diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 53d95b2..7c43ebe 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,7 +5,7 @@ on: env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} - VERSION: 0.10.0 + VERSION: 0.11.0-RC1 jobs: build: diff --git a/README.md b/README.md index d8dec9d..fb3cc88 100644 --- a/README.md +++ b/README.md @@ -27,11 +27,11 @@ This repository contains the following Carvel packages. | [knative-serving](https://github.com/kadras-io/package-for-knative-serving) | A solution built on Kubernetes to support deploying and serving of applications and functions as serverless containers. | | [kpack](https://github.com/kadras-io/package-for-kpack) | A Kubernetes-native implementation of Cloud Native Buildpacks to build source code into OCI images from within your cluster. | | [metrics-server](https://github.com/kadras-io/package-for-metrics-server) | A scalable and efficient source of container resource metrics for Kubernetes built-in autoscaling pipelines. | -| [namespace-setup](https://github.com/kadras-io/namespace-setup) | Sets up up namespaces with the necessary RBAC and Secrets to work with the Kadras platform. | | [secretgen-controller](https://github.com/carvel-dev/secretgen-controller) | Generates various types of Secrets in-cluster as well as export and import Secrets across namespaces. Maintained by [Carvel](https://github.com/carvel-dev). | | [spring-boot-conventions](https://github.com/kadras-io/package-for-spring-boot-conventions) | Defines conventions for Spring Boot workloads that will be applied by the Cartographer Convention Controller. | -| [tekton-catalog](https://github.com/kadras-io/package-for-tekton-catalog) | A set of Tekton pipelines and tasks used by the Kadras platform to support testing, scanning, delivering and deploying applications. | +| [tekton-catalog](https://github.com/kadras-io/tekton-catalog) | A set of Tekton pipelines and tasks used by the Kadras platform to support testing, scanning, delivering and deploying applications. | | [tekton-pipelines](https://github.com/kadras-io/package-for-tekton-pipelines) | A cloud-native solution for building CI/CD systems. | +| [workspace-provisioner](https://github.com/kadras-io/workspace-provisioner) | Provisions and configures workspaces (namespaces or virtual clusters) to work with the Kadras Engineering Platform. | ## πŸš€  Getting Started diff --git a/docs/verify-release.md b/docs/verify-release.md new file mode 100644 index 0000000..3e6875c --- /dev/null +++ b/docs/verify-release.md @@ -0,0 +1,37 @@ +# Verifying the Package Repository Release + +This package repository is published as an OCI artifact, signed with Sigstore [Cosign](https://docs.sigstore.dev/cosign/overview), and associated with a [SLSA Provenance](https://slsa.dev/provenance) attestation. + +Using `cosign`, you can display the supply chain security related artifacts for the `ghcr.io/kadras-io/kadras-packages` images. Use the specific digest you'd like to verify. + +```shell +cosign tree ghcr.io/kadras-io/kadras-packages +``` + +The result: + +```shell +πŸ“¦ Supply Chain Security Related artifacts for an image: ghcr.io/kadras-io/kadras-packages +└── πŸ’Ύ Attestations for an image tag: ghcr.io/kadras-io/kadras-packages:sha256-046c6f16def6fa8ea562c84169725a4a7ef8c16dd7180137dc729f555af4a151.att + └── πŸ’ sha256:23f10f5d24941657ddaa5ff25117373a243abbeb51f2f81065e562e3b292ee2d +└── πŸ” Signatures for an image tag: ghcr.io/kadras-io/kadras-packages:sha256-046c6f16def6fa8ea562c84169725a4a7ef8c16dd7180137dc729f555af4a151.sig + └── πŸ’ sha256:2e765ddc539ac475fa5275d0709e62699ebc2b47d054be5d5eb05b3d958310e6 +``` + +You can verify the signature and its claims: + +```shell +cosign verify \ + --certificate-identity-regexp https://github.com/kadras-io \ + --certificate-oidc-issuer https://token.actions.githubusercontent.com \ + ghcr.io/kadras-io/kadras-packages | jq +``` + +You can also verify the SLSA Provenance attestation associated with the image. + +```shell +cosign verify-attestation --type slsaprovenance \ + --certificate-identity-regexp https://github.com/slsa-framework \ + --certificate-oidc-issuer https://token.actions.githubusercontent.com \ + ghcr.io/kadras-io/kadras-packages | jq .payload -r | base64 --decode | jq +``` diff --git a/repo/packages/buildpacks-catalog.packages.kadras.io/0.6.1.yml b/repo/packages/buildpacks-catalog.packages.kadras.io/0.6.1.yml new file mode 100644 index 0000000..240328b --- /dev/null +++ b/repo/packages/buildpacks-catalog.packages.kadras.io/0.6.1.yml @@ -0,0 +1,46 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: buildpacks-catalog.packages.kadras.io.0.6.1 +spec: + capacityRequirementsDescription: Container registry with > 1GB available space + licenses: + - Apache 2.0 + refName: buildpacks-catalog.packages.kadras.io + releaseNotes: https://github.com/kadras-io/buildpacks-catalog/releases + releasedAt: "2023-04-08T19:58:27Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/buildpacks-catalog@sha256:a608743dbc9d63f7f4f27fb4654fdc0da4bb1770af0c7893541e890b5f8425c4 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + kp_default_repository: + additionalProperties: false + description: Settings for the default container repository used by kpack. + Same as configured in the kpack package. + properties: + name: + default: "" + description: The default repository where to publish builder images + and dependencies. + example: ghcr.io/thomasvitale/buildpacks + type: string + x-example-description: Repository on GitHub Container Registry + type: object + type: object + version: 0.6.1 diff --git a/repo/packages/cartographer-blueprints.packages.kadras.io/0.5.1.yml b/repo/packages/cartographer-blueprints.packages.kadras.io/0.5.1.yml new file mode 100644 index 0000000..4cd3f2c --- /dev/null +++ b/repo/packages/cartographer-blueprints.packages.kadras.io/0.5.1.yml @@ -0,0 +1,44 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: cartographer-blueprints.packages.kadras.io.0.5.1 +spec: + licenses: + - Apache 2.0 + refName: cartographer-blueprints.packages.kadras.io + releaseNotes: https://github.com/kadras-io/cartographer-blueprints/releases + releasedAt: "2023-04-01T15:36:14Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/cartographer-blueprints@sha256:c9d33e5018c6b5c1a3c60a5416404cb0e5c307bcfda43028505722c4a1eaf669 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + excluded_blueprints: + default: [] + description: A list of blueprints and manifests to esclude from being created + in the cluster. + items: + default: "" + type: string + type: array + tekton_catalog_namespace: + default: tekton-catalog + description: The namespace where the Tekton Catalog package has been installed. + type: string + type: object + version: 0.5.1 diff --git a/repo/packages/cartographer-delivery.packages.kadras.io/0.4.1.yml b/repo/packages/cartographer-delivery.packages.kadras.io/0.4.1.yml new file mode 100644 index 0000000..c54b6b9 --- /dev/null +++ b/repo/packages/cartographer-delivery.packages.kadras.io/0.4.1.yml @@ -0,0 +1,43 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: cartographer-delivery.packages.kadras.io.0.4.1 +spec: + refName: cartographer-delivery.packages.kadras.io + releasedAt: "2023-04-09T08:44:54Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/cartographer-delivery@sha256:620a2bddd30c11982c0332cef5bef554a26b8c086ce5daf3ced4a793b9eb1c7e + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + delivery_chain: + default: basic + description: 'The type of delivery chain to use when deploying workloads. + Options: `basic`.' + type: string + git_access_secret: + default: supply-chain-git-credentials + description: The Secret containing authentication credentials for the Git + repository. + type: string + service_account: + default: default + description: The default `ServiceAccount` used by the delivery chain. + type: string + type: object + version: 0.4.1 diff --git a/repo/packages/cartographer-supply-chains.packages.kadras.io/0.5.1.yml b/repo/packages/cartographer-supply-chains.packages.kadras.io/0.5.1.yml new file mode 100644 index 0000000..b8252db --- /dev/null +++ b/repo/packages/cartographer-supply-chains.packages.kadras.io/0.5.1.yml @@ -0,0 +1,140 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: cartographer-supply-chains.packages.kadras.io.0.5.1 +spec: + licenses: + - Apache 2.0 + refName: cartographer-supply-chains.packages.kadras.io + releaseNotes: https://github.com/kadras-io/cartographer-supply-chains/releases + releasedAt: "2023-04-09T08:45:24Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/cartographer-supply-chains@sha256:650e1c107d57454e18c4e6e8ba9247747db4cb22a9c2718c99d2b0465bae400c + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + cluster_builder: + default: default + description: The default `ClusterBuilder` used by kpack. + type: string + git_access_secret: + default: supply-chain-git-credentials + description: The Secret containing authentication credentials for the Git + repository. + type: string + gitops: + additionalProperties: false + description: Settings for using a GitOps strategy with the supply chain. + properties: + commit: + additionalProperties: false + properties: + message: + default: Update from Cartographer + description: The commit message to use when pushing configuration + changes to Git. + type: string + type: object + pull_request: + additionalProperties: false + description: Settings for using a GitOps approach based on pull requests. + properties: + body: + default: Generated from Cartographer + description: The message body of the pull request. + type: string + commit_branch: + default: "" + description: The branch to use to open a pull request. If empty, + a random name is generated. + type: string + server_kind: + default: github + description: The type of Git server where to open the pull request. + example: github + type: string + x-example-description: Open a pull request on GitHub + title: + default: Update from Cartographer + description: The title of the pull request. + type: string + type: object + repository: + additionalProperties: false + properties: + name: + default: "" + description: The name of the Git repository. + type: string + owner: + default: "" + description: The owner of the Git repository. + type: string + type: object + server_address: + default: https://github.com + description: The location of the server hosting the specified Git repository. + type: string + strategy: + default: none + description: Whether to commit configuration changes to Git directly + (`direct`) or via a pull request (`pull_request`). If `none`, no GitOps + strategy is applied. + type: string + target_branch: + default: main + description: The target branch where to push configuration changes. + type: string + user: + additionalProperties: false + properties: + email: + default: cartographer@kadras.io + description: The email of the user interacting with the Git repository. + type: string + name: + default: cartographer + description: The name of the user interacting with the Git repository. + type: string + type: object + type: object + registry: + additionalProperties: false + description: Settings for the OCI Registry used by the supply chain. + properties: + repository: + default: "" + description: The repository in the OCI Registry where the supply chain + will publish and consume OCI images. + type: string + server: + default: "" + description: The server of the OCI Registry where the supply chain will + publish and consume OCI images. + type: string + type: object + service_account: + default: default + description: The default `ServiceAccount` used by the supply chain. + type: string + supply_chain: + default: basic + description: 'The type of supply chain to deploy. Options: `basic`, `advanced`.' + type: string + type: object + version: 0.5.1 diff --git a/repo/packages/cartographer.packages.kadras.io/0.7.1+tap.1.yml b/repo/packages/cartographer.packages.kadras.io/0.7.1+tap.1.yml new file mode 100644 index 0000000..a45ca96 --- /dev/null +++ b/repo/packages/cartographer.packages.kadras.io/0.7.1+tap.1.yml @@ -0,0 +1,146 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + name: cartographer.packages.kadras.io.0.7.1+tap.1 +spec: + refName: cartographer.packages.kadras.io + version: 0.7.1+tap.1 + releaseNotes: https://github.com/vmware-tanzu/package-for-cartographer/releases/tag/0.7.1+tap.1 + releasedAt: "2023-03-22T16:00:22Z" + valuesSchema: + openAPIv3: + title: cartographer.packages.kadras.io.0.7.1+tap.1 values schema + properties: + ca_cert_data: + type: string + description: 'Optional: PEM Encoded certificate data for image registries with private CA.' + default: "" + excluded_components: + type: array + items: + type: string + default: [] + description: 'Optional: List of components to exclude from installation (e.g. [conventions])' + aws_iam_role_arn: + type: string + description: 'Optional: Arn role that has access to pull images from ECR container registry' + default: "" + cartographer: + type: object + properties: + concurrency: + type: object + properties: + max_workloads: + type: integer + description: 'Optional: maximum number of Workloads to process concurrently.' + default: 2 + max_deliveries: + type: integer + description: 'Optional: maximum number of Deliverables to process concurrently.' + default: 2 + max_runnables: + type: integer + description: 'Optional: maximum number of Runnables to process concurrently.' + default: 2 + resources: + type: object + properties: + limits: + type: object + properties: + cpu: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Optional: maximum amount of cpu resources to allow the controller to use' + default: 1000m + memory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Optional: maximum amount of memory to allow the controller to use' + default: 128Mi + requests: + type: object + properties: + cpu: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Optional: minimum amount of cpu to reserve' + default: 250m + memory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Optional: minimum amount of memory to reserve' + default: 128Mi + conventions: + type: object + properties: + resources: + type: object + properties: + limits: + type: object + properties: + cpu: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Optional: maximum amount of cpu resources to allow the controller to use' + default: 1000m + memory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Optional: maximum amount of memory to allow the controller to use' + default: 128Mi + requests: + type: object + properties: + cpu: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Optional: minimum amount of cpu to reserve' + default: 250m + memory: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Optional: minimum amount of memory to reserve' + default: 128Mi + template: + spec: + fetch: + - imgpkgBundle: + image: index.docker.io/projectcartographer/package-for-cartographer@sha256:155c08105fccb02f0300d948197f1a77a7a476e5825a3f31daa142b81dfd5ab4 + template: + - ytt: + ignoreUnknownComments: true + paths: + - config + - kbld: + paths: + - .imgpkg/images.yml + - '-' + deploy: + - kapp: {} diff --git a/repo/packages/cartographer.packages.kadras.io/metadata.yml b/repo/packages/cartographer.packages.kadras.io/metadata.yml index 262a7be..cabdc7e 100644 --- a/repo/packages/cartographer.packages.kadras.io/metadata.yml +++ b/repo/packages/cartographer.packages.kadras.io/metadata.yml @@ -7,7 +7,7 @@ metadata: spec: displayName: Cartographer providerName: VMware - shortDescription: Kubernetes native Supply Chain Choreographer. + shortDescription: Kubernetes Native Supply Chain Choreographer. supportDescription: https://github.com/vmware-tanzu/cartographer longDescription: |- Cartographer is a Kubernetes native Choreographer. It allows users to diff --git a/repo/packages/cert-manager.packages.kadras.io/1.11.1.yml b/repo/packages/cert-manager.packages.kadras.io/1.11.1.yml new file mode 100644 index 0000000..9750003 --- /dev/null +++ b/repo/packages/cert-manager.packages.kadras.io/1.11.1.yml @@ -0,0 +1,119 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: cert-manager.packages.kadras.io.1.11.1 +spec: + licenses: + - Apache 2.0 + refName: cert-manager.packages.kadras.io + releaseNotes: https://github.com/kadras-io/package-for-cert-manager/releases + releasedAt: "2023-04-09T10:36:26Z" + template: + spec: + deploy: + - kapp: + rawOptions: + - --wait-timeout=5m + - --kube-api-qps=50 + - --kube-api-burst=100 + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/package-for-cert-manager@sha256:102f4dcf95c4f514160ccee432785bd4e1d30ca9747414bca95adedfb70821ef + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + leader_election: + additionalProperties: false + description: Leader election configuration for the cert-manager and cert-manager-cainjector + Deployments. + properties: + lease_duration: + default: 60s + description: The duration that non-leader candidates will wait after + observing a leadership renewal until attempting to acquire leadership + of a led but unrenewed leader slot. This is effectively the maximum + duration that a leader can be stopped before it is replaced by another + candidate. + type: string + namespace: + default: kube-system + description: 'Namespace used to perform leader election. The default + namespace needs changing in environments like GKE. More information: + https://cert-manager.io/docs/installation/compatibility/#gke.' + type: string + renew_deadline: + default: 40s + description: The interval between attempts by the acting leader to renew + a leadership slot before it stops leading. + type: string + retry_period: + default: 15s + description: The duration the clients should wait between attempting + acquisition and renewal of a leadership. + type: string + type: object + namespace: + default: cert-manager + description: The namespace in which to deploy Cert Manager. + type: string + policies: + additionalProperties: false + description: Settings for the Kyverno policies. + properties: + include: + default: false + description: Whether to include the out-of-the-box Kyverno policies + to validate and secure the package installation. + type: boolean + type: object + proxy: + additionalProperties: false + description: Settings for the proxy. + properties: + http_proxy: + default: "" + description: The HTTP proxy URL. + type: string + https_proxy: + default: "" + description: The HTTPS proxy URL. + type: string + no_proxy: + default: "" + description: For which domains the proxy should not be used. + type: string + type: object + webhook: + additionalProperties: false + description: Settings for the cert-manager webhook. + properties: + host_network: + default: false + description: 'Whether to run the webhook in the host network so that + it can be reached by the cert-manager controller in environments like + AWS EKS. More information: https://cert-manager.io/docs/installation/compatibility/#aws-eks.' + type: boolean + replicas: + default: 1 + description: The number of replicas. In order to enable high availability, + it should be greater than 1. + type: integer + secure_port: + default: 10250 + description: 'The port where the webhook is exposed. The default port + needs changing in environments like AWS EKS and AWS Fargate. More + information: https://cert-manager.io/docs/installation/compatibility/#aws-eks.' + type: integer + type: object + type: object + version: 1.11.1 diff --git a/repo/packages/contour.packages.kadras.io/1.24.3.yml b/repo/packages/contour.packages.kadras.io/1.24.3.yml new file mode 100644 index 0000000..807f2fe --- /dev/null +++ b/repo/packages/contour.packages.kadras.io/1.24.3.yml @@ -0,0 +1,222 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: contour.packages.kadras.io.1.24.3 +spec: + licenses: + - Apache 2.0 + refName: contour.packages.kadras.io + releaseNotes: https://github.com/kadras-io/package-for-contour/releases + releasedAt: "2023-04-09T09:14:36Z" + template: + spec: + deploy: + - kapp: + rawOptions: + - --wait-timeout=5m + - --kube-api-qps=50 + - --kube-api-burst=100 + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/package-for-contour@sha256:8ad525ebd8fe06e636056b13f386d96fe61e484a5acad42a93f0a44f71d85e5f + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + certificates: + additionalProperties: false + description: TLS configuration to secure the communication between Contour + and Envoy. + properties: + duration: + default: 8760h + description: If using cert-manager, how long the certificates should + be valid for. If `useCertManager` is false, this field is ignored. + type: string + renewBefore: + default: 360h + description: If using cert-manager, how long before expiration the certificates + should be renewed. If `useCertManager` is false, this field is ignored. + type: string + useCertManager: + default: false + description: 'Whether to use cert-manager to provision TLS certificates + for securing the communication between Contour and Envoy. If `false`, + the `contour-certgen` Job will be used to provision certificates. + If `true`, cert-manager must be installed in the cluster. See: https://github.com/kadras-io/package-for-cert-manager.' + type: boolean + type: object + contour: + additionalProperties: false + description: Settings for the Contour component. + properties: + config: + additionalProperties: false + description: Configuration for the Contour Deployment. + properties: + logFormat: + default: text + description: Log output format for Contour. Either `text` (default) + or `json`. + type: string + logLevel: + default: info + description: The Contour log level. Valid options are `info` and + `debug`. + type: string + useProxyProtocol: + default: false + description: Whether to enable PROXY protocol for all Envoy listeners. + type: boolean + type: object + configFileContents: + default: {} + description: The YAML contents of the Contour config file. See https://projectcontour.io/docs/latest/configuration/#configuration-file + for more information. + nullable: true + replicas: + default: 2 + description: The number of Contour replicas. In order to enable high + availability, it should be greater than 1. + type: integer + type: object + envoy: + additionalProperties: false + description: Settings for the Envoy component. + properties: + config: + additionalProperties: false + description: Configuration for the Envoy workload. + properties: + logLevel: + default: info + description: The Envoy log level. + type: string + type: object + service: + additionalProperties: false + description: Envoy service settings. + properties: + annotations: + default: null + description: Annotations to set on the Envoy service. + nullable: true + aws: + additionalProperties: false + description: AWS-specific settings for the Envoy service. If `infrastructureProvider` + is not `aws`, these settings are ignored. + properties: + loadBalancerType: + default: classic + description: The type of AWS load balancer to provision. Options + are 'classic' and 'nlb'. + type: string + type: object + externalTrafficPolicy: + default: null + description: The external traffic policy for the Envoy service. + If type is `ClusterIP`, this field is ignored. Otherwise, it defaults + to `Cluster` for vsphere and `Local` for others. + nullable: true + type: string + loadBalancerIP: + default: "" + description: The desired load balancer IP. If `type` is not `LoadBalancer', + this field is ignored. It is up to the cloud provider whether + to honor this request. If not specified, then load balancer IP + will be assigned by the cloud provider. + type: string + nodePorts: + additionalProperties: false + description: NodePort settings for the Envoy service. If type is + not `NodePort` or `LoadBalancer`, these settings are ignored. + properties: + http: + default: 0 + description: The node port number to expose Envoy's HTTP listener + on. If not specified, a node port will be auto-assigned by + Kubernetes. + type: integer + https: + default: 0 + description: The node port number to expose Envoy's HTTPS listener + on. If not specified, a node port will be auto-assigned by + Kubernetes. + type: integer + type: object + type: + default: null + description: The type of Kubernetes service to provision for Envoy. + If not specified, it will default to `NodePort` for local and + vsphere and `LoadBalancer` for others. + nullable: true + type: string + type: object + workload: + additionalProperties: false + description: Envoy workload settings. + properties: + hostNetwork: + default: false + description: Whether to enable host networking for the Envoy pods. + type: boolean + hostPorts: + additionalProperties: false + description: Host port settings for the Envoy pods. + properties: + enabled: + default: false + description: Whether to enable host ports. If false, http & + https are ignored. + type: boolean + http: + default: 80 + description: If enabled, the host port number to expose Envoy's + HTTP listener on. + type: integer + https: + default: 443 + description: If enabled, the host port number to expose Envoy's + HTTPS listener on. + type: integer + type: object + replicas: + default: 2 + description: The number of Envoy replicas to deploy when `type` + is set to `Deployment`. + type: integer + terminationGracePeriodSeconds: + default: 300 + description: The termination grace period, in seconds, for the Envoy + pods. + type: integer + type: + default: DaemonSet + description: The type of Kubernetes workload that Envoy is deployed + as. Options are `Deployment` or `DaemonSet`. If not specified, + it defaults to `DaemonSet`. + type: string + type: object + type: object + infrastructureProvider: + default: null + description: The underlying infrastructure provider. Options are `aws`, + `azure`, `local` and `vsphere`. This field is not required, but it enables + better validation and defaulting if provided. + nullable: true + type: string + namespace: + default: projectcontour + description: The namespace in which to deploy Contour and Envoy. + type: string + type: object + version: 1.24.3 diff --git a/repo/packages/fluxcd-source-controller.packages.kadras.io/0.36.1.yml b/repo/packages/fluxcd-source-controller.packages.kadras.io/0.36.1.yml new file mode 100644 index 0000000..37828c7 --- /dev/null +++ b/repo/packages/fluxcd-source-controller.packages.kadras.io/0.36.1.yml @@ -0,0 +1,77 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: fluxcd-source-controller.packages.kadras.io.0.36.1 +spec: + licenses: + - Apache 2.0 + refName: fluxcd-source-controller.packages.kadras.io + releaseNotes: https://github.com/kadras-io/package-for-fluxcd-source-controller/releases + releasedAt: "2023-04-09T09:25:44Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/package-for-fluxcd-source-controller@sha256:40627427c34909205b7dc99008f44db39e180c95cb26776348df67677cb98355 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + namespace: + default: source-system + description: The namespace where to install FluxCD Source Controller. + type: string + proxy: + additionalProperties: false + description: Settings for the corporate proxy. + properties: + http_proxy: + default: "" + description: The HTTP proxy to use for network traffic + type: string + https_proxy: + default: "" + description: The HTTPS proxy to use for network traffic + type: string + no_proxy: + default: "" + description: A comma-separated list of hostnames, IP addresses, or IP + ranges in CIDR format that should not use a proxy + type: string + type: object + resources: + additionalProperties: false + description: Resource configuration for the source-controller Deployment. + properties: + limits: + additionalProperties: false + properties: + cpu: + default: 1000m + description: CPU limits configuration for the `source-controller` + Deployment. + type: string + memory: + default: 1Gi + description: Memory limits configuration for the `source-controller` + Deployment. + type: string + type: object + type: object + service_port: + default: 80 + description: Port configuration for the `source-controller` Service. + type: integer + type: object + version: 0.36.1 diff --git a/repo/packages/knative-serving.packages.kadras.io/1.9.3.yml b/repo/packages/knative-serving.packages.kadras.io/1.9.3.yml new file mode 100644 index 0000000..f278aa0 --- /dev/null +++ b/repo/packages/knative-serving.packages.kadras.io/1.9.3.yml @@ -0,0 +1,235 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: knative-serving.packages.kadras.io.1.9.3 +spec: + licenses: + - Apache 2.0 + refName: knative-serving.packages.kadras.io + releaseNotes: https://github.com/kadras-io/package-for-knative-serving/releases + releasedAt: "2023-04-09T14:40:05Z" + template: + spec: + deploy: + - kapp: + rawOptions: + - --wait-timeout=5m + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/package-for-knative-serving@sha256:a80927dec3e328e9116bda6239a2256466aad9a05e91a34418ef571dfeaa2c61 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + ca_cert_data: + default: "" + description: PEM-encoded certificate data to trust TLS connections with + a custom CA. + type: string + config: + additionalProperties: false + description: Settings for the Knative Serving ConfigMaps. + properties: + domain: + additionalProperties: false + description: Domain configuration stored in the `config-domain` ConfigMap. + properties: + name: + default: "" + description: Domain name for Knative Services. It must be a valid + DNS name. + type: string + type: object + network: + additionalProperties: false + description: Network configuration stored in the `config-network` ConfigMap. + properties: + default-external-scheme: + default: http + description: Defines the scheme used for external URLs if autoTLS + is not enabled. This can be used for making Knative report all + URLs as `https`, for example, if you're fronting Knative with + an external loadbalancer that deals with TLS termination and Knative + doesn't know about that otherwise. + type: string + domain-template: + default: '{{.Name}}.{{.Namespace}}.{{.Domain}}' + description: The golang text template string to use when constructing + the Knative Service's DNS name. + type: string + http-protocol: + default: Enabled + description: 'Controls the behavior of the HTTP endpoint for the + Knative ingress. `Enabled`: The Knative ingress will be able to + serve HTTP connection. `Redirected`: The Knative ingress will + send a 301 redirect for all http connections, asking the clients + to use HTTPS.' + type: string + namespace-wildcard-cert-selector: + default: "" + description: A LabelSelector which determines which namespaces should + have a wildcard certificate provisioned. + type: string + rollout-duration: + default: 0 + description: The minimal duration in seconds over which the Configuration + traffic targets are rolled out to the newest revision. + type: integer + type: object + tracing: + additionalProperties: false + description: Network configuration stored in the `config-tracing` ConfigMap. + properties: + backend: + default: none + description: The type of distributed tracing backend. + type: string + debug: + default: "false" + description: Enable the Zipkin debug mode. This allows all spans + to be sent to the server bypassing sampling. + type: string + sample-rate: + default: "0.1" + description: The percentage (0-1) of requests to trace. + type: string + zipkin-endpoint: + default: http://tempo.observability-system.svc.cluster.local:9411/api/v2/spans + description: The Zipkin collector endpoint where traces are sent. + type: string + type: object + type: object + ingress: + additionalProperties: false + description: Settings for the Ingress controller. + properties: + contour: + additionalProperties: false + description: Ingress configuration stored in the `config-contour` ConfigMap. + properties: + default-tls-secret: + default: "" + description: If auto-TLS is disabled, fallback to this certificate. + An operator is required to setup a TLSCertificateDelegation for + this Secret to be used. + type: string + external: + additionalProperties: false + description: Configuration for the external Ingress controller + properties: + namespace: + default: projectcontour + description: The namespace where the external Ingress controller + is installed. + type: string + type: object + internal: + additionalProperties: false + description: Configuration for the internal Ingress controller + properties: + namespace: + default: projectcontour + description: The namespace where the internal Ingress controller + is installed. + type: string + type: object + type: object + type: object + policies: + additionalProperties: false + description: Settings for the Kyverno policies. + properties: + include: + default: false + description: Whether to include the out-of-the-box Kyverno policies + to validate and secure the package installation. + type: boolean + type: object + proxy: + additionalProperties: false + description: Settings for the corporate proxy. + properties: + http_proxy: + default: "" + description: The HTTP proxy to use for network traffic + type: string + https_proxy: + default: "" + description: The HTTPS proxy to use for network traffic + type: string + no_proxy: + default: "" + description: A comma-separated list of hostnames, IP addresses, or IP + ranges in CIDR format that should not use a proxy + type: string + type: object + tls: + additionalProperties: false + description: Settings for TLS certificates. + properties: + certmanager: + additionalProperties: false + description: Cert Manager configuration stored in the `config-certmanager` + ConfigMap. + properties: + clusterissuer: + default: "" + description: A reference to the ClusterIssuer to use if you want + to enable autoTLS. + type: string + type: object + type: object + workloads: + additionalProperties: false + description: Settings for the Knative Serving workloads. + properties: + activator: + additionalProperties: false + properties: + minReplicas: + default: 1 + description: The minimum number of replicas as controlled by a HorizontalPodAutoscaler. + In order to enable high availability, it should be greater than + 1. + type: integer + type: object + autoscaler: + additionalProperties: false + properties: + replicas: + default: 1 + description: The number of replicas for this Deployment. In order + to enable high availability, it should be greater than 1. + type: integer + type: object + controller: + additionalProperties: false + properties: + replicas: + default: 1 + description: The number of replicas for this Deployment. In order + to enable high availability, it should be greater than 1. + type: integer + type: object + webhook: + additionalProperties: false + properties: + minReplicas: + default: 1 + description: The minimum number of replicas as controlled by a HorizontalPodAutoscaler. + In order to enable high availability, it should be greater than + 1. + type: integer + type: object + type: object + type: object + version: 1.9.3 diff --git a/repo/packages/kpack.packages.kadras.io/0.10.1+kadras.1.yml b/repo/packages/kpack.packages.kadras.io/0.10.1+kadras.1.yml new file mode 100644 index 0000000..5797421 --- /dev/null +++ b/repo/packages/kpack.packages.kadras.io/0.10.1+kadras.1.yml @@ -0,0 +1,155 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: kpack.packages.kadras.io.0.10.1+kadras.1 +spec: + capacityRequirementsDescription: Container registry with > 1GB available space + licenses: + - Apache 2.0 + refName: kpack.packages.kadras.io + releaseNotes: https://github.com/kadras-io/package-for-kpack/releases + releasedAt: "2023-04-09T06:54:49Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/package-for-kpack@sha256:bc2c853b0bbf87d6787f1a989559af1e6b1e144b3619effac1bd729e4ff16e77 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + ca_cert_data: + default: "" + description: 'PEM-encoded certificate data that kpack controller will use + to trust TLS connections based on a custom CA with a container registry. + Note: This will not be injected into builds, you need to use the cert + injection webhook with the `kpack.io/build` label value.' + type: string + config: + additionalProperties: false + description: Settings for kpack. + properties: + injected_sidecar_support: + default: false + description: Enable support for injected sidecars. + type: boolean + type: object + controller: + additionalProperties: false + description: Settings for the the kpack controller. + properties: + resources: + additionalProperties: false + description: Resource configuration for the kpack-controller Deployment. + properties: + limits: + additionalProperties: false + properties: + memory: + default: 1Gi + description: Memory limits configuration for the kpack-controller + Deployment. In a resource-constrained environment, you can + lower this up to `500Mi`. + type: string + type: object + requests: + additionalProperties: false + properties: + memory: + default: 1Gi + description: Memory requests configuration for the kpack-controller + Deployment. In a resource-constrained environment, you can + lower this up to `100Mi`. + type: string + type: object + type: object + type: object + kp_default_repository: + additionalProperties: false + description: Settings for the default container repository used by kpack. + properties: + aws_iam_role_arn: + default: null + description: IAM credentials to access the default container repository + if the registry is on AWS. + nullable: true + type: string + credentials: + additionalProperties: false + description: Read/write credentials to access the default container + repository. + nullable: true + properties: + password: + default: "" + description: 'Token to access the default container repository. + Note: Use contents of service account key json for GCR.' + type: string + username: + default: "" + description: 'Username to access the default container repository. + Note: Use `_json_key` for GCR.' + type: string + type: object + name: + default: "" + description: The default repository to use for builder images and dependencies. + example: ghcr.io/thomasvitale/buildpacks + type: string + x-example-description: Repository on GitHub Container Registry + secret: + additionalProperties: false + description: Configuration for the Secret holding the credentials to + access the default container repository. + nullable: true + properties: + create_export: + default: false + description: Whether to create a SecretExport resource to export + the Secret from the source namespace to the kpack namespace. Not + needed when installing kpack as part of the Kadras Enginnering + Platform. + type: boolean + name: + default: "" + description: The name of the Secret holding the credentials to access + the default container repository. + type: string + namespace: + default: "" + description: The namespace of the Secret holding the credentials + to access the default container repository. + type: string + type: object + type: object + proxy: + additionalProperties: false + description: Settings for the corporate proxy. + properties: + http_proxy: + default: "" + description: The HTTP proxy to use for network traffic + type: string + https_proxy: + default: "" + description: The HTTPS proxy to use for network traffic + type: string + no_proxy: + default: "" + description: A comma-separated list of hostnames, IP addresses, or IP + ranges in CIDR format that should not use a proxy + type: string + type: object + type: object + version: 0.10.1+kadras.1 diff --git a/repo/packages/metrics-server.packages.kadras.io/0.6.3.yml b/repo/packages/metrics-server.packages.kadras.io/0.6.3.yml new file mode 100644 index 0000000..1afedf9 --- /dev/null +++ b/repo/packages/metrics-server.packages.kadras.io/0.6.3.yml @@ -0,0 +1,148 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: metrics-server.packages.kadras.io.0.6.3 +spec: + licenses: + - Apache 2.0 + refName: metrics-server.packages.kadras.io + releaseNotes: https://github.com/kadras-io/package-for-metrics-server/releases + releasedAt: "2023-04-09T14:51:57Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/package-for-metrics-server@sha256:d0079992047bd7998a0f228fc45ae1389ad88d5098db737a90ea7091d676a44d + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + daemonset: + additionalProperties: false + properties: + updateStrategy: + default: null + description: Update strategy of daemonsets + nullable: true + type: string + type: object + deployment: + additionalProperties: false + properties: + rollingUpdate: + additionalProperties: false + properties: + maxSurge: + default: null + description: The maxSurge of rollingUpdate. Applied only if RollingUpdate + is used as updateStrategy + nullable: true + type: integer + maxUnavailable: + default: null + description: The maxUnavailable of rollingUpdate. Applied only if + RollingUpdate is used as updateStrategy + nullable: true + type: integer + type: object + updateStrategy: + default: null + description: Update strategy of deployments + nullable: true + type: string + type: object + metricsServer: + additionalProperties: false + properties: + config: + additionalProperties: false + properties: + apiServiceInsecureTLS: + default: true + description: Whether to enable insecure TLS for metrics-server api + service + type: boolean + args: + default: [] + description: Arguments passed into metrics-server container + items: + default: "" + type: string + type: array + probe: + additionalProperties: false + properties: + failureThreshold: + default: 3 + description: Probe failureThreshold of metrics-server deployment + type: integer + periodSeconds: + default: 10 + description: Probe period of metrics-server deployment + type: integer + type: object + securePort: + default: 4443 + description: The HTTPS secure port used by metrics-server + type: integer + tolerations: + default: [] + description: Metrics-server deployment tolerations + nullable: true + updateStrategy: + default: RollingUpdate + description: The update strategy of the metrics-server deployment + type: string + type: object + createNamespace: + default: true + description: Whether to create namespace specified for metrics-server + type: boolean + image: + additionalProperties: false + properties: + name: + default: "" + description: The path of image + type: string + pullPolicy: + default: IfNotPresent + description: The pull policy of image + type: string + repository: + default: "" + description: The repository of metrics-server image + type: string + tag: + default: "" + description: The image tag + type: string + type: object + namespace: + default: null + description: The namespace value used by older templates, will be overwriten + if top level namespace is present, kept for backward compatibility + nullable: true + type: string + type: object + namespace: + default: kube-system + description: The namespace in which metrics-server is deployed + type: string + nodeSelector: + default: null + description: NodeSelector configuration applied to all the deployments + nullable: true + type: object + version: 0.6.3 diff --git a/repo/packages/spring-boot-conventions.packages.kadras.io/0.2.1.yml b/repo/packages/spring-boot-conventions.packages.kadras.io/0.2.1.yml new file mode 100644 index 0000000..a2c8c12 --- /dev/null +++ b/repo/packages/spring-boot-conventions.packages.kadras.io/0.2.1.yml @@ -0,0 +1,67 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: spring-boot-conventions.packages.kadras.io.0.2.1 +spec: + licenses: + - Apache 2.0 + refName: spring-boot-conventions.packages.kadras.io + releaseNotes: https://github.com/kadras-io/package-for-spring-boot-conventions/releases + releasedAt: "2023-04-09T16:10:20Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/package-for-spring-boot-conventions@sha256:94529a2e9bbb279259922a3c7dbdcff67a8442fbfef71e59d5c86f7938e614f5 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + namespace: + default: spring-boot-conventions + description: The namespace where to install Spring Boot Conventions + type: string + resources: + additionalProperties: false + description: Resource configuration for the Convention Server + properties: + limits: + additionalProperties: false + description: Resource limits + properties: + cpu: + default: 100m + description: CPU limits + type: string + memory: + default: 256Mi + description: Memory limits + type: string + type: object + requests: + additionalProperties: false + description: Resource requests + properties: + cpu: + default: 100m + description: CPU requests + type: string + memory: + default: 20Mi + description: Memory requests + type: string + type: object + type: object + type: object + version: 0.2.1 diff --git a/repo/packages/tekton-catalog.packages.kadras.io/0.1.1.yml b/repo/packages/tekton-catalog.packages.kadras.io/0.1.1.yml new file mode 100644 index 0000000..b2c2896 --- /dev/null +++ b/repo/packages/tekton-catalog.packages.kadras.io/0.1.1.yml @@ -0,0 +1,36 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: tekton-catalog.packages.kadras.io.0.1.1 +spec: + licenses: + - Apache 2.0 + refName: tekton-catalog.packages.kadras.io + releaseNotes: https://github.com/kadras-io/tekton-catalog/releases + releasedAt: "2023-04-08T21:09:48Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/tekton-catalog@sha256:59e6c0acd0c9dc040013494f23dac0f5d038f7b4cab9d531c5d33465e7bb5eb1 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + namespace: + default: tekton-catalog + description: The namespace where to deploy the Tekton Catalog. + type: string + type: object + version: 0.1.1 diff --git a/repo/packages/tekton-pipelines.packages.kadras.io/0.46.0+kadras.2.yml b/repo/packages/tekton-pipelines.packages.kadras.io/0.46.0+kadras.2.yml new file mode 100644 index 0000000..ef32c5e --- /dev/null +++ b/repo/packages/tekton-pipelines.packages.kadras.io/0.46.0+kadras.2.yml @@ -0,0 +1,522 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: tekton-pipelines.packages.kadras.io.0.46.0+kadras.2 +spec: + licenses: + - Apache 2.0 + refName: tekton-pipelines.packages.kadras.io + releaseNotes: https://github.com/kadras-io/package-for-tekton-pipelines/releases + releasedAt: "2023-04-08T20:38:25Z" + template: + spec: + deploy: + - kapp: + rawOptions: + - --wait-timeout=5m + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/package-for-tekton-pipelines@sha256:40d5ab0f7cf0a5ebd4eaf59e733bc8c02e7ec53ab16efbf6b2604827d856fed0 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + ca_cert_data: + default: "" + description: PEM-encoded certificate data to trust TLS connections with + a custom CA. + type: string + config-defaults: + additionalProperties: false + description: Default configuration stored in the `config-defaults` ConfigMap. + properties: + default-affinity-assistant-pod-template: + default: "" + description: Pod template to use for affinity assistant Pods. + type: string + default-cloud-events-sink: + default: "" + description: CloudEvents sink to be used for TaskRun, PipelineRun, CustomRun, + and Run lifeycle events. If no sink is specified, no CloudEvent is + generated. + type: string + default-forbidden-env: + default: "" + description: Comma seperated environment variables that cannot be overridden + by PodTemplate. + type: string + default-managed-by-label-value: + default: tekton-pipelines + description: Value given to the `app.kubernetes.io/managed-by` label + applied to all Pods created for TaskRuns. + type: string + default-max-matrix-combinations-count: + default: "256" + description: Maximum number of combinations from a Matrix, if none is + specified. + type: string + default-pod-template: + default: "" + description: Pod template to use for TaskRun and PipelineRun. + type: string + default-resolver-type: + default: "" + description: The default resolver type to be used in the cluster. + type: string + default-service-account: + default: default + description: Service account name to use for TaskRun and PipelineRun, + if none is specified. + type: string + default-task-run-workspace-binding: + default: | + emptyDir: {} + description: Workspace configuration provided for any Workspaces that + a Task declares but that a TaskRun does not explicitly provide. + type: string + default-timeout-minutes: + default: "60" + description: Number of minutes to use for TaskRun and PipelineRun, if + none is specified. + type: string + type: object + config-leader-election: + additionalProperties: false + description: Leader election configuration stored in the `config-leader-election` + ConfigMaps and used in both Tekton Pipelines and Tekton Pipelines Resolvers. + properties: + buckets: + default: "1" + description: The number of buckets used to partition key space of each + Reconciler. If this number is M and the replica number of the controller + is N, the N replicas will compete for the M buckets. The owner of + a bucket will take care of the reconciling for the keys partitioned + into that bucket. The maximum value of at this time is 10. + type: string + lease-duration: + default: 60s + description: How long non-leaders will wait to try to acquire the lock; + 15 seconds is the value used by core Kubernetes controllers. + type: string + renew-deadline: + default: 40s + description: How long a leader will try to renew the lease before giving + up; 10 seconds is the value used by core Kubernetes controllers. + type: string + retry-period: + default: 10s + description: How long the leader election client waits between tries + of actions; 2 seconds is the value used by core Kubernetes controllers. + type: string + type: object + config-logging: + additionalProperties: false + description: Logging configuration stored in the `config-logging` ConfigMaps + and used in both Tekton Pipelines and Tekton Pipelines Resolvers. + properties: + loglevel.controller: + default: info + description: Log level for the `tekton-pipelines-controller` and `tekton-pipelines-resolvers` + Deployments. + type: string + loglevel.webhook: + default: info + description: Log level for the `tekton-pipelines-webhook` Deployment. + type: string + zap-logger-config: + default: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + description: Configuration for the zap logger used by all Tekton containers. + type: string + type: object + config-observability: + additionalProperties: false + description: Observability configuration stored in the `config-observability` + ConfigMaps and used in both Tekton Pipelines and Tekton Pipelines Resolvers. + properties: + metrics.allow-stackdriver-custom-metrics: + default: "false" + description: Whether it is allowed to send metrics to Stackdriver using + 'global' resource type and custom metric type. Ignore if `backend_destination` + is not `stackdriver`. + type: string + metrics.backend-destination: + default: prometheus + description: The destination for the metrics produced by the Tekton + components. + type: string + metrics.pipelinerun.duration-type: + default: histogram + description: Duration type for the PipelineRun metrics. Histogram value + isn’t available when the `pipelinerun` level is selected. + type: string + metrics.pipelinerun.level: + default: pipeline + description: 'Level for the PipelineRun metrics controlling which labels + are included: (pipelinerun, pipeline, namespace), (pipeline, namespace), + (namespace).' + type: string + metrics.stackdriver-project-id: + default: "" + description: The Stackdriver project ID. When running on GCE, application + default credentials will be used and metrics will be sent to the cluster's + project if this field is not provided. + type: string + metrics.taskrun.duration-type: + default: histogram + description: Duration type for the TaskRun metrics. Histogram value + isn’t available when the `taskrun` level is selected. + type: string + metrics.taskrun.level: + default: task + description: 'Level for the TaskRun metrics controlling which labels + are included: (taskrun, task, namespace), (task, namespace), (namespace).' + type: string + type: object + controllers: + additionalProperties: false + description: Settings for the Tekton Pipelines controllers. + properties: + pipelines: + additionalProperties: false + description: Settings for the `tekton-pipelines-controller` Deployment. + properties: + replicas: + default: 1 + description: The number of replicas for the `tekton-pipelines-controller` + Deployment. In order to enable high availability, it should be + greater than 1. + type: integer + type: object + resolvers: + additionalProperties: false + description: Settings for the `tekton-pipelines-remote-resolvers` Deployment. + properties: + replicas: + default: 1 + description: The number of replicas. In order to enable high availability, + it should be greater than 1. + type: integer + type: object + type: object + feature-flags: + additionalProperties: false + description: Feature flags configuration stored in the `feature-flags` ConfigMap. + properties: + await-sidecar-readiness: + default: "true" + description: Setting this flag to `false` will stop Tekton from waiting + for a TaskRun's sidecar containers to be running before starting the + first step. This will allow Tasks to be run in environments that don't + support the DownwardAPI volume type, but may lead to unintended behaviour + if sidecars are used. + type: string + custom-task-version: + default: v1beta1 + description: Setting this flag will determine the version for custom + tasks created by PipelineRuns. + type: string + disable-affinity-assistant: + default: "false" + description: Setting this flag to `true` will prevent Tekton to create + an Affinity Assistant for every TaskRun sharing a PVC workspace. + type: string + disable-creds-init: + default: "false" + description: Setting this flag to `true` will prevent Tekton scanning + attached service accounts and injecting any credentials it finds into + your Steps. + type: string + enable-api-fields: + default: beta + description: Setting this flag will determine which gated features are + enabled. + type: string + enable-provenance-in-status: + default: "false" + description: Setting this flag to `true` enables populating the `provenance` + field in TaskRun and PipelineRun status. This field contains metadata + about resources used in the TaskRun/PipelineRun such as the source + from where a remote Task/Pipeline definition was fetched. + type: string + enable-tekton-oci-bundles: + default: "false" + description: Setting this flag to `true` enables the use of Tekton OCI + bundle. This is an experimental feature and thus should still be considered + an alpha feature. + type: string + enforce-nonfalsifiablity: + default: none + description: Setting this flag will determine how Tekton Pipelines will + handle non-falsifiable provenance. If set to `spire`, then SPIRE will + be used to ensure non-falsifiable provenance. If set to `none`, then + Tekton will not have non-falsifiable provenance. This is an experimental + feature and thus should still be considered an alpha feature. + type: string + require-git-ssh-secret-known-hosts: + default: "true" + description: Setting this flag to `true` will require that any Git SSH + Secret offered to Tekton must have `known_hosts` included. + type: string + resource-verification-mode: + default: skip + description: Setting this flag to `enforce` will enforce verification + of tasks/pipelines. Failing to verify will fail the TaskRun/PipelineRun. + `warn` will only log the err message and `skip` will skip the whole + verification. + type: string + running-in-environment-with-injected-sidecars: + default: "true" + description: This option should be set to `false` when Pipelines is + running in a cluster that does not use injected sidecars such as Istio. + Setting it to false should decrease the time it takes for a TaskRun + to start running. For clusters that use injected sidecars, setting + this option to false can lead to unexpected behavior. + type: string + send-cloudevents-for-runs: + default: "false" + description: Setting this flag to `true` enables CloudEvents for CustomRuns + and Runs, as long as a CloudEvents sink is configured in the `config-defaults` + ConfigMap. + type: string + type: object + opentelemetry: + additionalProperties: false + description: Settings for the OpenTelemetry support. + properties: + enable: + default: false + description: Setting this flag to `true` enables the trace exporter. + type: boolean + exporter: + additionalProperties: false + description: Settings for the OpenTelemetry exporter + properties: + jaeger: + additionalProperties: false + description: Configuration for the OpenTelemetry exporter based + on the Jaeger protocol. + properties: + endpoint: + default: "" + description: The endpoint where the distributed tracing backend + accepts OpenTelemetry traces using the Jaeger protocol. + type: string + password: + default: "" + description: The password/token to authenticate with the distributed + tracing backend. + type: string + username: + default: "" + description: The username to access the distributed tracing + backend. + type: string + type: object + type: object + type: object + policies: + additionalProperties: false + description: Settings for the Kyverno policies. + properties: + include: + default: false + description: Whether to include the out-of-the-box Kyverno policies + to validate and secure the package installation. + type: boolean + type: object + resolvers: + additionalProperties: false + description: Configuration for the Tekton Resolvers, responsible for resolving + requests for Tasks and Pipelines from remote locations. + properties: + bundleresolver-config: + additionalProperties: false + description: Configuration for the bundle resolver stored in the `bundleresolver-config` + ConfigMap. + properties: + default-kind: + default: task + description: The default resource kind to pull out of the bundle. + type: string + default-service-account: + default: default + description: The default name of the service account to use when + constructing registry credentials. + type: string + type: object + cluster-resolver-config: + additionalProperties: false + description: Configuration for the cluster resolver stored in the `cluster-resolver-config` + ConfigMap. + properties: + allowed-namespaces: + default: "" + description: A comma-separated list of namespaces which the resolver + is allowed to access. Defaults to empty, meaning all namespaces + are allowed. + type: string + blocked-namespaces: + default: "" + description: A comma-separated list of namespaces which the resolver + is blocked from accessing. Defaults to empty, meaning all namespaces + are allowed. + type: string + default-kind: + default: task + description: The default resource kind to fetch. + type: string + default-namespace: + default: "" + description: The default namespace to fetch resources from. + type: string + type: object + git-resolver-config: + additionalProperties: false + description: Configuration for the git resolver stored in the `git-resolver-config` + ConfigMap. + properties: + api-token-secret-key: + default: "" + description: The key in the API token secret containing the actual + token. Required when using the authenticated API. + type: string + api-token-secret-name: + default: "" + description: The Kubernetes secret containing the API token for + the SCM provider. Required when using the authenticated API. + type: string + api-token-secret-namespace: + default: default + description: The namespace containing the API token secret. + type: string + default-org: + default: "" + description: The default organization to look for repositories under + when using the authenticated API. + type: string + default-revision: + default: main + description: The git revision to fetch the remote resource from + with either anonymous cloning or the authenticated API. + type: string + default-url: + default: https://github.com/tektoncd/catalog.git + description: The git url to fetch the remote resource from when + using anonymous cloning. + type: string + fetch-timeout: + default: 1m + description: The maximum amount of time a single anonymous cloning + resolution may take. + type: string + scm-type: + default: github + description: The SCM type to use with the authenticated API. + type: string + server-url: + default: "" + description: The SCM server URL to use with the authenticated API. + Not needed when using github.com, gitlab.com, or BitBucket Cloud. + type: string + type: object + hubresolver-config: + additionalProperties: false + description: Configuration for the hub resolver stored in the `hubresolver-config` + ConfigMap. + properties: + default-artifact-hub-pipeline-catalog: + default: tekton-catalog-pipelines + description: The default Artifact Hub Pipeline catalog from where + to pull the resource. + type: string + default-artifact-hub-task-catalog: + default: tekton-catalog-tasks + description: The default Artifact Hub Task catalog from where to + pull the resource. + type: string + default-kind: + default: task + description: The default resource kind to fetch. + type: string + default-tekton-hub-catalog: + default: Tekton + description: The default Tekton Hub catalog from where to pull the + resource. + type: string + default-type: + default: artifact + description: The default hub from where to pull the resource. + type: string + type: object + resolvers-feature-flags: + additionalProperties: false + description: Feature flags configuration stored in the `resolvers-feature-flags` + ConfigMap. + properties: + enable-bundles-resolver: + default: "true" + description: Setting this flag to `true` enables remote resolution + of Tekton OCI bundles. + type: string + enable-cluster-resolver: + default: "true" + description: Setting this flag to `true` enables remote resolution + of tasks and pipelines from other namespaces within the cluster. + type: string + enable-git-resolver: + default: "true" + description: Setting this flag to `true` enables remote resolution + of tasks and pipelines from Git repositories. + type: string + enable-hub-resolver: + default: "true" + description: Setting this flag to `true` enables remote resolution + of tasks and pipelines via the Tekton Hub. + type: string + type: object + type: object + webhook: + additionalProperties: false + description: Settings for the `tekton-pipelines-webhook` Deployment. + properties: + minReplicas: + default: 1 + description: The minimum number of replicas as controlled by a HorizontalPodAutoscaler. + In order to enable high availability, it should be greater than 1. + type: integer + type: object + type: object + version: 0.46.0+kadras.2