOT",
+ description = "Apache Camel Karavan CLI")
+public class KaravanCli implements Callable<Integer> {
+
+ @CommandLine.Option(names = {"-v", "--version"}, required = true, description = "Karavan version", defaultValue = "3.20.2-SNAPSHOT")
+ private String version;
+ @CommandLine.Option(names = {"-n", "--namespace"}, description = "Namespace", defaultValue = Constants.DEFAULT_NAMESPACE)
+ private String namespace;
+ @CommandLine.Option(names = {"-e", "--environment"}, description = "Environment", defaultValue = Constants.DEFAULT_ENVIRONMENT)
+ private String environment;
+ @CommandLine.Option(names = {"-r", "--runtimes"}, description = "Runtimes: quarkus, spring-boot", defaultValue = Constants.DEFAULT_RUNTIMES)
+ private String runtimes;
+ @CommandLine.Option(names = {"-a", "--authentication", "--auth"}, description = "Authentication: public, basic, oidc", defaultValue = Constants.DEFAULT_AUTH)
+ private String auth;
+ @CommandLine.Option(names = {"-np", "--node-port"}, description = "Node port", defaultValue = "0")
+ private int nodePort;
+ @CommandLine.Option(names = {"-g", "--git-pull"}, description = "Git pull interval. Default: off", defaultValue = "off")
+ private String gitPullInterval;
+ @CommandLine.Option(names = {"-i", "--instances"}, description = "Instances. Default: 1", defaultValue = "1")
+ private int instances;
+ @CommandLine.Option(names = {"-ir", "--registry"}, description = "Image registry", defaultValue = Constants.DEFAULT_IMAGE_REGISTRY)
+ private String imageRegistry;
+ @CommandLine.Option(names = {"-bi", "--base-image"}, description = "Base Image", defaultValue = Constants.KARAVAN_IMAGE)
+ private String baseImage;
+ @CommandLine.Option(names = {"-bbi", "--base-builder-image"}, description = "Base Builder Image", defaultValue = Constants.DEFAULT_BUILD_IMAGE)
+ private String baseBuilderImage;
+
+ @Override
+ public Integer call() throws Exception {
+ KaravanConfig config = new KaravanConfig(
+ version,
+ namespace,
+ environment,
+ runtimes,
+ auth,
+ nodePort,
+ gitPullInterval,
+ instances,
+ imageRegistry,
+ baseImage,
+ baseBuilderImage,
+ false,
+ new HashMap<>()
+ );
+ CommandUtils.installKaravan(config);
+ return 0;
+ }
+
+ public static void main(String... args) {
+ int exitCode = new CommandLine(new KaravanCli()).execute(args);
+ System.exit(exitCode);
+ }
+}
diff --git a/karavan-cli/src/main/java/org/apache/camel/karavan/cli/KaravanConfig.java b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/KaravanConfig.java
new file mode 100644
index 00000000..dd1792cb
--- /dev/null
+++ b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/KaravanConfig.java
@@ -0,0 +1,174 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.karavan.cli;
+
+import java.util.Map;
+
+public class KaravanConfig {
+
+ private String version;
+ private String namespace;
+ private String environment;
+ private String runtimes;
+ private String auth;
+ private int nodePort;
+ private String gitPullInterval;
+ private int instances;
+ private String imageRegistry;
+ private String baseImage;
+ private String baseBuilderImage;
+ private boolean isOpenShift;
+ private Map<String,String> labels;
+
+ public static KaravanConfig getDefault(String version) {
+ return new KaravanConfig(
+ version,
+ Constants.DEFAULT_NAMESPACE,
+ Constants.DEFAULT_ENVIRONMENT,
+ Constants.DEFAULT_RUNTIMES,
+ Constants.DEFAULT_AUTH,
+ Constants.DEFAULT_NODE_PORT,
+ Constants.DEFAULT_GIT_PULL_INTERVAL,
+ Constants.DEFAULT_INSTANCES,
+ Constants.DEFAULT_IMAGE_REGISTRY,
+ Constants.KARAVAN_IMAGE,
+ Constants.DEFAULT_BUILD_IMAGE,
+ false,
+ ResourceUtils.getLabels(Constants.NAME, version, Map.of())
+ );
+ }
+
+ public KaravanConfig(String version, String namespace, String environment, String runtimes, String auth, int nodePort, String gitPullInterval, int instances, String imageRegistry, String baseImage, String baseBuilderImage, boolean isOpenShift, Map<String, String> labels) {
+ this.version = version;
+ this.namespace = namespace;
+ this.environment = environment;
+ this.runtimes = runtimes;
+ this.auth = auth;
+ this.nodePort = nodePort;
+ this.gitPullInterval = gitPullInterval;
+ this.instances = instances;
+ this.imageRegistry = imageRegistry;
+ this.baseImage = baseImage;
+ this.baseBuilderImage = baseBuilderImage;
+ this.isOpenShift = isOpenShift;
+ this.labels = labels;
+ }
+
+ public String getVersion() {
+ return version;
+ }
+
+ public void setVersion(String version) {
+ this.version = version;
+ }
+
+ public String getNamespace() {
+ return namespace;
+ }
+
+ public void setNamespace(String namespace) {
+ this.namespace = namespace;
+ }
+
+ public String getEnvironment() {
+ return environment;
+ }
+
+ public void setEnvironment(String environment) {
+ this.environment = environment;
+ }
+
+ public String getRuntimes() {
+ return runtimes;
+ }
+
+ public void setRuntimes(String runtimes) {
+ this.runtimes = runtimes;
+ }
+
+ public String getAuth() {
+ return auth;
+ }
+
+ public void setAuth(String auth) {
+ this.auth = auth;
+ }
+
+ public int getNodePort() {
+ return nodePort;
+ }
+
+ public void setNodePort(int nodePort) {
+ this.nodePort = nodePort;
+ }
+
+ public String getGitPullInterval() {
+ return gitPullInterval;
+ }
+
+ public void setGitPullInterval(String gitPullInterval) {
+ this.gitPullInterval = gitPullInterval;
+ }
+
+ public int getInstances() {
+ return instances;
+ }
+
+ public void setInstances(int instances) {
+ this.instances = instances;
+ }
+
+ public String getImageRegistry() {
+ return imageRegistry;
+ }
+
+ public void setImageRegistry(String imageRegistry) {
+ this.imageRegistry = imageRegistry;
+ }
+
+ public String getBaseImage() {
+ return baseImage;
+ }
+
+ public void setBaseImage(String baseImage) {
+ this.baseImage = baseImage;
+ }
+
+ public String getBaseBuilderImage() {
+ return baseBuilderImage;
+ }
+
+ public void setBaseBuilderImage(String baseBuilderImage) {
+ this.baseBuilderImage = baseBuilderImage;
+ }
+
+ public boolean isOpenShift() {
+ return isOpenShift;
+ }
+
+ public void setOpenShift(boolean openShift) {
+ isOpenShift = openShift;
+ }
+
+ public Map<String, String> getLabels() {
+ return labels;
+ }
+
+ public void setLabels(Map<String, String> labels) {
+ this.labels = labels;
+ }
+}
diff --git a/karavan-cli/src/main/java/org/apache/camel/karavan/cli/ResourceUtils.java b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/ResourceUtils.java
new file mode 100644
index 00000000..d5ddd333
--- /dev/null
+++ b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/ResourceUtils.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.karavan.cli;
+
+import io.fabric8.kubernetes.client.utils.Serialization;
+import org.apache.camel.karavan.cli.resources.*;
+
+import java.util.*;
+
+public class ResourceUtils {
+
+ public static String generateResources(KaravanConfig config) {
+ return String.join("", generateResourcesMap(config).values());
+ }
+
+ public static Map<String, String> generateResourcesMap(KaravanConfig config) {
+ Map<String, String> result = new HashMap<>();
+
+ result.put("sa-karavan", toYAML(KaravanServiceAccount.getServiceAccount(config)));
+ result.put("sa-pipeline", toYAML(KaravanServiceAccount.getServiceAccountPipeline(config)));
+
+ result.put("role-karavan", toYAML(KaravanRole.getRole(config)));
+ result.put("rb-karavan", toYAML(KaravanRole.getRoleBinding(config)));
+ result.put("rb-karavan-view", toYAML(KaravanRole.getRoleBindingView(config)));
+ result.put("role-deployer", toYAML(KaravanRole.getRoleDeployer(config)));
+ result.put("rb-pipeline", toYAML(KaravanRole.getRoleBindingPipeline(config)));
+
+ result.put("pvc-data", toYAML(KaravanPvc.getPvcData(config)));
+ result.put("pvc-m2-cache", toYAML(KaravanPvc.getPvcM2Cache(config)));
+ result.put("pvc-jbang-cache", toYAML(KaravanPvc.getPvcJbangCache(config)));
+
+ result.put("deployment", toYAML(KaravanDeployment.getDeployment(config)));
+ result.put("service", toYAML(KaravanService.getService(config)));
+
+ if (config.isOpenShift()) {
+ result.put("route", toYAML(KaravanService.getRoute(config)));
+ }
+
+ Arrays.stream(config.getRuntimes().split(",")).forEach(runtime -> {
+ result.put("task-" + runtime, toYAML(KaravanTekton.getTask(config, runtime)));
+ result.put("pipeline-" + runtime, toYAML(KaravanTekton.getPipeline(config, runtime)));
+ });
+ return result;
+ }
+
+ public static String toYAML(Object resource) {
+ try {
+ return Serialization.yamlMapper().writeValueAsString(resource);
+ } catch (Exception e) {
+ System.out.println(e.getMessage());
+ return null;
+ }
+ }
+
+ public static Map<String, String> getLabels(String name, String version, Map<String, String> labels) {
+ Map<String, String> result = new HashMap<>(Map.of(
+ "app", name,
+ "app.kubernetes.io/name", name,
+ "app.kubernetes.io/version", version,
+ "app.kubernetes.io/part-of", Constants.NAME
+ ));
+ result.putAll(labels);
+ return result;
+ }
+
+}
diff --git a/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanDeployment.java b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanDeployment.java
new file mode 100644
index 00000000..8c3529a1
--- /dev/null
+++ b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanDeployment.java
@@ -0,0 +1,138 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.karavan.cli.resources;
+
+import io.fabric8.kubernetes.api.model.EmptyDirVolumeSource;
+import io.fabric8.kubernetes.api.model.EnvVar;
+import io.fabric8.kubernetes.api.model.EnvVarSourceBuilder;
+import io.fabric8.kubernetes.api.model.ObjectFieldSelector;
+import io.fabric8.kubernetes.api.model.PersistentVolumeClaimVolumeSource;
+import io.fabric8.kubernetes.api.model.Quantity;
+import io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder;
+import io.fabric8.kubernetes.api.model.SecretKeySelector;
+import io.fabric8.kubernetes.api.model.VolumeBuilder;
+import io.fabric8.kubernetes.api.model.VolumeMountBuilder;
+import io.fabric8.kubernetes.api.model.apps.Deployment;
+import io.fabric8.kubernetes.api.model.apps.DeploymentBuilder;
+import org.apache.camel.karavan.cli.Constants;
+import org.apache.camel.karavan.cli.KaravanConfig;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+public class KaravanDeployment {
+
+ public static Deployment getDeployment (KaravanConfig config) {
+
+ String baseImage = config.getBaseImage();
+
+ String image = baseImage + ":" + config.getVersion();
+ List<EnvVar> envVarList = new ArrayList<>();
+
+ envVarList.add(
+ new EnvVar("KARAVAN_ENVIRONMENT",config.getEnvironment(), null)
+ );
+ envVarList.add(
+ new EnvVar("KARAVAN_RUNTIMES", config.getRuntimes(), null)
+ );
+ envVarList.add(
+ new EnvVar("KUBERNETES_NAMESPACE", null, new EnvVarSourceBuilder().withFieldRef(new ObjectFieldSelector("","metadata.namespace")).build())
+ );
+ String auth = config.getAuth();
+ if (Objects.equals(auth, "basic")) {
+ image = baseImage + "-basic:" + config.getVersion();
+ envVarList.add(
+ new EnvVar("MASTER_PASSWORD", null, new EnvVarSourceBuilder().withSecretKeyRef(new SecretKeySelector("master-password","karavan", false)).build())
+ );
+ } else if (Objects.equals(auth,"oidc")) {
+ image = baseImage + "-oidc:" + config.getVersion();
+ envVarList.add(
+ new EnvVar("OIDC_FRONTEND_URL", null, new EnvVarSourceBuilder().withSecretKeyRef(new SecretKeySelector("oidc-frontend-url","karavan", false)).build())
+ );
+ envVarList.add(
+ new EnvVar("OIDC_SERVER_URL", null, new EnvVarSourceBuilder().withSecretKeyRef(new SecretKeySelector("oidc-server-url","karavan", false)).build())
+ );
+ envVarList.add(
+ new EnvVar("OIDC_SECRET", null, new EnvVarSourceBuilder().withSecretKeyRef(new SecretKeySelector("oidc-secret","karavan", false)).build())
+ );
+ }
+ String gitPullInterval = config.getGitPullInterval();
+ if (Objects.isNull(gitPullInterval) || Objects.equals(gitPullInterval.trim(), "0")) {
+ envVarList.add(
+ new EnvVar("QUARKUS_SCHEDULER_ENABLED", "false", null)
+ );
+ } else {
+ envVarList.add(
+ new EnvVar("QUARKUS_SCHEDULER_ENABLED", "true", null)
+ );
+ envVarList.add(
+ new EnvVar("KARAVAN_GIT_PULL_INTERVAL", gitPullInterval, null)
+ );
+ }
+
+ Map<String, String> labels = config.getLabels();
+ labels.put("app.kubernetes.io/runtime", "quarkus");
+
+ return new DeploymentBuilder()
+ .withNewMetadata()
+ .withName(Constants.NAME)
+ .withNamespace(config.getNamespace())
+ .withLabels(labels)
+ .endMetadata()
+
+ .withNewSpec()
+ .withReplicas(config.getInstances())
+ .withNewSelector()
+ .addToMatchLabels(Map.of("app", Constants.NAME))
+ .endSelector()
+
+ .withNewTemplate()
+ .withNewMetadata()
+ .addToLabels(Map.of("app", Constants.NAME))
+ .endMetadata()
+
+ .withNewSpec()
+ .addNewContainer()
+ .withName(Constants.NAME)
+ .withImage(image)
+ .withImagePullPolicy("Always")
+ .withEnv(envVarList)
+ .addNewPort()
+ .withContainerPort(8080)
+ .withName(Constants.NAME)
+ .endPort()
+ .withResources(new ResourceRequirementsBuilder().withRequests(
+ Map.of("memory", new Quantity("512Mi"))).build())
+ .withVolumeMounts(
+ new VolumeMountBuilder().withName("karavan-data").withMountPath("/deployments/karavan-data").build(),
+ new VolumeMountBuilder().withName("ephemeral").withMountPath("/tmp").build()
+ )
+ .endContainer()
+ .withServiceAccount(Constants.NAME)
+ .withVolumes(
+ new VolumeBuilder().withName("karavan-data").withPersistentVolumeClaim(new PersistentVolumeClaimVolumeSource("karavan-data", false)).build(),
+ new VolumeBuilder().withName("ephemeral").withEmptyDir(new EmptyDirVolumeSource()).build()
+ )
+ .endSpec()
+ .endTemplate()
+ .endSpec()
+ .build();
+ }
+
+}
diff --git a/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanPvc.java b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanPvc.java
new file mode 100644
index 00000000..889cae15
--- /dev/null
+++ b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanPvc.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+ */
+package org.apache.camel.karavan.cli.resources;
+
+import io.fabric8.kubernetes.api.model.PersistentVolumeClaim;
+import io.fabric8.kubernetes.api.model.PersistentVolumeClaimBuilder;
+import io.fabric8.kubernetes.api.model.Quantity;
+import io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder;
+import org.apache.camel.karavan.cli.Constants;
+import org.apache.camel.karavan.cli.KaravanConfig;
+import org.apache.camel.karavan.cli.ResourceUtils;
+
+import java.util.Map;
+
+public class KaravanPvc {
+
+ public static PersistentVolumeClaim getPvcData (KaravanConfig config) {
+ return new PersistentVolumeClaimBuilder()
+ .withNewMetadata()
+ .withName(Constants.PVC_DATA)
+ .withNamespace(config.getNamespace())
+ .withLabels(ResourceUtils.getLabels(Constants.PVC_DATA, config.getVersion(), Map.of()))
+ .endMetadata()
+ .withNewSpec()
+ .withResources(new ResourceRequirementsBuilder().withRequests(Map.of("storage", new Quantity("10Gi"))).build())
+ .withVolumeMode("Filesystem")
+ .withAccessModes("ReadWriteOnce")
+ .endSpec()
+ .build();
+ }
+
+ public static PersistentVolumeClaim getPvcM2Cache(KaravanConfig config) {
+ return new PersistentVolumeClaimBuilder()
+ .withNewMetadata()
+ .withName(Constants.PVC_M2_CACHE)
+ .withNamespace(config.getNamespace())
+ .withLabels(ResourceUtils.getLabels(Constants.PVC_M2_CACHE, config.getVersion(), Map.of()))
+ .endMetadata()
+ .withNewSpec()
+ .withResources(new ResourceRequirementsBuilder().withRequests(Map.of("storage", new Quantity("10Gi"))).build())
+ .withVolumeMode("Filesystem")
+ .withAccessModes("ReadWriteOnce")
+ .endSpec()
+ .build();
+ }
+
+ public static PersistentVolumeClaim getPvcJbangCache(KaravanConfig config) {
+ return new PersistentVolumeClaimBuilder()
+ .withNewMetadata()
+ .withName(Constants.PVC_JBANG_CACHE)
+ .withNamespace(config.getNamespace())
+ .withLabels(ResourceUtils.getLabels(Constants.PVC_JBANG_CACHE, config.getVersion(), Map.of()))
+ .endMetadata()
+ .withNewSpec()
+ .withResources(new ResourceRequirementsBuilder().withRequests(Map.of("storage", new Quantity("2Gi"))).build())
+ .withVolumeMode("Filesystem")
+ .withAccessModes("ReadWriteOnce")
+ .endSpec()
+ .build();
+ }
+}
diff --git a/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanRole.java b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanRole.java
new file mode 100644
index 00000000..f2e14ba7
--- /dev/null
+++ b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanRole.java
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.karavan.cli.resources;
+
+import io.fabric8.kubernetes.api.model.rbac.*;
+import org.apache.camel.karavan.cli.Constants;
+import org.apache.camel.karavan.cli.KaravanConfig;
+
+public class KaravanRole {
+
+ public static Role getRole(KaravanConfig config) {
+ return new RoleBuilder()
+ .withNewMetadata()
+ .withName(Constants.ROLE_KARAVAN)
+ .withNamespace(config.getNamespace())
+ .endMetadata()
+ .withRules(
+ new PolicyRuleBuilder().withApiGroups("").withResources("secrets", "configmaps").withVerbs("get", "list").build(),
+ new PolicyRuleBuilder().withApiGroups("").withResources("persistentvolumes", "persistentvolumeclaims").withVerbs("get", "list", "watch").build(),
+ new PolicyRuleBuilder().withApiGroups("tekton.dev").withResources("pipelineruns").withVerbs("*").build(),
+ new PolicyRuleBuilder().withApiGroups("").withResources("pods", "services", "replicationcontrollers").withVerbs("*").build(),
+ new PolicyRuleBuilder().withApiGroups("route.openshift.io").withResources( "routes").withVerbs("*").build(),
+ new PolicyRuleBuilder().withApiGroups("apps").withResources("deployments").withVerbs("*").build()
+ )
+ .build();
+ }
+
+ public static RoleBinding getRoleBinding(KaravanConfig config) {
+ return new RoleBindingBuilder()
+ .withNewMetadata()
+ .withName(Constants.ROLEBINDING_KARAVAN)
+ .withNamespace(config.getNamespace())
+ .endMetadata()
+ .withNewRoleRef("rbac.authorization.k8s.io", "Role", Constants.ROLE_KARAVAN)
+ .withSubjects(new Subject("", "ServiceAccount", Constants.SERVICEACCOUNT_KARAVAN, config.getNamespace()))
+ .build();
+ }
+
+ public static RoleBinding getRoleBindingView(KaravanConfig config) {
+ return new RoleBindingBuilder()
+ .withNewMetadata()
+ .withName(Constants.ROLEBINDING_KARAVAN_VIEW)
+ .withNamespace(config.getNamespace())
+ .endMetadata()
+ .withNewRoleRef("rbac.authorization.k8s.io", "ClusterRole", "view")
+ .withSubjects(new Subject("", "ServiceAccount", Constants.SERVICEACCOUNT_KARAVAN, config.getNamespace()))
+ .build();
+ }
+
+// Pipeline roles
+
+ public static Role getRoleDeployer(KaravanConfig config) {
+ return new RoleBuilder()
+ .withNewMetadata()
+ .withName(Constants.ROLE_PIPELINE_DEPLOYER)
+ .withNamespace(config.getNamespace())
+ .endMetadata()
+ .withRules(
+ new PolicyRuleBuilder().withApiGroups("").withResources("secrets", "configmaps", "services", "persistentvolumes", "persistentvolumeclaims").withVerbs("*").build(),
+ new PolicyRuleBuilder().withApiGroups("networking.k8s.io").withResources("ingresses").withVerbs("*").build(),
+ new PolicyRuleBuilder().withApiGroups("route.openshift.io").withResources( "routes").withVerbs("*").build(),
+ new PolicyRuleBuilder().withApiGroups("apps").withResources("deployments").withVerbs("*").build()
+ )
+ .build();
+ }
+
+ public static RoleBinding getRoleBindingPipeline(KaravanConfig config) {
+ return new RoleBindingBuilder()
+ .withNewMetadata()
+ .withName(Constants.ROLEBINDING_PIPELINE_DEPLOYER)
+ .withNamespace(config.getNamespace())
+ .endMetadata()
+ .withNewRoleRef("rbac.authorization.k8s.io", "Role", Constants.ROLE_PIPELINE_DEPLOYER)
+ .withSubjects(new Subject("", "ServiceAccount", Constants.SERVICEACCOUNT_PIPELINE, config.getNamespace()))
+ .build();
+ }
+}
diff --git a/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanService.java b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanService.java
new file mode 100644
index 00000000..4d012458
--- /dev/null
+++ b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanService.java
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.karavan.cli.resources;
+
+import io.fabric8.kubernetes.api.model.IntOrString;
+import io.fabric8.kubernetes.api.model.Service;
+import io.fabric8.kubernetes.api.model.ServiceBuilder;
+import io.fabric8.kubernetes.api.model.ServicePortBuilder;
+import io.fabric8.openshift.api.model.Route;
+import io.fabric8.openshift.api.model.RouteBuilder;
+import io.fabric8.openshift.api.model.RoutePort;
+import io.fabric8.openshift.api.model.RouteTargetReferenceBuilder;
+import org.apache.camel.karavan.cli.Constants;
+import org.apache.camel.karavan.cli.KaravanConfig;
+import org.apache.camel.karavan.cli.ResourceUtils;
+
+import java.util.Map;
+
+public class KaravanService {
+
+ public static Service getService(KaravanConfig config) {
+
+ ServicePortBuilder portBuilder = new ServicePortBuilder()
+ .withName("http").withPort(80).withProtocol("TCP").withTargetPort(new IntOrString(8080));
+ if (config.getNodePort() > 0) {
+ portBuilder.withNodePort(config.getNodePort());
+ }
+
+ return new ServiceBuilder()
+ .withNewMetadata()
+ .withName(Constants.NAME)
+ .withNamespace(config.getNamespace())
+ .withLabels(ResourceUtils.getLabels(Constants.NAME, config.getVersion(), Map.of()))
+ .endMetadata()
+ .withNewSpec()
+ .withType(config.getNodePort() > 0 ? "NodePort" : "ClusterIP")
+ .withPorts(portBuilder.build())
+ .withSelector(Map.of("app", Constants.NAME))
+ .endSpec()
+ .build();
+ }
+
+ public static Route getRoute(KaravanConfig config) {
+ return new RouteBuilder()
+ .withNewMetadata()
+ .withName(Constants.NAME)
+ .withNamespace(config.getNamespace())
+ .withLabels(ResourceUtils.getLabels(Constants.NAME, config.getVersion(), Map.of()))
+ .endMetadata()
+ .withNewSpec()
+ .withPort(new RoutePort(new IntOrString(8080)))
+ .withTo(new RouteTargetReferenceBuilder().withKind("Service").withName(Constants.NAME).build())
+ .endSpec()
+ .build();
+ }
+
+}
diff --git a/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanServiceAccount.java b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanServiceAccount.java
new file mode 100644
index 00000000..1c07d93b
--- /dev/null
+++ b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanServiceAccount.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.karavan.cli.resources;
+
+import io.fabric8.kubernetes.api.model.ServiceAccount;
+import io.fabric8.kubernetes.api.model.ServiceAccountBuilder;
+import org.apache.camel.karavan.cli.Constants;
+import org.apache.camel.karavan.cli.KaravanConfig;
+import org.apache.camel.karavan.cli.ResourceUtils;
+
+import java.util.Map;
+
+public class KaravanServiceAccount {
+
+ public static ServiceAccount getServiceAccount(KaravanConfig config) {
+ return new ServiceAccountBuilder()
+ .withNewMetadata()
+ .withName(Constants.SERVICEACCOUNT_KARAVAN)
+ .withNamespace(config.getNamespace())
+ .withLabels(ResourceUtils.getLabels(Constants.SERVICEACCOUNT_KARAVAN, config.getVersion(), Map.of()))
+ .endMetadata()
+ .build();
+ }
+
+ public static ServiceAccount getServiceAccountPipeline(KaravanConfig config) {
+ return new ServiceAccountBuilder()
+ .withNewMetadata()
+ .withName(Constants.SERVICEACCOUNT_PIPELINE)
+ .withNamespace(config.getNamespace())
+ .withLabels(ResourceUtils.getLabels(Constants.SERVICEACCOUNT_PIPELINE, config.getVersion(), Map.of()))
+ .endMetadata()
+ .build();
+ }
+}
diff --git a/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanTekton.java b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanTekton.java
new file mode 100644
index 00000000..14a31246
--- /dev/null
+++ b/karavan-cli/src/main/java/org/apache/camel/karavan/cli/resources/KaravanTekton.java
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.karavan.cli.resources;
+
+import io.fabric8.kubernetes.api.model.EnvVarBuilder;
+import io.fabric8.kubernetes.api.model.EnvVarSourceBuilder;
+import io.fabric8.tekton.pipeline.v1beta1.*;
+import org.apache.camel.karavan.cli.Constants;
+import org.apache.camel.karavan.cli.KaravanConfig;
+import org.apache.camel.karavan.cli.ResourceUtils;
+
+import java.io.BufferedReader;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+public class KaravanTekton {
+
+ public static Task getTask(KaravanConfig config, String runtime) {
+ String taskName = Constants.TASK_DEV + runtime;
+ String buildImage = config.getBaseBuilderImage();
+ String script = getScript(config, runtime);
+
+ return new TaskBuilder()
+ .withNewMetadata()
+ .withName(taskName)
+ .withNamespace(config.getNamespace())
+ .withLabels(ResourceUtils.getLabels(taskName, config.getVersion(), Map.of()))
+ .endMetadata()
+ .withNewSpec()
+ .withParams(new ParamSpecBuilder().withName("project").withType("string").withDescription("ProjectId").build())
+ .withSteps(
+ new StepBuilder().withName("karavan-build-deploy")
+ .withScript(script)
+ .withImage(buildImage + ":" + config.getVersion())
+ .withEnv(
+ new EnvVarBuilder().withName("GIT_REPOSITORY").withValueFrom(
+ new EnvVarSourceBuilder().withNewSecretKeyRef().withName("karavan").withKey("git-repository").and().build()).build(),
+ new EnvVarBuilder().withName("GIT_USERNAME").withValueFrom(
+ new EnvVarSourceBuilder().withNewSecretKeyRef().withName("karavan").withKey("git-username").and().build()).build(),
+ new EnvVarBuilder().withName("GIT_PASSWORD").withValueFrom(
+ new EnvVarSourceBuilder().withNewSecretKeyRef().withName("karavan").withKey("git-password").and().build()).build(),
+ new EnvVarBuilder().withName("GIT_BRANCH").withValueFrom(
+ new EnvVarSourceBuilder().withNewSecretKeyRef().withName("karavan").withKey("git-branch").and().build()).build(),
+ new EnvVarBuilder().withName("IMAGE_REGISTRY").withValueFrom(
+ new EnvVarSourceBuilder().withNewSecretKeyRef().withName("karavan").withKey("image-registry").withOptional(true).and().build()).build()
+ )
+ .build()
+ )
+ .withWorkspaces(
+ new WorkspaceDeclaration("Maven Cache", "/root/.m2", Constants.PVC_M2_CACHE, false, false),
+ new WorkspaceDeclaration("JBang Cache", "/jbang/.jbang/cache", Constants.PVC_JBANG_CACHE, false, false)
+ )
+ .endSpec()
+ .build();
+ }
+
+ private static String getScript(KaravanConfig config, String runtime) {
+ try {
+ InputStream inputStream = config.isOpenShift()
+ ? KaravanTekton.class.getResourceAsStream("/" + runtime + "-builder-script-openshift.sh")
+ : KaravanTekton.class.getResourceAsStream("/" + runtime + "-builder-script-kubernetes.sh");
+ String data = new BufferedReader(new InputStreamReader(inputStream))
+ .lines()
+ .map(s -> {
+ if (s.contains("quarkus.container-image.registry")) {
+ return s.replace("${IMAGE_REGISTRY}", config.getImageRegistry());
+ } else {
+ return s;
+ }
+ })
+ .collect(Collectors.joining(System.getProperty("line.separator")));
+ return data;
+ } catch (Exception e) {
+ return null;
+ }
+ }
+
+ public static Pipeline getPipeline(KaravanConfig config, String runtime) {
+ String taskName = Constants.TASK_DEV + runtime;
+ String pipelineName = Constants.PIPELINE_DEV + runtime;
+
+ return new PipelineBuilder()
+ .withNewMetadata()
+ .withName(pipelineName)
+ .withNamespace(config.getNamespace())
+ .withLabels(ResourceUtils.getLabels(pipelineName, config.getVersion(), Map.of()))
+ .endMetadata()
+ .withNewSpec()
+ .withParams(new ParamSpecBuilder().withName("PROJECT_ID").withType("string").withDescription("ProjectId").build())
+ .withTasks(
+ new PipelineTaskBuilder().withName(taskName)
+ .withParams(new ParamBuilder().withName("project").withNewValue("$(params.PROJECT_ID)").build())
+ .withTaskRef(new TaskRefBuilder().withKind("Task").withName(taskName).build())
+ .withWorkspaces(
+ new WorkspacePipelineTaskBinding(Constants.PVC_M2_CACHE, "", Constants.PVC_M2_CACHE),
+ new WorkspacePipelineTaskBinding(Constants.PVC_JBANG_CACHE, "", Constants.PVC_JBANG_CACHE)
+ )
+ .build()
+ )
+ .withWorkspaces(
+ new PipelineWorkspaceDeclaration("Maven Cache", Constants.PVC_M2_CACHE, false),
+ new PipelineWorkspaceDeclaration("JBang Cache", Constants.PVC_JBANG_CACHE, false)
+ )
+ .endSpec()
+ .build();
+ }
+
+}
diff --git a/karavan-cli/src/main/resources/quarkus-builder-script-kubernetes.sh b/karavan-cli/src/main/resources/quarkus-builder-script-kubernetes.sh
new file mode 100644
index 00000000..49a67e94
--- /dev/null
+++ b/karavan-cli/src/main/resources/quarkus-builder-script-kubernetes.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+CHECKOUT_DIR="/scripts"
+KAMELETS_DIR="/scripts/kamelets"
+
+if [[ $GIT_REPOSITORY == https* ]] ;
+then
+ replacer=https://$GIT_PASSWORD@
+ prefix=https://
+ url="${GIT_REPOSITORY/$prefix/$replacer}"
+ git clone --depth 1 --branch ${GIT_BRANCH} $url ${CHECKOUT_DIR}
+else
+ git clone --depth 1 --branch ${GIT_BRANCH} ${GIT_REPOSITORY} ${CHECKOUT_DIR}
+fi
+
+cd ${CHECKOUT_DIR}/$(inputs.params.project)
+
+entrypoint -Dcamel.jbang.version=3.20.4 camel@apache/camel export --local-kamelet-dir=${KAMELETS_DIR}
+
+export LAST_COMMIT=$(git rev-parse --short HEAD)
+export DATE=$(date '+%Y%m%d%H%M%S')
+export TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
+export NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
+
+/opt/mvnd/bin/mvnd package \
+ -Dquarkus.container-image.build=true \
+ -Dquarkus.container-image.push=true \
+ -Dquarkus.container-image.insecure=true \
+ -Dquarkus.container-image.username=sa \
+ -Dquarkus.container-image.password=${TOKEN} \
+ -Dquarkus.container-image.registry=${IMAGE_REGISTRY} \
+ -Dquarkus.container-image.builder=jib \
+ -Dquarkus.kubernetes.deploy=true \
+ -Dquarkus.kubernetes.deployment-target=kubernetes \
+ -Dquarkus.kubernetes.add-version-to-label-selectors=false \
+ -Dquarkus.kubernetes.labels.\"app\"=$(inputs.params.project) \
+ -Dquarkus.kubernetes.labels.\"app.kubernetes.io/runtime\"=camel \
+ -Dquarkus.container-image.group=${NAMESPACE} \
+ -Dquarkus.container-image.tag=${DATE}
\ No newline at end of file
diff --git a/karavan-cli/src/main/resources/quarkus-builder-script-openshift.sh b/karavan-cli/src/main/resources/quarkus-builder-script-openshift.sh
new file mode 100644
index 00000000..1b37af8e
--- /dev/null
+++ b/karavan-cli/src/main/resources/quarkus-builder-script-openshift.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+CHECKOUT_DIR="/scripts"
+KAMELETS_DIR="/scripts/kamelets"
+
+if [[ $GIT_REPOSITORY == https* ]] ;
+then
+ replacer=https://$GIT_PASSWORD@
+ prefix=https://
+ url="${GIT_REPOSITORY/$prefix/$replacer}"
+ git clone --depth 1 --branch ${GIT_BRANCH} $url ${CHECKOUT_DIR}
+else
+ git clone --depth 1 --branch ${GIT_BRANCH} ${GIT_REPOSITORY} ${CHECKOUT_DIR}
+fi
+
+cd ${CHECKOUT_DIR}/$(inputs.params.project)
+
+entrypoint -Dcamel.jbang.version=3.20.4 camel@apache/camel export --local-kamelet-dir=${KAMELETS_DIR}
+
+export LAST_COMMIT=$(git rev-parse --short HEAD)
+export DATE=$(date '+%Y%m%d%H%M%S')
+export TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
+export NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
+
+/opt/mvnd/bin/mvnd package \
+ -Dquarkus.container-image.build=true \
+ -Dquarkus.container-image.push=true \
+ -Dquarkus.container-image.insecure=true \
+ -Dquarkus.container-image.username=sa \
+ -Dquarkus.container-image.password=${TOKEN} \
+ -Dquarkus.container-image.registry=${IMAGE_REGISTRY} \
+ -Dquarkus.container-image.builder=jib \
+ -Dquarkus.kubernetes-client.master-url=kubernetes.default.svc \
+ -Dquarkus.kubernetes-client.token=${TOKEN} \
+ -Dquarkus.kubernetes.deploy=true \
+ -Dquarkus.openshift.deployment-kind=Deployment \
+ -Dquarkus.openshift.add-version-to-label-selectors=false \
+ -Dquarkus.openshift.labels.\"app\"=$(inputs.params.project) \
+ -Dquarkus.openshift.labels.\"app.openshift.io/runtime\"=camel \
+ -Dquarkus.container-image.group=${NAMESPACE} \
+ -Dquarkus.container-image.tag=${DATE}
\ No newline at end of file
diff --git a/karavan-cli/src/main/resources/spring-boot-builder-script-kubernetes.sh b/karavan-cli/src/main/resources/spring-boot-builder-script-kubernetes.sh
new file mode 100644
index 00000000..097c2f99
--- /dev/null
+++ b/karavan-cli/src/main/resources/spring-boot-builder-script-kubernetes.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+CHECKOUT_DIR="/scripts"
+KAMELETS_DIR="/scripts/kamelets"
+
+if [[ $GIT_REPOSITORY == https* ]] ;
+then
+ replacer=https://$GIT_PASSWORD@
+ prefix=https://
+ url="${GIT_REPOSITORY/$prefix/$replacer}"
+ git clone --depth 1 --branch ${GIT_BRANCH} $url ${CHECKOUT_DIR}
+else
+ git clone --depth 1 --branch ${GIT_BRANCH} ${GIT_REPOSITORY} ${CHECKOUT_DIR}
+fi
+
+cd ${CHECKOUT_DIR}/$(inputs.params.project)
+
+entrypoint -Dcamel.jbang.version=3.20.4 camel@apache/camel export --local-kamelet-dir=${KAMELETS_DIR}
+
+export LAST_COMMIT=$(git rev-parse --short HEAD)
+export DATE=$(date '+%Y%m%d%H%M%S')
+export TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
+export NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
+
+/opt/mvnd/bin/mvnd package k8s:build k8s:push k8s:resource k8s:apply \
+ -Pkubernetes \
+ -Djkube.namespace=${NAMESPACE} \
+ -Djkube.docker.push.registry=${IMAGE_REGISTRY} \
+ -Djkube.generator.name=${IMAGE_REGISTRY}/${NAMESPACE}/$(inputs.params.project):${DATE}
\ No newline at end of file
diff --git a/karavan-cli/src/main/resources/spring-boot-builder-script-openshift.sh b/karavan-cli/src/main/resources/spring-boot-builder-script-openshift.sh
new file mode 100644
index 00000000..5c51b76f
--- /dev/null
+++ b/karavan-cli/src/main/resources/spring-boot-builder-script-openshift.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+CHECKOUT_DIR="/scripts"
+KAMELETS_DIR="/scripts/kamelets"
+
+if [[ $GIT_REPOSITORY == https* ]] ;
+then
+ replacer=https://$GIT_PASSWORD@
+ prefix=https://
+ url="${GIT_REPOSITORY/$prefix/$replacer}"
+ git clone --depth 1 --branch ${GIT_BRANCH} $url ${CHECKOUT_DIR}
+else
+ git clone --depth 1 --branch ${GIT_BRANCH} ${GIT_REPOSITORY} ${CHECKOUT_DIR}
+fi
+
+cd ${CHECKOUT_DIR}/$(inputs.params.project)
+
+entrypoint -Dcamel.jbang.version=3.20.4 camel@apache/camel export --local-kamelet-dir=${KAMELETS_DIR}
+
+export LAST_COMMIT=$(git rev-parse --short HEAD)
+export DATE=$(date '+%Y%m%d%H%M%S')
+export TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
+export NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
+
+/opt/mvnd/bin/mvnd package oc:build oc:push oc:resource oc:apply \
+ -Popenshift \
+ -Djkube.namespace=${NAMESPACE} \
+ -Djkube.docker.push.registry=${IMAGE_REGISTRY} \
+ -Djkube.generator.name=${IMAGE_REGISTRY}/${NAMESPACE}/$(inputs.params.project):${DATE}
diff --git a/karavan-cli/src/main/resources/tekton.yaml b/karavan-cli/src/main/resources/tekton.yaml
new file mode 100644
index 00000000..1abe4c51
--- /dev/null
+++ b/karavan-cli/src/main/resources/tekton.yaml
@@ -0,0 +1,2841 @@
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: tekton-pipelines
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ pod-security.kubernetes.io/enforce: restricted
+
+---
+# Copyright 2020-2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: tekton-pipelines-controller-cluster-access
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+rules:
+ - apiGroups: [""]
+ # Controller needs to watch Pods created by TaskRuns to see them progress.
+ resources: ["pods"]
+ verbs: ["list", "watch"]
+ # Controller needs cluster access to all of the CRDs that it is responsible for
+ # managing.
+ - apiGroups: ["tekton.dev"]
+ resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["tekton.dev"]
+ resources: ["verificationpolicies"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["tekton.dev"]
+ resources: ["taskruns/finalizers", "pipelineruns/finalizers", "customruns/finalizers"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ - apiGroups: ["tekton.dev"]
+ resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "customruns/status", "verificationpolicies/status"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ # resolution.tekton.dev
+ - apiGroups: ["resolution.tekton.dev"]
+ resources: ["resolutionrequests", "resolutionrequests/status"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ # This is the access that the controller needs on a per-namespace basis.
+ name: tekton-pipelines-controller-tenant-access
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+rules:
+ # Read-write access to create Pods and PVCs (for Workspaces)
+ - apiGroups: [""]
+ resources: ["pods", "persistentvolumeclaims"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+ # Write permissions to publish events.
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "update", "patch"]
+ # Read-only access to these.
+ - apiGroups: [""]
+ resources: ["configmaps", "limitranges", "secrets", "serviceaccounts"]
+ verbs: ["get", "list", "watch"]
+ # Read-write access to StatefulSets for Affinity Assistant.
+ - apiGroups: ["apps"]
+ resources: ["statefulsets"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: tekton-pipelines-webhook-cluster-access
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+rules:
+ # The webhook needs to be able to get and update customresourcedefinitions,
+ # mainly to update the webhook certificates.
+ - apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions", "customresourcedefinitions/status"]
+ verbs: ["get", "update", "patch"]
+ resourceNames:
+ - pipelines.tekton.dev
+ - pipelineruns.tekton.dev
+ - tasks.tekton.dev
+ - clustertasks.tekton.dev
+ - taskruns.tekton.dev
+ - resolutionrequests.resolution.tekton.dev
+ - customruns.tekton.dev
+ - verificationpolicies.tekton.dev
+ # knative.dev/pkg needs list/watch permissions to set up informers for the webhook.
+ - apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions"]
+ verbs: ["list", "watch"]
+ - apiGroups: ["admissionregistration.k8s.io"]
+ # The webhook performs a reconciliation on these two resources and continuously
+ # updates configuration.
+ resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
+ # knative starts informers on these things, which is why we need get, list and watch.
+ verbs: ["list", "watch"]
+ - apiGroups: ["admissionregistration.k8s.io"]
+ resources: ["mutatingwebhookconfigurations"]
+ # This mutating webhook is responsible for applying defaults to tekton objects
+ # as they are received.
+ resourceNames: ["webhook.pipeline.tekton.dev"]
+ # When there are changes to the configs or secrets, knative updates the mutatingwebhook config
+ # with the updated certificates or the refreshed set of rules.
+ verbs: ["get", "update", "delete"]
+ - apiGroups: ["admissionregistration.k8s.io"]
+ resources: ["validatingwebhookconfigurations"]
+ # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns.
+ # config.webhook.pipeline.tekton.dev validates the logging configuration against knative's logging structure
+ resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"]
+ # When there are changes to the configs or secrets, knative updates the validatingwebhook config
+ # with the updated certificates or the refreshed set of rules.
+ verbs: ["get", "update", "delete"]
+ - apiGroups: [""]
+ resources: ["namespaces"]
+ verbs: ["get"]
+ # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources,
+ # which requires we can Get the system namespace.
+ resourceNames: ["tekton-pipelines"]
+ - apiGroups: [""]
+ resources: ["namespaces/finalizers"]
+ verbs: ["update"]
+ # The webhook configured the namespace as the OwnerRef on various cluster-scoped resources,
+ # which requires we can update the system namespace finalizers.
+ resourceNames: ["tekton-pipelines"]
+
+---
+# Copyright 2020 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: tekton-pipelines-controller
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+rules:
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["list", "watch"]
+ # The controller needs access to these configmaps for logging information and runtime configuration.
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get"]
+ resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", "config-artifact-pvc", "feature-flags", "config-leader-election", "config-registry-cert"]
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+rules:
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["list", "watch"]
+ # The webhook needs access to these configmaps for logging information.
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get"]
+ resourceNames: ["config-logging", "config-observability", "config-leader-election", "feature-flags"]
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["list", "watch"]
+ # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever
+ # the secret changes it updates the webhook configurations with the certificates
+ # stored in the secret.
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "update"]
+ resourceNames: ["webhook-certs"]
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: tekton-pipelines-leader-election
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+rules:
+ # We uses leases for leaderelection
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: tekton-pipelines-info
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+rules:
+ # All system:authenticated users needs to have access
+ # of the pipelines-info ConfigMap even if they don't
+ # have access to the other resources present in the
+ # installed namespace.
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ resourceNames: ["pipelines-info"]
+ verbs: ["get"]
+
+---
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: tekton-pipelines-controller
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+
+---
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: tekton-pipelines-controller-cluster-access
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+subjects:
+ - kind: ServiceAccount
+ name: tekton-pipelines-controller
+ namespace: tekton-pipelines
+roleRef:
+ kind: ClusterRole
+ name: tekton-pipelines-controller-cluster-access
+ apiGroup: rbac.authorization.k8s.io
+---
+# If this ClusterRoleBinding is replaced with a RoleBinding
+# then the ClusterRole would be namespaced. The access described by
+# the tekton-pipelines-controller-tenant-access ClusterRole would
+# be scoped to individual tenant namespaces.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: tekton-pipelines-controller-tenant-access
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+subjects:
+ - kind: ServiceAccount
+ name: tekton-pipelines-controller
+ namespace: tekton-pipelines
+roleRef:
+ kind: ClusterRole
+ name: tekton-pipelines-controller-tenant-access
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: tekton-pipelines-webhook-cluster-access
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+subjects:
+ - kind: ServiceAccount
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+roleRef:
+ kind: ClusterRole
+ name: tekton-pipelines-webhook-cluster-access
+ apiGroup: rbac.authorization.k8s.io
+
+---
+# Copyright 2020 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: tekton-pipelines-controller
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+subjects:
+ - kind: ServiceAccount
+ name: tekton-pipelines-controller
+ namespace: tekton-pipelines
+roleRef:
+ kind: Role
+ name: tekton-pipelines-controller
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+subjects:
+ - kind: ServiceAccount
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+roleRef:
+ kind: Role
+ name: tekton-pipelines-webhook
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: tekton-pipelines-controller-leaderelection
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+subjects:
+ - kind: ServiceAccount
+ name: tekton-pipelines-controller
+ namespace: tekton-pipelines
+roleRef:
+ kind: Role
+ name: tekton-pipelines-leader-election
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: tekton-pipelines-webhook-leaderelection
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+subjects:
+ - kind: ServiceAccount
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+roleRef:
+ kind: Role
+ name: tekton-pipelines-leader-election
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: tekton-pipelines-info
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+subjects:
+ # Giving all system:authenticated users the access of the
+ # ConfigMap which contains version information.
+ - kind: Group
+ name: system:authenticated
+ apiGroup: rbac.authorization.k8s.io
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: tekton-pipelines-info
+
+---
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clustertasks.tekton.dev
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ pipeline.tekton.dev/release: "v0.47.0"
+ version: "v0.47.0"
+spec:
+ group: tekton.dev
+ preserveUnknownFields: false
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ # One can use x-kubernetes-preserve-unknown-fields: true
+ # at the root of the schema (and inside any properties, additionalProperties)
+ # to get the traditional CRD behaviour that nothing is pruned, despite
+ # setting spec.preserveUnknownProperties: false.
+ #
+ # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+ # See issue: https://github.com/knative/serving/issues/912
+ x-kubernetes-preserve-unknown-fields: true
+ # Opt into the status subresource so metadata.generation
+ # starts to increment
+ subresources:
+ status: {}
+ names:
+ kind: ClusterTask
+ plural: clustertasks
+ singular: clustertask
+ categories:
+ - tekton
+ - tekton-pipelines
+ scope: Cluster
+ conversion:
+ strategy: Webhook
+ webhook:
+ conversionReviewVersions: ["v1beta1"]
+ clientConfig:
+ service:
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+
+---
+# Copyright 2020 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: customruns.tekton.dev
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ pipeline.tekton.dev/release: "v0.47.0"
+ version: "v0.47.0"
+spec:
+ group: tekton.dev
+ preserveUnknownFields: false
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ # One can use x-kubernetes-preserve-unknown-fields: true
+ # at the root of the schema (and inside any properties, additionalProperties)
+ # to get the traditional CRD behaviour that nothing is pruned, despite
+ # setting spec.preserveUnknownProperties: false.
+ #
+ # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+ # See issue: https://github.com/knative/serving/issues/912
+ x-kubernetes-preserve-unknown-fields: true
+ additionalPrinterColumns:
+ - name: Succeeded
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
+ - name: StartTime
+ type: date
+ jsonPath: .status.startTime
+ - name: CompletionTime
+ type: date
+ jsonPath: .status.completionTime
+ # Opt into the status subresource so metadata.generation
+ # starts to increment
+ subresources:
+ status: {}
+ names:
+ kind: CustomRun
+ plural: customruns
+ singular: customrun
+ categories:
+ - tekton
+ - tekton-pipelines
+ scope: Namespaced
+
+---
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: pipelines.tekton.dev
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ pipeline.tekton.dev/release: "v0.47.0"
+ version: "v0.47.0"
+spec:
+ group: tekton.dev
+ preserveUnknownFields: false
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ type: object
+ # One can use x-kubernetes-preserve-unknown-fields: true
+ # at the root of the schema (and inside any properties, additionalProperties)
+ # to get the traditional CRD behaviour that nothing is pruned, despite
+ # setting spec.preserveUnknownProperties: false.
+ #
+ # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+ # See issue: https://github.com/knative/serving/issues/912
+ x-kubernetes-preserve-unknown-fields: true
+ - name: v1
+ served: true
+ storage: false
+ schema:
+ openAPIV3Schema:
+ type: object
+ # OpenAPIV3 schema allows Kubernetes to perform validation on the schema fields
+ # and use the schema in tooling such as `kubectl explain`.
+ # Using "x-kubernetes-preserve-unknown-fields: true"
+ # at the root of the schema (or within it) allows arbitrary fields.
+ # We currently perform our own validation separately.
+ # See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema
+ # for more info.
+ x-kubernetes-preserve-unknown-fields: true
+ # Opt into the status subresource so metadata.generation
+ # starts to increment
+ subresources:
+ status: {}
+ names:
+ kind: Pipeline
+ plural: pipelines
+ singular: pipeline
+ categories:
+ - tekton
+ - tekton-pipelines
+ scope: Namespaced
+ conversion:
+ strategy: Webhook
+ webhook:
+ conversionReviewVersions: ["v1beta1", "v1"]
+ clientConfig:
+ service:
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+
+---
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: pipelineruns.tekton.dev
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ pipeline.tekton.dev/release: "v0.47.0"
+ version: "v0.47.0"
+spec:
+ group: tekton.dev
+ preserveUnknownFields: false
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ # One can use x-kubernetes-preserve-unknown-fields: true
+ # at the root of the schema (and inside any properties, additionalProperties)
+ # to get the traditional CRD behaviour that nothing is pruned, despite
+ # setting spec.preserveUnknownProperties: false.
+ #
+ # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+ # See issue: https://github.com/knative/serving/issues/912
+ x-kubernetes-preserve-unknown-fields: true
+ additionalPrinterColumns:
+ - name: Succeeded
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
+ - name: StartTime
+ type: date
+ jsonPath: .status.startTime
+ - name: CompletionTime
+ type: date
+ jsonPath: .status.completionTime
+ # Opt into the status subresource so metadata.generation
+ # starts to increment
+ subresources:
+ status: {}
+ - name: v1
+ served: true
+ storage: false
+ schema:
+ openAPIV3Schema:
+ type: object
+ # One can use x-kubernetes-preserve-unknown-fields: true
+ # at the root of the schema (and inside any properties, additionalProperties)
+ # to get the traditional CRD behaviour that nothing is pruned, despite
+ # setting spec.preserveUnknownProperties: false.
+ #
+ # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+ # See issue: https://github.com/knative/serving/issues/912
+ x-kubernetes-preserve-unknown-fields: true
+ additionalPrinterColumns:
+ - name: Succeeded
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
+ - name: StartTime
+ type: date
+ jsonPath: .status.startTime
+ - name: CompletionTime
+ type: date
+ jsonPath: .status.completionTime
+ # Opt into the status subresource so metadata.generation
+ # starts to increment
+ subresources:
+ status: {}
+ names:
+ kind: PipelineRun
+ plural: pipelineruns
+ singular: pipelinerun
+ categories:
+ - tekton
+ - tekton-pipelines
+ shortNames:
+ - pr
+ - prs
+ scope: Namespaced
+ conversion:
+ strategy: Webhook
+ webhook:
+ conversionReviewVersions: ["v1beta1", "v1"]
+ clientConfig:
+ service:
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+
+---
+# Copyright 2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: resolutionrequests.resolution.tekton.dev
+ labels:
+ resolution.tekton.dev/release: devel
+spec:
+ group: resolution.tekton.dev
+ scope: Namespaced
+ names:
+ kind: ResolutionRequest
+ plural: resolutionrequests
+ singular: resolutionrequest
+ categories:
+ - tekton
+ - tekton-pipelines
+ shortNames:
+ - resolutionrequest
+ - resolutionrequests
+ versions:
+ - name: v1alpha1
+ served: true
+ deprecated: true
+ storage: false
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ type: object
+ # One can use x-kubernetes-preserve-unknown-fields: true
+ # at the root of the schema (and inside any properties, additionalProperties)
+ # to get the traditional CRD behaviour that nothing is pruned, despite
+ # setting spec.preserveUnknownProperties: false.
+ #
+ # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+ # See issue: https://github.com/knative/serving/issues/912
+ x-kubernetes-preserve-unknown-fields: true
+ additionalPrinterColumns:
+ - name: Succeeded
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Succeeded')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Succeeded')].reason"
+ - name: v1beta1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ type: object
+ # One can use x-kubernetes-preserve-unknown-fields: true
+ # at the root of the schema (and inside any properties, additionalProperties)
+ # to get the traditional CRD behaviour that nothing is pruned, despite
+ # setting spec.preserveUnknownProperties: false.
+ #
+ # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+ # See issue: https://github.com/knative/serving/issues/912
+ x-kubernetes-preserve-unknown-fields: true
+ additionalPrinterColumns:
+ - name: OwnerKind
+ type: string
+ jsonPath: ".metadata.ownerReferences[0].kind"
+ - name: Owner
+ type: string
+ jsonPath: ".metadata.ownerReferences[0].name"
+ - name: Succeeded
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Succeeded')].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type=='Succeeded')].reason"
+ - name: StartTime
+ type: string
+ jsonPath: .metadata.creationTimestamp
+ - name: EndTime
+ type: string
+ jsonPath: .status.conditions[?(@.type=='Succeeded')].lastTransitionTime
+ conversion:
+ strategy: Webhook
+ webhook:
+ conversionReviewVersions: ["v1alpha1", "v1beta1"]
+ clientConfig:
+ service:
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+
+---
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: tasks.tekton.dev
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ pipeline.tekton.dev/release: "v0.47.0"
+ version: "v0.47.0"
+spec:
+ group: tekton.dev
+ preserveUnknownFields: false
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ # One can use x-kubernetes-preserve-unknown-fields: true
+ # at the root of the schema (and inside any properties, additionalProperties)
+ # to get the traditional CRD behaviour that nothing is pruned, despite
+ # setting spec.preserveUnknownProperties: false.
+ #
+ # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+ # See issue: https://github.com/knative/serving/issues/912
+ x-kubernetes-preserve-unknown-fields: true
+ # Opt into the status subresource so metadata.generation
+ # starts to increment
+ subresources:
+ status: {}
+ - name: v1
+ served: true
+ storage: false
+ schema:
+ openAPIV3Schema:
+ type: object
+ # TODO(#1461): Add OpenAPIV3 schema
+ # OpenAPIV3 schema allows Kubernetes to perform validation on the schema fields
+ # and use the schema in tooling such as `kubectl explain`.
+ # Using "x-kubernetes-preserve-unknown-fields: true"
+ # at the root of the schema (or within it) allows arbitrary fields.
+ # We currently perform our own validation separately.
+ # See https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema
+ # for more info.
+ x-kubernetes-preserve-unknown-fields: true
+ # Opt into the status subresource so metadata.generation
+ # starts to increment
+ subresources:
+ status: {}
+ names:
+ kind: Task
+ plural: tasks
+ singular: task
+ categories:
+ - tekton
+ - tekton-pipelines
+ scope: Namespaced
+ conversion:
+ strategy: Webhook
+ webhook:
+ conversionReviewVersions: ["v1beta1", "v1"]
+ clientConfig:
+ service:
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+
+---
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: taskruns.tekton.dev
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ pipeline.tekton.dev/release: "v0.47.0"
+ version: "v0.47.0"
+spec:
+ group: tekton.dev
+ preserveUnknownFields: false
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ # One can use x-kubernetes-preserve-unknown-fields: true
+ # at the root of the schema (and inside any properties, additionalProperties)
+ # to get the traditional CRD behaviour that nothing is pruned, despite
+ # setting spec.preserveUnknownProperties: false.
+ #
+ # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+ # See issue: https://github.com/knative/serving/issues/912
+ x-kubernetes-preserve-unknown-fields: true
+ additionalPrinterColumns:
+ - name: Succeeded
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
+ - name: StartTime
+ type: date
+ jsonPath: .status.startTime
+ - name: CompletionTime
+ type: date
+ jsonPath: .status.completionTime
+ # Opt into the status subresource so metadata.generation
+ # starts to increment
+ subresources:
+ status: {}
+ - name: v1
+ served: true
+ storage: false
+ schema:
+ openAPIV3Schema:
+ type: object
+ # One can use x-kubernetes-preserve-unknown-fields: true
+ # at the root of the schema (and inside any properties, additionalProperties)
+ # to get the traditional CRD behaviour that nothing is pruned, despite
+ # setting spec.preserveUnknownProperties: false.
+ #
+ # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+ # See issue: https://github.com/knative/serving/issues/912
+ x-kubernetes-preserve-unknown-fields: true
+ additionalPrinterColumns:
+ - name: Succeeded
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
+ - name: Reason
+ type: string
+ jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
+ - name: StartTime
+ type: date
+ jsonPath: .status.startTime
+ - name: CompletionTime
+ type: date
+ jsonPath: .status.completionTime
+ # Opt into the status subresource so metadata.generation
+ # starts to increment
+ subresources:
+ status: {}
+ names:
+ kind: TaskRun
+ plural: taskruns
+ singular: taskrun
+ categories:
+ - tekton
+ - tekton-pipelines
+ shortNames:
+ - tr
+ - trs
+ scope: Namespaced
+ conversion:
+ strategy: Webhook
+ webhook:
+ conversionReviewVersions: ["v1beta1", "v1"]
+ clientConfig:
+ service:
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+
+---
+# Copyright 2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: verificationpolicies.tekton.dev
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ pipeline.tekton.dev/release: "v0.47.0"
+ version: "v0.47.0"
+spec:
+ group: tekton.dev
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ # One can use x-kubernetes-preserve-unknown-fields: true
+ # at the root of the schema (and inside any properties, additionalProperties)
+ # to get the traditional CRD behaviour that nothing is pruned, despite
+ # setting spec.preserveUnknownProperties: false.
+ #
+ # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
+ # See issue: https://github.com/knative/serving/issues/912
+ x-kubernetes-preserve-unknown-fields: true
+ names:
+ kind: VerificationPolicy
+ plural: verificationpolicies
+ singular: verificationpolicy
+ categories:
+ - tekton
+ - tekton-pipelines
+ scope: Namespaced
+
+---
+# Copyright 2020 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: webhook-certs
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ pipeline.tekton.dev/release: "v0.47.0"
+# The data is populated at install time.
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: validation.webhook.pipeline.tekton.dev
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ pipeline.tekton.dev/release: "v0.47.0"
+webhooks:
+ - admissionReviewVersions: ["v1"]
+ clientConfig:
+ service:
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+ failurePolicy: Fail
+ sideEffects: None
+ name: validation.webhook.pipeline.tekton.dev
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ name: webhook.pipeline.tekton.dev
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ pipeline.tekton.dev/release: "v0.47.0"
+webhooks:
+ - admissionReviewVersions: ["v1"]
+ clientConfig:
+ service:
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+ failurePolicy: Fail
+ sideEffects: None
+ name: webhook.pipeline.tekton.dev
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: config.webhook.pipeline.tekton.dev
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ pipeline.tekton.dev/release: "v0.47.0"
+webhooks:
+ - admissionReviewVersions: ["v1"]
+ clientConfig:
+ service:
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+ failurePolicy: Fail
+ sideEffects: None
+ name: config.webhook.pipeline.tekton.dev
+ objectSelector:
+ matchLabels:
+ app.kubernetes.io/part-of: tekton-pipelines
+
+---
+# Copyright 2019-2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: tekton-aggregate-edit
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+ - apiGroups:
+ - tekton.dev
+ resources:
+ - tasks
+ - taskruns
+ - pipelines
+ - pipelineruns
+ - runs
+ - customruns
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+
+---
+# Copyright 2019-2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: tekton-aggregate-view
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+rules:
+ - apiGroups:
+ - tekton.dev
+ resources:
+ - tasks
+ - taskruns
+ - pipelines
+ - pipelineruns
+ - runs
+ - customruns
+ verbs:
+ - get
+ - list
+ - watch
+
+---
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-defaults
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+
+ # default-timeout-minutes contains the default number of
+ # minutes to use for TaskRun and PipelineRun, if none is specified.
+ default-timeout-minutes: "60" # 60 minutes
+
+ # default-service-account contains the default service account name
+ # to use for TaskRun and PipelineRun, if none is specified.
+ default-service-account: "default"
+
+ # default-managed-by-label-value contains the default value given to the
+ # "app.kubernetes.io/managed-by" label applied to all Pods created for
+ # TaskRuns. If a user's requested TaskRun specifies another value for this
+ # label, the user's request supercedes.
+ default-managed-by-label-value: "tekton-pipelines"
+
+ # default-pod-template contains the default pod template to use for
+ # TaskRun and PipelineRun. If a pod template is specified on the
+ # PipelineRun, the default-pod-template is merged with that one.
+ # default-pod-template:
+
+ # default-affinity-assistant-pod-template contains the default pod template
+ # to use for affinity assistant pods. If a pod template is specified on the
+ # PipelineRun, the default-affinity-assistant-pod-template is merged with
+ # that one.
+ # default-affinity-assistant-pod-template:
+
+ # default-cloud-events-sink contains the default CloudEvents sink to be
+ # used for TaskRun and PipelineRun, when no sink is specified.
+ # Note that right now it is still not possible to set a PipelineRun or
+ # TaskRun specific sink, so the default is the only option available.
+ # If no sink is specified, no CloudEvent is generated
+ # default-cloud-events-sink:
+
+ # default-task-run-workspace-binding contains the default workspace
+ # configuration provided for any Workspaces that a Task declares
+ # but that a TaskRun does not explicitly provide.
+ # default-task-run-workspace-binding: |
+ # emptyDir: {}
+
+ # default-max-matrix-combinations-count contains the default maximum number
+ # of combinations from a Matrix, if none is specified.
+ default-max-matrix-combinations-count: "256"
+
+ # default-forbidden-env contains comma seperated environment variables that cannot be
+ # overridden by podTemplate.
+ default-forbidden-env:
+
+ # default-resolver-type contains the default resolver type to be used in the cluster,
+ # no default-resolver-type is specified by default
+ default-resolver-type:
+
+---
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: feature-flags
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ # Setting this flag to "true" will prevent Tekton to create an
+ # Affinity Assistant for every TaskRun sharing a PVC workspace
+ #
+ # The default behaviour is for Tekton to create Affinity Assistants
+ #
+ # See more in the workspace documentation about Affinity Assistant
+ # https://github.com/tektoncd/pipeline/blob/main/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline
+ # or https://github.com/tektoncd/pipeline/pull/2630 for more info.
+ disable-affinity-assistant: "false"
+ # Setting this flag to "true" will prevent Tekton scanning attached
+ # service accounts and injecting any credentials it finds into your
+ # Steps.
+ #
+ # The default behaviour currently is for Tekton to search service
+ # accounts for secrets matching a specified format and automatically
+ # mount those into your Steps.
+ #
+ # Note: setting this to "true" will prevent PipelineResources from
+ # working.
+ #
+ # See https://github.com/tektoncd/pipeline/issues/2791 for more
+ # info.
+ disable-creds-init: "false"
+ # Setting this flag to "false" will stop Tekton from waiting for a
+ # TaskRun's sidecar containers to be running before starting the first
+ # step. This will allow Tasks to be run in environments that don't
+ # support the DownwardAPI volume type, but may lead to unintended
+ # behaviour if sidecars are used.
+ #
+ # See https://github.com/tektoncd/pipeline/issues/4937 for more info.
+ await-sidecar-readiness: "true"
+ # This option should be set to false when Pipelines is running in a
+ # cluster that does not use injected sidecars such as Istio. Setting
+ # it to false should decrease the time it takes for a TaskRun to start
+ # running. For clusters that use injected sidecars, setting this
+ # option to false can lead to unexpected behavior.
+ #
+ # See https://github.com/tektoncd/pipeline/issues/2080 for more info.
+ running-in-environment-with-injected-sidecars: "true"
+ # Setting this flag to "true" will require that any Git SSH Secret
+ # offered to Tekton must have known_hosts included.
+ #
+ # See https://github.com/tektoncd/pipeline/issues/2981 for more
+ # info.
+ require-git-ssh-secret-known-hosts: "false"
+ # Setting this flag to "true" enables the use of Tekton OCI bundle.
+ # This is an experimental feature and thus should still be considered
+ # an alpha feature.
+ enable-tekton-oci-bundles: "false"
+ # Setting this flag will determine which gated features are enabled.
+ # Acceptable values are "stable", "beta", or "alpha".
+ enable-api-fields: "stable"
+ # Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a
+ # CloudEvents sink is configured in the config-defaults config map
+ send-cloudevents-for-runs: "false"
+ # This flag affects the behavior of taskruns and pipelineruns in cases where no VerificationPolicies match them.
+ # If it is set to "fail", TaskRuns and PipelineRuns will fail verification if no matching policies are found.
+ # If it is set to "warn", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and an error will be logged.
+ # If it is set to "ignore", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and no error will be logged.
+ trusted-resources-verification-no-match-policy: "ignore"
+ # Setting this flag to "true" enables populating the "provenance" field in TaskRun
+ # and PipelineRun status. This field contains metadata about resources used
+ # in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline
+ # definition was fetched.
+ enable-provenance-in-status: "false"
+ # Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance.
+ # If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance.
+ # If set to "none", then Tekton will not have non-falsifiable provenance.
+ # This is an experimental feature and thus should still be considered an alpha feature.
+ enforce-nonfalsifiablity: "none"
+
+---
+# Copyright 2021 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: pipelines-info
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ # Contains pipelines version which can be queried by external
+ # tools such as CLI. Elevated permissions are already given to
+ # this ConfigMap such that even if we don't have access to
+ # other resources in the namespace we still can have access to
+ # this ConfigMap.
+ version: "v0.47.0"
+
+---
+# Copyright 2020 Tekton Authors LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-leader-election
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+ # lease-duration is how long non-leaders will wait to try to acquire the
+ # lock; 15 seconds is the value used by core kubernetes controllers.
+ lease-duration: "60s"
+ # renew-deadline is how long a leader will try to renew the lease before
+ # giving up; 10 seconds is the value used by core kubernetes controllers.
+ renew-deadline: "40s"
+ # retry-period is how long the leader election client waits between tries of
+ # actions; 2 seconds is the value used by core kubernetes controllers.
+ retry-period: "10s"
+ # buckets is the number of buckets used to partition key space of each
+ # Reconciler. If this number is M and the replica number of the controller
+ # is N, the N replicas will compete for the M buckets. The owner of a
+ # bucket will take care of the reconciling for the keys partitioned into
+ # that bucket.
+ buckets: "1"
+
+---
+# Copyright 2019 Tekton Authors LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-logging
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ zap-logger-config: |
+ {
+ "level": "info",
+ "development": false,
+ "sampling": {
+ "initial": 100,
+ "thereafter": 100
+ },
+ "outputPaths": ["stdout"],
+ "errorOutputPaths": ["stderr"],
+ "encoding": "json",
+ "encoderConfig": {
+ "timeKey": "timestamp",
+ "levelKey": "severity",
+ "nameKey": "logger",
+ "callerKey": "caller",
+ "messageKey": "message",
+ "stacktraceKey": "stacktrace",
+ "lineEnding": "",
+ "levelEncoder": "",
+ "timeEncoder": "iso8601",
+ "durationEncoder": "",
+ "callerEncoder": ""
+ }
+ }
+ # Log level overrides
+ loglevel.controller: "info"
+ loglevel.webhook: "info"
+
+---
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-observability
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+
+ # metrics.backend-destination field specifies the system metrics destination.
+ # It supports either prometheus (the default) or stackdriver.
+ # Note: Using Stackdriver will incur additional charges.
+ metrics.backend-destination: prometheus
+
+ # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This
+ # field is optional. When running on GCE, application default credentials will be
+ # used and metrics will be sent to the cluster's project if this field is
+ # not provided.
+ metrics.stackdriver-project-id: "<your stackdriver project id>"
+
+ # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed
+ # to send metrics to Stackdriver using "global" resource type and custom
+ # metric type. Setting this flag to "true" could cause extra Stackdriver
+ # charge. If metrics.backend-destination is not Stackdriver, this is
+ # ignored.
+ metrics.allow-stackdriver-custom-metrics: "false"
+ metrics.taskrun.level: "task"
+ metrics.taskrun.duration-type: "histogram"
+ metrics.pipelinerun.level: "pipeline"
+ metrics.pipelinerun.duration-type: "histogram"
+
+---
+# Copyright 2020 Tekton Authors LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-registry-cert
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+# data:
+# # Registry's self-signed certificate
+# cert: |
+
+---
+# Copyright 2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-spire
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+ #
+ # spire-trust-domain specifies the SPIRE trust domain to use.
+ # spire-trust-domain: "example.org"
+ #
+ # spire-socket-path specifies the SPIRE agent socket for SPIFFE workload API.
+ # spire-socket-path: "unix:///spiffe-workload-api/spire-agent.sock"
+ #
+ # spire-server-addr specifies the SPIRE server address for workload/node registration.
+ # spire-server-addr: "spire-server.spire.svc.cluster.local:8081"
+ #
+ # spire-node-alias-prefix specifies the SPIRE node alias prefix to use.
+ # spire-node-alias-prefix: "/tekton-node/"
+
+---
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: tekton-pipelines-controller
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/name: controller
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/version: "v0.47.0"
+ app.kubernetes.io/part-of: tekton-pipelines
+ # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
+ pipeline.tekton.dev/release: "v0.47.0"
+ # labels below are related to istio and should not be used for resource lookup
+ version: "v0.47.0"
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: controller
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: controller
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/version: "v0.47.0"
+ app.kubernetes.io/part-of: tekton-pipelines
+ # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
+ pipeline.tekton.dev/release: "v0.47.0"
+ # labels below are related to istio and should not be used for resource lookup
+ app: tekton-pipelines-controller
+ version: "v0.47.0"
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/os
+ operator: NotIn
+ values:
+ - windows
+ serviceAccountName: tekton-pipelines-controller
+ containers:
+ - name: tekton-pipelines-controller
+ image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.47.0@sha256:f2d03e5b00345da4bf91044daff32795f6f54edb23f8a36742abd729929c7943
+ args: [
+ # These images are built on-demand by `ko resolve` and are replaced
+ # by image references by digest.
+ "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.47.0@sha256:5282e057d67e18632b4158994d5a4af50799568d67fcc6db4da53004ae5f4dd5", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.47.0@sha256:3bd15d5ea0f19f439c02bc629d04b5759ec0f4e01e84f1963f3533b7e96643c4", "-sidecarlogresults-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults:v0.47.0@sha256:f443ac86d9a453c35344c662f34636dc76 [...]
+ # The shell image must allow root in order to create directories and copy files to PVCs.
+ # cgr.dev/chainguard/busybox as of April 14 2022
+ # image shall not contains tag, so it will be supported on a runtime like cri-o
+ "-shell-image", "cgr.dev/chainguard/busybox@sha256:19f02276bf8dbdd62f069b922f10c65262cc34b710eea26ff928129a736be791",
+ # for script mode to work with windows we need a powershell image
+ # pinning to nanoserver tag as of July 15 2021
+ "-shell-image-win", "mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6"]
+ volumeMounts:
+ - name: config-logging
+ mountPath: /etc/config-logging
+ - name: config-registry-cert
+ mountPath: /etc/config-registry-cert
+ env:
+ - name: SYSTEM_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ # If you are changing these names, you will also need to update
+ # the controller's Role in 200-role.yaml to include the new
+ # values in the "configmaps" "get" rule.
+ - name: CONFIG_DEFAULTS_NAME
+ value: config-defaults
+ - name: CONFIG_LOGGING_NAME
+ value: config-logging
+ - name: CONFIG_OBSERVABILITY_NAME
+ value: config-observability
+ - name: CONFIG_ARTIFACT_BUCKET_NAME
+ value: config-artifact-bucket
+ - name: CONFIG_ARTIFACT_PVC_NAME
+ value: config-artifact-pvc
+ - name: CONFIG_FEATURE_FLAGS_NAME
+ value: feature-flags
+ - name: CONFIG_LEADERELECTION_NAME
+ value: config-leader-election
+ - name: CONFIG_SPIRE
+ value: config-spire
+ - name: SSL_CERT_FILE
+ value: /etc/config-registry-cert/cert
+ - name: SSL_CERT_DIR
+ value: /etc/ssl/certs
+ - name: METRICS_DOMAIN
+ value: tekton.dev/pipeline
+ # The following variables can be uncommented with correct values to enable Jaeger tracing
+ #- name: OTEL_EXPORTER_JAEGER_ENDPOINT
+ # value: http://jaeger-collector.jaeger:14268/api/traces
+ #- name: OTEL_EXPORTER_JAEGER_USER
+ # value: username
+ #- name: OTEL_EXPORTER_JAEGER_PASSWORD
+ # value: password
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - "ALL"
+ # User 65532 is the nonroot user ID
+ runAsUser: 65532
+ runAsGroup: 65532
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ ports:
+ - name: metrics
+ containerPort: 9090
+ - name: profiling
+ containerPort: 8008
+ - name: probes
+ containerPort: 8080
+ livenessProbe:
+ httpGet:
+ path: /health
+ port: probes
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ readinessProbe:
+ httpGet:
+ path: /readiness
+ port: probes
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ volumes:
+ - name: config-logging
+ configMap:
+ name: config-logging
+ - name: config-registry-cert
+ configMap:
+ name: config-registry-cert
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/name: controller
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/version: "v0.47.0"
+ app.kubernetes.io/part-of: tekton-pipelines
+ # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
+ pipeline.tekton.dev/release: "v0.47.0"
+ # labels below are related to istio and should not be used for resource lookup
+ app: tekton-pipelines-controller
+ version: "v0.47.0"
+ name: tekton-pipelines-controller
+ namespace: tekton-pipelines
+spec:
+ ports:
+ - name: http-metrics
+ port: 9090
+ protocol: TCP
+ targetPort: 9090
+ - name: http-profiling
+ port: 8008
+ targetPort: 8008
+ - name: probes
+ port: 8080
+ selector:
+ app.kubernetes.io/name: controller
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+
+---
+# Copyright 2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ pod-security.kubernetes.io/enforce: restricted
+
+---
+# Copyright 2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ # ClusterRole for resolvers to monitor and update resolutionrequests.
+ name: tekton-pipelines-resolvers-resolution-request-updates
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+rules:
+ - apiGroups: ["resolution.tekton.dev"]
+ resources: ["resolutionrequests", "resolutionrequests/status"]
+ verbs: ["get", "list", "watch", "update", "patch"]
+ - apiGroups: ["tekton.dev"]
+ resources: ["tasks", "pipelines"]
+ verbs: ["get", "list"]
+ # Read-only access to these.
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get", "list", "watch"]
+
+---
+# Copyright 2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: tekton-pipelines-resolvers-namespace-rbac
+ namespace: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+rules:
+ # Needed to watch and load configuration and secret data.
+ - apiGroups: [""]
+ resources: ["configmaps", "secrets"]
+ verbs: ["get", "list", "update", "watch"]
+ # This is needed by leader election to run the controller in HA.
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+
+---
+# Copyright 2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: tekton-pipelines-resolvers
+ namespace: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+
+---
+# Copyright 2021 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+subjects:
+ - kind: ServiceAccount
+ name: tekton-pipelines-resolvers
+ namespace: tekton-pipelines-resolvers
+roleRef:
+ kind: ClusterRole
+ name: tekton-pipelines-resolvers-resolution-request-updates
+ apiGroup: rbac.authorization.k8s.io
+
+---
+# Copyright 2021 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: tekton-pipelines-resolvers-namespace-rbac
+ namespace: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+subjects:
+ - kind: ServiceAccount
+ name: tekton-pipelines-resolvers
+ namespace: tekton-pipelines-resolvers
+roleRef:
+ kind: Role
+ name: tekton-pipelines-resolvers-namespace-rbac
+ apiGroup: rbac.authorization.k8s.io
+
+---
+# Copyright 2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: bundleresolver-config
+ namespace: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ # the default service account name to use for bundle requests.
+ default-service-account: "default"
+ # The default layer kind in the bundle image.
+ default-kind: "task"
+
+---
+# Copyright 2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: cluster-resolver-config
+ namespace: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ # The default kind to fetch.
+ default-kind: "task"
+ # The default namespace to look for resources in.
+ default-namespace: ""
+ # An optional comma-separated list of namespaces which the resolver is allowed to access. Defaults to empty, meaning all namespaces are allowed.
+ allowed-namespaces: ""
+ # An optional comma-separated list of namespaces which the resolver is blocked from accessing. Defaults to empty, meaning all namespaces are allowed.
+ blocked-namespaces: ""
+
+---
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: resolvers-feature-flags
+ namespace: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ # Setting this flag to "true" enables remote resolution of Tekton OCI bundles.
+ enable-bundles-resolver: "true"
+ # Setting this flag to "true" enables remote resolution of tasks and pipelines via the Tekton Hub.
+ enable-hub-resolver: "true"
+ # Setting this flag to "true" enables remote resolution of tasks and pipelines from Git repositories.
+ enable-git-resolver: "true"
+ # Setting this flag to "true" enables remote resolution of tasks and pipelines from other namespaces within the cluster.
+ enable-cluster-resolver: "true"
+
+---
+# Copyright 2020 Tekton Authors LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-leader-election
+ namespace: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+ # lease-duration is how long non-leaders will wait to try to acquire the
+ # lock; 15 seconds is the value used by core kubernetes controllers.
+ lease-duration: "60s"
+ # renew-deadline is how long a leader will try to renew the lease before
+ # giving up; 10 seconds is the value used by core kubernetes controllers.
+ renew-deadline: "40s"
+ # retry-period is how long the leader election client waits between tries of
+ # actions; 2 seconds is the value used by core kubernetes controllers.
+ retry-period: "10s"
+ # buckets is the number of buckets used to partition key space of each
+ # Reconciler. If this number is M and the replica number of the controller
+ # is N, the N replicas will compete for the M buckets. The owner of a
+ # bucket will take care of the reconciling for the keys partitioned into
+ # that bucket.
+ buckets: "1"
+
+---
+# Copyright 2019 Tekton Authors LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-logging
+ namespace: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ zap-logger-config: |
+ {
+ "level": "info",
+ "development": false,
+ "sampling": {
+ "initial": 100,
+ "thereafter": 100
+ },
+ "outputPaths": ["stdout"],
+ "errorOutputPaths": ["stderr"],
+ "encoding": "json",
+ "encoderConfig": {
+ "timeKey": "timestamp",
+ "levelKey": "severity",
+ "nameKey": "logger",
+ "callerKey": "caller",
+ "messageKey": "message",
+ "stacktraceKey": "stacktrace",
+ "lineEnding": "",
+ "levelEncoder": "",
+ "timeEncoder": "iso8601",
+ "durationEncoder": "",
+ "callerEncoder": ""
+ }
+ }
+ # Log level overrides
+ loglevel.controller: "info"
+ loglevel.webhook: "info"
+
+---
+# Copyright 2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-observability
+ namespace: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ _example: |
+ ################################
+ # #
+ # EXAMPLE CONFIGURATION #
+ # #
+ ################################
+
+ # This block is not actually functional configuration,
+ # but serves to illustrate the available configuration
+ # options and document them in a way that is accessible
+ # to users that `kubectl edit` this config map.
+ #
+ # These sample configuration options may be copied out of
+ # this example block and unindented to be in the data block
+ # to actually change the configuration.
+
+ # metrics.backend-destination field specifies the system metrics destination.
+ # It supports either prometheus (the default) or stackdriver.
+ # Note: Using stackdriver will incur additional charges
+ metrics.backend-destination: prometheus
+
+ # metrics.request-metrics-backend-destination specifies the request metrics
+ # destination. If non-empty, it enables queue proxy to send request metrics.
+ # Currently supported values: prometheus, stackdriver.
+ metrics.request-metrics-backend-destination: prometheus
+
+ # metrics.stackdriver-project-id field specifies the stackdriver project ID. This
+ # field is optional. When running on GCE, application default credentials will be
+ # used if this field is not provided.
+ metrics.stackdriver-project-id: "<your stackdriver project id>"
+
+ # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to
+ # Stackdriver using "global" resource type and custom metric type if the
+ # metrics are not supported by "knative_revision" resource type. Setting this
+ # flag to "true" could cause extra Stackdriver charge.
+ # If metrics.backend-destination is not Stackdriver, this is ignored.
+ metrics.allow-stackdriver-custom-metrics: "false"
+
+---
+# Copyright 2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: git-resolver-config
+ namespace: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ # The maximum amount of time a single anonymous cloning resolution may take.
+ fetch-timeout: "1m"
+ # The git url to fetch the remote resource from when using anonymous cloning.
+ default-url: "https://github.com/tektoncd/catalog.git"
+ # The git revision to fetch the remote resource from with either anonymous cloning or the authenticated API.
+ default-revision: "main"
+ # The SCM type to use with the authenticated API. Can be github, gitlab, gitea, bitbucketserver, bitbucketcloud
+ scm-type: "github"
+ # The SCM server URL to use with the authenticated API. Not needed when using github.com, gitlab.com, or BitBucket Cloud
+ server-url: ""
+ # The Kubernetes secret containing the API token for the SCM provider. Required when using the authenticated API.
+ api-token-secret-name: ""
+ # The key in the API token secret containing the actual token. Required when using the authenticated API.
+ api-token-secret-key: ""
+ # The namespace containing the API token secret. Defaults to "default".
+ api-token-secret-namespace: "default"
+ # The default organization to look for repositories under when using the authenticated API,
+ # if not specified in the resolver parameters. Optional.
+ default-org: ""
+
+---
+# Copyright 2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: hubresolver-config
+ namespace: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+data:
+ # the default Tekton Hub catalog from where to pull the resource.
+ default-tekton-hub-catalog: "Tekton"
+ # the default Artifact Hub Task catalog from where to pull the resource.
+ default-artifact-hub-task-catalog: "tekton-catalog-tasks"
+ # the default Artifact Hub Pipeline catalog from where to pull the resource.
+ default-artifact-hub-pipeline-catalog: "tekton-catalog-pipelines"
+ # the default layer kind in the hub image.
+ default-kind: "task"
+ # the default hub source to pull the resource from.
+ default-type: "artifact"
+
+---
+# Copyright 2022 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: tekton-pipelines-remote-resolvers
+ namespace: tekton-pipelines-resolvers
+ labels:
+ app.kubernetes.io/name: resolvers
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/version: "v0.47.0"
+ app.kubernetes.io/part-of: tekton-pipelines
+ # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
+ pipeline.tekton.dev/release: "v0.47.0"
+ # labels below are related to istio and should not be used for resource lookup
+ version: "v0.47.0"
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: resolvers
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: resolvers
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/version: "v0.47.0"
+ app.kubernetes.io/part-of: tekton-pipelines
+ # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
+ pipeline.tekton.dev/release: "v0.47.0"
+ # labels below are related to istio and should not be used for resource lookup
+ app: tekton-pipelines-resolvers
+ version: "v0.47.0"
+ spec:
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ app.kubernetes.io/name: resolvers
+ app.kubernetes.io/component: resolvers
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ topologyKey: kubernetes.io/hostname
+ weight: 100
+ serviceAccountName: tekton-pipelines-resolvers
+ containers:
+ - name: controller
+ image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers:v0.47.0@sha256:179051f8000aab6702bd0b60a36e0768c7435a66543006a8851d569bbc7937c4
+ resources:
+ requests:
+ cpu: 100m
+ memory: 100Mi
+ limits:
+ cpu: 1000m
+ memory: 4Gi
+ ports:
+ - name: metrics
+ containerPort: 9090
+ env:
+ - name: SYSTEM_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ # If you are changing these names, you will also need to update
+ # the controller's Role in 200-role.yaml to include the new
+ # values in the "configmaps" "get" rule.
+ - name: CONFIG_LOGGING_NAME
+ value: config-logging
+ - name: CONFIG_OBSERVABILITY_NAME
+ value: config-observability
+ - name: CONFIG_FEATURE_FLAGS_NAME
+ value: feature-flags
+ - name: CONFIG_LEADERELECTION_NAME
+ value: config-leader-election
+ - name: METRICS_DOMAIN
+ value: tekton.dev/resolution
+ # Override this env var to set a private hub api endpoint
+ - name: ARTIFACT_HUB_API
+ value: "https://artifacthub.io/"
+ securityContext:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ capabilities:
+ drop:
+ - "ALL"
+ seccompProfile:
+ type: RuntimeDefault
+
+---
+# Copyright 2020 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/name: webhook
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/version: "v0.47.0"
+ app.kubernetes.io/part-of: tekton-pipelines
+ # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
+ pipeline.tekton.dev/release: "v0.47.0"
+ # labels below are related to istio and should not be used for resource lookup
+ version: "v0.47.0"
+spec:
+ minReplicas: 1
+ maxReplicas: 5
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: tekton-pipelines-webhook
+ metrics:
+ - type: Resource
+ resource:
+ name: cpu
+ target:
+ type: Utilization
+ averageUtilization: 100
+
+---
+# Copyright 2020 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ # Note: the Deployment name must be the same as the Service name specified in
+ # config/400-webhook-service.yaml. If you change this name, you must also
+ # change the value of WEBHOOK_SERVICE_NAME below.
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+ labels:
+ app.kubernetes.io/name: webhook
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/version: "v0.47.0"
+ app.kubernetes.io/part-of: tekton-pipelines
+ # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
+ pipeline.tekton.dev/release: "v0.47.0"
+ # labels below are related to istio and should not be used for resource lookup
+ version: "v0.47.0"
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: webhook
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: webhook
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/version: "v0.47.0"
+ app.kubernetes.io/part-of: tekton-pipelines
+ # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
+ pipeline.tekton.dev/release: "v0.47.0"
+ # labels below are related to istio and should not be used for resource lookup
+ app: tekton-pipelines-webhook
+ version: "v0.47.0"
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/os
+ operator: NotIn
+ values:
+ - windows
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels:
+ app.kubernetes.io/name: webhook
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+ topologyKey: kubernetes.io/hostname
+ weight: 100
+ serviceAccountName: tekton-pipelines-webhook
+ containers:
+ - name: webhook
+ # This is the Go import path for the binary that is containerized
+ # and substituted here.
+ image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.47.0@sha256:6760251cd71c33fa630d152c41bef0b1307acd50e9caf8cb34546cd8f860b33e
+ # Resource request required for autoscaler to take any action for a metric
+ resources:
+ requests:
+ cpu: 100m
+ memory: 100Mi
+ limits:
+ cpu: 500m
+ memory: 500Mi
+ env:
+ - name: SYSTEM_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ # If you are changing these names, you will also need to update
+ # the webhook's Role in 200-role.yaml to include the new
+ # values in the "configmaps" "get" rule.
+ - name: CONFIG_LOGGING_NAME
+ value: config-logging
+ - name: CONFIG_OBSERVABILITY_NAME
+ value: config-observability
+ - name: CONFIG_LEADERELECTION_NAME
+ value: config-leader-election
+ - name: CONFIG_FEATURE_FLAGS_NAME
+ value: feature-flags
+ # If you change WEBHOOK_PORT, you will also need to change the
+ # containerPort "https-webhook" to the same value.
+ - name: WEBHOOK_PORT
+ value: "8443"
+ # if you change WEBHOOK_ADMISSION_CONTROLLER_NAME, you will also need to update
+ # the webhooks.name in 500-webhooks.yaml to include the new names of admission webhooks.
+ # Additionally, you will also need to change the resource names (metadata.name) of
+ # "MutatingWebhookConfiguration" and "ValidatingWebhookConfiguration" in 500-webhooks.yaml
+ # to reflect the change in the name of the admission webhook.
+ # Followed by changing the webhook's Role in 200-clusterrole.yaml to update the "resourceNames" of
+ # "mutatingwebhookconfigurations" and "validatingwebhookconfigurations" resources.
+ - name: WEBHOOK_ADMISSION_CONTROLLER_NAME
+ value: webhook.pipeline.tekton.dev
+ - name: WEBHOOK_SERVICE_NAME
+ value: tekton-pipelines-webhook
+ - name: WEBHOOK_SECRET_NAME
+ value: webhook-certs
+ - name: METRICS_DOMAIN
+ value: tekton.dev/pipeline
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - "ALL"
+ # User 65532 is the distroless nonroot user ID
+ runAsUser: 65532
+ runAsGroup: 65532
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ ports:
+ - name: metrics
+ containerPort: 9090
+ - name: profiling
+ containerPort: 8008
+ # This must match the value of the environment variable WEBHOOK_PORT.
+ - name: https-webhook
+ containerPort: 8443
+ - name: probes
+ containerPort: 8080
+ livenessProbe:
+ httpGet:
+ path: /health
+ port: probes
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ readinessProbe:
+ httpGet:
+ path: /readiness
+ port: probes
+ scheme: HTTP
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/name: webhook
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/version: "v0.47.0"
+ app.kubernetes.io/part-of: tekton-pipelines
+ # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
+ pipeline.tekton.dev/release: "v0.47.0"
+ # labels below are related to istio and should not be used for resource lookup
+ app: tekton-pipelines-webhook
+ version: "v0.47.0"
+ name: tekton-pipelines-webhook
+ namespace: tekton-pipelines
+spec:
+ ports:
+ # Define metrics and profiling for them to be accessible within service meshes.
+ - name: http-metrics
+ port: 9090
+ targetPort: 9090
+ - name: http-profiling
+ port: 8008
+ targetPort: 8008
+ - name: https-webhook
+ port: 443
+ targetPort: https-webhook
+ - name: probes
+ port: 8080
+ selector:
+ app.kubernetes.io/name: webhook
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/instance: default
+ app.kubernetes.io/part-of: tekton-pipelines
+
+---
diff --git a/karavan-operator/src/main/resources/demo.png b/karavan-operator/src/main/resources/demo.png
deleted file mode 100644
index 15b5c306..00000000
Binary files a/karavan-operator/src/main/resources/demo.png and /dev/null differ