diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bb5ed1c..53d95b2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,7 +5,7 @@ on: env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} - VERSION: 0.9.1 + VERSION: 0.10.0 jobs: build: diff --git a/README.md b/README.md index 5b97d75..d8dec9d 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ This repository contains the following Carvel packages. | [namespace-setup](https://github.com/kadras-io/namespace-setup) | Sets up up namespaces with the necessary RBAC and Secrets to work with the Kadras platform. | | [secretgen-controller](https://github.com/carvel-dev/secretgen-controller) | Generates various types of Secrets in-cluster as well as export and import Secrets across namespaces. Maintained by [Carvel](https://github.com/carvel-dev). | | [spring-boot-conventions](https://github.com/kadras-io/package-for-spring-boot-conventions) | Defines conventions for Spring Boot workloads that will be applied by the Cartographer Convention Controller. | +| [tekton-catalog](https://github.com/kadras-io/package-for-tekton-catalog) | A set of Tekton pipelines and tasks used by the Kadras platform to support testing, scanning, delivering and deploying applications. | | [tekton-pipelines](https://github.com/kadras-io/package-for-tekton-pipelines) | A cloud-native solution for building CI/CD systems. | ## 🚀  Getting Started diff --git a/repo/packages/buildpacks-catalog.packages.kadras.io/0.6.0.yml b/repo/packages/buildpacks-catalog.packages.kadras.io/0.6.0.yml new file mode 100644 index 0000000..92399c1 --- /dev/null +++ b/repo/packages/buildpacks-catalog.packages.kadras.io/0.6.0.yml @@ -0,0 +1,46 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: buildpacks-catalog.packages.kadras.io.0.6.0 +spec: + capacityRequirementsDescription: Container registry with > 1GB available space + licenses: + - Apache 2.0 + refName: buildpacks-catalog.packages.kadras.io + releaseNotes: https://github.com/kadras-io/buildpacks-catalog/releases + releasedAt: "2023-03-26T12:56:10Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/buildpacks-catalog@sha256:c6d703887d9890fc012f2c69d3264c7587e5d035d1a203db457b9090e68431de + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + kp_default_repository: + additionalProperties: false + description: Settings for the default container repository used by kpack. + Same as configured in the kpack package. + properties: + name: + default: "" + description: The default repository where to publish builder images + and dependencies. + example: ghcr.io/thomasvitale/kpack-build + type: string + x-example-description: Repository on GitHub Container Registry + type: object + type: object + version: 0.6.0 diff --git a/repo/packages/cartographer-blueprints.packages.kadras.io/0.5.0.yml b/repo/packages/cartographer-blueprints.packages.kadras.io/0.5.0.yml new file mode 100644 index 0000000..952942a --- /dev/null +++ b/repo/packages/cartographer-blueprints.packages.kadras.io/0.5.0.yml @@ -0,0 +1,44 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: cartographer-blueprints.packages.kadras.io.0.5.0 +spec: + licenses: + - Apache 2.0 + refName: cartographer-blueprints.packages.kadras.io + releaseNotes: https://github.com/kadras-io/cartographer-blueprints/releases + releasedAt: "2023-03-26T20:14:47Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/cartographer-blueprints@sha256:ca24f226558ced8a8dcac1335a80d70465fda9e3a0936103098a8349825bb83d + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + excluded_blueprints: + default: [] + description: A list of blueprints and manifests to esclude from being created + in the cluster. + items: + default: "" + type: string + type: array + tekton_catalog_namespace: + default: tekton-catalog + description: The namespace where the Tekton Catalog package has been installed. + type: string + type: object + version: 0.5.0 diff --git a/repo/packages/cartographer-supply-chains.packages.kadras.io/0.5.0.yml b/repo/packages/cartographer-supply-chains.packages.kadras.io/0.5.0.yml new file mode 100644 index 0000000..c46ef97 --- /dev/null +++ b/repo/packages/cartographer-supply-chains.packages.kadras.io/0.5.0.yml @@ -0,0 +1,145 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: cartographer-supply-chains.packages.kadras.io.0.5.0 +spec: + licenses: + - Apache 2.0 + refName: cartographer-supply-chains.packages.kadras.io + releaseNotes: https://github.com/kadras-io/cartographer-supply-chains/releases + releasedAt: "2023-03-26T20:33:06Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/cartographer-supply-chains@sha256:663b5df2072380302e01c6b6b00fa975001a0d7db340782d189d2b08f3cdb96c + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + cluster_builder: + default: default + description: The default `ClusterBuilder` used by kpack. + type: string + git_access_secret: + default: git-secret + description: The Secret containing authentication credentials for the Git + repository. + type: string + gitops: + additionalProperties: false + description: Settings for using a GitOps strategy with the supply chain. + properties: + commit: + additionalProperties: false + properties: + message: + default: Update from Cartographer + description: The commit message to use when pushing configuration + changes to Git. + type: string + type: object + pull_request: + additionalProperties: false + description: Settings for using a GitOps approach based on pull requests. + properties: + body: + default: Generated from Cartographer + description: The message body of the pull request. + type: string + commit_branch: + default: "" + description: The branch to use to open a pull request. If empty, + a random name is generated. + type: string + server_kind: + default: github + description: The type of Git server where to open the pull request. + example: github + type: string + x-example-description: Open a pull request on GitHub + title: + default: Update from Cartographer + description: The title of the pull request. + type: string + type: object + repository: + additionalProperties: false + properties: + name: + default: "" + description: The name of the Git repository. + type: string + owner: + default: "" + description: The owner of the Git repository. + type: string + type: object + server_address: + default: https://github.com + description: The location of the server hosting the specified Git repository. + type: string + strategy: + default: none + description: Whether to commit configuration changes to Git directly + (`direct`) or via a pull request (`pull_request`). If `none`, no GitOps + strategy is applied. + type: string + target_branch: + default: main + description: The target branch where to push configuration changes. + type: string + user: + additionalProperties: false + properties: + email: + default: cartographer@kadras.io + description: The email of the user interacting with the Git repository. + type: string + name: + default: cartographer + description: The name of the user interacting with the Git repository. + type: string + type: object + type: object + registry: + additionalProperties: false + description: Settings for the OCI Registry used by the supply chain. + properties: + ca_cert_data: + default: "" + description: PEM-encoded certificate data for the OCI Registry where + the supply chain will publish and consume OCI images. + type: string + repository: + default: "" + description: The repository in the OCI Registry where the supply chain + will publish and consume OCI images. + type: string + server: + default: "" + description: The server of the OCI Registry where the supply chain will + publish and consume OCI images. + type: string + type: object + service_account: + default: default + description: The default `ServiceAccount` used by the supply chain. + type: string + supply_chain: + default: basic + description: 'The type of supply chain to deploy. Options: `basic`, `advanced`.' + type: string + type: object + version: 0.5.0 diff --git a/repo/packages/engineering-platform.packages.kadras.io/0.8.0.yml b/repo/packages/engineering-platform.packages.kadras.io/0.8.0.yml new file mode 100644 index 0000000..d5f9b94 --- /dev/null +++ b/repo/packages/engineering-platform.packages.kadras.io/0.8.0.yml @@ -0,0 +1,138 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: engineering-platform.packages.kadras.io.0.8.0 +spec: + licenses: + - Apache 2.0 + refName: engineering-platform.packages.kadras.io + releaseNotes: https://github.com/kadras-io/engineering-platform/releases + releasedAt: "2023-03-26T20:58:04Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/kadras-engineering-platform@sha256:393d106f45250c145de181d0c4a7985efd7a8fed5593904d011866021f77c3a2 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + buildpacks: + additionalProperties: false + description: Configuration for Buildpacks related packages. + properties: + catalog: + default: {} + description: Configuration for the Buildpacks Catalog package. + nullable: true + kpack: + default: {} + description: Configuration for the Kpack package. + nullable: true + type: object + cartographer: + additionalProperties: false + description: Configuration for Cartographer related packages. + properties: + blueprints: + default: {} + description: Configuration for the Cartographer Blueprints package. + nullable: true + delivery: + default: {} + description: Configuration for the Cartographer Delivery package. + nullable: true + supply_chains: + default: {} + description: Configuration for the Cartographer Supply Chains package. + nullable: true + type: object + cert_manager: + default: {} + description: Configuration for the Cert Manager package. + nullable: true + contour: + default: {} + description: Configuration for the Contour package. + nullable: true + conventions: + additionalProperties: false + description: Configuration for Cartographer Conventions related packages. + properties: + spring_boot: + default: {} + description: Configuration for the Spring Boot Conventions package. + nullable: true + type: object + flux: + additionalProperties: false + description: Configuration for Flux related packages. + properties: + source_controller: + default: {} + description: Configuration for the FluxCD Source Controller package. + nullable: true + type: object + knative: + additionalProperties: false + description: Configuration for Knative related packages. + properties: + serving: + default: {} + description: Configuration for the Knative Serving package. + nullable: true + type: object + metrics_server: + default: {} + description: Configuration for the Metrics Server package. + nullable: true + namespace_setup: + default: {} + description: Configuration for the Namespace Setup package. + nullable: true + packages: + additionalProperties: false + description: Configuration for the platform packages. + properties: + excluded: + default: [] + description: A list of packages to exclude from being installed. + items: + default: "" + type: string + type: array + namespace: + default: "" + description: The namespace where to install the platform. + type: string + type: object + secretgen_controller: + default: {} + description: Configuration for the Secretgen Controller package. + nullable: true + tekton: + additionalProperties: false + description: Configuration for Tekton related packages. + properties: + catalog: + default: {} + description: Configuration for the Tekton Catalog package. + nullable: true + pipelines: + default: {} + description: Configuration for the Tekton Pipelines package. + nullable: true + type: object + type: object + version: 0.8.0 diff --git a/repo/packages/tekton-catalog.packages.kadras.io/0.1.0.yml b/repo/packages/tekton-catalog.packages.kadras.io/0.1.0.yml new file mode 100644 index 0000000..e7146d0 --- /dev/null +++ b/repo/packages/tekton-catalog.packages.kadras.io/0.1.0.yml @@ -0,0 +1,36 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: tekton-catalog.packages.kadras.io.0.1.0 +spec: + licenses: + - Apache 2.0 + refName: tekton-catalog.packages.kadras.io + releaseNotes: https://github.com/kadras-io/tekton-catalog/releases + releasedAt: "2023-03-26T19:47:08Z" + template: + spec: + deploy: + - kapp: {} + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/tekton-catalog@sha256:9a5c9eb1a47f517ef49cb755fa490ac7ffabf295a640da3dc9a220f7dbb5ece9 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + namespace: + default: tekton-catalog + description: The namespace where to deploy the Tekton Catalog. + type: string + type: object + version: 0.1.0 diff --git a/repo/packages/tekton-catalog.packages.kadras.io/metadata.yml b/repo/packages/tekton-catalog.packages.kadras.io/metadata.yml new file mode 100644 index 0000000..ce1b575 --- /dev/null +++ b/repo/packages/tekton-catalog.packages.kadras.io/metadata.yml @@ -0,0 +1,17 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: PackageMetadata +metadata: + creationTimestamp: null + name: tekton-catalog.packages.kadras.io +spec: + categories: + - build + displayName: tekton-catalog + longDescription: A set of Tekton pipelines and tasks used by the Kadras platform + to support testing, scanning, delivering and deploying applications. + maintainers: + - name: Thomas Vitale + providerName: Kadras + shortDescription: A set of Tekton pipelines and tasks to use with the Kadras platform. + supportDescription: Go to https://kadras.io for documentation and https://github.com/kadras-io/tekton-catalog + for community support. diff --git a/repo/packages/tekton-pipelines.packages.kadras.io/0.46.0+kadras.1.yml b/repo/packages/tekton-pipelines.packages.kadras.io/0.46.0+kadras.1.yml new file mode 100644 index 0000000..a4eb4cc --- /dev/null +++ b/repo/packages/tekton-pipelines.packages.kadras.io/0.46.0+kadras.1.yml @@ -0,0 +1,522 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: tekton-pipelines.packages.kadras.io.0.46.0+kadras.1 +spec: + licenses: + - Apache 2.0 + refName: tekton-pipelines.packages.kadras.io + releaseNotes: https://github.com/kadras-io/package-for-tekton-pipelines/releases + releasedAt: "2023-03-26T20:51:17Z" + template: + spec: + deploy: + - kapp: + rawOptions: + - --wait-timeout=5m + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/package-for-tekton-pipelines@sha256:61345735ba6f6a25f39395e8c1b1a7890a16123b448076b0d95a02eccccc0804 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + ca_cert_data: + default: "" + description: PEM-encoded certificate data to trust TLS connections with + a custom CA. + type: string + config-defaults: + additionalProperties: false + description: Default configuration stored in the `config-defaults` ConfigMap. + properties: + default-affinity-assistant-pod-template: + default: "" + description: Pod template to use for affinity assistant Pods. + type: string + default-cloud-events-sink: + default: "" + description: CloudEvents sink to be used for TaskRun, PipelineRun, CustomRun, + and Run lifeycle events. If no sink is specified, no CloudEvent is + generated. + type: string + default-forbidden-env: + default: "" + description: Comma seperated environment variables that cannot be overridden + by PodTemplate. + type: string + default-managed-by-label-value: + default: tekton-pipelines + description: Value given to the `app.kubernetes.io/managed-by` label + applied to all Pods created for TaskRuns. + type: string + default-max-matrix-combinations-count: + default: "256" + description: Maximum number of combinations from a Matrix, if none is + specified. + type: string + default-pod-template: + default: "" + description: Pod template to use for TaskRun and PipelineRun. + type: string + default-resolver-type: + default: "" + description: The default resolver type to be used in the cluster. + type: string + default-service-account: + default: default + description: Service account name to use for TaskRun and PipelineRun, + if none is specified. + type: string + default-task-run-workspace-binding: + default: | + emptyDir: {} + description: Workspace configuration provided for any Workspaces that + a Task declares but that a TaskRun does not explicitly provide. + type: string + default-timeout-minutes: + default: "60" + description: Number of minutes to use for TaskRun and PipelineRun, if + none is specified. + type: string + type: object + config-leader-election: + additionalProperties: false + description: Leader election configuration stored in the `config-leader-election` + ConfigMaps and used in both Tekton Pipelines and Tekton Pipelines Resolvers. + properties: + buckets: + default: "1" + description: The number of buckets used to partition key space of each + Reconciler. If this number is M and the replica number of the controller + is N, the N replicas will compete for the M buckets. The owner of + a bucket will take care of the reconciling for the keys partitioned + into that bucket. The maximum value of at this time is 10. + type: string + lease-duration: + default: 60s + description: How long non-leaders will wait to try to acquire the lock; + 15 seconds is the value used by core Kubernetes controllers. + type: string + renew-deadline: + default: 40s + description: How long a leader will try to renew the lease before giving + up; 10 seconds is the value used by core Kubernetes controllers. + type: string + retry-period: + default: 10s + description: How long the leader election client waits between tries + of actions; 2 seconds is the value used by core Kubernetes controllers. + type: string + type: object + config-logging: + additionalProperties: false + description: Logging configuration stored in the `config-logging` ConfigMaps + and used in both Tekton Pipelines and Tekton Pipelines Resolvers. + properties: + loglevel.controller: + default: info + description: Log level for the `tekton-pipelines-controller` and `tekton-pipelines-resolvers` + Deployments. + type: string + loglevel.webhook: + default: info + description: Log level for the `tekton-pipelines-webhook` Deployment. + type: string + zap-logger-config: + default: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + description: Configuration for the zap logger used by all Tekton containers. + type: string + type: object + config-observability: + additionalProperties: false + description: Observability configuration stored in the `config-observability` + ConfigMaps and used in both Tekton Pipelines and Tekton Pipelines Resolvers. + properties: + metrics.allow-stackdriver-custom-metrics: + default: "false" + description: Whether it is allowed to send metrics to Stackdriver using + 'global' resource type and custom metric type. Ignore if `backend_destination` + is not `stackdriver`. + type: string + metrics.backend-destination: + default: prometheus + description: The destination for the metrics produced by the Tekton + components. + type: string + metrics.pipelinerun.duration-type: + default: histogram + description: Duration type for the PipelineRun metrics. Histogram value + isn’t available when the `pipelinerun` level is selected. + type: string + metrics.pipelinerun.level: + default: pipeline + description: 'Level for the PipelineRun metrics controlling which labels + are included: (pipelinerun, pipeline, namespace), (pipeline, namespace), + (namespace).' + type: string + metrics.stackdriver-project-id: + default: "" + description: The Stackdriver project ID. When running on GCE, application + default credentials will be used and metrics will be sent to the cluster's + project if this field is not provided. + type: string + metrics.taskrun.duration-type: + default: histogram + description: Duration type for the TaskRun metrics. Histogram value + isn’t available when the `taskrun` level is selected. + type: string + metrics.taskrun.level: + default: task + description: 'Level for the TaskRun metrics controlling which labels + are included: (taskrun, task, namespace), (task, namespace), (namespace).' + type: string + type: object + controllers: + additionalProperties: false + description: Settings for the Tekton Pipelines controllers. + properties: + pipelines: + additionalProperties: false + description: Settings for the `tekton-pipelines-controller` Deployment. + properties: + replicas: + default: 1 + description: The number of replicas for the `tekton-pipelines-controller` + Deployment. In order to enable high availability, it should be + greater than 1. + type: integer + type: object + resolvers: + additionalProperties: false + description: Settings for the `tekton-pipelines-remote-resolvers` Deployment. + properties: + replicas: + default: 1 + description: The number of replicas. In order to enable high availability, + it should be greater than 1. + type: integer + type: object + type: object + feature-flags: + additionalProperties: false + description: Feature flags configuration stored in the `feature-flags` ConfigMap. + properties: + await-sidecar-readiness: + default: "true" + description: Setting this flag to `false` will stop Tekton from waiting + for a TaskRun's sidecar containers to be running before starting the + first step. This will allow Tasks to be run in environments that don't + support the DownwardAPI volume type, but may lead to unintended behaviour + if sidecars are used. + type: string + custom-task-version: + default: v1beta1 + description: Setting this flag will determine the version for custom + tasks created by PipelineRuns. + type: string + disable-affinity-assistant: + default: "false" + description: Setting this flag to `true` will prevent Tekton to create + an Affinity Assistant for every TaskRun sharing a PVC workspace. + type: string + disable-creds-init: + default: "false" + description: Setting this flag to `true` will prevent Tekton scanning + attached service accounts and injecting any credentials it finds into + your Steps. + type: string + enable-api-fields: + default: beta + description: Setting this flag will determine which gated features are + enabled. + type: string + enable-provenance-in-status: + default: "false" + description: Setting this flag to `true` enables populating the `provenance` + field in TaskRun and PipelineRun status. This field contains metadata + about resources used in the TaskRun/PipelineRun such as the source + from where a remote Task/Pipeline definition was fetched. + type: string + enable-tekton-oci-bundles: + default: "false" + description: Setting this flag to `true` enables the use of Tekton OCI + bundle. This is an experimental feature and thus should still be considered + an alpha feature. + type: string + enforce-nonfalsifiablity: + default: none + description: Setting this flag will determine how Tekton Pipelines will + handle non-falsifiable provenance. If set to `spire`, then SPIRE will + be used to ensure non-falsifiable provenance. If set to `none`, then + Tekton will not have non-falsifiable provenance. This is an experimental + feature and thus should still be considered an alpha feature. + type: string + require-git-ssh-secret-known-hosts: + default: "false" + description: Setting this flag to `true` will require that any Git SSH + Secret offered to Tekton must have `known_hosts` included. + type: string + resource-verification-mode: + default: skip + description: Setting this flag to `enforce` will enforce verification + of tasks/pipelines. Failing to verify will fail the TaskRun/PipelineRun. + `warn` will only log the err message and `skip` will skip the whole + verification. + type: string + running-in-environment-with-injected-sidecars: + default: "true" + description: This option should be set to `false` when Pipelines is + running in a cluster that does not use injected sidecars such as Istio. + Setting it to false should decrease the time it takes for a TaskRun + to start running. For clusters that use injected sidecars, setting + this option to false can lead to unexpected behavior. + type: string + send-cloudevents-for-runs: + default: "false" + description: Setting this flag to `true` enables CloudEvents for CustomRuns + and Runs, as long as a CloudEvents sink is configured in the `config-defaults` + ConfigMap. + type: string + type: object + opentelemetry: + additionalProperties: false + description: Settings for the OpenTelemetry support. + properties: + enable: + default: false + description: Setting this flag to `true` enables the trace exporter. + type: boolean + exporter: + additionalProperties: false + description: Settings for the OpenTelemetry exporter + properties: + jaeger: + additionalProperties: false + description: Configuration for the OpenTelemetry exporter based + on the Jaeger protocol. + properties: + endpoint: + default: "" + description: The endpoint where the distributed tracing backend + accepts OpenTelemetry traces using the Jaeger protocol. + type: string + password: + default: "" + description: The password/token to authenticate with the distributed + tracing backend. + type: string + username: + default: "" + description: The username to access the distributed tracing + backend. + type: string + type: object + type: object + type: object + policies: + additionalProperties: false + description: Settings for the Kyverno policies. + properties: + include: + default: false + description: Whether to include the out-of-the-box Kyverno policies + to validate and secure the package installation. + type: boolean + type: object + resolvers: + additionalProperties: false + description: Configuration for the Tekton Resolvers, responsible for resolving + requests for Tasks and Pipelines from remote locations. + properties: + bundleresolver-config: + additionalProperties: false + description: Configuration for the bundle resolver stored in the `bundleresolver-config` + ConfigMap. + properties: + default-kind: + default: task + description: The default resource kind to pull out of the bundle. + type: string + default-service-account: + default: default + description: The default name of the service account to use when + constructing registry credentials. + type: string + type: object + cluster-resolver-config: + additionalProperties: false + description: Configuration for the cluster resolver stored in the `cluster-resolver-config` + ConfigMap. + properties: + allowed-namespaces: + default: "" + description: A comma-separated list of namespaces which the resolver + is allowed to access. Defaults to empty, meaning all namespaces + are allowed. + type: string + blocked-namespaces: + default: "" + description: A comma-separated list of namespaces which the resolver + is blocked from accessing. Defaults to empty, meaning all namespaces + are allowed. + type: string + default-kind: + default: task + description: The default resource kind to fetch. + type: string + default-namespace: + default: "" + description: The default namespace to fetch resources from. + type: string + type: object + git-resolver-config: + additionalProperties: false + description: Configuration for the git resolver stored in the `git-resolver-config` + ConfigMap. + properties: + api-token-secret-key: + default: "" + description: The key in the API token secret containing the actual + token. Required when using the authenticated API. + type: string + api-token-secret-name: + default: "" + description: The Kubernetes secret containing the API token for + the SCM provider. Required when using the authenticated API. + type: string + api-token-secret-namespace: + default: default + description: The namespace containing the API token secret. + type: string + default-org: + default: "" + description: The default organization to look for repositories under + when using the authenticated API. + type: string + default-revision: + default: main + description: The git revision to fetch the remote resource from + with either anonymous cloning or the authenticated API. + type: string + default-url: + default: https://github.com/tektoncd/catalog.git + description: The git url to fetch the remote resource from when + using anonymous cloning. + type: string + fetch-timeout: + default: 1m + description: The maximum amount of time a single anonymous cloning + resolution may take. + type: string + scm-type: + default: github + description: The SCM type to use with the authenticated API. + type: string + server-url: + default: "" + description: The SCM server URL to use with the authenticated API. + Not needed when using github.com, gitlab.com, or BitBucket Cloud. + type: string + type: object + hubresolver-config: + additionalProperties: false + description: Configuration for the hub resolver stored in the `hubresolver-config` + ConfigMap. + properties: + default-artifact-hub-pipeline-catalog: + default: tekton-catalog-pipelines + description: The default Artifact Hub Pipeline catalog from where + to pull the resource. + type: string + default-artifact-hub-task-catalog: + default: tekton-catalog-tasks + description: The default Artifact Hub Task catalog from where to + pull the resource. + type: string + default-kind: + default: task + description: The default resource kind to fetch. + type: string + default-tekton-hub-catalog: + default: Tekton + description: The default Tekton Hub catalog from where to pull the + resource. + type: string + default-type: + default: artifact + description: The default hub from where to pull the resource. + type: string + type: object + resolvers-feature-flags: + additionalProperties: false + description: Feature flags configuration stored in the `resolvers-feature-flags` + ConfigMap. + properties: + enable-bundles-resolver: + default: "true" + description: Setting this flag to `true` enables remote resolution + of Tekton OCI bundles. + type: string + enable-cluster-resolver: + default: "true" + description: Setting this flag to `true` enables remote resolution + of tasks and pipelines from other namespaces within the cluster. + type: string + enable-git-resolver: + default: "true" + description: Setting this flag to `true` enables remote resolution + of tasks and pipelines from Git repositories. + type: string + enable-hub-resolver: + default: "true" + description: Setting this flag to `true` enables remote resolution + of tasks and pipelines via the Tekton Hub. + type: string + type: object + type: object + webhook: + additionalProperties: false + description: Settings for the `tekton-pipelines-webhook` Deployment. + properties: + minReplicas: + default: 1 + description: The minimum number of replicas as controlled by a HorizontalPodAutoscaler. + In order to enable high availability, it should be greater than 1. + type: integer + type: object + type: object + version: 0.46.0+kadras.1 diff --git a/repo/packages/tekton-pipelines.packages.kadras.io/0.46.0.yml b/repo/packages/tekton-pipelines.packages.kadras.io/0.46.0.yml new file mode 100644 index 0000000..885e56e --- /dev/null +++ b/repo/packages/tekton-pipelines.packages.kadras.io/0.46.0.yml @@ -0,0 +1,522 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + creationTimestamp: null + name: tekton-pipelines.packages.kadras.io.0.46.0 +spec: + licenses: + - Apache 2.0 + refName: tekton-pipelines.packages.kadras.io + releaseNotes: https://github.com/kadras-io/package-for-tekton-pipelines/releases + releasedAt: "2023-03-25T06:58:20Z" + template: + spec: + deploy: + - kapp: + rawOptions: + - --wait-timeout=5m + fetch: + - imgpkgBundle: + image: ghcr.io/kadras-io/package-for-tekton-pipelines@sha256:aed6d2992b4571ff46bbe6225213877e16b9aab608c61b0d5192a2bbaabf5708 + template: + - ytt: + paths: + - config + - kbld: + paths: + - '-' + - .imgpkg/images.yml + valuesSchema: + openAPIv3: + additionalProperties: false + properties: + ca_cert_data: + default: "" + description: PEM-encoded certificate data to trust TLS connections with + a custom CA. + type: string + config-defaults: + additionalProperties: false + description: Default configuration stored in the `config-defaults` ConfigMap. + properties: + default-affinity-assistant-pod-template: + default: "" + description: Pod template to use for affinity assistant Pods. + type: string + default-cloud-events-sink: + default: "" + description: CloudEvents sink to be used for TaskRun, PipelineRun, CustomRun, + and Run lifeycle events. If no sink is specified, no CloudEvent is + generated. + type: string + default-forbidden-env: + default: "" + description: Comma seperated environment variables that cannot be overridden + by PodTemplate. + type: string + default-managed-by-label-value: + default: tekton-pipelines + description: Value given to the `app.kubernetes.io/managed-by` label + applied to all Pods created for TaskRuns. + type: string + default-max-matrix-combinations-count: + default: "256" + description: Maximum number of combinations from a Matrix, if none is + specified. + type: string + default-pod-template: + default: "" + description: Pod template to use for TaskRun and PipelineRun. + type: string + default-resolver-type: + default: "" + description: The default resolver type to be used in the cluster. + type: string + default-service-account: + default: default + description: Service account name to use for TaskRun and PipelineRun, + if none is specified. + type: string + default-task-run-workspace-binding: + default: | + emptyDir: {} + description: Workspace configuration provided for any Workspaces that + a Task declares but that a TaskRun does not explicitly provide. + type: string + default-timeout-minutes: + default: "60" + description: Number of minutes to use for TaskRun and PipelineRun, if + none is specified. + type: string + type: object + config-leader-election: + additionalProperties: false + description: Leader election configuration stored in the `config-leader-election` + ConfigMaps and used in both Tekton Pipelines and Tekton Pipelines Resolvers. + properties: + buckets: + default: "1" + description: The number of buckets used to partition key space of each + Reconciler. If this number is M and the replica number of the controller + is N, the N replicas will compete for the M buckets. The owner of + a bucket will take care of the reconciling for the keys partitioned + into that bucket. The maximum value of at this time is 10. + type: string + lease-duration: + default: 60s + description: How long non-leaders will wait to try to acquire the lock; + 15 seconds is the value used by core Kubernetes controllers. + type: string + renew-deadline: + default: 40s + description: How long a leader will try to renew the lease before giving + up; 10 seconds is the value used by core Kubernetes controllers. + type: string + retry-period: + default: 10s + description: How long the leader election client waits between tries + of actions; 2 seconds is the value used by core Kubernetes controllers. + type: string + type: object + config-logging: + additionalProperties: false + description: Logging configuration stored in the `config-logging` ConfigMaps + and used in both Tekton Pipelines and Tekton Pipelines Resolvers. + properties: + loglevel.controller: + default: info + description: Log level for the `tekton-pipelines-controller` and `tekton-pipelines-resolvers` + Deployments. + type: string + loglevel.webhook: + default: info + description: Log level for the `tekton-pipelines-webhook` Deployment. + type: string + zap-logger-config: + default: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "timestamp", + "levelKey": "severity", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "message", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + description: Configuration for the zap logger used by all Tekton containers. + type: string + type: object + config-observability: + additionalProperties: false + description: Observability configuration stored in the `config-observability` + ConfigMaps and used in both Tekton Pipelines and Tekton Pipelines Resolvers. + properties: + metrics.allow-stackdriver-custom-metrics: + default: "false" + description: Whether it is allowed to send metrics to Stackdriver using + 'global' resource type and custom metric type. Ignore if `backend_destination` + is not `stackdriver`. + type: string + metrics.backend-destination: + default: prometheus + description: The destination for the metrics produced by the Tekton + components. + type: string + metrics.pipelinerun.duration-type: + default: histogram + description: Duration type for the PipelineRun metrics. Histogram value + isn’t available when the `pipelinerun` level is selected. + type: string + metrics.pipelinerun.level: + default: pipeline + description: 'Level for the PipelineRun metrics controlling which labels + are included: (pipelinerun, pipeline, namespace), (pipeline, namespace), + (namespace).' + type: string + metrics.stackdriver-project-id: + default: "" + description: The Stackdriver project ID. When running on GCE, application + default credentials will be used and metrics will be sent to the cluster's + project if this field is not provided. + type: string + metrics.taskrun.duration-type: + default: histogram + description: Duration type for the TaskRun metrics. Histogram value + isn’t available when the `taskrun` level is selected. + type: string + metrics.taskrun.level: + default: task + description: 'Level for the TaskRun metrics controlling which labels + are included: (taskrun, task, namespace), (task, namespace), (namespace).' + type: string + type: object + controllers: + additionalProperties: false + description: Settings for the Tekton Pipelines controllers. + properties: + pipelines: + additionalProperties: false + description: Settings for the `tekton-pipelines-controller` Deployment. + properties: + replicas: + default: 1 + description: The number of replicas for the `tekton-pipelines-controller` + Deployment. In order to enable high availability, it should be + greater than 1. + type: integer + type: object + resolvers: + additionalProperties: false + description: Settings for the `tekton-pipelines-remote-resolvers` Deployment. + properties: + replicas: + default: 1 + description: The number of replicas. In order to enable high availability, + it should be greater than 1. + type: integer + type: object + type: object + feature-flags: + additionalProperties: false + description: Feature flags configuration stored in the `feature-flags` ConfigMap. + properties: + await-sidecar-readiness: + default: "true" + description: Setting this flag to `false` will stop Tekton from waiting + for a TaskRun's sidecar containers to be running before starting the + first step. This will allow Tasks to be run in environments that don't + support the DownwardAPI volume type, but may lead to unintended behaviour + if sidecars are used. + type: string + custom-task-version: + default: v1beta1 + description: Setting this flag will determine the version for custom + tasks created by PipelineRuns. + type: string + disable-affinity-assistant: + default: "false" + description: Setting this flag to `true` will prevent Tekton to create + an Affinity Assistant for every TaskRun sharing a PVC workspace. + type: string + disable-creds-init: + default: "false" + description: Setting this flag to `true` will prevent Tekton scanning + attached service accounts and injecting any credentials it finds into + your Steps. + type: string + enable-api-fields: + default: stable + description: Setting this flag will determine which gated features are + enabled. + type: string + enable-provenance-in-status: + default: "false" + description: Setting this flag to `true` enables populating the `provenance` + field in TaskRun and PipelineRun status. This field contains metadata + about resources used in the TaskRun/PipelineRun such as the source + from where a remote Task/Pipeline definition was fetched. + type: string + enable-tekton-oci-bundles: + default: "false" + description: Setting this flag to `true` enables the use of Tekton OCI + bundle. This is an experimental feature and thus should still be considered + an alpha feature. + type: string + enforce-nonfalsifiablity: + default: none + description: Setting this flag will determine how Tekton Pipelines will + handle non-falsifiable provenance. If set to `spire`, then SPIRE will + be used to ensure non-falsifiable provenance. If set to `none`, then + Tekton will not have non-falsifiable provenance. This is an experimental + feature and thus should still be considered an alpha feature. + type: string + require-git-ssh-secret-known-hosts: + default: "false" + description: Setting this flag to `true` will require that any Git SSH + Secret offered to Tekton must have `known_hosts` included. + type: string + resource-verification-mode: + default: skip + description: Setting this flag to `enforce` will enforce verification + of tasks/pipelines. Failing to verify will fail the TaskRun/PipelineRun. + `warn` will only log the err message and `skip` will skip the whole + verification. + type: string + running-in-environment-with-injected-sidecars: + default: "true" + description: This option should be set to `false` when Pipelines is + running in a cluster that does not use injected sidecars such as Istio. + Setting it to false should decrease the time it takes for a TaskRun + to start running. For clusters that use injected sidecars, setting + this option to false can lead to unexpected behavior. + type: string + send-cloudevents-for-runs: + default: "false" + description: Setting this flag to `true` enables CloudEvents for CustomRuns + and Runs, as long as a CloudEvents sink is configured in the `config-defaults` + ConfigMap. + type: string + type: object + opentelemetry: + additionalProperties: false + description: Settings for the OpenTelemetry support. + properties: + enable: + default: false + description: Setting this flag to `true` enables the trace exporter. + type: boolean + exporter: + additionalProperties: false + description: Settings for the OpenTelemetry exporter + properties: + jaeger: + additionalProperties: false + description: Configuration for the OpenTelemetry exporter based + on the Jaeger protocol. + properties: + endpoint: + default: "" + description: The endpoint where the distributed tracing backend + accepts OpenTelemetry traces using the Jaeger protocol. + type: string + password: + default: "" + description: The password/token to authenticate with the distributed + tracing backend. + type: string + username: + default: "" + description: The username to access the distributed tracing + backend. + type: string + type: object + type: object + type: object + policies: + additionalProperties: false + description: Settings for the Kyverno policies. + properties: + include: + default: false + description: Whether to include the out-of-the-box Kyverno policies + to validate and secure the package installation. + type: boolean + type: object + resolvers: + additionalProperties: false + description: Configuration for the Tekton Resolvers, responsible for resolving + requests for Tasks and Pipelines from remote locations. + properties: + bundleresolver-config: + additionalProperties: false + description: Configuration for the bundle resolver stored in the `bundleresolver-config` + ConfigMap. + properties: + default-kind: + default: task + description: The default resource kind to pull out of the bundle. + type: string + default-service-account: + default: default + description: The default name of the service account to use when + constructing registry credentials. + type: string + type: object + cluster-resolver-config: + additionalProperties: false + description: Configuration for the cluster resolver stored in the `cluster-resolver-config` + ConfigMap. + properties: + allowed-namespaces: + default: "" + description: A comma-separated list of namespaces which the resolver + is allowed to access. Defaults to empty, meaning all namespaces + are allowed. + type: string + blocked-namespaces: + default: "" + description: A comma-separated list of namespaces which the resolver + is blocked from accessing. Defaults to empty, meaning all namespaces + are allowed. + type: string + default-kind: + default: task + description: The default resource kind to fetch. + type: string + default-namespace: + default: "" + description: The default namespace to fetch resources from. + type: string + type: object + git-resolver-config: + additionalProperties: false + description: Configuration for the git resolver stored in the `git-resolver-config` + ConfigMap. + properties: + api-token-secret-key: + default: "" + description: The key in the API token secret containing the actual + token. Required when using the authenticated API. + type: string + api-token-secret-name: + default: "" + description: The Kubernetes secret containing the API token for + the SCM provider. Required when using the authenticated API. + type: string + api-token-secret-namespace: + default: default + description: The namespace containing the API token secret. + type: string + default-org: + default: "" + description: The default organization to look for repositories under + when using the authenticated API. + type: string + default-revision: + default: main + description: The git revision to fetch the remote resource from + with either anonymous cloning or the authenticated API. + type: string + default-url: + default: https://github.com/tektoncd/catalog.git + description: The git url to fetch the remote resource from when + using anonymous cloning. + type: string + fetch-timeout: + default: 1m + description: The maximum amount of time a single anonymous cloning + resolution may take. + type: string + scm-type: + default: github + description: The SCM type to use with the authenticated API. + type: string + server-url: + default: "" + description: The SCM server URL to use with the authenticated API. + Not needed when using github.com, gitlab.com, or BitBucket Cloud. + type: string + type: object + hubresolver-config: + additionalProperties: false + description: Configuration for the hub resolver stored in the `hubresolver-config` + ConfigMap. + properties: + default-artifact-hub-pipeline-catalog: + default: tekton-catalog-pipelines + description: The default Artifact Hub Pipeline catalog from where + to pull the resource. + type: string + default-artifact-hub-task-catalog: + default: tekton-catalog-tasks + description: The default Artifact Hub Task catalog from where to + pull the resource. + type: string + default-kind: + default: task + description: The default resource kind to fetch. + type: string + default-tekton-hub-catalog: + default: Tekton + description: The default Tekton Hub catalog from where to pull the + resource. + type: string + default-type: + default: artifact + description: The default hub from where to pull the resource. + type: string + type: object + resolvers-feature-flags: + additionalProperties: false + description: Feature flags configuration stored in the `resolvers-feature-flags` + ConfigMap. + properties: + enable-bundles-resolver: + default: "true" + description: Setting this flag to `true` enables remote resolution + of Tekton OCI bundles. + type: string + enable-cluster-resolver: + default: "true" + description: Setting this flag to `true` enables remote resolution + of tasks and pipelines from other namespaces within the cluster. + type: string + enable-git-resolver: + default: "true" + description: Setting this flag to `true` enables remote resolution + of tasks and pipelines from Git repositories. + type: string + enable-hub-resolver: + default: "true" + description: Setting this flag to `true` enables remote resolution + of tasks and pipelines via the Tekton Hub. + type: string + type: object + type: object + webhook: + additionalProperties: false + description: Settings for the `tekton-pipelines-webhook` Deployment. + properties: + minReplicas: + default: 1 + description: The minimum number of replicas as controlled by a HorizontalPodAutoscaler. + In order to enable high availability, it should be greater than 1. + type: integer + type: object + type: object + version: 0.46.0