kubeflow
/
manifests
mirror of https://github.com/kubeflow/manifests.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update kubeflow/kfp-tekton manifests from v1.1.0 (#2117)

This commit is contained in:
Kimonas Sotirchos 2022-01-26 19:11:44 +02:00 committed by GitHub
parent f61daecf0d
commit 77f6cac6a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
32 changed files with 865 additions and 213 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/kfp-tekton/upstream/README.md
View File

@ -14,6 +14,8 @@ There are environment specific installation instructions not covered in the offi
### (env/platform-agnostic) install on any Kubernetes cluster
Note: `kubectl` client version `v1.20.0`+ to support the new kustomize plugins.
Install:
```bash

2
apps/kfp-tekton/upstream/base/cache/kustomization.yaml vendored
View File

@ -11,4 +11,4 @@ commonLabels:
images:
- name: gcr.io/ml-pipeline/cache-server
newName: docker.io/aipipeline/cache-server
newTag: 1.0.0
newTag: 1.1.0

2
apps/kfp-tekton/upstream/base/installs/multi-user/api-service/cluster-role-binding.yaml
View File

@ -1,4 +1,4 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ml-pipeline

3
apps/kfp-tekton/upstream/base/installs/multi-user/api-service/cluster-role.yaml
View File

@ -1,4 +1,4 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ml-pipeline
@ -54,6 +54,7 @@ rules:
- taskruns
- conditions
- runs
- tasks
verbs:
- create
- get

1
apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-ui/cluster-role.yaml
View File

@ -46,6 +46,7 @@ rules:
- pipelineruns
- taskruns
- conditions
- tasks
verbs:
- create
- get

1
apps/kfp-tekton/upstream/base/installs/multi-user/scheduled-workflow/cluster-role.yaml
View File

@ -41,6 +41,7 @@ rules:
- taskruns
- conditions
- runs
- tasks
verbs:
- create
- get

27
apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/scheduled-workflow-crd.yaml
View File

@ -1,4 +1,4 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: scheduledworkflows.kubeflow.org
@ -8,11 +8,32 @@ spec:
kind: ScheduledWorkflow
listKind: ScheduledWorkflowList
plural: scheduledworkflows
singular: scheduledworkflow
shortNames:
- swf
singular: scheduledworkflow
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-map-type: atomic
status:
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-map-type: atomic
required:
- spec
- status
type: object
served: true
storage: true
storage: true

20
apps/kfp-tekton/upstream/base/pipeline/cluster-scoped/viewer-crd.yaml
View File

@ -1,4 +1,4 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: viewers.kubeflow.org
@ -8,11 +8,27 @@ spec:
kind: Viewer
listKind: ViewerList
plural: viewers
singular: viewer
shortNames:
- vi
singular: viewer
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
x-kubernetes-map-type: atomic
required:
- spec
type: object
served: true
storage: true

4
apps/kfp-tekton/upstream/base/pipeline/kfp-pipeline-config.yaml
View File

@ -7,9 +7,9 @@ data:
artifact_endpoint: "minio-service.kubeflow:9000"
artifact_endpoint_scheme: "http://"
artifact_image: "minio/mc:RELEASE.2020-11-25T23-04-07Z"
archive_logs: "false"
archive_logs: "true"
track_artifacts: "true"
strip_eof: "false"
strip_eof: "true"
inject_default_script: "true"
apply_tekton_custom_resource: "true"
terminate_status: "Cancelled"

10
apps/kfp-tekton/upstream/base/pipeline/kustomization.yaml
View File

@ -43,20 +43,20 @@ patchesStrategicMerge:
images:
- name: gcr.io/ml-pipeline/api-server
newName: docker.io/aipipeline/api-server
newTag: 1.0.0
newTag: 1.1.0
- name: gcr.io/ml-pipeline/persistenceagent
newName: docker.io/aipipeline/persistenceagent
newTag: 1.0.0
newTag: 1.1.0
- name: gcr.io/ml-pipeline/scheduledworkflow
newName: docker.io/aipipeline/scheduledworkflow
newTag: 1.0.0
newTag: 1.1.0
- name: gcr.io/ml-pipeline/frontend
newName: docker.io/aipipeline/frontend
newTag: 1.0.0
newTag: 1.1.0
- name: gcr.io/ml-pipeline/viewer-crd-controller
newTag: 1.7.0
- name: gcr.io/ml-pipeline/visualization-server
newTag: 1.7.0
- name: gcr.io/ml-pipeline/metadata-writer
newName: docker.io/aipipeline/metadata-writer
newTag: 1.0.0
newTag: 1.1.0

1
apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-role.yaml
View File

@ -33,6 +33,7 @@ rules:
- taskruns
- conditions
- runs
- tasks
verbs:
- create
- get

1
apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-scheduledworkflow-role.yaml
View File

@ -43,6 +43,7 @@ rules:
- taskruns
- conditions
- runs
- tasks
verbs:
- create
- get

2
apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-deployment.yaml
View File

@ -48,6 +48,8 @@ spec:
key: secretkey
- name: ALLOW_CUSTOM_VISUALIZATIONS
value: "true"
- name: ARGO_ARCHIVE_LOGS
value: "true"
readinessProbe:
exec:
command:

1
apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-ui-role.yaml
View File

@ -48,6 +48,7 @@ rules:
- pipelineruns
- taskruns
- conditions
- tasks
verbs:
- create
- get

1
apps/kfp-tekton/upstream/base/pipeline/pipeline-runner-role.yaml
View File

@ -85,6 +85,7 @@ rules:
- taskruns
- conditions
- runs
- tasks
verbs:
- create
- get

2
apps/kfp-tekton/upstream/env/kfp-template/scheduled-workflow-crd.yaml vendored
View File

@ -1,4 +1,4 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: scheduledworkflows.kubeflow.org

2
apps/kfp-tekton/upstream/env/kfp-template/viewer-crd.yaml vendored
View File

@ -1,4 +1,4 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: viewers.kubeflow.org

1
apps/kfp-tekton/upstream/env/plain/kustomization.yaml vendored
View File

@ -6,6 +6,7 @@ bases:
- ../../base/metadata/base
- ../../third-party/minio/base
- ../../third-party/mysql/base
- ../../third-party/kfp-csi-s3
# Identifier for application manager to apply ownerReference.
# The ownerReference ensures the resources get garbage collected

531
apps/kfp-tekton/upstream/third-party/kfp-csi-s3/csi-s3-deployment.yaml vendored Normal file
View File

@ -0,0 +1,531 @@
# Source: dlf-chart/charts/csi-s3-chart/templates/csi-s3.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: kfp-csi-s3
labels:
app.kubernetes.io/name: "kubeflow"
namespace: kubeflow
---
# Source: dlf-chart/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml
# This YAML file contains all RBAC objects that are necessary to run external
# CSI attacher.
#
# In production, each CSI driver deployment has to be customized:
# - to avoid conflicts, use non-default namespace and different names
# for non-namespaced entities like the ClusterRole
# - decide whether the deployment replicates the external CSI
# attacher, in which case leadership election must be enabled;
# this influences the RBAC setup, see below
apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-attacher
# replace with non-default namespace name
namespace: kubeflow
labels:
app.kubernetes.io/name: "kubeflow"
---
# Source: dlf-chart/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml
# This YAML file contains all RBAC objects that are necessary to run external
# CSI provisioner.
#
# In production, each CSI driver deployment has to be customized:
# - to avoid conflicts, use non-default namespace and different names
# for non-namespaced entities like the ClusterRole
# - decide whether the deployment replicates the external CSI
# provisioner, in which case leadership election must be enabled;
# this influences the RBAC setup, see below
apiVersion: v1
kind: ServiceAccount
metadata:
name: csi-provisioner
# replace with non-default namespace name
namespace: kubeflow
labels:
app.kubernetes.io/name: "kubeflow"
---
# Source: dlf-chart/charts/csi-s3-chart/templates/storageclass.yaml
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: kfp-csi-s3
labels:
app.kubernetes.io/name: "kubeflow"
provisioner: ch.ctrox.csi.s3-driver
parameters:
# specify which mounter to use
# can be set to s3fs, goofys
# OTHER OPTIONS NOT WORKING!
mounter: goofys
csi.storage.k8s.io/provisioner-secret-name: kfp-csi-secret
csi.storage.k8s.io/provisioner-secret-namespace: kubeflow
csi.storage.k8s.io/controller-publish-secret-name: kfp-csi-secret
csi.storage.k8s.io/controller-publish-secret-namespace: kubeflow
csi.storage.k8s.io/node-stage-secret-name: kfp-csi-secret
csi.storage.k8s.io/node-stage-secret-namespace: kubeflow
csi.storage.k8s.io/node-publish-secret-name: kfp-csi-secret
csi.storage.k8s.io/node-publish-secret-namespace: kubeflow
---
# Source: dlf-chart/charts/csi-s3-chart/templates/csi-s3.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kfp-csi-s3
labels:
app.kubernetes.io/name: "kubeflow"
namespace: kubeflow
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "update"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update","create"]
---
# Source: dlf-chart/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml
# Attacher must be able to work with PVs, CSINodes and VolumeAttachments
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: external-attacher-runner
labels:
app.kubernetes.io/name: "kubeflow"
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "update", "patch"] #Adding "update"
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update", "patch", "create"] #Adding "update"
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]
#Secret permission is optional.
#Enable it if you need value from secret.
#For example, you have key `csi.storage.k8s.io/controller-publish-secret-name` in StorageClass.parameters
#see https://kubernetes-csi.github.io/docs/secrets-and-credentials.html
# - apiGroups: [""]
# resources: ["secrets"]
# verbs: ["get", "list"]
---
# Source: dlf-chart/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: external-provisioner-runner
labels:
app.kubernetes.io/name: "kubeflow"
namespace: kubeflow
rules:
# The following rule should be uncommented for plugins that require secrets
# for provisioning. #Enabling secrets
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["get", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
# Access to volumeattachments is only needed when the CSI driver
# has the PUBLISH_UNPUBLISH_VOLUME controller capability.
# In that case, external-provisioner will watch volumeattachments
# to determine when it is safe to delete a volume.
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch","create"]
---
# Source: dlf-chart/charts/csi-s3-chart/templates/csi-s3.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kfp-csi-s3
labels:
app.kubernetes.io/name: "kubeflow"
namespace: kubeflow
subjects:
- kind: ServiceAccount
name: kfp-csi-s3
namespace: kubeflow
roleRef:
kind: ClusterRole
name: kfp-csi-s3
apiGroup: rbac.authorization.k8s.io
---
# Source: dlf-chart/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-attacher-role
labels:
app.kubernetes.io/name: "kubeflow"
subjects:
- kind: ServiceAccount
name: csi-attacher
# replace with non-default namespace name
namespace: kubeflow
roleRef:
kind: ClusterRole
name: external-attacher-runner
apiGroup: rbac.authorization.k8s.io
---
# Source: dlf-chart/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-provisioner-role
labels:
app.kubernetes.io/name: "kubeflow"
namespace: kubeflow
subjects:
- kind: ServiceAccount
name: csi-provisioner
# replace with non-default namespace name
namespace: kubeflow
roleRef:
kind: ClusterRole
name: external-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
# Source: dlf-chart/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml
# Attacher must be able to work with configmaps or leases in the current namespace
# if (and only if) leadership election is enabled
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
# replace with non-default namespace name
namespace: kubeflow
name: external-attacher-cfg
labels:
app.kubernetes.io/name: "kubeflow"
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
---
# Source: dlf-chart/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml
# Provisioner must be able to work with endpoints in current namespace
# if (and only if) leadership election is enabled
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
# replace with non-default namespace name
namespace: kubeflow
name: external-provisioner-cfg
labels:
app.kubernetes.io/name: "kubeflow"
rules:
# Only one of the following rules for endpoints or leases is required based on
# what is set for `--leader-election-type`. Endpoints are deprecated in favor of Leases.
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
# Permissions for CSIStorageCapacity are only needed enabling the publishing
# of storage capacity information.
- apiGroups: ["storage.k8s.io"]
resources: ["csistoragecapacities"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
# The GET permissions below are needed for walking up the ownership chain
# for CSIStorageCapacity. They are sufficient for deployment via
# StatefulSet (only needs to get Pod) and Deployment (needs to get
# Pod and then ReplicaSet to find the Deployment).
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["get"]
---
# Source: dlf-chart/charts/csi-sidecars-rbac/templates/attacher-rbac.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-attacher-role-cfg
# replace with non-default namespace name
namespace: kubeflow
labels:
app.kubernetes.io/name: "kubeflow"
subjects:
- kind: ServiceAccount
name: csi-attacher
# replace with non-default namespace name
namespace: kubeflow
roleRef:
kind: Role
name: external-attacher-cfg
apiGroup: rbac.authorization.k8s.io
---
# Source: dlf-chart/charts/csi-sidecars-rbac/templates/provisioner-rbac.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: csi-provisioner-role-cfg
# replace with non-default namespace name
namespace: kubeflow
labels:
app.kubernetes.io/name: "kubeflow"
subjects:
- kind: ServiceAccount
name: csi-provisioner
# replace with non-default namespace name
namespace: kubeflow
roleRef:
kind: Role
name: external-provisioner-cfg
apiGroup: rbac.authorization.k8s.io
---
# Source: dlf-chart/charts/csi-s3-chart/templates/attacher.yaml
# needed for StatefulSet
kind: Service
apiVersion: v1
metadata:
name: csi-attacher-s3
namespace: kubeflow
labels:
app: csi-attacher-s3
app.kubernetes.io/name: "kubeflow"
spec:
selector:
app: csi-attacher-s3
ports:
- name: dummy
port: 12345
---
# Source: dlf-chart/charts/csi-s3-chart/templates/provisioner.yaml
kind: Service
apiVersion: v1
metadata:
name: csi-provisioner-s3
namespace: kubeflow
labels:
app: csi-provisioner-s3
app.kubernetes.io/name: "kubeflow"
spec:
selector:
app: csi-provisioner-s3
ports:
- name: dummy
port: 12345
---
# Source: dlf-chart/charts/csi-s3-chart/templates/csi-s3.yaml
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: kfp-csi-s3
labels:
app.kubernetes.io/name: "kubeflow"
namespace: kubeflow
spec:
selector:
matchLabels:
app: kfp-csi-s3
template:
metadata:
labels:
app.kubernetes.io/name: "kubeflow"
app: kfp-csi-s3
spec:
serviceAccountName: kfp-csi-s3
containers:
- name: driver-registrar
image: "quay.io/k8scsi/csi-node-driver-registrar:v1.2.0"
imagePullPolicy: Always
args:
- --v=5
- --csi-address=/csi/csi.sock
- --kubelet-registration-path=/var/data/kubelet/plugins/kfp-csi-s3/csi.sock
securityContext:
# This is necessary only for systems with SELinux, where
# non-privileged sidecar containers cannot access unix domain socket
# created by privileged CSI driver container.
privileged: true
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /csi
name: socket-dir
- mountPath: /registration
name: registration-dir
- name: kfp-csi-s3
image: "quay.io/datashim/csi-s3:latest-amd64"
imagePullPolicy: Always
args:
- "--v=5"
- "--endpoint=$(CSI_ENDPOINT)"
- "--nodeid=$(KUBE_NODE_NAME)"
env:
- name: CSI_ENDPOINT
value: unix:///csi/csi.sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: cheap
value: "off"
securityContext:
privileged: true
volumeMounts:
- mountPath: /csi
name: socket-dir
- mountPath: /var/data/kubelet/pods
mountPropagation: Bidirectional
name: mountpoint-dir
- mountPath: /dev
name: dev-dir
volumes:
- hostPath:
path: /var/data/kubelet/plugins/kfp-csi-s3
type: DirectoryOrCreate
name: socket-dir
- hostPath:
path: /var/data/kubelet/pods
type: DirectoryOrCreate
name: mountpoint-dir
- hostPath:
path: /var/data/kubelet/plugins_registry
type: Directory
name: registration-dir
- hostPath:
path: /dev
type: Directory
name: dev-dir
---
# Source: dlf-chart/charts/csi-s3-chart/templates/attacher.yaml
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: csi-attacher-s3
namespace: kubeflow
labels:
app.kubernetes.io/name: "kubeflow"
spec:
serviceName: "csi-attacher-s3"
replicas: 1
selector:
matchLabels:
app: csi-attacher-s3
template:
metadata:
labels:
app.kubernetes.io/name: "kubeflow"
app: csi-attacher-s3
spec:
serviceAccountName: csi-attacher
containers:
- name: csi-attacher
image: "quay.io/k8scsi/csi-attacher:v2.2.0"
imagePullPolicy: Always
args:
- --v=5
- --csi-address=/csi/csi.sock
securityContext:
# This is necessary only for systems with SELinux, where
# non-privileged sidecar containers cannot access unix domain socket
# created by privileged CSI driver container.
privileged: true
volumeMounts:
- mountPath: /csi
name: socket-dir
volumes:
- hostPath:
path: /var/data/kubelet/plugins/kfp-csi-s3
type: DirectoryOrCreate
name: socket-dir
---
# Source: dlf-chart/charts/csi-s3-chart/templates/provisioner.yaml
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: csi-provisioner-s3
labels:
app.kubernetes.io/name: "kubeflow"
namespace: kubeflow
spec:
serviceName: "csi-provisioner-s3"
replicas: 1
selector:
matchLabels:
app: csi-provisioner-s3
template:
metadata:
labels:
app: csi-provisioner-s3
spec:
serviceAccountName: csi-provisioner
containers:
- name: csi-provisioner
image: "quay.io/k8scsi/csi-provisioner:v2.0.2"
imagePullPolicy: Always
args:
- -v=5
- --csi-address=/csi/csi.sock
- --feature-gates=Topology=true
securityContext:
# This is necessary only for systems with SELinux, where
# non-privileged sidecar containers cannot access unix domain socket
# created by privileged CSI driver container.
privileged: true
volumeMounts:
- mountPath: /csi
name: socket-dir
volumes:
- hostPath:
path: /var/data/kubelet/plugins/kfp-csi-s3
type: DirectoryOrCreate
name: socket-dir
---
# Source: dlf-chart/charts/csi-s3-chart/templates/driver.yaml
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: ch.ctrox.csi.s3-driver
spec:
attachRequired: false
podInfoOnMount: false

16
apps/kfp-tekton/upstream/third-party/kfp-csi-s3/csi-s3-secret.yaml vendored Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
data:
accessKeyID: $(accessKeyID-base64)
bucket: $(bucket-base64)
endpoint: $(endpoint-base64)
extract: ZmFsc2U=
provision: ZmFsc2U=
readonly: ZmFsc2U=
region: ""
remove-on-delete: ZmFsc2U=
secretAccessKey: $(secretAccessKey-bas64)
kind: Secret
metadata:
name: kfp-csi-secret
namespace: kubeflow
type: Opaque

51
apps/kfp-tekton/upstream/third-party/kfp-csi-s3/kustomization.yaml vendored Normal file
View File

@ -0,0 +1,51 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- csi-s3-deployment.yaml
- csi-s3-secret.yaml
namespace: kubeflow
configMapGenerator:
- name: csi-s3-parameters
literals:
# Update the credentials for the below fields before apply.
- endpoint-base64=aHR0cDovL21pbmlvLXNlcnZpY2Uua3ViZWZsb3c6OTAwMA==
- bucket-base64=bWxwaXBlbGluZQ==
- accessKeyID-base64=bWluaW8=
- secretAccessKey-bas64=bWluaW8xMjM=
generatorOptions:
disableNameSuffixHash: true
vars:
- name: endpoint-base64
objref:
kind: ConfigMap
name: csi-s3-parameters
apiVersion: v1
fieldref:
fieldpath: data.endpoint-base64
- name: bucket-base64
objref:
kind: ConfigMap
name: csi-s3-parameters
apiVersion: v1
fieldref:
fieldpath: data.bucket-base64
- name: accessKeyID-base64
objref:
kind: ConfigMap
name: csi-s3-parameters
apiVersion: v1
fieldref:
fieldpath: data.accessKeyID-base64
- name: secretAccessKey-bas64
objref:
kind: ConfigMap
name: csi-s3-parameters
apiVersion: v1
fieldref:
fieldpath: data.secretAccessKey-bas64
configurations:
- params.yaml

3
apps/kfp-tekton/upstream/third-party/kfp-csi-s3/params.yaml vendored Normal file
View File

@ -0,0 +1,3 @@
varReference:
- path: data
kind: Secret

4
apps/kfp-tekton/upstream/third-party/tekton-custom-task/kustomization.yaml vendored
View File

@ -8,6 +8,6 @@ namespace: tekton-pipelines
images:
- name: docker.io/aipipeline/pipelineloop-controller
newTag: 1.0.0
newTag: 1.1.0
- name: docker.io/aipipeline/pipelineloop-webhook
newTag: 1.0.0
newTag: 1.1.0

4
apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-role.yaml vendored
View File

@ -14,7 +14,7 @@ rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]
resourceNames: ["config-leader-election", "config-logging", "config-observability"]
resourceNames: ["config-leader-election", "config-logging", "config-observability", "object-store-config"]
- apiGroups: ["policy"]
resources: ["podsecuritypolicies"]
resourceNames: ["tekton-pipelines"]
@ -37,7 +37,7 @@ rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]
resourceNames: ["config-logging", "config-observability", "config-leader-election"]
resourceNames: ["config-logging", "config-observability", "config-leader-election", "object-store-config"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["list", "watch"]

4
apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/201-rolebinding.yaml vendored
View File

@ -1,4 +1,4 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-pipelineloop-controller
@ -16,7 +16,7 @@ roleRef:
name: tekton-pipelineloop-controller
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: tekton-pipelineloop-webhook

10
apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/202-clusterrolebinding.yaml vendored
View File

@ -1,4 +1,4 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-pipelineloop-controller-cluster-access
@ -19,7 +19,7 @@ roleRef:
# then the ClusterRole would be namespaced. The access described by
# the tekton-pipelineloop-controller-tenant-access ClusterRole would
# be scoped to individual tenant namespaces.
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-pipelineloop-controller-tenant-access
@ -36,7 +36,7 @@ roleRef:
name: tekton-pipelineloop-controller-tenant-access
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-pipelineloop-controller-leaderelection
@ -53,7 +53,7 @@ roleRef:
name: tekton-pipelineloop-leader-election
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-pipelineloop-webhook-cluster-access
@ -70,7 +70,7 @@ roleRef:
name: tekton-pipelineloop-webhook-cluster-access
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: tekton-pipelineloop-webhook-leaderelection

34
apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/203-object-store-config.yaml vendored Normal file
View File

@ -0,0 +1,34 @@
# Copyright 2020 The Knative Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ConfigMap
metadata:
name: object-store-config
namespace: tekton-pipelines
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines-loops
data:
enable: "false"
defaultBucketName: "pipelineloop-logs"
ibmStyleCredentials: "false"
region: "us-south"
accessKey: "minio"
secretKey: "minio123"
# Below are IBM cloud specific credentials, available if the flag ibmStyleCredentials is true.
apiKey: "<APIKEY-dummy-1231231231-123abcdefgh>"
serviceInstanceID: "crn:v1:bluemix:public:cloud-object-storage:global:a/ID-dummy-1231231231-123abcdefgh:dummy-values::"
serviceEndpoint: "http://minio-service.kubeflow:9000"
authEndpoint: "https://iam.cloud.ibm.com/identity/token"

33
apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/300-pipelineloop.yaml vendored
View File

@ -1,4 +1,4 @@
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: pipelineloops.custom.tekton.dev
@ -9,22 +9,25 @@ metadata:
version: "devel"
spec:
group: custom.tekton.dev
preserveUnknownFields: false
validation:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
versions:
- name: v1alpha1
served: true
storage: true
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
# One can use x-kubernetes-preserve-unknown-fields: true
# at the root of the schema (and inside any properties, additionalProperties)
# to get the traditional CRD behaviour that nothing is pruned, despite
# setting spec.preserveUnknownProperties: false.
#
# See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
# See issue: https://github.com/knative/serving/issues/912
x-kubernetes-preserve-unknown-fields: true
names:
kind: PipelineLoop
plural: pipelineloops
@ -32,7 +35,3 @@ spec:
- tekton
- tekton-pipelines
scope: Namespaced
# Opt into the status subresource so metadata.generation
# starts to increment
subresources:
status: {}

4
apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/500-webhook-configuration.yaml vendored
View File

@ -11,7 +11,7 @@ metadata:
# The data is populated at install time.
---
apiVersion: admissionregistration.k8s.io/v1beta1
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: validation.webhook.pipelineloop.custom.tekton.dev
@ -32,7 +32,7 @@ webhooks:
name: validation.webhook.pipelineloop.custom.tekton.dev
---
apiVersion: admissionregistration.k8s.io/v1beta1
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: webhook.pipelineloop.custom.tekton.dev

1
apps/kfp-tekton/upstream/third-party/tekton-custom-task/pipeline-loops/kustomization.yaml vendored
View File

@ -7,6 +7,7 @@ resources:
- 201-role.yaml
- 201-rolebinding.yaml
- 202-clusterrolebinding.yaml
- 203-object-store-config.yaml
- 300-pipelineloop.yaml
- 500-controller.yaml
- 500-webhook-configuration.yaml

178
apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/tekton-dashboard-release.yaml vendored
View File

@ -54,6 +54,24 @@ metadata:
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-info
namespace: tekton-pipelines
rules:
- apiGroups:
- ""
resourceNames:
- dashboard-info
resources:
- configmaps
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
@ -93,6 +111,14 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- watch
- apiGroups:
- dashboard.tekton.dev
resources:
@ -125,38 +151,6 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-dashboard
rules:
- apiGroups:
- apps
resources:
- deployments
verbs:
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-pipelines
rules:
- apiGroups:
- apps
resources:
- deployments
verbs:
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: dashboard
@ -164,14 +158,6 @@ metadata:
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-tenant
rules:
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- dashboard.tekton.dev
resources:
@ -183,9 +169,10 @@ rules:
- apiGroups:
- ""
resources:
- serviceaccounts
- pods/log
- events
- namespaces
- pods
- pods/log
verbs:
- get
- list
@ -252,23 +239,23 @@ rules:
- update
- delete
- patch
- add
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-triggers
rules:
- apiGroups:
- apps
resources:
- deployments
verbs:
- list
name: tekton-dashboard-info
namespace: tekton-pipelines
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: tekton-dashboard-info
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:authenticated
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@ -288,6 +275,17 @@ subjects:
namespace: tekton-pipelines
---
apiVersion: v1
data:
version: v0.22.0
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: dashboard-info
namespace: tekton-pipelines
---
apiVersion: v1
kind: Service
metadata:
labels:
@ -296,9 +294,9 @@ metadata:
app.kubernetes.io/instance: default
app.kubernetes.io/name: dashboard
app.kubernetes.io/part-of: tekton-dashboard
app.kubernetes.io/version: v0.19.0
dashboard.tekton.dev/release: v0.19.0
version: v0.19.0
app.kubernetes.io/version: v0.22.0
dashboard.tekton.dev/release: v0.22.0
version: v0.22.0
name: tekton-dashboard
namespace: tekton-pipelines
spec:
@ -322,9 +320,9 @@ metadata:
app.kubernetes.io/instance: default
app.kubernetes.io/name: dashboard
app.kubernetes.io/part-of: tekton-dashboard
app.kubernetes.io/version: v0.19.0
dashboard.tekton.dev/release: v0.19.0
version: v0.19.0
app.kubernetes.io/version: v0.22.0
dashboard.tekton.dev/release: v0.22.0
version: v0.22.0
name: tekton-dashboard
namespace: tekton-pipelines
spec:
@ -343,7 +341,7 @@ spec:
app.kubernetes.io/instance: default
app.kubernetes.io/name: dashboard
app.kubernetes.io/part-of: tekton-dashboard
app.kubernetes.io/version: v0.19.0
app.kubernetes.io/version: v0.22.0
name: tekton-dashboard
spec:
containers:
@ -356,14 +354,14 @@ spec:
- --log-level=info
- --log-format=json
- --namespace=
- --stream-logs=false
- --stream-logs=true
- --external-logs=
env:
- name: INSTALLED_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:81c6e5343eba03333b3bc7bbee2977090daf559d550ae22e570b9d1e1e52c471
image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.22.0@sha256:8285c9e07ccbb008425c34f5c3b5a684fb4ab36325a3e1d270e4521389248e51
livenessProbe:
httpGet:
path: /health
@ -375,6 +373,8 @@ spec:
httpGet:
path: /readiness
port: 9097
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
runAsUser: 65532
@ -384,60 +384,6 @@ spec:
---
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-pipelines
namespace: tekton-pipelines
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-dashboard-pipelines
subjects:
- kind: ServiceAccount
name: tekton-dashboard
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-dashboard
namespace: tekton-pipelines
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-dashboard-dashboard
subjects:
- kind: ServiceAccount
name: tekton-dashboard
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: dashboard
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-dashboard
name: tekton-dashboard-triggers
namespace: tekton-pipelines
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-dashboard-triggers
subjects:
- kind: ServiceAccount
name: tekton-dashboard
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:

122
apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/tekton-release.yaml vendored
View File

@ -157,7 +157,7 @@ rules:
resourceNames: ["webhook.pipeline.tekton.dev"]
# When there are changes to the configs or secrets, knative updates the mutatingwebhook config
# with the updated certificates or the refreshed set of rules.
verbs: ["get", "update"]
verbs: ["get", "update", "delete"]
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["validatingwebhookconfigurations"]
# validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns.
@ -165,7 +165,7 @@ rules:
resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"]
# When there are changes to the configs or secrets, knative updates the validatingwebhook config
# with the updated certificates or the refreshed set of rules.
verbs: ["get", "update"]
verbs: ["get", "update", "delete"]
- apiGroups: ["policy"]
resources: ["podsecuritypolicies"]
resourceNames: ["tekton-pipelines"]
@ -176,6 +176,12 @@ rules:
# The webhook configured the namespace as the OwnerRef on various cluster-scoped resources,
# which requires we can Get the system namespace.
resourceNames: ["tekton-pipelines"]
- apiGroups: [""]
resources: ["namespaces/finalizers"]
verbs: ["update"]
# The webhook configured the namespace as the OwnerRef on various cluster-scoped resources,
# which requires we can update the system namespace finalizers.
resourceNames: ["tekton-pipelines"]
---
# Copyright 2020 The Tekton Authors
@ -232,7 +238,7 @@ rules:
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]
resourceNames: ["config-logging", "config-observability", "config-leader-election"]
resourceNames: ["config-logging", "config-observability", "config-leader-election", "feature-flags"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["list", "watch"]
@ -512,8 +518,8 @@ metadata:
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
pipeline.tekton.dev/release: "v0.27.0"
version: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
version: "v0.30.0"
spec:
group: tekton.dev
preserveUnknownFields: false
@ -592,8 +598,8 @@ metadata:
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
pipeline.tekton.dev/release: "v0.27.0"
version: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
version: "v0.30.0"
spec:
group: tekton.dev
versions:
@ -645,8 +651,8 @@ metadata:
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
pipeline.tekton.dev/release: "v0.27.0"
version: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
version: "v0.30.0"
spec:
group: tekton.dev
preserveUnknownFields: false
@ -725,8 +731,8 @@ metadata:
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
pipeline.tekton.dev/release: "v0.27.0"
version: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
version: "v0.30.0"
spec:
group: tekton.dev
preserveUnknownFields: false
@ -834,8 +840,8 @@ metadata:
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
pipeline.tekton.dev/release: "v0.27.0"
version: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
version: "v0.30.0"
spec:
group: tekton.dev
versions:
@ -887,8 +893,8 @@ metadata:
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
pipeline.tekton.dev/release: "v0.27.0"
version: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
version: "v0.30.0"
spec:
group: tekton.dev
preserveUnknownFields: false
@ -954,8 +960,8 @@ metadata:
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
pipeline.tekton.dev/release: "v0.27.0"
version: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
version: "v0.30.0"
spec:
group: tekton.dev
preserveUnknownFields: false
@ -1034,8 +1040,8 @@ metadata:
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
pipeline.tekton.dev/release: "v0.27.0"
version: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
version: "v0.30.0"
spec:
group: tekton.dev
preserveUnknownFields: false
@ -1145,7 +1151,7 @@ metadata:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
pipeline.tekton.dev/release: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
# The data is populated at install time.
---
apiVersion: admissionregistration.k8s.io/v1
@ -1156,7 +1162,7 @@ metadata:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
pipeline.tekton.dev/release: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
webhooks:
- admissionReviewVersions: ["v1"]
clientConfig:
@ -1175,7 +1181,7 @@ metadata:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
pipeline.tekton.dev/release: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
webhooks:
- admissionReviewVersions: ["v1"]
clientConfig:
@ -1194,7 +1200,7 @@ metadata:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
pipeline.tekton.dev/release: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
webhooks:
- admissionReviewVersions: ["v1"]
clientConfig:
@ -1545,7 +1551,7 @@ data:
# this ConfigMap such that even if we don't have access to
# other resources in the namespace we still can have access to
# this ConfigMap.
version: "v0.27.0"
version: "v0.30.0"
---
# Copyright 2020 Tekton Authors LLC
@ -1687,6 +1693,10 @@ data:
# charge. If metrics.backend-destination is not Stackdriver, this is
# ignored.
metrics.allow-stackdriver-custom-metrics: "false"
metrics.taskrun.level: "taskrun"
metrics.taskrun.duration-type: "histogram"
metrics.pipelinerun.level: "pipelinerun"
metrics.pipelinerun.duration-type: "histogram"
---
# Copyright 2020 Tekton Authors LLC
@ -1739,12 +1749,12 @@ metadata:
app.kubernetes.io/name: controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: default
app.kubernetes.io/version: "v0.27.0"
app.kubernetes.io/version: "v0.30.0"
app.kubernetes.io/part-of: tekton-pipelines
# tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
pipeline.tekton.dev/release: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
# labels below are related to istio and should not be used for resource lookup
version: "v0.27.0"
version: "v0.30.0"
spec:
replicas: 1
selector:
@ -1759,13 +1769,13 @@ spec:
app.kubernetes.io/name: controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: default
app.kubernetes.io/version: "v0.27.0"
app.kubernetes.io/version: "v0.30.0"
app.kubernetes.io/part-of: tekton-pipelines
# tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
pipeline.tekton.dev/release: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
# labels below are related to istio and should not be used for resource lookup
app: tekton-pipelines-controller
version: "v0.27.0"
version: "v0.30.0"
spec:
affinity:
nodeAffinity:
@ -1779,17 +1789,20 @@ spec:
serviceAccountName: tekton-pipelines-controller
containers:
- name: tekton-pipelines-controller
image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.27.0@sha256:015e8f9cf38416652545ce5e16776379a979af64373250ec489861886a468fcf
image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.30.0@sha256:ecb7567431d9c2b899be7b04cd5a72722655e36fd58f69ed695e469daab9009b
args: [
# These images are built on-demand by `ko resolve` and are replaced
# by image references by digest.
"-kubeconfig-writer-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.27.0@sha256:81074a7039daa1f2d579e74fdc0b41eeac0c1136bf6a487f67ff14240aaac378", "-git-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.27.0@sha256:8bfb6edbd8ce4608af957a3a38444512c14713bc9fc0d60308f228c61be4c83f", "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.27.0@sha256:b8a0bed8e402138f7b14b44115719f44460255497132b8a8233e710692ef6930", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.27.0@sha256:96c203f18b3eba750fcbf9c018ac1c97a68860053035524f3629ef7093a64d9c", "-imagedigest-exporter-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.27.0@sha256:32fa5aa9d17c0e999053e515264b70037168760fc835cbb513c6e92b3afc77bb", "-pr-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.27.0@sha256:fe7734cced1b9a2ce37dd78df5fc5998d29ac8bef8e8bd984c6b6a8bbb58e4f4",
"-kubeconfig-writer-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.30.0@sha256:5292621d97834592c983a341e6e8759a8437dd208448a0226459c91e7b273f8c", "-git-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.30.0@sha256:3637bac1e233696a3671155c77de9ed8e02cacbec454d314125a5f1f458effa3", "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.30.0@sha256:34ee7658bb8a657584e1ada8e84121758cc5d067c1f0740873d614d07423886f", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.30.0@sha256:89cb4d5572372c7ade6b20b59bf35dc9dcd5e4cde2fa77f14888d4f7059cd767", "-imagedigest-exporter-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.30.0@sha256:2a6dec9e6d66b2198d9bc3bcf1f03a662e4eb274b66563c5d499e9f29dadcc10", "-pr-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.30.0@sha256:d321d1888a203be9fab57aa528bcf378da6984778c38f015c0a9287fc489602f",
# This is gcr.io/google.com/cloudsdktool/cloud-sdk:302.0.0-slim
"-gsutil-image", "gcr.io/google.com/cloudsdktool/cloud-sdk@sha256:27b2c22bf259d9bc1a291e99c63791ba0c27a04d2db0a43241ba0f1f20f4067f",
# The shell image must be root in order to create directories and copy files to PVCs.
# gcr.io/distroless/base:debug as of Apirl 17, 2021
# gcr.io/distroless/base:debug as of October 21, 2021
# image shall not contains tag, so it will be supported on a runtime like cri-o
"-shell-image", "gcr.io/distroless/base@sha256:aa4fd987555ea10e1a4ec8765da8158b5ffdfef1e72da512c7ede509bc9966c4"]
"-shell-image", "gcr.io/distroless/base@sha256:cfdc553400d41b47fd231b028403469811fcdbc0e69d66ea8030c5a0b5fbac2b",
# for script mode to work with windows we need a powershell image
# pinning to nanoserver tag as of July 15 2021
"-shell-image-win", "mcr.microsoft.com/powershell:nanoserver@sha256:b6d5ff841b78bdf2dfed7550000fd4f3437385b8fa686ec0f010be24777654d6"]
volumeMounts:
- name: config-logging
mountPath: /etc/config-logging
@ -1842,6 +1855,10 @@ spec:
runAsUser: 65532
runAsGroup: 65532
ports:
- name: metrics
containerPort: 9090
- name: profiling
containerPort: 8008
- name: probes
containerPort: 8080
livenessProbe:
@ -1875,13 +1892,13 @@ metadata:
app.kubernetes.io/name: controller
app.kubernetes.io/component: controller
app.kubernetes.io/instance: default
app.kubernetes.io/version: "v0.27.0"
app.kubernetes.io/version: "v0.30.0"
app.kubernetes.io/part-of: tekton-pipelines
# tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
pipeline.tekton.dev/release: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
# labels below are related to istio and should not be used for resource lookup
app: tekton-pipelines-controller
version: "v0.27.0"
version: "v0.30.0"
name: tekton-pipelines-controller
namespace: tekton-pipelines
spec:
@ -1890,6 +1907,9 @@ spec:
port: 9090
protocol: TCP
targetPort: 9090
- name: http-profiling
port: 8008
targetPort: 8008
- name: probes
port: 8080
selector:
@ -1922,12 +1942,12 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/version: "v0.27.0"
app.kubernetes.io/version: "v0.30.0"
app.kubernetes.io/part-of: tekton-pipelines
# tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
pipeline.tekton.dev/release: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
# labels below are related to istio and should not be used for resource lookup
version: "v0.27.0"
version: "v0.30.0"
spec:
minReplicas: 1
maxReplicas: 5
@ -1968,12 +1988,12 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/version: "v0.27.0"
app.kubernetes.io/version: "v0.30.0"
app.kubernetes.io/part-of: tekton-pipelines
# tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
pipeline.tekton.dev/release: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
# labels below are related to istio and should not be used for resource lookup
version: "v0.27.0"
version: "v0.30.0"
spec:
replicas: 1
selector:
@ -1988,13 +2008,13 @@ spec:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/version: "v0.27.0"
app.kubernetes.io/version: "v0.30.0"
app.kubernetes.io/part-of: tekton-pipelines
# tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
pipeline.tekton.dev/release: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
# labels below are related to istio and should not be used for resource lookup
app: tekton-pipelines-webhook
version: "v0.27.0"
version: "v0.30.0"
spec:
affinity:
nodeAffinity:
@ -2021,7 +2041,7 @@ spec:
- name: webhook
# This is the Go import path for the binary that is containerized
# and substituted here.
image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.27.0@sha256:9d1de73bf9776d0862d211a6e123802959e56fd1e43ce39054374b9f2d4ed966
image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.30.0@sha256:b93422365865e7b6fbe96e92cac7494626257165021fa36f71fae22bdfbd3e6e
# Resource request required for autoscaler to take any action for a metric
resources:
requests:
@ -2044,6 +2064,8 @@ spec:
value: config-observability
- name: CONFIG_LEADERELECTION_NAME
value: config-leader-election
- name: CONFIG_FEATURE_FLAGS_NAME
value: feature-flags
- name: WEBHOOK_SERVICE_NAME
value: tekton-pipelines-webhook
- name: WEBHOOK_SECRET_NAME
@ -2091,13 +2113,13 @@ metadata:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/version: "v0.27.0"
app.kubernetes.io/version: "v0.30.0"
app.kubernetes.io/part-of: tekton-pipelines
# tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
pipeline.tekton.dev/release: "v0.27.0"
pipeline.tekton.dev/release: "v0.30.0"
# labels below are related to istio and should not be used for resource lookup
app: tekton-pipelines-webhook
version: "v0.27.0"
version: "v0.30.0"
name: tekton-pipelines-webhook
namespace: tekton-pipelines
spec: