From 711a4fdc071e7b4f3b081bd718ef6bdca233e00f Mon Sep 17 00:00:00 2001 From: hwirnsberger Date: Tue, 9 Mar 2021 16:40:53 +0000 Subject: [PATCH] chore: regenerated /pipeline cancel --- .jx/secret/mapping/secret-mappings.yaml | 2 + .../jx-build-controller-jx-clusterrole.yaml | 44 + .../jx-build-controller-jx-crb.yaml | 16 + .../jx-pipelines-visualizer-clusterrole.yaml | 44 + .../jx-pipelines-visualizer-crb.yaml | 20 + .../jx-preview-gc-jobs-clusterrole.yaml | 18 + .../jx/jx-preview/jx-preview-gc-jobs-crb.yaml | 15 + .../gcactivities-jx-clusterrole.yaml | 31 + .../gcactivities/gcactivities-jx-crb.yaml | 16 + .../jenkinsx-aggregate-view-clusterrole.yaml | 20 + .../tekton-bot-clusterrole.yaml | 38 + .../tekton-bot-jx-crb.yaml | 15 + .../cluster/namespaces/jx-production.yaml | 11 + .../cluster/namespaces/jx-staging.yaml | 11 + config-root/cluster/namespaces/jx.yaml | 9 + .../tekton-aggregate-edit-clusterrole.yaml | 44 + .../tekton-aggregate-view-clusterrole.yaml | 38 + ...controller-cluster-access-clusterrole.yaml | 43 + ...pelines-controller-cluster-access-crb.yaml | 32 + ...-controller-tenant-access-clusterrole.yaml | 23 + ...ipelines-controller-tenant-access-crb.yaml | 22 + .../tekton-pipeline/tekton-pipelines-ns.yaml | 24 + ...es-webhook-cluster-access-clusterrole.yaml | 42 + ...-pipelines-webhook-cluster-access-crb.yaml | 18 + .../environments.jenkins.io-crd.yaml | 3630 +++++++++++++++++ .../pipelineactivities.jenkins.io-crd.yaml | 526 +++ .../releases.jenkins.io-crd.yaml | 712 ++++ .../sourcerepositories.jenkins.io-crd.yaml | 310 ++ .../previews.preview.jenkins.io-crd.yaml | 38 + ...hthousejobs.lighthouse.jenkins.io-crd.yaml | 19 + ...ernalsecrets.kubernetes-client.io-crd.yaml | 41 + .../clustertasks.tekton.dev-crd.yaml | 66 + .../conditions.tekton.dev-crd.yaml | 53 + ...ages.caching.internal.knative.dev-crd.yaml | 39 + .../pipelineresources.tekton.dev-crd.yaml | 53 + .../pipelineruns.tekton.dev-crd.yaml | 82 + .../pipelines.tekton.dev-crd.yaml | 66 + .../tekton-pipeline/runs.tekton.dev-crd.yaml | 67 + .../taskruns.tekton.dev-crd.yaml | 82 + .../tekton-pipeline/tasks.tekton.dev-crd.yaml | 66 + ...tekton-container-registry-auth-secret.yaml | 32 + ...tekton-container-registry-auth-secret.yaml | 32 + .../bucketrepo-bucketrepo-deploy.yaml | 70 + .../bucketrepo/bucketrepo-bucketrepo-sa.yaml | 13 + .../bucketrepo/bucketrepo-config-secret.yaml | 22 + .../jx/bucketrepo/bucketrepo-svc.yaml | 21 + .../jenkins-x-bucketrepo-secret.yaml | 32 + .../jenkins-x-crds-3.0.5-release.yaml | 40 + .../jenkins-x-controllerbuild-sa.yaml | 13 + .../jx-build-controller-deploy.yaml | 64 + .../jx-build-controller-rb.yaml | 16 + .../jx-build-controller-role.yaml | 51 + .../jx-pipelines-visualizer-deploy.yaml | 70 + .../jx-pipelines-visualizer-ingress.yaml | 25 + .../jx-pipelines-visualizer-sa.yaml | 15 + .../jx-pipelines-visualizer-svc.yaml | 21 + .../jx-preview-gc-jobs-cronjob.yaml | 47 + .../jx/jx-preview/jx-preview-gc-jobs-rb.yaml | 15 + .../jx-preview/jx-preview-gc-jobs-role.yaml | 38 + .../jx/jx-preview/jx-preview-gc-jobs-sa.yaml | 8 + .../bucketrepo-ingress.yaml | 19 + .../gcactivities-2.0.1143-release.yaml | 51 + .../charts/gcactivities/gcactivities-rb.yaml | 16 + .../gcactivities/gcactivities-role.yaml | 56 + ...lmfile-resources-gcactivities-cronjob.yaml | 44 + ...ot-helmfile-resources-gcactivities-sa.yaml | 13 + .../gcpods/gcpods-2.0.1143-release.yaml | 51 + .../charts/gcpods/gcpods-rb.yaml | 16 + .../charts/gcpods/gcpods-role.yaml | 26 + ...oot-helmfile-resources-gcpods-cronjob.yaml | 44 + .../jxboot-helmfile-resources-gcpods-sa.yaml | 13 + .../committer-role.yaml | 39 + .../dev-environment.yaml | 41 + .../dev-sourcerepository.yaml | 21 + .../hook-ingress.yaml | 19 + .../ingress-config-cm.yaml | 14 + .../jenkins-maven-settings-secret.yaml | 24 + .../jenkins-release-gpg-secret.yaml | 30 + .../jenkins-x-docker-registry-cm.yaml | 13 + .../jenkins-x-extensions-cm.yaml | 16 + .../jx-basic-auth-htpasswd-secret.yaml | 21 + .../jx-basic-auth-user-password-secret.yaml | 24 + .../jx-local-secrets-secret.yaml | 16 + .../jx-pipeline-activity-updater-role.yaml | 15 + .../jx-view-role.yaml | 29 + .../kapp-config-cm.yaml | 32 + .../jxboot-helmfile-resources/owner-role.yaml | 39 + .../production-environment.yaml | 16 + .../staging-environment.yaml | 16 + .../tekton-bot-rb.yaml | 16 + .../tekton-bot-role.yaml | 15 + .../tekton-bot-sa.yaml | 11 + ...tekton-container-registry-auth-secret.yaml | 32 + .../tekton-git-secret.yaml | 32 + .../viewer-role.yaml | 34 + .../jx/lighthouse-config/config-cm.yaml | 51 + .../lighthouse-config/install-config-cm.yaml | 9 + .../lighthouse-config/jx-meta-pipeline.yaml | 251 ++ .../jx/lighthouse-config/plugins-cm.yaml | 58 + .../namespaces/jx/lighthouse/hook-svc.yaml | 19 + .../lighthouse/lighthouse-foghorn-deploy.yaml | 72 + .../jx/lighthouse/lighthouse-foghorn-rb.yaml | 15 + .../lighthouse/lighthouse-foghorn-role.yaml | 43 + .../jx/lighthouse/lighthouse-foghorn-sa.yaml | 8 + .../lighthouse-gc-jobs-cronjob.yaml | 45 + .../jx/lighthouse/lighthouse-gc-jobs-rb.yaml | 15 + .../lighthouse/lighthouse-gc-jobs-role.yaml | 43 + .../jx/lighthouse/lighthouse-gc-jobs-sa.yaml | 8 + .../lighthouse-hmac-token-secret.yaml | 30 + .../lighthouse/lighthouse-keeper-deploy.yaml | 84 + .../jx/lighthouse/lighthouse-keeper-rb.yaml | 15 + .../jx/lighthouse/lighthouse-keeper-role.yaml | 57 + .../jx/lighthouse/lighthouse-keeper-sa.yaml | 8 + .../jx/lighthouse/lighthouse-keeper-svc.yaml | 17 + .../lighthouse-oauth-token-secret.yaml | 30 + .../lighthouse-tekton-controller-deploy.yaml | 62 + .../lighthouse-tekton-controller-rb.yaml | 15 + .../lighthouse-tekton-controller-role.yaml | 42 + .../lighthouse-tekton-controller-sa.yaml | 8 + .../lighthouse-tekton-controller-svc.yaml | 18 + .../lighthouse-webhooks-deploy.yaml | 93 + .../jx/lighthouse/lighthouse-webhooks-rb.yaml | 15 + .../lighthouse/lighthouse-webhooks-role.yaml | 45 + .../jx/lighthouse/lighthouse-webhooks-sa.yaml | 8 + .../local-external-secrets-0.0.6-release.yaml | 36 + .../jx/source-repositories/README.md | 4 + .../config-artifact-bucket-cm.yaml | 35 + .../config-artifact-pvc-cm.yaml | 30 + .../tekton-pipeline/config-defaults-cm.yaml | 72 + .../config-leader-election-cm.yaml | 29 + .../tekton-pipeline/config-logging-cm.yaml | 54 + .../config-observability-cm.yaml | 58 + .../config-registry-cert-cm.yaml | 27 + ...ook.pipeline.tekton.dev-valwebhookcfg.yaml | 24 + .../tekton-pipeline/feature-flags-cm.yaml | 91 + .../tekton-pipeline/tekton-bot-sa.yaml | 25 + .../tekton-pipelines-controller-deploy.yaml | 140 + ...ipelines-controller-leaderelection-rb.yaml | 19 + .../tekton-pipelines-controller-rb.yaml | 33 + .../tekton-pipelines-controller-role.yaml | 38 + .../tekton-pipelines-controller-sa.yaml | 24 + .../tekton-pipelines-controller-svc.yaml | 31 + ...tekton-pipelines-leader-election-role.yaml | 15 + .../tekton-pipelines-podsecuritypolicy.yaml | 48 + .../tekton-pipelines-webhook-deploy.yaml | 139 + ...lines-webhook-horizontalpodautoscaler.yaml | 43 + ...n-pipelines-webhook-leaderelection-rb.yaml | 19 + ...pipelines-webhook-poddisruptionbudget.yaml | 25 + .../tekton-pipelines-webhook-rb.yaml | 19 + .../tekton-pipelines-webhook-role.yaml | 34 + .../tekton-pipelines-webhook-sa.yaml | 11 + .../tekton-pipelines-webhook-svc.yaml | 37 + ...ook.pipeline.tekton.dev-valwebhookcfg.yaml | 21 + .../tekton-pipeline/webhook-certs-secret.yaml | 27 + ...ook.pipeline.tekton.dev-mutwebhookcfg.yaml | 21 + helmfiles/jx/jx-values.yaml | 6 +- helmfiles/tekton-pipelines/jx-values.yaml | 6 +- jx-requirements.yml | 5 + 158 files changed, 10433 insertions(+), 2 deletions(-) create mode 100644 config-root/cluster/jx/jx-build-controller/jx-build-controller-jx-clusterrole.yaml create mode 100644 config-root/cluster/jx/jx-build-controller/jx-build-controller-jx-crb.yaml create mode 100644 config-root/cluster/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-clusterrole.yaml create mode 100644 config-root/cluster/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-crb.yaml create mode 100644 config-root/cluster/jx/jx-preview/jx-preview-gc-jobs-clusterrole.yaml create mode 100644 config-root/cluster/jx/jx-preview/jx-preview-gc-jobs-crb.yaml create mode 100644 config-root/cluster/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-jx-clusterrole.yaml create mode 100644 config-root/cluster/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-jx-crb.yaml create mode 100644 config-root/cluster/jx/jxboot-helmfile-resources/jenkinsx-aggregate-view-clusterrole.yaml create mode 100644 config-root/cluster/jx/jxboot-helmfile-resources/tekton-bot-clusterrole.yaml create mode 100644 config-root/cluster/jx/jxboot-helmfile-resources/tekton-bot-jx-crb.yaml create mode 100644 config-root/cluster/namespaces/jx-production.yaml create mode 100644 config-root/cluster/namespaces/jx-staging.yaml create mode 100644 config-root/cluster/namespaces/jx.yaml create mode 100644 config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-aggregate-edit-clusterrole.yaml create mode 100644 config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-aggregate-view-clusterrole.yaml create mode 100644 config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-cluster-access-clusterrole.yaml create mode 100644 config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-cluster-access-crb.yaml create mode 100644 config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-tenant-access-clusterrole.yaml create mode 100644 config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-tenant-access-crb.yaml create mode 100644 config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-ns.yaml create mode 100644 config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-cluster-access-clusterrole.yaml create mode 100644 config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-cluster-access-crb.yaml create mode 100644 config-root/customresourcedefinitions/jx/jenkins-x-crds/environments.jenkins.io-crd.yaml create mode 100644 config-root/customresourcedefinitions/jx/jenkins-x-crds/pipelineactivities.jenkins.io-crd.yaml create mode 100644 config-root/customresourcedefinitions/jx/jenkins-x-crds/releases.jenkins.io-crd.yaml create mode 100644 config-root/customresourcedefinitions/jx/jenkins-x-crds/sourcerepositories.jenkins.io-crd.yaml create mode 100644 config-root/customresourcedefinitions/jx/jx-preview/previews.preview.jenkins.io-crd.yaml create mode 100644 config-root/customresourcedefinitions/jx/lighthouse/lighthousejobs.lighthouse.jenkins.io-crd.yaml create mode 100644 config-root/customresourcedefinitions/jx/local-external-secrets/externalsecrets.kubernetes-client.io-crd.yaml create mode 100644 config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/clustertasks.tekton.dev-crd.yaml create mode 100644 config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/conditions.tekton.dev-crd.yaml create mode 100644 config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/images.caching.internal.knative.dev-crd.yaml create mode 100644 config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/pipelineresources.tekton.dev-crd.yaml create mode 100644 config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/pipelineruns.tekton.dev-crd.yaml create mode 100644 config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/pipelines.tekton.dev-crd.yaml create mode 100644 config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/runs.tekton.dev-crd.yaml create mode 100644 config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/taskruns.tekton.dev-crd.yaml create mode 100644 config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/tasks.tekton.dev-crd.yaml create mode 100644 config-root/namespaces/jx-production/jxboot-helmfile-resources/tekton-container-registry-auth-secret.yaml create mode 100644 config-root/namespaces/jx-staging/jxboot-helmfile-resources/tekton-container-registry-auth-secret.yaml create mode 100644 config-root/namespaces/jx/bucketrepo/bucketrepo-bucketrepo-deploy.yaml create mode 100644 config-root/namespaces/jx/bucketrepo/bucketrepo-bucketrepo-sa.yaml create mode 100644 config-root/namespaces/jx/bucketrepo/bucketrepo-config-secret.yaml create mode 100644 config-root/namespaces/jx/bucketrepo/bucketrepo-svc.yaml create mode 100644 config-root/namespaces/jx/bucketrepo/jenkins-x-bucketrepo-secret.yaml create mode 100644 config-root/namespaces/jx/jenkins-x-crds/jenkins-x-crds-3.0.5-release.yaml create mode 100644 config-root/namespaces/jx/jx-build-controller/jenkins-x-controllerbuild-sa.yaml create mode 100644 config-root/namespaces/jx/jx-build-controller/jx-build-controller-deploy.yaml create mode 100644 config-root/namespaces/jx/jx-build-controller/jx-build-controller-rb.yaml create mode 100644 config-root/namespaces/jx/jx-build-controller/jx-build-controller-role.yaml create mode 100644 config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-deploy.yaml create mode 100644 config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-ingress.yaml create mode 100644 config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-sa.yaml create mode 100644 config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-svc.yaml create mode 100644 config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-cronjob.yaml create mode 100644 config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-rb.yaml create mode 100644 config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-role.yaml create mode 100644 config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-sa.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/bucketrepo-ingress.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-2.0.1143-release.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-rb.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-role.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/jxboot-helmfile-resources-gcactivities-cronjob.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/jxboot-helmfile-resources-gcactivities-sa.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/gcpods-2.0.1143-release.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/gcpods-rb.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/gcpods-role.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/jxboot-helmfile-resources-gcpods-cronjob.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/jxboot-helmfile-resources-gcpods-sa.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/committer-role.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/dev-environment.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/dev-sourcerepository.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/hook-ingress.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/ingress-config-cm.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-maven-settings-secret.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-release-gpg-secret.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-x-docker-registry-cm.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-x-extensions-cm.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/jx-basic-auth-htpasswd-secret.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/jx-basic-auth-user-password-secret.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/jx-local-secrets-secret.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/jx-pipeline-activity-updater-role.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/jx-view-role.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/kapp-config-cm.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/owner-role.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/production-environment.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/staging-environment.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/tekton-bot-rb.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/tekton-bot-role.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/tekton-bot-sa.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/tekton-container-registry-auth-secret.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/tekton-git-secret.yaml create mode 100644 config-root/namespaces/jx/jxboot-helmfile-resources/viewer-role.yaml create mode 100644 config-root/namespaces/jx/lighthouse-config/config-cm.yaml create mode 100644 config-root/namespaces/jx/lighthouse-config/install-config-cm.yaml create mode 100644 config-root/namespaces/jx/lighthouse-config/jx-meta-pipeline.yaml create mode 100644 config-root/namespaces/jx/lighthouse-config/plugins-cm.yaml create mode 100644 config-root/namespaces/jx/lighthouse/hook-svc.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-foghorn-deploy.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-foghorn-rb.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-foghorn-role.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-foghorn-sa.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-cronjob.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-rb.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-role.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-sa.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-hmac-token-secret.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-keeper-deploy.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-keeper-rb.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-keeper-role.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-keeper-sa.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-keeper-svc.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-oauth-token-secret.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-deploy.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-rb.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-role.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-sa.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-svc.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-webhooks-deploy.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-webhooks-rb.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-webhooks-role.yaml create mode 100644 config-root/namespaces/jx/lighthouse/lighthouse-webhooks-sa.yaml create mode 100644 config-root/namespaces/jx/local-external-secrets/local-external-secrets-0.0.6-release.yaml create mode 100644 config-root/namespaces/jx/source-repositories/README.md create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/config-artifact-bucket-cm.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/config-artifact-pvc-cm.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/config-defaults-cm.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/config-leader-election-cm.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/config-logging-cm.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/config-observability-cm.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/config-registry-cert-cm.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/config.webhook.pipeline.tekton.dev-valwebhookcfg.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/feature-flags-cm.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-bot-sa.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-deploy.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-leaderelection-rb.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-rb.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-role.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-sa.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-svc.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-leader-election-role.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-podsecuritypolicy.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-deploy.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-horizontalpodautoscaler.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-leaderelection-rb.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-poddisruptionbudget.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-rb.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-role.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-sa.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-svc.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/validation.webhook.pipeline.tekton.dev-valwebhookcfg.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/webhook-certs-secret.yaml create mode 100644 config-root/namespaces/tekton-pipelines/tekton-pipeline/webhook.pipeline.tekton.dev-mutwebhookcfg.yaml diff --git a/.jx/secret/mapping/secret-mappings.yaml b/.jx/secret/mapping/secret-mappings.yaml index 87a2c3f..5fbd3cc 100644 --- a/.jx/secret/mapping/secret-mappings.yaml +++ b/.jx/secret/mapping/secret-mappings.yaml @@ -1,5 +1,7 @@ apiVersion: gitops.jenkins-x.io/v1alpha1 kind: SecretMapping +metadata: + creationTimestamp: null spec: defaults: backendType: local diff --git a/config-root/cluster/jx/jx-build-controller/jx-build-controller-jx-clusterrole.yaml b/config-root/cluster/jx/jx-build-controller/jx-build-controller-jx-clusterrole.yaml new file mode 100644 index 0000000..160867b --- /dev/null +++ b/config-root/cluster/jx/jx-build-controller/jx-build-controller-jx-clusterrole.yaml @@ -0,0 +1,44 @@ +# Source: jx-build-controller/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: jx-build-controller-jx + labels: + gitops.jenkins-x.io/pipeline: 'cluster' +rules: + - apiGroups: + - "" + resources: + - pods + - pods/log + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - apiGroups: + - tekton.dev + resources: + - pipelines + - pipelineruns + - tasks + - taskruns + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch diff --git a/config-root/cluster/jx/jx-build-controller/jx-build-controller-jx-crb.yaml b/config-root/cluster/jx/jx-build-controller/jx-build-controller-jx-crb.yaml new file mode 100644 index 0000000..1a8de26 --- /dev/null +++ b/config-root/cluster/jx/jx-build-controller/jx-build-controller-jx-crb.yaml @@ -0,0 +1,16 @@ +# Source: jx-build-controller/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: jx-build-controller-jx + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'cluster' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jx-build-controller-jx +subjects: + - kind: ServiceAccount + name: jenkins-x-controllerbuild + namespace: jx diff --git a/config-root/cluster/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-clusterrole.yaml b/config-root/cluster/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-clusterrole.yaml new file mode 100644 index 0000000..fa2a769 --- /dev/null +++ b/config-root/cluster/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-clusterrole.yaml @@ -0,0 +1,44 @@ +# Source: jx-pipelines-visualizer/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: jx-pipelines-visualizer + labels: + app.kubernetes.io/name: jx-pipelines-visualizer + app.kubernetes.io/instance: "jx-pipelines-visualizer" + helm.sh/chart: jx-pipelines-visualizer-1.1.11 + app.kubernetes.io/version: "latest" + app.kubernetes.io/managed-by: "Helm" + gitops.jenkins-x.io/pipeline: 'cluster' +rules: + - apiGroups: + - jenkins.io + resources: + - pipelineactivities + - pipelinestructures + verbs: + - list + - watch + - get + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - list + - watch + - get + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - watch + - get + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get diff --git a/config-root/cluster/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-crb.yaml b/config-root/cluster/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-crb.yaml new file mode 100644 index 0000000..a1ce756 --- /dev/null +++ b/config-root/cluster/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-crb.yaml @@ -0,0 +1,20 @@ +# Source: jx-pipelines-visualizer/templates/rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: jx-pipelines-visualizer + labels: + app.kubernetes.io/name: jx-pipelines-visualizer + app.kubernetes.io/instance: "jx-pipelines-visualizer" + helm.sh/chart: jx-pipelines-visualizer-1.1.11 + app.kubernetes.io/version: "latest" + app.kubernetes.io/managed-by: "Helm" + gitops.jenkins-x.io/pipeline: 'cluster' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: jx-pipelines-visualizer +subjects: + - kind: ServiceAccount + name: jx-pipelines-visualizer + namespace: jx diff --git a/config-root/cluster/jx/jx-preview/jx-preview-gc-jobs-clusterrole.yaml b/config-root/cluster/jx/jx-preview/jx-preview-gc-jobs-clusterrole.yaml new file mode 100644 index 0000000..98b0702 --- /dev/null +++ b/config-root/cluster/jx/jx-preview/jx-preview-gc-jobs-clusterrole.yaml @@ -0,0 +1,18 @@ +# Source: jx-preview/templates/gc-jobs-clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: jx-preview-gc-jobs + labels: + gitops.jenkins-x.io/pipeline: 'cluster' +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' + - nonResourceURLs: + - '*' + verbs: + - '*' diff --git a/config-root/cluster/jx/jx-preview/jx-preview-gc-jobs-crb.yaml b/config-root/cluster/jx/jx-preview/jx-preview-gc-jobs-crb.yaml new file mode 100644 index 0000000..1cee166 --- /dev/null +++ b/config-root/cluster/jx/jx-preview/jx-preview-gc-jobs-crb.yaml @@ -0,0 +1,15 @@ +# Source: jx-preview/templates/gc-jobs-clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: jx-preview-gc-jobs + labels: + gitops.jenkins-x.io/pipeline: 'cluster' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: jx-preview-gc-jobs + namespace: jx diff --git a/config-root/cluster/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-jx-clusterrole.yaml b/config-root/cluster/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-jx-clusterrole.yaml new file mode 100644 index 0000000..01215f5 --- /dev/null +++ b/config-root/cluster/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-jx-clusterrole.yaml @@ -0,0 +1,31 @@ +# Source: jxboot-helmfile-resources/charts/gcactivities/templates/clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gcactivities-jx + labels: + gitops.jenkins-x.io/pipeline: 'cluster' +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - create + - patch + - update + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - delete + - list + - apiGroups: + - apps + resources: + - deployments + verbs: + - get diff --git a/config-root/cluster/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-jx-crb.yaml b/config-root/cluster/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-jx-crb.yaml new file mode 100644 index 0000000..af973cd --- /dev/null +++ b/config-root/cluster/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-jx-crb.yaml @@ -0,0 +1,16 @@ +# Source: jxboot-helmfile-resources/charts/gcactivities/templates/clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gcactivities-jx + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'cluster' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gcactivities-jx +subjects: + - kind: ServiceAccount + name: jxboot-helmfile-resources-gcactivities + namespace: jx diff --git a/config-root/cluster/jx/jxboot-helmfile-resources/jenkinsx-aggregate-view-clusterrole.yaml b/config-root/cluster/jx/jxboot-helmfile-resources/jenkinsx-aggregate-view-clusterrole.yaml new file mode 100644 index 0000000..c37e542 --- /dev/null +++ b/config-root/cluster/jx/jxboot-helmfile-resources/jenkinsx-aggregate-view-clusterrole.yaml @@ -0,0 +1,20 @@ +# Source: jxboot-helmfile-resources/templates/jenkins-x-aggregate-view.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: jenkinsx-aggregate-view + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: jenkins-x + rbac.authorization.k8s.io/aggregate-to-view: "true" + gitops.jenkins-x.io/pipeline: 'cluster' +rules: + - apiGroups: + - jenkins.io + - comcast.github.io + resources: + - "*" + verbs: + - get + - list + - watch diff --git a/config-root/cluster/jx/jxboot-helmfile-resources/tekton-bot-clusterrole.yaml b/config-root/cluster/jx/jxboot-helmfile-resources/tekton-bot-clusterrole.yaml new file mode 100644 index 0000000..8350910 --- /dev/null +++ b/config-root/cluster/jx/jxboot-helmfile-resources/tekton-bot-clusterrole.yaml @@ -0,0 +1,38 @@ +# Source: jxboot-helmfile-resources/templates/build-bot-clusterrole.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "tekton-bot" + labels: + gitops.jenkins-x.io/pipeline: 'cluster' +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - create + - get + - update + - apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get diff --git a/config-root/cluster/jx/jxboot-helmfile-resources/tekton-bot-jx-crb.yaml b/config-root/cluster/jx/jxboot-helmfile-resources/tekton-bot-jx-crb.yaml new file mode 100644 index 0000000..cd7c35c --- /dev/null +++ b/config-root/cluster/jx/jxboot-helmfile-resources/tekton-bot-jx-crb.yaml @@ -0,0 +1,15 @@ +# Source: jxboot-helmfile-resources/templates/build-bot-clusterrolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: "tekton-bot-jx" + labels: + gitops.jenkins-x.io/pipeline: 'cluster' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: "tekton-bot" + namespace: jx diff --git a/config-root/cluster/namespaces/jx-production.yaml b/config-root/cluster/namespaces/jx-production.yaml new file mode 100644 index 0000000..24e8581 --- /dev/null +++ b/config-root/cluster/namespaces/jx-production.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Namespace +metadata: + creationTimestamp: null + labels: + name: jx-production + gitops.jenkins-x.io/pipeline: 'cluster' + team: 'jx' + name: jx-production +spec: {} +status: {} diff --git a/config-root/cluster/namespaces/jx-staging.yaml b/config-root/cluster/namespaces/jx-staging.yaml new file mode 100644 index 0000000..0fe2f19 --- /dev/null +++ b/config-root/cluster/namespaces/jx-staging.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Namespace +metadata: + creationTimestamp: null + labels: + name: jx-staging + gitops.jenkins-x.io/pipeline: 'cluster' + team: 'jx' + name: jx-staging +spec: {} +status: {} diff --git a/config-root/cluster/namespaces/jx.yaml b/config-root/cluster/namespaces/jx.yaml new file mode 100644 index 0000000..3a543c7 --- /dev/null +++ b/config-root/cluster/namespaces/jx.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + env: dev + team: jx + certmanager.k8s.io/disable-validation: "true" + gitops.jenkins-x.io/pipeline: 'cluster' + name: jx diff --git a/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-aggregate-edit-clusterrole.yaml b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-aggregate-edit-clusterrole.yaml new file mode 100644 index 0000000..f1ea017 --- /dev/null +++ b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-aggregate-edit-clusterrole.yaml @@ -0,0 +1,44 @@ +# Source: tekton-pipeline/templates/tekton-aggregate-edit-clusterrole.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-edit + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" + gitops.jenkins-x.io/pipeline: 'cluster' +rules: + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch diff --git a/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-aggregate-view-clusterrole.yaml b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-aggregate-view-clusterrole.yaml new file mode 100644 index 0000000..96d3764 --- /dev/null +++ b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-aggregate-view-clusterrole.yaml @@ -0,0 +1,38 @@ +# Source: tekton-pipeline/templates/tekton-aggregate-view-clusterrole.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tekton-aggregate-view + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + rbac.authorization.k8s.io/aggregate-to-view: "true" + gitops.jenkins-x.io/pipeline: 'cluster' +rules: + - apiGroups: + - tekton.dev + resources: + - tasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + - conditions + verbs: + - get + - list + - watch diff --git a/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-cluster-access-clusterrole.yaml b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-cluster-access-clusterrole.yaml new file mode 100644 index 0000000..ee8f8a2 --- /dev/null +++ b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-cluster-access-clusterrole.yaml @@ -0,0 +1,43 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-controller-cluster-access-clusterrole.yaml +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'cluster' +rules: + - apiGroups: [""] + # Namespace access is required because the controller timeout handling logic + # iterates over all namespaces and times out any PipelineRuns that have expired. + # Pod access is required because the taskrun controller wants to be updated when + # a Pod underlying a TaskRun changes state. + resources: ["namespaces", "pods"] + verbs: ["list", "watch"] + # Controller needs cluster access to all of the CRDs that it is responsible for + # managing. + - apiGroups: ["tekton.dev"] + resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", "conditions", "runs"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["taskruns/finalizers", "pipelineruns/finalizers", "runs/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["tekton.dev"] + resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "pipelineresources/status", "runs/status"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] diff --git a/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-cluster-access-crb.yaml b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-cluster-access-crb.yaml new file mode 100644 index 0000000..79fe10d --- /dev/null +++ b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-cluster-access-crb.yaml @@ -0,0 +1,32 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-controller-cluster-access-crb.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-cluster-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'cluster' +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-controller-cluster-access + apiGroup: rbac.authorization.k8s.io diff --git a/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-tenant-access-clusterrole.yaml b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-tenant-access-clusterrole.yaml new file mode 100644 index 0000000..d5c11db --- /dev/null +++ b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-tenant-access-clusterrole.yaml @@ -0,0 +1,23 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-controller-tenant-access-clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + # This is the access that the controller needs on a per-namespace basis. + name: tekton-pipelines-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'cluster' +rules: + - apiGroups: [""] + resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps", "persistentvolumeclaims", "limitranges"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + # Unclear if this access is actually required. Simply a hold-over from the previous + # incarnation of the controller's ClusterRole. + - apiGroups: ["apps"] + resources: ["deployments", "statefulsets"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] + - apiGroups: ["apps"] + resources: ["deployments/finalizers"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] diff --git a/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-tenant-access-crb.yaml b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-tenant-access-crb.yaml new file mode 100644 index 0000000..eabd1af --- /dev/null +++ b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-tenant-access-crb.yaml @@ -0,0 +1,22 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-controller-tenant-access-crb.yaml +# If this ClusterRoleBinding is replaced with a RoleBinding +# then the ClusterRole would be namespaced. The access described by +# the tekton-pipelines-controller-tenant-access ClusterRole would +# be scoped to individual tenant namespaces. +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-controller-tenant-access + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'cluster' +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-controller-tenant-access + apiGroup: rbac.authorization.k8s.io diff --git a/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-ns.yaml b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-ns.yaml new file mode 100644 index 0000000..5a069b2 --- /dev/null +++ b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-ns.yaml @@ -0,0 +1,24 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-ns.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'cluster' + team: 'jx' diff --git a/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-cluster-access-clusterrole.yaml b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-cluster-access-clusterrole.yaml new file mode 100644 index 0000000..da72329 --- /dev/null +++ b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-cluster-access-clusterrole.yaml @@ -0,0 +1,42 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-webhook-cluster-access-clusterrole.yaml +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'cluster' +rules: + # The webhook needs to be able to list and update customresourcedefinitions, + # mainly to update the webhook certificates. + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions", "customresourcedefinitions/status"] + verbs: ["get", "list", "update", "patch", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + # The webhook performs a reconciliation on these two resources and continuously + # updates configuration. + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + # knative starts informers on these things, which is why we need get, list and watch. + verbs: ["list", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + # This mutating webhook is responsible for applying defaults to tekton objects + # as they are received. + resourceNames: ["webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the mutatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns. + # config.webhook.pipeline.tekton.dev validates the logging configuration against knative's logging structure + resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"] + # When there are changes to the configs or secrets, knative updates the validatingwebhook config + # with the updated certificates or the refreshed set of rules. + verbs: ["get", "update"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] diff --git a/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-cluster-access-crb.yaml b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-cluster-access-crb.yaml new file mode 100644 index 0000000..a352292 --- /dev/null +++ b/config-root/cluster/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-cluster-access-crb.yaml @@ -0,0 +1,18 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-webhook-cluster-access-crb.yaml +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: tekton-pipelines-webhook-cluster-access + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'cluster' +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: ClusterRole + name: tekton-pipelines-webhook-cluster-access + apiGroup: rbac.authorization.k8s.io diff --git a/config-root/customresourcedefinitions/jx/jenkins-x-crds/environments.jenkins.io-crd.yaml b/config-root/customresourcedefinitions/jx/jenkins-x-crds/environments.jenkins.io-crd.yaml new file mode 100644 index 0000000..4388957 --- /dev/null +++ b/config-root/customresourcedefinitions/jx/jenkins-x-crds/environments.jenkins.io-crd.yaml @@ -0,0 +1,3630 @@ +# Source: jenkins-x-crds/templates/environments-crd.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: environments.jenkins.io + labels: + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + additionalPrinterColumns: + - JSONPath: .spec.namespace + description: The namespace used for the environment + name: Namespace + type: string + - JSONPath: .spec.kind + description: The kind of environment + name: Kind + type: string + - JSONPath: .spec.promotionStrategy + description: The strategy used for promoting to this environment + name: Promotion + type: string + - JSONPath: .spec.order + description: The order in which environments are automatically promoted + name: Order + type: integer + - JSONPath: .spec.source.url + description: The Git repository URL for the source of the environment configuration + name: Git URL + type: string + - JSONPath: .spec.source.ref + description: The git branch for the source of the environment configuration + name: Git Branch + type: string + conversion: + strategy: None + group: jenkins.io + names: + kind: Environment + listKind: EnvironmentList + plural: environments + shortNames: + - env + singular: environment + scope: Namespaced + validation: + openAPIV3Schema: + description: Environment represents an environment like Dev, Test, Staging, Production where code lives + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + description: ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. + properties: + annotations: + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + clusterName: + description: The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request. + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + deletionGracePeriodSeconds: + description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. + format: int64 + type: integer + deletionTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + finalizers: + description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. + items: + type: string + type: array + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. + + If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). + + Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency + type: string + generation: + description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. + format: int64 + type: integer + initializers: + description: Initializers tracks the progress of initialization. + properties: + pending: + description: Pending is a list of initializers that must execute in order before this object is visible. When the last pending initializer is removed, and no failing result is set, the initializers struct will be set to nil and the object is considered as initialized and visible to all clients. + items: + description: Initializer is information about an initializer that has not yet completed. + properties: + name: + description: name of the process that is responsible for initializing this object. + type: string + required: + - name + type: object + type: array + result: + description: Status is a return value for calls that don't return other objects. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + code: + description: Suggested HTTP return code for this status, 0 if not set. + format: int32 + type: integer + details: + description: StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined. + properties: + causes: + description: The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes. + items: + description: StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered. + properties: + field: + description: |- + The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. + + Examples: + "name" - the field "name" on the current resource + "items[0].name" - the field "name" on the first array entry in "items" + type: string + message: + description: A human-readable description of the cause of the error. This field may be presented as-is to a reader. + type: string + reason: + description: A machine-readable description of the cause of the error. If this value is empty there is no information available. + type: string + type: object + type: array + group: + description: The group attribute of the resource associated with the status StatusReason. + type: string + kind: + description: 'The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described). + type: string + retryAfterSeconds: + description: If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action. + format: int32 + type: integer + uid: + description: 'UID of the resource. (when there is a single resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + message: + description: A human-readable description of the status of this operation. + type: string + metadata: + description: ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}. + properties: + continue: + description: continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message. + type: string + resourceVersion: + description: 'String that identifies the server''s internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + selfLink: + description: selfLink is a URL representing this object. Populated by the system. Read-only. + type: string + type: object + reason: + description: A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it. + type: string + status: + description: 'Status of the operation. One of: "Success" or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' + type: string + type: object + required: + - pending + type: object + labels: + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: |- + Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. + + Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. + items: + description: OwnerReference contains enough information to let you identify an owning object. Currently, an owning object must be in the same namespace, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + type: array + resourceVersion: + description: |- + An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. + + Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency + type: string + selfLink: + description: SelfLink is a URL representing this object. Populated by the system. Read-only. + type: string + uid: + description: |- + UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. + + Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids + type: string + type: object + spec: + description: EnvironmentSpec is the specification of an Environment + properties: + cluster: + type: string + kind: + type: string + label: + type: string + namespace: + type: string + order: + format: int32 + type: integer + previewGitInfo: + description: PreviewGitSpec is the preview git branch/pull request details + properties: + appName: + type: string + applicationURL: + type: string + buildStatus: + type: string + buildStatusUrl: + type: string + description: + type: string + name: + type: string + title: + type: string + url: + type: string + user: + description: UserSpec is the user details + properties: + imageUrl: + type: string + linkUrl: + type: string + name: + type: string + username: + type: string + type: object + type: object + promotionStrategy: + type: string + pullRequestURL: + type: string + remoteCluster: + description: RemoteCluster flag indicates if the Environment is deployed in a separate cluster to the Development Environment + type: boolean + source: + description: EnvironmentRepository is the repository for an environment using GitOps + properties: + kind: + type: string + ref: + type: string + url: + type: string + type: object + teamSettings: + description: TeamSettings the default settings for a team + properties: + appPrefixes: + description: AppsPrefixes is the list of prefixes for appNames + items: + type: string + type: array + appsRepository: + type: string + askOnCreate: + type: boolean + bootRequirements: + description: BootRequirements is a marshaled string of the jx-requirements.yml used in the most recent run for this cluster + type: string + branchPatterns: + type: string + buildPackName: + type: string + buildPackRef: + type: string + buildPackUrl: + type: string + defaultScheduler: + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - kind + - name + type: object + deployKind: + description: DeployKind what kind of deployment ("default" uses regular Kubernetes Services and Deployments, "knative" uses the Knative Service resource instead) + type: string + deployOptions: + description: DeployOptions configures options for how to deploy applications by default such as using progressive delivery or using horizontal pod autoscaler + properties: + canary: + description: Canary should we enable canary rollouts (progressive delivery) for apps by default + type: boolean + hpa: + description: should we use the horizontal pod autoscaler on new apps by default? + type: boolean + type: object + dockerRegistryOrg: + type: string + envOrganisation: + type: string + forkBranchPatterns: + type: string + gitPublic: + type: boolean + gitServer: + type: string + helmBinary: + type: string + helmTemplate: + type: boolean + importMode: + description: ImportMode indicates what kind of + type: string + kubeProvider: + type: string + noTiller: + type: boolean + organisation: + type: string + pipelineUserEmail: + type: string + pipelineUsername: + type: string + postPreviewJobs: + items: + description: Job represents the configuration of a single job. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + description: ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. + properties: + annotations: + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + clusterName: + description: The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request. + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + deletionGracePeriodSeconds: + description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. + format: int64 + type: integer + deletionTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + finalizers: + description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. + items: + type: string + type: array + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. + + If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). + + Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency + type: string + generation: + description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. + format: int64 + type: integer + initializers: + description: Initializers tracks the progress of initialization. + properties: + pending: + description: Pending is a list of initializers that must execute in order before this object is visible. When the last pending initializer is removed, and no failing result is set, the initializers struct will be set to nil and the object is considered as initialized and visible to all clients. + items: + description: Initializer is information about an initializer that has not yet completed. + properties: + name: + description: name of the process that is responsible for initializing this object. + type: string + required: + - name + type: object + type: array + result: + description: Status is a return value for calls that don't return other objects. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + code: + description: Suggested HTTP return code for this status, 0 if not set. + format: int32 + type: integer + details: + description: StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined. + properties: + causes: + description: The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes. + items: + description: StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered. + properties: + field: + description: |- + The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. + + Examples: + "name" - the field "name" on the current resource + "items[0].name" - the field "name" on the first array entry in "items" + type: string + message: + description: A human-readable description of the cause of the error. This field may be presented as-is to a reader. + type: string + reason: + description: A machine-readable description of the cause of the error. If this value is empty there is no information available. + type: string + type: object + type: array + group: + description: The group attribute of the resource associated with the status StatusReason. + type: string + kind: + description: 'The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described). + type: string + retryAfterSeconds: + description: If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action. + format: int32 + type: integer + uid: + description: 'UID of the resource. (when there is a single resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + message: + description: A human-readable description of the status of this operation. + type: string + metadata: + description: ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}. + properties: + continue: + description: continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message. + type: string + resourceVersion: + description: 'String that identifies the server''s internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + selfLink: + description: selfLink is a URL representing this object. Populated by the system. Read-only. + type: string + type: object + reason: + description: A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it. + type: string + status: + description: 'Status of the operation. One of: "Success" or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' + type: string + type: object + required: + - pending + type: object + labels: + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: |- + Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. + + Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. + items: + description: OwnerReference contains enough information to let you identify an owning object. Currently, an owning object must be in the same namespace, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + type: array + resourceVersion: + description: |- + An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. + + Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency + type: string + selfLink: + description: SelfLink is a URL representing this object. Populated by the system. Read-only. + type: string + uid: + description: |- + UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. + + Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids + type: string + type: object + spec: + description: JobSpec describes how the job execution will look like. + properties: + activeDeadlineSeconds: + description: Specifies the duration in seconds relative to the startTime that the job may be active before the system tries to terminate it; value must be positive integer + format: int64 + type: integer + backoffLimit: + description: Specifies the number of retries before marking this job failed. Defaults to 6 + format: int32 + type: integer + completions: + description: 'Specifies the desired number of successfully finished pods the job should be run with. Setting to nil means that the success of any pod signals the success of all pods, and allows parallelism to have any positive value. Setting to 1 means that parallelism is limited to 1 and the success of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' + format: int32 + type: integer + manualSelector: + description: 'manualSelector controls generation of pod labels and pod selectors. Leave `manualSelector` unset unless you are certain what you are doing. When false or unset, the system pick labels unique to this job and appends those labels to the pod template. When true, the user is responsible for picking unique labels and specifying the selector. Failure to pick a unique label may cause this and other jobs to not function correctly. However, You may see `manualSelector=true` in jobs that were created with the old `extensions/v1beta1` API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector' + type: boolean + parallelism: + description: 'Specifies the maximum desired number of pods the job should run at any given time. The actual number of pods running in steady state will be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' + format: int32 + type: integer + selector: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + template: + description: PodTemplateSpec describes the data a pod should have when created from a template + properties: + metadata: + description: ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. + properties: + annotations: + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + clusterName: + description: The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request. + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + deletionGracePeriodSeconds: + description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. + format: int64 + type: integer + deletionTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + finalizers: + description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. + items: + type: string + type: array + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. + + If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). + + Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency + type: string + generation: + description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. + format: int64 + type: integer + initializers: + description: Initializers tracks the progress of initialization. + properties: + pending: + description: Pending is a list of initializers that must execute in order before this object is visible. When the last pending initializer is removed, and no failing result is set, the initializers struct will be set to nil and the object is considered as initialized and visible to all clients. + items: + description: Initializer is information about an initializer that has not yet completed. + properties: + name: + description: name of the process that is responsible for initializing this object. + type: string + required: + - name + type: object + type: array + result: + description: Status is a return value for calls that don't return other objects. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + code: + description: Suggested HTTP return code for this status, 0 if not set. + format: int32 + type: integer + details: + description: StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined. + properties: + causes: + description: The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes. + items: + description: StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered. + properties: + field: + description: |- + The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. + + Examples: + "name" - the field "name" on the current resource + "items[0].name" - the field "name" on the first array entry in "items" + type: string + message: + description: A human-readable description of the cause of the error. This field may be presented as-is to a reader. + type: string + reason: + description: A machine-readable description of the cause of the error. If this value is empty there is no information available. + type: string + type: object + type: array + group: + description: The group attribute of the resource associated with the status StatusReason. + type: string + kind: + description: 'The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described). + type: string + retryAfterSeconds: + description: If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action. + format: int32 + type: integer + uid: + description: 'UID of the resource. (when there is a single resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + message: + description: A human-readable description of the status of this operation. + type: string + metadata: + description: ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}. + properties: + continue: + description: continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message. + type: string + resourceVersion: + description: 'String that identifies the server''s internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + selfLink: + description: selfLink is a URL representing this object. Populated by the system. Read-only. + type: string + type: object + reason: + description: A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it. + type: string + status: + description: 'Status of the operation. One of: "Success" or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' + type: string + type: object + required: + - pending + type: object + labels: + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: |- + Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. + + Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. + items: + description: OwnerReference contains enough information to let you identify an owning object. Currently, an owning object must be in the same namespace, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + type: array + resourceVersion: + description: |- + An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. + + Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency + type: string + selfLink: + description: SelfLink is a URL representing this object. Populated by the system. Read-only. + type: string + uid: + description: |- + UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. + + Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids + type: string + type: object + spec: + description: PodSpec is a description of a pod. + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. + format: int64 + type: integer + affinity: + description: Affinity is a group of affinity scheduling rules. + properties: + nodeAffinity: + description: Node affinity is a group of node affinity scheduling rules. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Pod affinity is a group of inter pod affinity scheduling rules. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Pod anti affinity is a group of inter pod anti affinity scheduling rules. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: EnvVarSource represents a source for the value of an EnvVar. + properties: + configMapKeyRef: + description: Selects a key from a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or it's key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: ObjectFieldSelector selects an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: ResourceFieldSelector represents container resources (cpu, memory) and their output format + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: |- + Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors. + + The serialization format is: + + ::= + (Note that may be empty, from the "" case in .) + ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= "+" | "-" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei + (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) + ::= m | "" | k | M | G | T | P | E + (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) + ::= "e" | "E" + + No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities. + + When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized. + + Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that: + a. No precision is lost + b. No fractional digits will be emitted + c. The exponent (or suffix) is as large as possible. + The sign will be omitted unless the number is negative. + + Examples: + 1.5 will be serialized as "1500m" + 1.5Gi will be serialized as "1536Mi" + + Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise. + + Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.) + + This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation. + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret or it's key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: |- + ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. + + The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: |- + SecretEnvSource selects a Secret to populate the environment variables with. + + The contents of the target Secret's Data field will represent the key-value pairs as environment variables. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted. + properties: + postStart: + description: Handler defines a specific action that should be taken + properties: + exec: + description: ExecAction describes a "run in container" action. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + preStop: + description: Handler defines a specific action that should be taken + properties: + exec: + description: ExecAction describes a "run in container" action. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" action. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" action. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: ResourceRequirements describes the compute resource requirements. + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: Adds and removes POSIX capabilities from running containers. + properties: + add: + description: Added capabilities + items: + type: string + type: array + drop: + description: Removed capabilities + items: + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: SELinuxOptions are the labels to be applied to the container + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. This is an alpha feature and may change in the future. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - name + - devicePath + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + required: + - name + - mountPath + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + dnsConfig: + description: PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. + type: string + hostAliases: + description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + items: + description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + type: array + initContainers: + description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, or Liveness probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' + items: + description: A single application container that you want to run within a pod. + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: EnvVarSource represents a source for the value of an EnvVar. + properties: + configMapKeyRef: + description: Selects a key from a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or it's key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: ObjectFieldSelector selects an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: ResourceFieldSelector represents container resources (cpu, memory) and their output format + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: |- + Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors. + + The serialization format is: + + ::= + (Note that may be empty, from the "" case in .) + ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= "+" | "-" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei + (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) + ::= m | "" | k | M | G | T | P | E + (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) + ::= "e" | "E" + + No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities. + + When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized. + + Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that: + a. No precision is lost + b. No fractional digits will be emitted + c. The exponent (or suffix) is as large as possible. + The sign will be omitted unless the number is negative. + + Examples: + 1.5 will be serialized as "1500m" + 1.5Gi will be serialized as "1536Mi" + + Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise. + + Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.) + + This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation. + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: SecretKeySelector selects a key of a Secret. + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret or it's key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source of a set of ConfigMaps + properties: + configMapRef: + description: |- + ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. + + The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: |- + SecretEnvSource selects a Secret to populate the environment variables with. + + The contents of the target Secret's Data field will represent the key-value pairs as environment variables. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted. + properties: + postStart: + description: Handler defines a specific action that should be taken + properties: + exec: + description: ExecAction describes a "run in container" action. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + preStop: + description: Handler defines a specific action that should be taken + properties: + exec: + description: ExecAction describes a "run in container" action. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" action. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + items: + description: ContainerPort represents a network port in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" action. + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: ResourceRequirements describes the compute resource requirements. + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: Adds and removes POSIX capabilities from running containers. + properties: + add: + description: Added capabilities + items: + type: string + type: array + drop: + description: Removed capabilities + items: + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: SELinuxOptions are the labels to be applied to the container + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + type: object + stdin: + description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the container. This is an alpha feature and may change in the future. + items: + description: volumeDevice describes a mapping of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + required: + - name + - devicePath + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume within a container. + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + required: + - name + - mountPath + type: object + type: array + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + required: + - name + type: object + type: array + nodeName: + description: NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements. + type: string + nodeSelector: + description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + priority: + description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. + type: string + readinessGates: + description: 'If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://github.com/kubernetes/community/blob/master/keps/sig-network/0007-pod-ready%2B%2B.md' + items: + description: PodReadinessGate contains the reference to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' + type: string + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://github.com/kubernetes/community/blob/master/keps/sig-node/0014-runtime-class.md This is an alpha feature and may change in the future.' + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. + type: string + securityContext: + description: PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: + + 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + format: int64 + type: integer + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: SELinuxOptions are the labels to be applied to the container + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + type: object + serviceAccount: + description: 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + shareProcessNamespace: + description: 'Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.' + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + properties: + awsElasticBlockStore: + description: |- + Represents a Persistent Disk resource in AWS. + + An AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling. + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' + format: int32 + type: integer + readOnly: + description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: boolean + volumeID: + description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + type: string + required: + - volumeID + type: object + azureDisk: + description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'Host Caching mode: None, Read Only, Read Write.' + type: string + diskName: + description: The Name of the data disk in the blob storage + type: string + diskURI: + description: The URI the data disk in the blob storage + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. + properties: + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: the name of secret that contains Azure Storage Account Name and Key + type: string + shareName: + description: Share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling. + properties: + monitors: + description: 'Required: Monitors is a collection of Ceph monitors More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' + items: + type: string + type: array + path: + description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' + type: boolean + secretFile: + description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' + type: string + secretRef: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + user: + description: 'Optional: User is the rados user name, default is admin More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' + type: string + required: + - monitors + type: object + cinder: + description: Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling. + properties: + fsType: + description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' + type: string + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' + type: boolean + secretRef: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + volumeID: + description: 'volume id used to identify the volume in cinder More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' + type: string + required: + - volumeID + type: object + configMap: + description: |- + Adapts a ConfigMap into a volume. + + The contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling. + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or it's keys must be defined + type: boolean + type: object + downwardAPI: + description: DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling. + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: ObjectFieldSelector selects an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: ResourceFieldSelector represents container resources (cpu, memory) and their output format + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: |- + Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors. + + The serialization format is: + + ::= + (Note that may be empty, from the "" case in .) + ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= "+" | "-" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei + (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) + ::= m | "" | k | M | G | T | P | E + (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) + ::= "e" | "E" + + No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities. + + When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized. + + Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that: + a. No precision is lost + b. No fractional digits will be emitted + c. The exponent (or suffix) is as large as possible. + The sign will be omitted unless the number is negative. + + Examples: + 1.5 will be serialized as "1500m" + 1.5Gi will be serialized as "1536Mi" + + Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise. + + Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.) + + This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation. + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling. + properties: + medium: + description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: |- + Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors. + + The serialization format is: + + ::= + (Note that may be empty, from the "" case in .) + ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= "+" | "-" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei + (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) + ::= m | "" | k | M | G | T | P | E + (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) + ::= "e" | "E" + + No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities. + + When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized. + + Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that: + a. No precision is lost + b. No fractional digits will be emitted + c. The exponent (or suffix) is as large as possible. + The sign will be omitted unless the number is negative. + + Examples: + 1.5 will be serialized as "1500m" + 1.5Gi will be serialized as "1536Mi" + + Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise. + + Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.) + + This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation. + type: string + type: object + fc: + description: Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + lun: + description: 'Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + targetWWNs: + description: 'Optional: FC target worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' + items: + type: string + type: array + type: object + flexVolume: + description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. + properties: + driver: + description: Driver is the name of the driver to use for this volume. + type: string + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + description: 'Optional: Extra command options if any.' + type: object + readOnly: + description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' + type: boolean + secretRef: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + required: + - driver + type: object + flocker: + description: Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling. + properties: + datasetName: + description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated + type: string + datasetUUID: + description: UUID of the dataset. This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + Represents a Persistent Disk resource in Google Compute Engine. + + A GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling. + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + partition: + description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + format: int32 + type: integer + pdName: + description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling. + + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. + properties: + directory: + description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling. + properties: + endpoints: + description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling. + properties: + path: + description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + iscsi: + description: Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling. + properties: + chapAuthDiscovery: + description: whether support iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: whether support iSCSI Session CHAP authentication + type: boolean + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi' + type: string + initiatorName: + description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. + type: string + iqn: + description: Target iSCSI Qualified Name. + type: string + iscsiInterface: + description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). + type: string + lun: + description: iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. + type: boolean + secretRef: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + targetPortal: + description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). + type: string + required: + - targetPortal + - iqn + - lun + type: object + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + nfs: + description: Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling. + properties: + path: + description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - server + - path + type: object + persistentVolumeClaim: + description: PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system). + properties: + claimName: + description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' + type: string + readOnly: + description: Will force the ReadOnly setting in VolumeMounts. Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: Represents a Photon Controller persistent disk resource. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: ID that identifies Photon Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: PortworxVolumeSource represents a Portworx volume resource. + properties: + fsType: + description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: VolumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: Represents a projected volume source + properties: + defaultMode: + description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along with other supported volume types + properties: + configMap: + description: |- + Adapts a ConfigMap into a projected volume. + + The contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode. + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or it's keys must be defined + type: boolean + type: object + downwardAPI: + description: Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode. + properties: + items: + description: Items is a list of DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + properties: + fieldRef: + description: ObjectFieldSelector selects an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: ResourceFieldSelector represents container resources (cpu, memory) and their output format + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: |- + Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors. + + The serialization format is: + + ::= + (Note that may be empty, from the "" case in .) + ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= "+" | "-" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei + (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html) + ::= m | "" | k | M | G | T | P | E + (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.) + ::= "e" | "E" + + No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities. + + When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized. + + Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that: + a. No precision is lost + b. No fractional digits will be emitted + c. The exponent (or suffix) is as large as possible. + The sign will be omitted unless the number is negative. + + Examples: + 1.5 will be serialized as "1500m" + 1.5Gi will be serialized as "1536Mi" + + Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise. + + Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.) + + This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation. + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: |- + Adapts a secret into a projected volume. + + The contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode. + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise). + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + required: + - path + type: object + type: object + type: array + required: + - sources + type: object + quobyte: + description: Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling. + properties: + group: + description: Group to map volume access to Default is no group + type: string + readOnly: + description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. + type: boolean + registry: + description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes + type: string + user: + description: User to map volume access to Defaults to serivceaccount user + type: string + volume: + description: Volume is a string that references an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling. + properties: + fsType: + description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd' + type: string + image: + description: 'The rados image name. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' + type: string + keyring: + description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' + type: string + monitors: + description: 'A collection of Ceph monitors. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' + items: + type: string + type: array + pool: + description: 'The rados pool name. Default is rbd. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' + type: string + readOnly: + description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' + type: boolean + secretRef: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + user: + description: 'The rados user name. Default is admin. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' + type: string + required: + - monitors + - image + type: object + scaleIO: + description: ScaleIOVolumeSource represents a persistent ScaleIO volume + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". + type: string + gateway: + description: The host address of the ScaleIO API Gateway. + type: string + protectionDomain: + description: The name of the ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + sslEnabled: + description: Flag to enable/disable SSL communication with Gateway, default false + type: boolean + storageMode: + description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. + type: string + storagePool: + description: The ScaleIO Storage Pool associated with the protection domain. + type: string + system: + description: The name of the storage system as configured in ScaleIO. + type: string + volumeName: + description: The name of a volume already created in the ScaleIO system that is associated with this volume source. + type: string + required: + - gateway + - system + - secretRef + type: object + secret: + description: |- + Adapts a Secret into a volume. + + The contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling. + properties: + defaultMode: + description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or it's keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + storageos: + description: Represents a StorageOS persistent volume resource. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + type: object + volumeName: + description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. + type: string + volumeNamespace: + description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: Represents a vSphere volume resource. + properties: + fsType: + description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: Storage Policy Based Management (SPBM) profile name. + type: string + volumePath: + description: Path that identifies vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + ttlSecondsAfterFinished: + description: ttlSecondsAfterFinished limits the lifetime of a Job that has finished execution (either Complete or Failed). If this field is set, ttlSecondsAfterFinished after the Job finishes, it is eligible to be automatically deleted. When the Job is being deleted, its lifecycle guarantees (e.g. finalizers) will be honored. If this field is unset, the Job won't be automatically deleted. If this field is set to zero, the Job becomes eligible to be deleted immediately after it finishes. This field is alpha-level and is only honored by servers that enable the TTLAfterFinished feature. + format: int32 + type: integer + required: + - template + type: object + status: + description: JobStatus represents the current state of a Job. + properties: + active: + description: The number of actively running pods. + format: int32 + type: integer + completionTime: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + conditions: + description: 'The latest available observations of an object''s current state. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/' + items: + description: JobCondition describes current state of a job. + properties: + lastProbeTime: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + lastTransitionTime: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + message: + description: Human readable message indicating details about last transition. + type: string + reason: + description: (brief) reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of job condition, Complete or Failed. + type: string + required: + - type + - status + type: object + type: array + failed: + description: The number of pods which reached phase Failed. + format: int32 + type: integer + startTime: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + succeeded: + description: The number of pods which reached phase Succeeded. + format: int32 + type: integer + type: object + type: object + type: array + profile: + description: Profile is the profile in use (see jx profile) + type: string + promotionEngine: + type: string + prowConfig: + description: ProwConfig is the way we manage prow configurations + type: string + prowEngine: + description: ProwEngine is the kind of prow engine used such as knative build or build pipeline + type: string + quickstartLocations: + items: + description: QuickStartLocation + properties: + excludes: + items: + type: string + type: array + gitKind: + type: string + gitUrl: + type: string + includes: + items: + type: string + type: array + owner: + type: string + type: object + type: array + storageLocations: + items: + description: StorageLocation + properties: + bucketUrl: + type: string + classifier: + type: string + gitBranch: + type: string + gitUrl: + type: string + type: object + type: array + useGitOps: + type: boolean + versionStreamRef: + description: VersionStreamRef contains the git ref (tag or branch) in the VersionStreamURL repository to use as the version stream + type: string + versionStreamUrl: + description: VersionStreamURL contains the git clone URL for the Version Stream which is the set of versions to use for charts, images, packages etc + type: string + type: object + webHookEngine: + type: string + type: object + status: + description: EnvironmentStatus is the status for an Environment resource + properties: + version: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + kind: Environment + listKind: EnvironmentList + plural: environments + shortNames: + - env + singular: environment + conditions: + - lastTransitionTime: "2020-03-30T19:10:44Z" + message: no conflicts found + reason: NoConflicts + status: "True" + type: NamesAccepted + - lastTransitionTime: null + message: the initial names have been accepted + reason: InitialNamesAccepted + status: "True" + type: Established + storedVersions: + - v1 diff --git a/config-root/customresourcedefinitions/jx/jenkins-x-crds/pipelineactivities.jenkins.io-crd.yaml b/config-root/customresourcedefinitions/jx/jenkins-x-crds/pipelineactivities.jenkins.io-crd.yaml new file mode 100644 index 0000000..279f77d --- /dev/null +++ b/config-root/customresourcedefinitions/jx/jenkins-x-crds/pipelineactivities.jenkins.io-crd.yaml @@ -0,0 +1,526 @@ +# Source: jenkins-x-crds/templates/pipelineactivities-crd.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: pipelineactivities.jenkins.io + labels: + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + additionalPrinterColumns: + - JSONPath: .spec.gitUrl + description: The URL of the Git repository + name: Git URL + type: string + - JSONPath: .spec.status + description: The status of the pipeline + name: Status + type: string + conversion: + strategy: None + group: jenkins.io + names: + categories: + - all + kind: PipelineActivity + listKind: PipelineActivityList + plural: pipelineactivities + shortNames: + - activity + - act + - pa + singular: pipelineactivity + scope: Namespaced + validation: + openAPIV3Schema: + description: PipelineActivity represents pipeline activity for a particular run of a pipeline + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + description: ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. + properties: + annotations: + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + clusterName: + description: The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request. + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + deletionGracePeriodSeconds: + description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. + format: int64 + type: integer + deletionTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + finalizers: + description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. + items: + type: string + type: array + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. + + If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). + + Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency + type: string + generation: + description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. + format: int64 + type: integer + initializers: + description: Initializers tracks the progress of initialization. + properties: + pending: + description: Pending is a list of initializers that must execute in order before this object is visible. When the last pending initializer is removed, and no failing result is set, the initializers struct will be set to nil and the object is considered as initialized and visible to all clients. + items: + description: Initializer is information about an initializer that has not yet completed. + properties: + name: + description: name of the process that is responsible for initializing this object. + type: string + required: + - name + type: object + type: array + result: + description: Status is a return value for calls that don't return other objects. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + code: + description: Suggested HTTP return code for this status, 0 if not set. + format: int32 + type: integer + details: + description: StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined. + properties: + causes: + description: The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes. + items: + description: StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered. + properties: + field: + description: |- + The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. + + Examples: + "name" - the field "name" on the current resource + "items[0].name" - the field "name" on the first array entry in "items" + type: string + message: + description: A human-readable description of the cause of the error. This field may be presented as-is to a reader. + type: string + reason: + description: A machine-readable description of the cause of the error. If this value is empty there is no information available. + type: string + type: object + type: array + group: + description: The group attribute of the resource associated with the status StatusReason. + type: string + kind: + description: 'The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described). + type: string + retryAfterSeconds: + description: If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action. + format: int32 + type: integer + uid: + description: 'UID of the resource. (when there is a single resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + message: + description: A human-readable description of the status of this operation. + type: string + metadata: + description: ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}. + properties: + continue: + description: continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message. + type: string + resourceVersion: + description: 'String that identifies the server''s internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + selfLink: + description: selfLink is a URL representing this object. Populated by the system. Read-only. + type: string + type: object + reason: + description: A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it. + type: string + status: + description: 'Status of the operation. One of: "Success" or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' + type: string + type: object + required: + - pending + type: object + labels: + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: |- + Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. + + Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. + items: + description: OwnerReference contains enough information to let you identify an owning object. Currently, an owning object must be in the same namespace, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + type: array + resourceVersion: + description: |- + An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. + + Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency + type: string + selfLink: + description: SelfLink is a URL representing this object. Populated by the system. Read-only. + type: string + uid: + description: |- + UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. + + Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids + type: string + type: object + spec: + description: PipelineActivitySpec is the specification of the pipeline activity + properties: + attachments: + items: + properties: + name: + type: string + urls: + items: + type: string + type: array + type: object + type: array + author: + type: string + baseSHA: + type: string + batchPipelineActivity: + description: BatchPipelineActivity contains information about a batch build, used by both the batch build and its comprising PRs for linking them together + properties: + batchBranchName: + type: string + batchBuildNumber: + type: string + pullRequestInfo: + items: + description: PullRequestInfo contains information about a PR included in a batch, like its PR number, the last build number, and SHA + properties: + lastBuildNumberForCommit: + description: LastBuildNumberForCommit is the number of the last successful build of this PR outside of a batch + type: string + lastBuildSHA: + description: LastBuildSHA is the commit SHA in the last successful build of this PR outside of a batch. + type: string + pullRequestNumber: + type: string + type: object + type: array + type: object + build: + type: string + buildLogsUrl: + type: string + buildUrl: + type: string + completedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + context: + type: string + gitBranch: + type: string + gitOwner: + type: string + gitRepository: + type: string + gitUrl: + type: string + lastCommitMessage: + type: string + lastCommitSHA: + type: string + lastCommitURL: + type: string + pipeline: + type: string + postExtensions: + items: + description: ExtensionExecution is an executable instance of an extension which can be attached into a pipeline for later execution. It differs from an Extension as it cannot have children and parameters have been resolved to environment variables + properties: + description: + type: string + environmentVariables: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + given: + type: string + name: + type: string + namespace: + type: string + script: + type: string + uuid: + type: string + type: object + type: array + pullTitle: + type: string + releaseNotesURL: + type: string + startedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + status: + type: string + steps: + items: + description: PipelineActivityStep represents a step in a pipeline activity + properties: + kind: + type: string + preview: + description: PreviewActivityStep is the step of creating a preview environment as part of a Pull Request pipeline + properties: + applicationURL: + type: string + completedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + description: + type: string + environment: + type: string + name: + type: string + pullRequestURL: + type: string + startedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + status: + type: string + type: object + promote: + description: PromoteActivityStep is the step of promoting a version of an application to an environment + properties: + applicationURL: + type: string + completedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + description: + type: string + environment: + type: string + name: + type: string + pullRequest: + description: PromotePullRequestStep is the step for promoting a version to an environment by raising a Pull Request on the git repository of the environment + properties: + completedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + description: + type: string + mergeCommitSHA: + type: string + name: + type: string + pullRequestURL: + type: string + startedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + status: + type: string + type: object + startedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + status: + type: string + update: + description: PromoteUpdateStep is the step for updating a promotion after the Pull Request merges to master + properties: + completedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + description: + type: string + name: + type: string + startedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + status: + type: string + statuses: + items: + description: GitStatus the status of a git commit in terms of CI/CD + properties: + status: + type: string + url: + type: string + type: object + type: array + type: object + type: object + stage: + description: StageActivityStep represents a stage of zero to more sub steps in a jenkins pipeline + properties: + completedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + description: + type: string + name: + type: string + startedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + status: + type: string + steps: + items: + description: CoreActivityStep is a base step included in Stages of a pipeline or other kinds of step + properties: + completedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + description: + type: string + name: + type: string + startedTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + status: + type: string + type: object + type: array + type: object + type: object + type: array + version: + type: string + workflow: + type: string + workflowMessage: + type: string + workflowStatus: + type: string + type: object + status: + description: PipelineActivityStatus is the status for an Environment resource + properties: + version: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + categories: + - all + kind: PipelineActivity + listKind: PipelineActivityList + plural: pipelineactivities + shortNames: + - activity + - act + - pa + singular: pipelineactivity + conditions: + - lastTransitionTime: "2020-03-30T19:10:44Z" + message: no conflicts found + reason: NoConflicts + status: "True" + type: NamesAccepted + - lastTransitionTime: null + message: the initial names have been accepted + reason: InitialNamesAccepted + status: "True" + type: Established + storedVersions: + - v1 diff --git a/config-root/customresourcedefinitions/jx/jenkins-x-crds/releases.jenkins.io-crd.yaml b/config-root/customresourcedefinitions/jx/jenkins-x-crds/releases.jenkins.io-crd.yaml new file mode 100644 index 0000000..f3f8f5f --- /dev/null +++ b/config-root/customresourcedefinitions/jx/jenkins-x-crds/releases.jenkins.io-crd.yaml @@ -0,0 +1,712 @@ +# Source: jenkins-x-crds/templates/releases-crd.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: releases.jenkins.io + labels: + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + additionalPrinterColumns: + - JSONPath: .spec.name + description: The name of the Release + name: Name + type: string + - JSONPath: .spec.version + description: The version number of the Release + name: Version + type: string + - JSONPath: .spec.gitHttpUrl + description: The URL of the Git repository + name: Git URL + type: string + conversion: + strategy: None + group: jenkins.io + names: + categories: + - all + kind: Release + listKind: ReleaseList + plural: releases + shortNames: + - rel + singular: release + scope: Namespaced + validation: + openAPIV3Schema: + description: Release represents a single version of an app that has been released + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + description: ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. + properties: + annotations: + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + clusterName: + description: The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request. + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + deletionGracePeriodSeconds: + description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. + format: int64 + type: integer + deletionTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + finalizers: + description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. + items: + type: string + type: array + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. + + If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). + + Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency + type: string + generation: + description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. + format: int64 + type: integer + initializers: + description: Initializers tracks the progress of initialization. + properties: + pending: + description: Pending is a list of initializers that must execute in order before this object is visible. When the last pending initializer is removed, and no failing result is set, the initializers struct will be set to nil and the object is considered as initialized and visible to all clients. + items: + description: Initializer is information about an initializer that has not yet completed. + properties: + name: + description: name of the process that is responsible for initializing this object. + type: string + required: + - name + type: object + type: array + result: + description: Status is a return value for calls that don't return other objects. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + code: + description: Suggested HTTP return code for this status, 0 if not set. + format: int32 + type: integer + details: + description: StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined. + properties: + causes: + description: The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes. + items: + description: StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered. + properties: + field: + description: |- + The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. + + Examples: + "name" - the field "name" on the current resource + "items[0].name" - the field "name" on the first array entry in "items" + type: string + message: + description: A human-readable description of the cause of the error. This field may be presented as-is to a reader. + type: string + reason: + description: A machine-readable description of the cause of the error. If this value is empty there is no information available. + type: string + type: object + type: array + group: + description: The group attribute of the resource associated with the status StatusReason. + type: string + kind: + description: 'The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described). + type: string + retryAfterSeconds: + description: If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action. + format: int32 + type: integer + uid: + description: 'UID of the resource. (when there is a single resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + message: + description: A human-readable description of the status of this operation. + type: string + metadata: + description: ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}. + properties: + continue: + description: continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message. + type: string + resourceVersion: + description: 'String that identifies the server''s internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + selfLink: + description: selfLink is a URL representing this object. Populated by the system. Read-only. + type: string + type: object + reason: + description: A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it. + type: string + status: + description: 'Status of the operation. One of: "Success" or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' + type: string + type: object + required: + - pending + type: object + labels: + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: |- + Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. + + Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. + items: + description: OwnerReference contains enough information to let you identify an owning object. Currently, an owning object must be in the same namespace, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + type: array + resourceVersion: + description: |- + An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. + + Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency + type: string + selfLink: + description: SelfLink is a URL representing this object. Populated by the system. Read-only. + type: string + uid: + description: |- + UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. + + Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids + type: string + type: object + spec: + description: ReleaseSpec is the specification of the Release + properties: + commits: + items: + description: CommitSummary is the summary of a commit + properties: + author: + description: UserDetails containers details of a user + properties: + accountReference: + items: + description: AccountReference is a reference to a user account in another system that is attached to this user + properties: + id: + type: string + provider: + type: string + type: object + type: array + avatarUrl: + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + email: + type: string + externalUser: + type: boolean + login: + type: string + name: + type: string + serviceAccount: + type: string + url: + type: string + type: object + branch: + type: string + committer: + description: UserDetails containers details of a user + properties: + accountReference: + items: + description: AccountReference is a reference to a user account in another system that is attached to this user + properties: + id: + type: string + provider: + type: string + type: object + type: array + avatarUrl: + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + email: + type: string + externalUser: + type: boolean + login: + type: string + name: + type: string + serviceAccount: + type: string + url: + type: string + type: object + issueIds: + items: + type: string + type: array + message: + type: string + sha: + type: string + url: + type: string + type: object + type: array + dependencyUpdates: + items: + description: DependencyUpdate describes an dependency update message from the commit log + properties: + component: + type: string + fromReleaseHTMLURL: + type: string + fromReleaseName: + type: string + fromVersion: + type: string + host: + type: string + owner: + type: string + paths: + items: + items: + description: DependencyUpdateDetails are the details of a dependency update + properties: + component: + type: string + fromReleaseHTMLURL: + type: string + fromReleaseName: + type: string + fromVersion: + type: string + host: + type: string + owner: + type: string + repo: + type: string + toReleaseHTMLURL: + type: string + toReleaseName: + type: string + toVersion: + type: string + url: + type: string + required: + - host + - owner + - repo + - url + - fromVersion + - fromReleaseHTMLURL + - fromReleaseName + - toVersion + - toReleaseHTMLURL + - toReleaseName + type: object + type: array + type: array + repo: + type: string + toReleaseHTMLURL: + type: string + toReleaseName: + type: string + toVersion: + type: string + url: + type: string + required: + - host + - owner + - repo + - url + - fromVersion + - fromReleaseHTMLURL + - fromReleaseName + - toVersion + - toReleaseHTMLURL + - toReleaseName + type: object + type: array + gitCloneUrl: + type: string + gitHttpUrl: + type: string + gitOwner: + type: string + gitRepository: + type: string + issues: + items: + description: IssueSummary is the summary of an issue + properties: + assignees: + items: + description: UserDetails containers details of a user + properties: + accountReference: + items: + description: AccountReference is a reference to a user account in another system that is attached to this user + properties: + id: + type: string + provider: + type: string + type: object + type: array + avatarUrl: + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + email: + type: string + externalUser: + type: boolean + login: + type: string + name: + type: string + serviceAccount: + type: string + url: + type: string + type: object + type: array + body: + type: string + closedBy: + description: UserDetails containers details of a user + properties: + accountReference: + items: + description: AccountReference is a reference to a user account in another system that is attached to this user + properties: + id: + type: string + provider: + type: string + type: object + type: array + avatarUrl: + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + email: + type: string + externalUser: + type: boolean + login: + type: string + name: + type: string + serviceAccount: + type: string + url: + type: string + type: object + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + id: + type: string + labels: + items: + properties: + color: + type: string + name: + type: string + url: + type: string + type: object + type: array + message: + type: string + state: + type: string + title: + type: string + url: + type: string + user: + description: UserDetails containers details of a user + properties: + accountReference: + items: + description: AccountReference is a reference to a user account in another system that is attached to this user + properties: + id: + type: string + provider: + type: string + type: object + type: array + avatarUrl: + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + email: + type: string + externalUser: + type: boolean + login: + type: string + name: + type: string + serviceAccount: + type: string + url: + type: string + type: object + type: object + type: array + name: + type: string + pullRequests: + items: + description: IssueSummary is the summary of an issue + properties: + assignees: + items: + description: UserDetails containers details of a user + properties: + accountReference: + items: + description: AccountReference is a reference to a user account in another system that is attached to this user + properties: + id: + type: string + provider: + type: string + type: object + type: array + avatarUrl: + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + email: + type: string + externalUser: + type: boolean + login: + type: string + name: + type: string + serviceAccount: + type: string + url: + type: string + type: object + type: array + body: + type: string + closedBy: + description: UserDetails containers details of a user + properties: + accountReference: + items: + description: AccountReference is a reference to a user account in another system that is attached to this user + properties: + id: + type: string + provider: + type: string + type: object + type: array + avatarUrl: + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + email: + type: string + externalUser: + type: boolean + login: + type: string + name: + type: string + serviceAccount: + type: string + url: + type: string + type: object + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + id: + type: string + labels: + items: + properties: + color: + type: string + name: + type: string + url: + type: string + type: object + type: array + message: + type: string + state: + type: string + title: + type: string + url: + type: string + user: + description: UserDetails containers details of a user + properties: + accountReference: + items: + description: AccountReference is a reference to a user account in another system that is attached to this user + properties: + id: + type: string + provider: + type: string + type: object + type: array + avatarUrl: + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + email: + type: string + externalUser: + type: boolean + login: + type: string + name: + type: string + serviceAccount: + type: string + url: + type: string + type: object + type: object + type: array + releaseNotesURL: + type: string + version: + type: string + type: object + status: + description: ReleaseStatus is the status of a release + properties: + status: + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + categories: + - all + kind: Release + listKind: ReleaseList + plural: releases + shortNames: + - rel + singular: release + conditions: + - lastTransitionTime: "2020-03-30T19:10:44Z" + message: no conflicts found + reason: NoConflicts + status: "True" + type: NamesAccepted + - lastTransitionTime: null + message: the initial names have been accepted + reason: InitialNamesAccepted + status: "True" + type: Established + storedVersions: + - v1 diff --git a/config-root/customresourcedefinitions/jx/jenkins-x-crds/sourcerepositories.jenkins.io-crd.yaml b/config-root/customresourcedefinitions/jx/jenkins-x-crds/sourcerepositories.jenkins.io-crd.yaml new file mode 100644 index 0000000..23b6f49 --- /dev/null +++ b/config-root/customresourcedefinitions/jx/jenkins-x-crds/sourcerepositories.jenkins.io-crd.yaml @@ -0,0 +1,310 @@ +# Source: jenkins-x-crds/templates/sourcerepositories-crd.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: sourcerepositories.jenkins.io + labels: + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + additionalPrinterColumns: + - JSONPath: .spec.url + description: The URL of the git repository + name: URL + type: string + - JSONPath: .spec.description + description: A description of the source code repository - non-functional user-data + name: Description + type: string + conversion: + strategy: None + group: jenkins.io + names: + categories: + - all + kind: SourceRepository + listKind: SourceRepositoryList + plural: sourcerepositories + shortNames: + - sourcerepo + - srcrepo + - sr + singular: sourcerepository + scope: Namespaced + validation: + openAPIV3Schema: + description: SourceRepository is the metadata for an Application/Project/SourceRepository + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + description: ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. + properties: + annotations: + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + clusterName: + description: The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request. + type: string + creationTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + deletionGracePeriodSeconds: + description: Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only. + format: int64 + type: integer + deletionTimestamp: + description: Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers. + format: date-time + type: string + finalizers: + description: Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. + items: + type: string + type: array + generateName: + description: |- + GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. + + If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). + + Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency + type: string + generation: + description: A sequence number representing a specific generation of the desired state. Populated by the system. Read-only. + format: int64 + type: integer + initializers: + description: Initializers tracks the progress of initialization. + properties: + pending: + description: Pending is a list of initializers that must execute in order before this object is visible. When the last pending initializer is removed, and no failing result is set, the initializers struct will be set to nil and the object is considered as initialized and visible to all clients. + items: + description: Initializer is information about an initializer that has not yet completed. + properties: + name: + description: name of the process that is responsible for initializing this object. + type: string + required: + - name + type: object + type: array + result: + description: Status is a return value for calls that don't return other objects. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + code: + description: Suggested HTTP return code for this status, 0 if not set. + format: int32 + type: integer + details: + description: StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined. + properties: + causes: + description: The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes. + items: + description: StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered. + properties: + field: + description: |- + The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. + + Examples: + "name" - the field "name" on the current resource + "items[0].name" - the field "name" on the first array entry in "items" + type: string + message: + description: A human-readable description of the cause of the error. This field may be presented as-is to a reader. + type: string + reason: + description: A machine-readable description of the cause of the error. If this value is empty there is no information available. + type: string + type: object + type: array + group: + description: The group attribute of the resource associated with the status StatusReason. + type: string + kind: + description: 'The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described). + type: string + retryAfterSeconds: + description: If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action. + format: int32 + type: integer + uid: + description: 'UID of the resource. (when there is a single resource which can be described). More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + type: object + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + message: + description: A human-readable description of the status of this operation. + type: string + metadata: + description: ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}. + properties: + continue: + description: continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message. + type: string + resourceVersion: + description: 'String that identifies the server''s internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' + type: string + selfLink: + description: selfLink is a URL representing this object. Populated by the system. Read-only. + type: string + type: object + reason: + description: A machine-readable description of why this operation is in the "Failure" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it. + type: string + status: + description: 'Status of the operation. One of: "Success" or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' + type: string + type: object + required: + - pending + type: object + labels: + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + name: + description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + namespace: + description: |- + Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. + + Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces + type: string + ownerReferences: + description: List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller. + items: + description: OwnerReference contains enough information to let you identify an owning object. Currently, an owning object must be in the same namespace, so there is no namespace field. + properties: + apiVersion: + description: API version of the referent. + type: string + blockOwnerDeletion: + description: If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned. + type: boolean + controller: + description: If true, this reference points to the managing controller. + type: boolean + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - apiVersion + - kind + - name + - uid + type: object + type: array + resourceVersion: + description: |- + An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. + + Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency + type: string + selfLink: + description: SelfLink is a URL representing this object. Populated by the system. Read-only. + type: string + uid: + description: |- + UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. + + Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids + type: string + type: object + spec: + description: SourceRepositorySpec provides details of the metadata for an App + properties: + description: + type: string + httpCloneURL: + description: HTTPCloneURL is the git URL to clone this repository using HTTP/HTTPS + type: string + org: + type: string + provider: + description: Provider stores the URL of the git provider such as https://github.com + type: string + providerKind: + description: ProviderKind is the kind of provider (github / bitbucketcloud / bitbucketserver etc) + type: string + providerName: + description: ProviderName is a logical name for the provider without any URL scheme which can be used in a label selector + type: string + repo: + type: string + scheduler: + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + uid: + description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' + type: string + required: + - kind + - name + type: object + sshCloneURL: + description: SSHCloneURL is the git URL to clone this repository using SSH + type: string + url: + description: URL is the web URL of the project page + type: string + type: object + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true +status: + acceptedNames: + categories: + - all + kind: SourceRepository + listKind: SourceRepositoryList + plural: sourcerepositories + shortNames: + - sourcerepo + - srcrepo + - sr + singular: sourcerepository + conditions: + - lastTransitionTime: "2020-03-30T19:10:45Z" + message: no conflicts found + reason: NoConflicts + status: "True" + type: NamesAccepted + - lastTransitionTime: null + message: the initial names have been accepted + reason: InitialNamesAccepted + status: "True" + type: Established + storedVersions: + - v1 diff --git a/config-root/customresourcedefinitions/jx/jx-preview/previews.preview.jenkins.io-crd.yaml b/config-root/customresourcedefinitions/jx/jx-preview/previews.preview.jenkins.io-crd.yaml new file mode 100644 index 0000000..bb0781e --- /dev/null +++ b/config-root/customresourcedefinitions/jx/jx-preview/previews.preview.jenkins.io-crd.yaml @@ -0,0 +1,38 @@ +# Source: jx-preview/templates/previews.preview.jenkins.io.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: previews.preview.jenkins.io + labels: + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + group: preview.jenkins.io + versions: + - name: v1alpha1 + served: true + storage: true + additionalPrinterColumns: + - name: URL + type: string + jsonPath: ".spec.pullRequest.url" + - name: Namespace + type: string + jsonPath: ".spec.resources.namespace" + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + names: + kind: Preview + singular: preview + plural: previews + shortNames: + - pvw + scope: Namespaced diff --git a/config-root/customresourcedefinitions/jx/lighthouse/lighthousejobs.lighthouse.jenkins.io-crd.yaml b/config-root/customresourcedefinitions/jx/lighthouse/lighthousejobs.lighthouse.jenkins.io-crd.yaml new file mode 100644 index 0000000..211cbcc --- /dev/null +++ b/config-root/customresourcedefinitions/jx/lighthouse/lighthousejobs.lighthouse.jenkins.io-crd.yaml @@ -0,0 +1,19 @@ +# Source: lighthouse/templates/lighthousejobs-crd.yaml +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: lighthousejobs.lighthouse.jenkins.io + labels: + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + group: lighthouse.jenkins.io + names: + kind: LighthouseJob + singular: lighthousejob + plural: lighthousejobs + shortNames: + - lhjob + scope: Namespaced + subresources: + status: {} + version: v1alpha1 diff --git a/config-root/customresourcedefinitions/jx/local-external-secrets/externalsecrets.kubernetes-client.io-crd.yaml b/config-root/customresourcedefinitions/jx/local-external-secrets/externalsecrets.kubernetes-client.io-crd.yaml new file mode 100644 index 0000000..379e012 --- /dev/null +++ b/config-root/customresourcedefinitions/jx/local-external-secrets/externalsecrets.kubernetes-client.io-crd.yaml @@ -0,0 +1,41 @@ +# Source: local-external-secrets/templates/external-secrets-crd.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: externalsecrets.kubernetes-client.io + labels: + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + group: kubernetes-client.io + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - jsonPath: .status.lastSync + name: Last Sync + type: date + - jsonPath: .status.status + name: status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + names: + shortNames: + - es + kind: ExternalSecret + plural: externalsecrets + singular: externalsecret + scope: Namespaced diff --git a/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/clustertasks.tekton.dev-crd.yaml b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/clustertasks.tekton.dev-crd.yaml new file mode 100644 index 0000000..bd52a0e --- /dev/null +++ b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/clustertasks.tekton.dev-crd.yaml @@ -0,0 +1,66 @@ +# Source: tekton-pipeline/templates/clustertasks.tekton.dev-crd.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clustertasks.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.21.0" + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - &version + name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - !!merge <<: *version + name: v1beta1 + storage: true + names: + kind: ClusterTask + plural: clustertasks + categories: + - tekton + - tekton-pipelines + scope: Cluster + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines diff --git a/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/conditions.tekton.dev-crd.yaml b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/conditions.tekton.dev-crd.yaml new file mode 100644 index 0000000..8a228ad --- /dev/null +++ b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/conditions.tekton.dev-crd.yaml @@ -0,0 +1,53 @@ +# Source: tekton-pipeline/templates/conditions.tekton.dev-crd.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: conditions.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.21.0" + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: Condition + plural: conditions + categories: + - tekton + - tekton-pipelines + scope: Namespaced diff --git a/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/images.caching.internal.knative.dev-crd.yaml b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/images.caching.internal.knative.dev-crd.yaml new file mode 100644 index 0000000..ba42b5e --- /dev/null +++ b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/images.caching.internal.knative.dev-crd.yaml @@ -0,0 +1,39 @@ +# Source: tekton-pipeline/templates/images.caching.internal.knative.dev-crd.yaml +# Copyright 2018 The Knative Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: images.caching.internal.knative.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + knative.dev/crd-install: "true" + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + group: caching.internal.knative.dev + version: v1alpha1 + names: + kind: Image + plural: images + singular: image + categories: + - knative-internal + - caching + shortNames: + - img + scope: Namespaced + subresources: + status: {} diff --git a/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/pipelineresources.tekton.dev-crd.yaml b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/pipelineresources.tekton.dev-crd.yaml new file mode 100644 index 0000000..04cab04 --- /dev/null +++ b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/pipelineresources.tekton.dev-crd.yaml @@ -0,0 +1,53 @@ +# Source: tekton-pipeline/templates/pipelineresources.tekton.dev-crd.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelineresources.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.21.0" + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + group: tekton.dev + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: PipelineResource + plural: pipelineresources + categories: + - tekton + - tekton-pipelines + scope: Namespaced diff --git a/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/pipelineruns.tekton.dev-crd.yaml b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/pipelineruns.tekton.dev-crd.yaml new file mode 100644 index 0000000..859e198 --- /dev/null +++ b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/pipelineruns.tekton.dev-crd.yaml @@ -0,0 +1,82 @@ +# Source: tekton-pipeline/templates/pipelineruns.tekton.dev-crd.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelineruns.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.21.0" + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - &version + name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - !!merge <<: *version + name: v1beta1 + storage: true + names: + kind: PipelineRun + plural: pipelineruns + categories: + - tekton + - tekton-pipelines + shortNames: + - pr + - prs + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines diff --git a/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/pipelines.tekton.dev-crd.yaml b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/pipelines.tekton.dev-crd.yaml new file mode 100644 index 0000000..d0f6e71 --- /dev/null +++ b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/pipelines.tekton.dev-crd.yaml @@ -0,0 +1,66 @@ +# Source: tekton-pipeline/templates/pipelines.tekton.dev-crd.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: pipelines.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.21.0" + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - &version + name: v1alpha1 + served: true + storage: false + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + - !!merge <<: *version + name: v1beta1 + storage: true + names: + kind: Pipeline + plural: pipelines + categories: + - tekton + - tekton-pipelines + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines diff --git a/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/runs.tekton.dev-crd.yaml b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/runs.tekton.dev-crd.yaml new file mode 100644 index 0000000..ec638cd --- /dev/null +++ b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/runs.tekton.dev-crd.yaml @@ -0,0 +1,67 @@ +# Source: tekton-pipeline/templates/runs.tekton.dev-crd.yaml +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: runs.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.21.0" + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + names: + kind: Run + plural: runs + categories: + - tekton + - tekton-pipelines + scope: Namespaced diff --git a/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/taskruns.tekton.dev-crd.yaml b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/taskruns.tekton.dev-crd.yaml new file mode 100644 index 0000000..723f360 --- /dev/null +++ b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/taskruns.tekton.dev-crd.yaml @@ -0,0 +1,82 @@ +# Source: tekton-pipeline/templates/taskruns.tekton.dev-crd.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: taskruns.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.21.0" + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - &version + name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - !!merge <<: *version + name: v1beta1 + storage: true + names: + kind: TaskRun + plural: taskruns + categories: + - tekton + - tekton-pipelines + shortNames: + - tr + - trs + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines diff --git a/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/tasks.tekton.dev-crd.yaml b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/tasks.tekton.dev-crd.yaml new file mode 100644 index 0000000..8bdac33 --- /dev/null +++ b/config-root/customresourcedefinitions/tekton-pipelines/tekton-pipeline/tasks.tekton.dev-crd.yaml @@ -0,0 +1,66 @@ +# Source: tekton-pipeline/templates/tasks.tekton.dev-crd.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: tasks.tekton.dev + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.21.0" + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'customresourcedefinitions' +spec: + group: tekton.dev + preserveUnknownFields: false + versions: + - &version + name: v1alpha1 + served: true + storage: false + schema: + openAPIV3Schema: + type: object + # One can use x-kubernetes-preserve-unknown-fields: true + # at the root of the schema (and inside any properties, additionalProperties) + # to get the traditional CRD behaviour that nothing is pruned, despite + # setting spec.preserveUnknownProperties: false. + # + # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ + # See issue: https://github.com/knative/serving/issues/912 + x-kubernetes-preserve-unknown-fields: true + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - !!merge <<: *version + name: v1beta1 + storage: true + names: + kind: Task + plural: tasks + categories: + - tekton + - tekton-pipelines + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines diff --git a/config-root/namespaces/jx-production/jxboot-helmfile-resources/tekton-container-registry-auth-secret.yaml b/config-root/namespaces/jx-production/jxboot-helmfile-resources/tekton-container-registry-auth-secret.yaml new file mode 100644 index 0000000..88781cb --- /dev/null +++ b/config-root/namespaces/jx-production/jxboot-helmfile-resources/tekton-container-registry-auth-secret.yaml @@ -0,0 +1,32 @@ +# Source: jxboot-helmfile-resources/templates/tekton-container-registry-auth-secret.yaml +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: tekton-container-registry-auth + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + secret.jenkins-x.io/replica-source: "true" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx-production + annotations: + secret.jenkins-x.io/schema-object: '{"name":"tekton-container-registry-auth","properties":[{"name":".dockerconfigjson","question":"Docker JSON Configuration","help":"This is the docker JSON configuration for authenticating with container registries","template":"{\n{{- if eq .Requirements.cluster.provider \"gke\" }}\n\n \"credHelpers\": {\n \"gcr.io\": \"gcr\",\n \"us.gcr.io\": \"gcr\",\n \"eu.gcr.io\": \"gcr\",\n \"asia.gcr.io\": \"gcr\",\n \"staging-k8s.gcr.io\": \"gcr\"\n },\n\n{{- else if and (eq .Requirements.cluster.provider \"eks\") (contains .Requirements.cluster.registry \"aws\") }}\n\n \"credHelpers\": {\n \"{{ .Requirements.cluster.registry }}\": \"ecr-login\"\n },\n\n{{- else if eq .Requirements.cluster.provider \"aws\" }}\n\n \"credsStore\": \"ecr-login\",\n\n{{- else if eq .Requirements.cluster.provider \"aks\" }}\n\n \"credHelpers\": {\n \"{{ .Requirements.cluster.registry }}\": \"acr-env\"\n },\n\n{{- end }}\n\n \"auths\":{\n {{- if secret \"jx.container-registry-auth\" \"password\" }}\n {{ secret \"jx.container-registry-auth\" \"url\" | default \"https://index.docker.io/v1/\" | quote }}: {\n \"auth\": {{ auth \"jx.container-registry-auth\" \"username\" \"password\" | b64enc | quote}},\n \"email\": {{ secret \"jx.container-registry-auth\" \"email\" | default \"jenkins-x@googlegroups.com\" | quote }}\n }\n {{- end }}\n {{- if or (eq .Requirements.cluster.gitServer \"https://github.com\") (eq .Requirements.cluster.gitServer \"https://github.com/\") }}\n {{- if secret \"jx.container-registry-auth\" \"password\" }}\n ,\n {{- end }}\n \"ghcr.io\": {\n {{- if secret \"jx-git-operator.jx-boot\" \"email\" }}\n \"email\": {{ secret \"jx-git-operator.jx-boot\" \"email\" | quote }},\n {{- end }}\n \"auth\": {{ auth \"jx-git-operator.jx-boot\" \"username\" \"password\" | b64enc | quote}}\n }\n {{- end }}\n }\n}"}],"mandatory":true}' + secret.jenkins-x.io/replica: 'true' +spec: + backendType: local + data: + - name: .dockerconfigjson + key: .dockerconfigjson + property: .dockerconfigjson + template: + metadata: + annotations: + tekton.dev/docker-0: "https://index.docker.io/v1/" + secret.jenkins-x.io/schema-object: '{"name":"tekton-container-registry-auth","properties":[{"name":".dockerconfigjson","question":"Docker JSON Configuration","help":"This is the docker JSON configuration for authenticating with container registries","template":"{\n{{- if eq .Requirements.cluster.provider \"gke\" }}\n\n \"credHelpers\": {\n \"gcr.io\": \"gcr\",\n \"us.gcr.io\": \"gcr\",\n \"eu.gcr.io\": \"gcr\",\n \"asia.gcr.io\": \"gcr\",\n \"staging-k8s.gcr.io\": \"gcr\"\n },\n\n{{- else if and (eq .Requirements.cluster.provider \"eks\") (contains .Requirements.cluster.registry \"aws\") }}\n\n \"credHelpers\": {\n \"{{ .Requirements.cluster.registry }}\": \"ecr-login\"\n },\n\n{{- else if eq .Requirements.cluster.provider \"aws\" }}\n\n \"credsStore\": \"ecr-login\",\n\n{{- else if eq .Requirements.cluster.provider \"aks\" }}\n\n \"credHelpers\": {\n \"{{ .Requirements.cluster.registry }}\": \"acr-env\"\n },\n\n{{- end }}\n\n \"auths\":{\n {{- if secret \"jx.container-registry-auth\" \"password\" }}\n {{ secret \"jx.container-registry-auth\" \"url\" | default \"https://index.docker.io/v1/\" | quote }}: {\n \"auth\": {{ auth \"jx.container-registry-auth\" \"username\" \"password\" | b64enc | quote}},\n \"email\": {{ secret \"jx.container-registry-auth\" \"email\" | default \"jenkins-x@googlegroups.com\" | quote }}\n }\n {{- end }}\n {{- if or (eq .Requirements.cluster.gitServer \"https://github.com\") (eq .Requirements.cluster.gitServer \"https://github.com/\") }}\n {{- if secret \"jx.container-registry-auth\" \"password\" }}\n ,\n {{- end }}\n \"ghcr.io\": {\n {{- if secret \"jx-git-operator.jx-boot\" \"email\" }}\n \"email\": {{ secret \"jx-git-operator.jx-boot\" \"email\" | quote }},\n {{- end }}\n \"auth\": {{ auth \"jx-git-operator.jx-boot\" \"username\" \"password\" | b64enc | quote}}\n }\n {{- end }}\n }\n}"}],"mandatory":true}' + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + secret.jenkins-x.io/replica-source: "true" + type: kubernetes.io/dockerconfigjson diff --git a/config-root/namespaces/jx-staging/jxboot-helmfile-resources/tekton-container-registry-auth-secret.yaml b/config-root/namespaces/jx-staging/jxboot-helmfile-resources/tekton-container-registry-auth-secret.yaml new file mode 100644 index 0000000..fa49f89 --- /dev/null +++ b/config-root/namespaces/jx-staging/jxboot-helmfile-resources/tekton-container-registry-auth-secret.yaml @@ -0,0 +1,32 @@ +# Source: jxboot-helmfile-resources/templates/tekton-container-registry-auth-secret.yaml +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: tekton-container-registry-auth + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + secret.jenkins-x.io/replica-source: "true" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx-staging + annotations: + secret.jenkins-x.io/schema-object: '{"name":"tekton-container-registry-auth","properties":[{"name":".dockerconfigjson","question":"Docker JSON Configuration","help":"This is the docker JSON configuration for authenticating with container registries","template":"{\n{{- if eq .Requirements.cluster.provider \"gke\" }}\n\n \"credHelpers\": {\n \"gcr.io\": \"gcr\",\n \"us.gcr.io\": \"gcr\",\n \"eu.gcr.io\": \"gcr\",\n \"asia.gcr.io\": \"gcr\",\n \"staging-k8s.gcr.io\": \"gcr\"\n },\n\n{{- else if and (eq .Requirements.cluster.provider \"eks\") (contains .Requirements.cluster.registry \"aws\") }}\n\n \"credHelpers\": {\n \"{{ .Requirements.cluster.registry }}\": \"ecr-login\"\n },\n\n{{- else if eq .Requirements.cluster.provider \"aws\" }}\n\n \"credsStore\": \"ecr-login\",\n\n{{- else if eq .Requirements.cluster.provider \"aks\" }}\n\n \"credHelpers\": {\n \"{{ .Requirements.cluster.registry }}\": \"acr-env\"\n },\n\n{{- end }}\n\n \"auths\":{\n {{- if secret \"jx.container-registry-auth\" \"password\" }}\n {{ secret \"jx.container-registry-auth\" \"url\" | default \"https://index.docker.io/v1/\" | quote }}: {\n \"auth\": {{ auth \"jx.container-registry-auth\" \"username\" \"password\" | b64enc | quote}},\n \"email\": {{ secret \"jx.container-registry-auth\" \"email\" | default \"jenkins-x@googlegroups.com\" | quote }}\n }\n {{- end }}\n {{- if or (eq .Requirements.cluster.gitServer \"https://github.com\") (eq .Requirements.cluster.gitServer \"https://github.com/\") }}\n {{- if secret \"jx.container-registry-auth\" \"password\" }}\n ,\n {{- end }}\n \"ghcr.io\": {\n {{- if secret \"jx-git-operator.jx-boot\" \"email\" }}\n \"email\": {{ secret \"jx-git-operator.jx-boot\" \"email\" | quote }},\n {{- end }}\n \"auth\": {{ auth \"jx-git-operator.jx-boot\" \"username\" \"password\" | b64enc | quote}}\n }\n {{- end }}\n }\n}"}],"mandatory":true}' + secret.jenkins-x.io/replica: 'true' +spec: + backendType: local + data: + - name: .dockerconfigjson + key: .dockerconfigjson + property: .dockerconfigjson + template: + metadata: + annotations: + tekton.dev/docker-0: "https://index.docker.io/v1/" + secret.jenkins-x.io/schema-object: '{"name":"tekton-container-registry-auth","properties":[{"name":".dockerconfigjson","question":"Docker JSON Configuration","help":"This is the docker JSON configuration for authenticating with container registries","template":"{\n{{- if eq .Requirements.cluster.provider \"gke\" }}\n\n \"credHelpers\": {\n \"gcr.io\": \"gcr\",\n \"us.gcr.io\": \"gcr\",\n \"eu.gcr.io\": \"gcr\",\n \"asia.gcr.io\": \"gcr\",\n \"staging-k8s.gcr.io\": \"gcr\"\n },\n\n{{- else if and (eq .Requirements.cluster.provider \"eks\") (contains .Requirements.cluster.registry \"aws\") }}\n\n \"credHelpers\": {\n \"{{ .Requirements.cluster.registry }}\": \"ecr-login\"\n },\n\n{{- else if eq .Requirements.cluster.provider \"aws\" }}\n\n \"credsStore\": \"ecr-login\",\n\n{{- else if eq .Requirements.cluster.provider \"aks\" }}\n\n \"credHelpers\": {\n \"{{ .Requirements.cluster.registry }}\": \"acr-env\"\n },\n\n{{- end }}\n\n \"auths\":{\n {{- if secret \"jx.container-registry-auth\" \"password\" }}\n {{ secret \"jx.container-registry-auth\" \"url\" | default \"https://index.docker.io/v1/\" | quote }}: {\n \"auth\": {{ auth \"jx.container-registry-auth\" \"username\" \"password\" | b64enc | quote}},\n \"email\": {{ secret \"jx.container-registry-auth\" \"email\" | default \"jenkins-x@googlegroups.com\" | quote }}\n }\n {{- end }}\n {{- if or (eq .Requirements.cluster.gitServer \"https://github.com\") (eq .Requirements.cluster.gitServer \"https://github.com/\") }}\n {{- if secret \"jx.container-registry-auth\" \"password\" }}\n ,\n {{- end }}\n \"ghcr.io\": {\n {{- if secret \"jx-git-operator.jx-boot\" \"email\" }}\n \"email\": {{ secret \"jx-git-operator.jx-boot\" \"email\" | quote }},\n {{- end }}\n \"auth\": {{ auth \"jx-git-operator.jx-boot\" \"username\" \"password\" | b64enc | quote}}\n }\n {{- end }}\n }\n}"}],"mandatory":true}' + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + secret.jenkins-x.io/replica-source: "true" + type: kubernetes.io/dockerconfigjson diff --git a/config-root/namespaces/jx/bucketrepo/bucketrepo-bucketrepo-deploy.yaml b/config-root/namespaces/jx/bucketrepo/bucketrepo-bucketrepo-deploy.yaml new file mode 100644 index 0000000..317fe6b --- /dev/null +++ b/config-root/namespaces/jx/bucketrepo/bucketrepo-bucketrepo-deploy.yaml @@ -0,0 +1,70 @@ +# Source: bucketrepo/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bucketrepo-bucketrepo + labels: + draft: draft-app + chart: "bucketrepo-0.1.54" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx + annotations: + wave.pusher.com/update-on-config-change: 'true' +spec: + replicas: 1 + selector: + matchLabels: + app: bucketrepo-bucketrepo + template: + metadata: + labels: + draft: draft-app + app: bucketrepo-bucketrepo + annotations: + checksum/config: "e4eb9e4600079b6269234f92d4eb0772e0537e685f847544b7fc810254517ae0" + spec: + containers: + - name: bucketrepo + image: "gcr.io/jenkinsxio/bucketrepo:0.1.54" + imagePullPolicy: IfNotPresent + command: ["/home/nonroot/bucketrepo"] + args: + - "-config-path=/config" + - "-log-level=info" + env: + ports: + - containerPort: 8080 + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + httpGet: + path: /healthz + port: 8080 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + - name: config + mountPath: /config + readOnly: true + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 80m + memory: 128Mi + securityContext: + fsGroup: 65534 + terminationGracePeriodSeconds: 10 + serviceAccountName: bucketrepo-bucketrepo + volumes: + - name: config + secret: + secretName: bucketrepo-config diff --git a/config-root/namespaces/jx/bucketrepo/bucketrepo-bucketrepo-sa.yaml b/config-root/namespaces/jx/bucketrepo/bucketrepo-bucketrepo-sa.yaml new file mode 100644 index 0000000..771e10c --- /dev/null +++ b/config-root/namespaces/jx/bucketrepo/bucketrepo-bucketrepo-sa.yaml @@ -0,0 +1,13 @@ +# Source: bucketrepo/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: bucketrepo-bucketrepo + labels: + app: bucketrepo-bucketrepo + chart: "bucketrepo-0.1.54" + release: bucketrepo + heritage: Helm + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: + namespace: jx diff --git a/config-root/namespaces/jx/bucketrepo/bucketrepo-config-secret.yaml b/config-root/namespaces/jx/bucketrepo/bucketrepo-config-secret.yaml new file mode 100644 index 0000000..3f7db99 --- /dev/null +++ b/config-root/namespaces/jx/bucketrepo/bucketrepo-config-secret.yaml @@ -0,0 +1,22 @@ +# Source: bucketrepo/templates/config-secret.yaml +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: bucketrepo-config + namespace: jx + annotations: + secret.jenkins-x.io/schema-object: '{"name":"bucketrepo-config","properties":[{"name":"config.yaml","question":"The bucket repository configuration","help":"The configuration file for the bucket repo","template":"http:\n addr: \":8080\"\n username: \"{{ extsecret \"secret/data/jenkins-x-bucketrepo\" \"username\" }}\"\n password: \"{{ extsecret \"secret/data/jenkins-x-bucketrepo\" \"password\" }}\"\n chartPath: \"charts\"\n\n{{- if and (hasKey .Requirements \"storage\") ( .Requirements.storage) }}\n{{- range $key, $val := .Requirements.storage }}\n{{- if eq \"repository\" $val.name }}\nstorage:\n enabled: true\n bucket_url: \"{{ $val.url }}\"\n{{- end }}\n{{- end }}\n{{- else }}\nstorage:\n bucket_url: \"\"\n{{- end }}\n\ncache:\n base_dir: \"./\"\nrepositories:\n - url: \"https://repo.maven.org/maven2\"\n - url: \"https://repo1.maven.org/maven2\"\n - url: \"https://services.gradle.org/distributions/\"\n - url: \"https://plugins.gradle.org/m2/\"\n - url: \"https://repo.jenkins-ci.org/public/\"\n - url: \"https://repo.jenkins-ci.org/releases/\"\n - url: \"https://jitpack.io/\"\n - url: \"https://registry.npmjs.org/\"\n - url: \"https://repo.spring.io/milestone/\"\n - url: \"https://repo.spring.io/release/\"\n - url: \"http://uk.maven.org/maven2/\"\n"}],"mandatory":true}' + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + backendType: local + data: + - name: config.yaml + key: config.yaml + property: config.yaml + template: + metadata: + annotations: + config/checksum: b1eb5b332c28e00b23a7c5486d015e0d78c687616523821242086ddccd823a24 + secret.jenkins-x.io/schema-object: '{"name":"bucketrepo-config","properties":[{"name":"config.yaml","question":"The bucket repository configuration","help":"The configuration file for the bucket repo","template":"http:\n addr: \":8080\"\n username: \"{{ extsecret \"secret/data/jenkins-x-bucketrepo\" \"username\" }}\"\n password: \"{{ extsecret \"secret/data/jenkins-x-bucketrepo\" \"password\" }}\"\n chartPath: \"charts\"\n\n{{- if and (hasKey .Requirements \"storage\") ( .Requirements.storage) }}\n{{- range $key, $val := .Requirements.storage }}\n{{- if eq \"repository\" $val.name }}\nstorage:\n enabled: true\n bucket_url: \"{{ $val.url }}\"\n{{- end }}\n{{- end }}\n{{- else }}\nstorage:\n bucket_url: \"\"\n{{- end }}\n\ncache:\n base_dir: \"./\"\nrepositories:\n - url: \"https://repo.maven.org/maven2\"\n - url: \"https://repo1.maven.org/maven2\"\n - url: \"https://services.gradle.org/distributions/\"\n - url: \"https://plugins.gradle.org/m2/\"\n - url: \"https://repo.jenkins-ci.org/public/\"\n - url: \"https://repo.jenkins-ci.org/releases/\"\n - url: \"https://jitpack.io/\"\n - url: \"https://registry.npmjs.org/\"\n - url: \"https://repo.spring.io/milestone/\"\n - url: \"https://repo.spring.io/release/\"\n - url: \"http://uk.maven.org/maven2/\"\n"}],"mandatory":true}' + type: Opaque diff --git a/config-root/namespaces/jx/bucketrepo/bucketrepo-svc.yaml b/config-root/namespaces/jx/bucketrepo/bucketrepo-svc.yaml new file mode 100644 index 0000000..f7e5788 --- /dev/null +++ b/config-root/namespaces/jx/bucketrepo/bucketrepo-svc.yaml @@ -0,0 +1,21 @@ +# Source: bucketrepo/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: bucketrepo + labels: + chart: "bucketrepo-0.1.54" + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: + fabric8.io/expose: "true" + fabric8.io/ingress.annotations: 'kubernetes.io/ingress.class: nginx' + namespace: jx +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8080 + protocol: TCP + name: http + selector: + app: bucketrepo-bucketrepo diff --git a/config-root/namespaces/jx/bucketrepo/jenkins-x-bucketrepo-secret.yaml b/config-root/namespaces/jx/bucketrepo/jenkins-x-bucketrepo-secret.yaml new file mode 100644 index 0000000..4f7dcd8 --- /dev/null +++ b/config-root/namespaces/jx/bucketrepo/jenkins-x-bucketrepo-secret.yaml @@ -0,0 +1,32 @@ +# Source: bucketrepo/templates/secret.yaml +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + labels: + jenkins.io/credentials-type: usernamePassword + release: jenkins-x + gitops.jenkins-x.io/pipeline: 'namespaces' + name: jenkins-x-bucketrepo + namespace: jx + annotations: + secret.jenkins-x.io/schema-object: '{"name":"jenkins-x-bucketrepo","properties":[{"name":"BASIC_AUTH_USER","question":"bucket repository user name","help":"The username used to authenticate with the bucket repository","defaultValue":"admin"},{"name":"BASIC_AUTH_PASS","question":"bucket repository password","help":"The password to authenticate with the bucket repository","generator":"password","minLength":5,"maxLength":41}],"mandatory":true}' +spec: + backendType: local + data: + - name: BASIC_AUTH_PASS + key: BASIC_AUTH_PASS + property: BASIC_AUTH_PASS + - name: BASIC_AUTH_USER + key: BASIC_AUTH_USER + property: BASIC_AUTH_USER + template: + metadata: + annotations: + jenkins.io/credentials-keybinding-password: BASIC_AUTH_PASS + jenkins.io/credentials-keybinding-username: BASIC_AUTH_USER + jenkins.io/foo: bar + secret.jenkins-x.io/schema-object: '{"name":"jenkins-x-bucketrepo","properties":[{"name":"BASIC_AUTH_USER","question":"bucket repository user name","help":"The username used to authenticate with the bucket repository","defaultValue":"admin"},{"name":"BASIC_AUTH_PASS","question":"bucket repository password","help":"The password to authenticate with the bucket repository","generator":"password","minLength":5,"maxLength":41}],"mandatory":true}' + labels: + jenkins.io/credentials-type: usernamePassword + release: jenkins-x + type: Opaque diff --git a/config-root/namespaces/jx/jenkins-x-crds/jenkins-x-crds-3.0.5-release.yaml b/config-root/namespaces/jx/jenkins-x-crds/jenkins-x-crds-3.0.5-release.yaml new file mode 100644 index 0000000..fcf1db5 --- /dev/null +++ b/config-root/namespaces/jx/jenkins-x-crds/jenkins-x-crds-3.0.5-release.yaml @@ -0,0 +1,40 @@ +# Source: jenkins-x-crds/templates/release.yaml +apiVersion: jenkins.io/v1 +kind: Release +metadata: + creationTimestamp: "2020-11-12T11:12:02Z" + deletionTimestamp: null + name: 'jenkins-x-crds-3.0.5' + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + commits: + - author: + accountReference: + - id: james-rawlings-0 + provider: jenkins.io/git-github-userid + email: rawlingsj80@gmail.com + name: James Rawlings + branch: master + committer: + accountReference: + - id: james-rawlings-0 + provider: jenkins.io/git-github-userid + email: rawlingsj80@gmail.com + name: James Rawlings + message: | + Revert "chore: add Scheduler crd back for v3" + + now removed the scheduler from helmfile resources repo so not needed again + + This reverts commit 02b922952ac76dec8fa94afecf7cf80462631e4d. + sha: 5b2e19ccbf6ef865ff295ebcc65493c6b57fa737 + gitCloneUrl: https://github.com/jenkins-x-charts/jenkins-x-crds.git + gitHttpUrl: https://github.com/jenkins-x-charts/jenkins-x-crds + gitOwner: jenkins-x-charts + gitRepository: jenkins-x-crds + name: 'jenkins-x-crds' + releaseNotesURL: https://github.com/jenkins-x-charts/jenkins-x-crds/releases/tag/v3.0.5 + version: v3.0.5 +status: {} diff --git a/config-root/namespaces/jx/jx-build-controller/jenkins-x-controllerbuild-sa.yaml b/config-root/namespaces/jx/jx-build-controller/jenkins-x-controllerbuild-sa.yaml new file mode 100644 index 0000000..39e252e --- /dev/null +++ b/config-root/namespaces/jx/jx-build-controller/jenkins-x-controllerbuild-sa.yaml @@ -0,0 +1,13 @@ +# Source: jx-build-controller/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jenkins-x-controllerbuild + labels: + app: jx-build-controller + chart: jx-build-controller-0.0.33 + release: jx-build-controller + heritage: Helm + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: + namespace: jx diff --git a/config-root/namespaces/jx/jx-build-controller/jx-build-controller-deploy.yaml b/config-root/namespaces/jx/jx-build-controller/jx-build-controller-deploy.yaml new file mode 100644 index 0000000..3de0882 --- /dev/null +++ b/config-root/namespaces/jx/jx-build-controller/jx-build-controller-deploy.yaml @@ -0,0 +1,64 @@ +# Source: jx-build-controller/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jx-build-controller + labels: + app: jx-build-controller + chart: jx-build-controller-0.0.33 + release: jx-build-controller + heritage: Helm + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx + annotations: + wave.pusher.com/update-on-config-change: 'true' +spec: + selector: + matchLabels: + app: jx-build-controller + release: jx-build-controller + template: + metadata: + labels: + app: jx-build-controller + release: jx-build-controller + spec: + restartPolicy: Always + serviceAccountName: jenkins-x-controllerbuild + containers: + - name: jx-build-controller + command: [jx-build-controller] + imagePullPolicy: + image: "gcr.io/jenkinsxio/jx-build-controller:0.0.33" + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: http + readinessProbe: + httpGet: + path: /readyz + port: http + env: + - name: GIT_SECRET_MOUNT_PATH + value: /secrets/git + - name: GIT_AUTHOR_EMAIL + value: jenkins-x@googlegroups.com + - name: GIT_AUTHOR_NAME + value: jenkins-x-bot + - name: GIT_SECRET_SERVER + value: https://github.com + - name: XDG_CONFIG_HOME + value: /tmp/git-creds + resources: null + volumeMounts: + - mountPath: /secrets/git + name: secrets-git + volumes: + - name: secrets-git + secret: + defaultMode: 420 + secretName: tekton-git diff --git a/config-root/namespaces/jx/jx-build-controller/jx-build-controller-rb.yaml b/config-root/namespaces/jx/jx-build-controller/jx-build-controller-rb.yaml new file mode 100644 index 0000000..735009d --- /dev/null +++ b/config-root/namespaces/jx/jx-build-controller/jx-build-controller-rb.yaml @@ -0,0 +1,16 @@ +# Source: jx-build-controller/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: jx-build-controller + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jx-build-controller +subjects: + - kind: ServiceAccount + name: jenkins-x-controllerbuild + namespace: jx diff --git a/config-root/namespaces/jx/jx-build-controller/jx-build-controller-role.yaml b/config-root/namespaces/jx/jx-build-controller/jx-build-controller-role.yaml new file mode 100644 index 0000000..40410d2 --- /dev/null +++ b/config-root/namespaces/jx/jx-build-controller/jx-build-controller-role.yaml @@ -0,0 +1,51 @@ +# Source: jx-build-controller/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: jx-build-controller + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: + - jenkins.io + resources: + - pipelineactivities + - sourcerepositories + verbs: + - list + - get + - watch + - create + - update + - patch + - apiGroups: + - jenkins.io + resources: + - environments + - plugins + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + - pods/log + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelines + - pipelineruns + - tasks + - taskruns + verbs: + - get + - list + - watch diff --git a/config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-deploy.yaml b/config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-deploy.yaml new file mode 100644 index 0000000..7bce996 --- /dev/null +++ b/config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-deploy.yaml @@ -0,0 +1,70 @@ +# Source: jx-pipelines-visualizer/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: jx-pipelines-visualizer + labels: + app.kubernetes.io/name: jx-pipelines-visualizer + app.kubernetes.io/instance: "jx-pipelines-visualizer" + helm.sh/chart: jx-pipelines-visualizer-1.1.11 + app.kubernetes.io/version: "latest" + app.kubernetes.io/managed-by: "Helm" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx + annotations: + wave.pusher.com/update-on-config-change: 'true' +spec: + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: + app.kubernetes.io/name: jx-pipelines-visualizer + app.kubernetes.io/instance: "jx-pipelines-visualizer" + template: + metadata: + labels: + app.kubernetes.io/name: jx-pipelines-visualizer + app.kubernetes.io/instance: "jx-pipelines-visualizer" + helm.sh/chart: jx-pipelines-visualizer-1.1.11 + app.kubernetes.io/version: "latest" + app.kubernetes.io/managed-by: "Helm" + spec: + containers: + - name: jx-pipelines-visualizer + image: "gcr.io/jenkinsxio/jx-pipelines-visualizer:1.1.11" + args: + - -namespace + - jx + - -resync-interval + - 60s + - -log-level + - INFO + ports: + - name: http + containerPort: 8080 + livenessProbe: + tcpSocket: + port: http + readinessProbe: + httpGet: + path: /healthz + port: http + volumeMounts: + - mountPath: /secrets/git + name: secrets-git + resources: + limits: + cpu: "1" + memory: 512M + requests: + cpu: "0.2" + memory: 128M + securityContext: + fsGroup: 1000 + serviceAccountName: jx-pipelines-visualizer + enableServiceLinks: false + volumes: + - name: secrets-git + secret: + defaultMode: 420 + secretName: tekton-git diff --git a/config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-ingress.yaml b/config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-ingress.yaml new file mode 100644 index 0000000..481d590 --- /dev/null +++ b/config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-ingress.yaml @@ -0,0 +1,25 @@ +# Source: jx-pipelines-visualizer/templates/ingress.yaml +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + name: jx-pipelines-visualizer + labels: + app.kubernetes.io/name: jx-pipelines-visualizer + app.kubernetes.io/instance: "jx-pipelines-visualizer" + helm.sh/chart: jx-pipelines-visualizer-1.1.11 + app.kubernetes.io/version: "latest" + app.kubernetes.io/managed-by: "Helm" + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: + nginx.ingress.kubernetes.io/auth-realm: Authentication Required - Jenkins X Pipeline Dashboard + nginx.ingress.kubernetes.io/auth-secret: jx-basic-auth-htpasswd + nginx.ingress.kubernetes.io/auth-type: basic + namespace: jx +spec: + rules: + - host: dashboard-jx.apps.p.aws.ocp.gepardec.com + http: + paths: + - backend: + serviceName: jx-pipelines-visualizer + servicePort: http diff --git a/config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-sa.yaml b/config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-sa.yaml new file mode 100644 index 0000000..9b16cb0 --- /dev/null +++ b/config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-sa.yaml @@ -0,0 +1,15 @@ +# Source: jx-pipelines-visualizer/templates/rbac.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jx-pipelines-visualizer + labels: + app.kubernetes.io/name: jx-pipelines-visualizer + app.kubernetes.io/instance: "jx-pipelines-visualizer" + helm.sh/chart: jx-pipelines-visualizer-1.1.11 + app.kubernetes.io/version: "latest" + app.kubernetes.io/managed-by: "Helm" + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: + installed-by: jenkins-x + namespace: jx diff --git a/config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-svc.yaml b/config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-svc.yaml new file mode 100644 index 0000000..aae1c43 --- /dev/null +++ b/config-root/namespaces/jx/jx-pipelines-visualizer/jx-pipelines-visualizer-svc.yaml @@ -0,0 +1,21 @@ +# Source: jx-pipelines-visualizer/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: jx-pipelines-visualizer + labels: + app.kubernetes.io/name: jx-pipelines-visualizer + app.kubernetes.io/instance: "jx-pipelines-visualizer" + helm.sh/chart: jx-pipelines-visualizer-1.1.11 + app.kubernetes.io/version: "latest" + app.kubernetes.io/managed-by: "Helm" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx +spec: + ports: + - name: http + port: 80 + targetPort: http + selector: + app.kubernetes.io/name: jx-pipelines-visualizer + app.kubernetes.io/instance: "jx-pipelines-visualizer" diff --git a/config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-cronjob.yaml b/config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-cronjob.yaml new file mode 100644 index 0000000..14a088a --- /dev/null +++ b/config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-cronjob.yaml @@ -0,0 +1,47 @@ +# Source: jx-preview/templates/gc-jobs-cj.yaml +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: jx-preview-gc-jobs + labels: + app: jenkins-x-lighthouse-gcjobs + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 1 + jobTemplate: + metadata: + creationTimestamp: null + spec: + template: + metadata: + creationTimestamp: null + labels: + app: jx-preview-gc-jobs + release: jx-preview + spec: + containers: + - command: + - /bin/sh + - -c + - jx gitops git setup --namespace jx --secret tekton-git && jx preview gc + env: + - name: XDG_CONFIG_HOME + value: /home + image: ghcr.io/jenkins-x/jx-preview:0.0.168 + imagePullPolicy: IfNotPresent + name: jx-preview-gc-jobs + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Never + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + serviceAccountName: jx-preview-gc-jobs + successfulJobsHistoryLimit: 3 + schedule: "*/10 * * * *" + startingDeadlineSeconds: 4000 + suspend: false diff --git a/config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-rb.yaml b/config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-rb.yaml new file mode 100644 index 0000000..fd7b9dc --- /dev/null +++ b/config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-rb.yaml @@ -0,0 +1,15 @@ +# Source: jx-preview/templates/gc-jobs-rb.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: jx-preview-gc-jobs + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: jx-preview-gc-jobs +subjects: + - kind: ServiceAccount + name: jx-preview-gc-jobs diff --git a/config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-role.yaml b/config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-role.yaml new file mode 100644 index 0000000..d2b916f --- /dev/null +++ b/config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-role.yaml @@ -0,0 +1,38 @@ +# Source: jx-preview/templates/gc-jobs-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: jx-preview-gc-jobs + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - delete + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - preview.jenkins.io + resources: + - previews + verbs: + - create + - delete + - list + - update + - get + - watch + - patch diff --git a/config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-sa.yaml b/config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-sa.yaml new file mode 100644 index 0000000..8f89d20 --- /dev/null +++ b/config-root/namespaces/jx/jx-preview/jx-preview-gc-jobs-sa.yaml @@ -0,0 +1,8 @@ +# Source: jx-preview/templates/gc-jobs-sa.yaml +kind: ServiceAccount +apiVersion: v1 +metadata: + name: jx-preview-gc-jobs + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/bucketrepo-ingress.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/bucketrepo-ingress.yaml new file mode 100644 index 0000000..27e5f10 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/bucketrepo-ingress.yaml @@ -0,0 +1,19 @@ +# Source: jxboot-helmfile-resources/templates/700-bucketrepo-ing.yaml +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + name: bucketrepo + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + rules: + - http: + paths: + - backend: + serviceName: bucketrepo + servicePort: 80 + path: "/" + host: bucketrepo-jx.apps.p.aws.ocp.gepardec.com diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-2.0.1143-release.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-2.0.1143-release.yaml new file mode 100644 index 0000000..eddd000 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-2.0.1143-release.yaml @@ -0,0 +1,51 @@ +# Source: jxboot-helmfile-resources/charts/gcactivities/templates/release.yaml +apiVersion: jenkins.io/v1 +kind: Release +metadata: + creationTimestamp: "2020-01-22T19:35:41Z" + deletionTimestamp: null + name: 'gcactivities-2.0.1143' + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + commits: + - author: {} + branch: master + committer: {} + message: | + fix: go doc + + Signed-off-by: Neha Gupta + sha: a74467a488ad6a14a3d1024930c95d5b473c9c07 + - author: {} + branch: master + committer: {} + message: | + fix: Removed content copying + + Signed-off-by: Neha Gupta + sha: 4bbf64a6a8d958a2ff21d3bd0afcaa2446abe739 + - author: {} + branch: master + committer: {} + message: | + fix: cmd_helper + + Signed-off-by: Neha Gupta + sha: ca4e4cc1f552d1e0d9f2836f60b9a910eafe7a30 + - author: {} + branch: master + committer: {} + message: | + fix: cmd_test_helpers - CreateTestJxHomeDir() returns empty string if gitAuth.yaml is not present. + + Signed-off-by: jx-helloworld + sha: 0771ba7fe095b115d463e0b2a616408da59bd42c + gitCloneUrl: https://github.com/jenkins-x/jx.git + gitHttpUrl: https://github.com/jenkins-x/jx + gitOwner: jenkins-x + gitRepository: jx + name: 'gcactivities' + version: 2.0.1143 +status: {} diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-rb.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-rb.yaml new file mode 100644 index 0000000..20f6fd6 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-rb.yaml @@ -0,0 +1,16 @@ +# Source: jxboot-helmfile-resources/charts/gcactivities/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: gcactivities + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gcactivities +subjects: + - kind: ServiceAccount + name: jxboot-helmfile-resources-gcactivities + namespace: jx diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-role.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-role.yaml new file mode 100644 index 0000000..ef6bdeb --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/gcactivities-role.yaml @@ -0,0 +1,56 @@ +# Source: jxboot-helmfile-resources/charts/gcactivities/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: gcactivities + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: + - jenkins.io + resources: + - pipelineactivities + verbs: + - list + - delete + - apiGroups: + - jenkins.io + resources: + - environments + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - jenkins.io + resources: + - plugins + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + - services + verbs: + - get + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - get + - list + - watch + - delete diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/jxboot-helmfile-resources-gcactivities-cronjob.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/jxboot-helmfile-resources-gcactivities-cronjob.yaml new file mode 100644 index 0000000..ee52a15 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/jxboot-helmfile-resources-gcactivities-cronjob.yaml @@ -0,0 +1,44 @@ +# Source: jxboot-helmfile-resources/charts/gcactivities/templates/cronjob.yaml +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: jxboot-helmfile-resources-gcactivities + labels: + app: gcactivities + chart: gcactivities-2.0.1143 + release: jxboot-helmfile-resources + heritage: Helm + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 3 + schedule: "0/30 */3 * * *" + jobTemplate: + spec: + template: + metadata: + labels: + app: gcactivities + release: jxboot-helmfile-resources + spec: + restartPolicy: Never + serviceAccountName: jxboot-helmfile-resources-gcactivities + containers: + - name: gcactivities + command: [jx] + args: + - gc + - activities + - --batch-mode + imagePullPolicy: IfNotPresent + image: "gcr.io/jenkinsxio/jxboot-helmfile-resources:1.0.37" + env: + - name: JX_LOG_FORMAT + value: json + - name: JX_LOG_LEVEL + value: info + - name: PIPELINE_KIND + value: dummy + resources: {} diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/jxboot-helmfile-resources-gcactivities-sa.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/jxboot-helmfile-resources-gcactivities-sa.yaml new file mode 100644 index 0000000..0eba862 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcactivities/jxboot-helmfile-resources-gcactivities-sa.yaml @@ -0,0 +1,13 @@ +# Source: jxboot-helmfile-resources/charts/gcactivities/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jxboot-helmfile-resources-gcactivities + labels: + app: gcactivities + chart: gcactivities-2.0.1143 + release: jxboot-helmfile-resources + heritage: Helm + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: + namespace: jx diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/gcpods-2.0.1143-release.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/gcpods-2.0.1143-release.yaml new file mode 100644 index 0000000..e856cab --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/gcpods-2.0.1143-release.yaml @@ -0,0 +1,51 @@ +# Source: jxboot-helmfile-resources/charts/gcpods/templates/release.yaml +apiVersion: jenkins.io/v1 +kind: Release +metadata: + creationTimestamp: "2020-01-22T19:35:41Z" + deletionTimestamp: null + name: 'gcpods-2.0.1143' + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + commits: + - author: {} + branch: master + committer: {} + message: | + fix: go doc + + Signed-off-by: Neha Gupta + sha: a74467a488ad6a14a3d1024930c95d5b473c9c07 + - author: {} + branch: master + committer: {} + message: | + fix: Removed content copying + + Signed-off-by: Neha Gupta + sha: 4bbf64a6a8d958a2ff21d3bd0afcaa2446abe739 + - author: {} + branch: master + committer: {} + message: | + fix: cmd_helper + + Signed-off-by: Neha Gupta + sha: ca4e4cc1f552d1e0d9f2836f60b9a910eafe7a30 + - author: {} + branch: master + committer: {} + message: | + fix: cmd_test_helpers - CreateTestJxHomeDir() returns empty string if gitAuth.yaml is not present. + + Signed-off-by: jx-helloworld + sha: 0771ba7fe095b115d463e0b2a616408da59bd42c + gitCloneUrl: https://github.com/jenkins-x/jx.git + gitHttpUrl: https://github.com/jenkins-x/jx + gitOwner: jenkins-x + gitRepository: jx + name: 'gcpods' + version: 2.0.1143 +status: {} diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/gcpods-rb.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/gcpods-rb.yaml new file mode 100644 index 0000000..0c60ced --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/gcpods-rb.yaml @@ -0,0 +1,16 @@ +# Source: jxboot-helmfile-resources/charts/gcpods/templates/rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: gcpods + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gcpods +subjects: + - kind: ServiceAccount + name: jxboot-helmfile-resources-gcpods + namespace: jx diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/gcpods-role.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/gcpods-role.yaml new file mode 100644 index 0000000..b054129 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/gcpods-role.yaml @@ -0,0 +1,26 @@ +# Source: jxboot-helmfile-resources/charts/gcpods/templates/role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: gcpods + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: + - jenkins.io + resources: + - environments + - plugins + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - delete + - list diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/jxboot-helmfile-resources-gcpods-cronjob.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/jxboot-helmfile-resources-gcpods-cronjob.yaml new file mode 100644 index 0000000..0cbe0ed --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/jxboot-helmfile-resources-gcpods-cronjob.yaml @@ -0,0 +1,44 @@ +# Source: jxboot-helmfile-resources/charts/gcpods/templates/cronjob.yaml +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: jxboot-helmfile-resources-gcpods + labels: + app: gcpods + chart: gcpods-2.0.1143 + release: jxboot-helmfile-resources + heritage: Helm + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 1 + successfulJobsHistoryLimit: 3 + schedule: "0/30 */3 * * *" + jobTemplate: + spec: + template: + metadata: + labels: + app: gcpods + release: jxboot-helmfile-resources + spec: + restartPolicy: Never + serviceAccountName: jxboot-helmfile-resources-gcpods + containers: + - name: gcpods + command: [jx] + args: + - gc + - pods + - --batch-mode + imagePullPolicy: IfNotPresent + image: "gcr.io/jenkinsxio/jxboot-helmfile-resources:1.0.37" + env: + - name: JX_LOG_FORMAT + value: json + - name: JX_LOG_LEVEL + value: info + - name: PIPELINE_KIND + value: dummy + resources: {} diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/jxboot-helmfile-resources-gcpods-sa.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/jxboot-helmfile-resources-gcpods-sa.yaml new file mode 100644 index 0000000..8104dc9 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/charts/gcpods/jxboot-helmfile-resources-gcpods-sa.yaml @@ -0,0 +1,13 @@ +# Source: jxboot-helmfile-resources/charts/gcpods/templates/serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: jxboot-helmfile-resources-gcpods + labels: + app: gcpods + chart: gcpods-2.0.1143 + release: jxboot-helmfile-resources + heritage: Helm + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: + namespace: jx diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/committer-role.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/committer-role.yaml new file mode 100644 index 0000000..11bc396 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/committer-role.yaml @@ -0,0 +1,39 @@ +# Source: jxboot-helmfile-resources/templates/committer-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: committer + labels: + jenkins.io/kind: "EnvironmentRole" + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: + title: "Committer" + description: "A committer can write to project resources but cannot add/remove users" + namespace: jx +rules: + - apiGroups: + - "" + - jenkins.io + - extensions + - apps + - apiextensions.k8s.io + - rbac.authorization.k8s.io + - batch + - tekton.dev + - flagger.app + - config.istio.io + - authentication.istio.io + - security.istio.io + - networking.istio.io + - rbac.istio.io + resources: + - "*" + - "pods/*" + verbs: + - list + - get + - watch + - create + - update + - patch + - delete diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/dev-environment.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/dev-environment.yaml new file mode 100644 index 0000000..05abb8a --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/dev-environment.yaml @@ -0,0 +1,41 @@ +# Source: jxboot-helmfile-resources/templates/environments.yaml +apiVersion: jenkins.io/v1 +kind: Environment +metadata: + labels: + env: "dev" + team: jx + gitops.jenkins-x.io/pipeline: 'namespaces' + name: "dev" + namespace: jx +spec: + source: + ref: "master" + url: https://github.com/hwirnsberger/jx3-test-openshift4.git + kind: Development + label: Development + namespace: jx + promotionStrategy: "Never" + webHookEngine: "Lighthouse" + teamSettings: + appsRepository: http://chartmuseum.jenkins-x.io + buildPackRef: "master" + buildPackUrl: "https://github.com/jenkins-x/jxr-packs-kubernetes.git" + defaultScheduler: + apiVersion: jenkins.io/v1 + kind: Scheduler + name: jx-meta-pipeline + dockerRegistryOrg: "" + envOrganisation: todo + gitServer: https://github.com + helmTemplate: true + kubeProvider: "openshift" + pipelineUsername: "hwirnsberger" + pipelineUserEmail: "jenkins-x@googlegroups.com" + prowConfig: Scheduler + importMode: YAML + promotionEngine: Prow + prowEngine: Tekton + versionStreamUrl: "https://github.com/jenkins-x/jenkins-x-versions.git" + versionStreamRef: "master" + useGitOps: true diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/dev-sourcerepository.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/dev-sourcerepository.yaml new file mode 100644 index 0000000..fec6bee --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/dev-sourcerepository.yaml @@ -0,0 +1,21 @@ +# Source: jxboot-helmfile-resources/templates/repositories.yaml +apiVersion: jenkins.io/v1 +kind: SourceRepository +metadata: + name: "dev" + labels: + jenkins.io/gitSync: "false" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx +spec: + description: "the git repository for the Dev environment" + provider: "https://github.com" + providerKind: 'github' + providerName: 'github' + org: "hwirnsberger" + repo: "jx3-test-openshift4" + httpCloneURL: "https://github.com/hwirnsberger/jx3-test-openshift4.git" + url: "https://github.com/hwirnsberger/jx3-test-openshift4.git" + scheduler: + kind: Scheduler + name: "in-repo" diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/hook-ingress.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/hook-ingress.yaml new file mode 100644 index 0000000..2b0e24b --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/hook-ingress.yaml @@ -0,0 +1,19 @@ +# Source: jxboot-helmfile-resources/templates/700-hook-ing.yaml +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + name: hook + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + rules: + - http: + paths: + - backend: + serviceName: hook + servicePort: 80 + path: "/hook" + host: hook-jx.apps.p.aws.ocp.gepardec.com diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/ingress-config-cm.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/ingress-config-cm.yaml new file mode 100644 index 0000000..37e0960 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/ingress-config-cm.yaml @@ -0,0 +1,14 @@ +# Source: jxboot-helmfile-resources/templates/ingress-config-configmap.yaml +apiVersion: v1 +data: + domain: "apps.p.aws.ocp.gepardec.com" + email: "" + exposer: "Ingress" + issuer: "" + tls: "false" +kind: ConfigMap +metadata: + name: ingress-config + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-maven-settings-secret.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-maven-settings-secret.yaml new file mode 100644 index 0000000..cd6f74f --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-maven-settings-secret.yaml @@ -0,0 +1,24 @@ +# Source: jxboot-helmfile-resources/templates/maven-settings-secret.yaml +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: jenkins-maven-settings + namespace: jx + annotations: + secret.jenkins-x.io/schema-object: '{"name":"jenkins-maven-settings","properties":[{"name":"settings.xml","question":"Maven settings XML contents","help":"This is the maven settings XML which is mounted for Java builds","template":"\u003csettings\u003e\n \u003clocalRepository\u003e/home/jenkins/.mvnrepository\u003c/localRepository\u003e\n \u003c!--This sends everything else to /public --\u003e\n{{- if and (hasKey .Requirements \"repository\") (eq .Requirements.repository \"bucketrepo\") }}\n \u003cmirrors\u003e\n \u003cmirror\u003e\n \u003cid\u003ebucketrepo\u003c/id\u003e\n \u003cname\u003ebucketrepo mirror\u003c/name\u003e\n \u003cmirrorOf\u003e*\u003c/mirrorOf\u003e\n \u003curl\u003ehttp://bucketrepo/bucketrepo/\u003c/url\u003e\n \u003c/mirror\u003e\n \u003c/mirrors\u003e\n{{- else if and (hasKey .Requirements \"repository\") (eq .Requirements.repository \"none\") }}\n \u003cmirrors\u003e\n \u003cmirror\u003e\n \u003cid\u003ecentral\u003c/id\u003e\n \u003cname\u003eUS Central\u003c/name\u003e\n \u003curl\u003ehttps://repo.maven.apache.org/maven2\u003c/url\u003e\n \u003cmirrorOf\u003ecentral\u003c/mirrorOf\u003e\n \u003c/mirror\u003e\n \u003cmirror\u003e\n \u003cid\u003eUK\u003c/id\u003e\n \u003cname\u003eUK Central\u003c/name\u003e\n \u003curl\u003ehttps://uk.maven.org/maven2\u003c/url\u003e\n \u003cmirrorOf\u003ecentral\u003c/mirrorOf\u003e\n \u003c/mirror\u003e\n \u003c/mirrors\u003e\n{{- else }}\n \u003cmirrors\u003e\n \u003cmirror\u003e\n \u003cid\u003enexus\u003c/id\u003e\n \u003cname\u003enexus mirror\u003c/name\u003e\n \u003cmirrorOf\u003eexternal:*\u003c/mirrorOf\u003e\n \u003curl\u003ehttp://nexus/repository/maven-group/\u003c/url\u003e\n \u003c/mirror\u003e\n \u003c/mirrors\u003e\n{{- end }}\n\n \u003c!-- lets disable the download progress indicator that fills up logs --\u003e\n \u003cinteractiveMode\u003efalse\u003c/interactiveMode\u003e\n\n \u003cservers\u003e\n \u003cserver\u003e\n \u003cid\u003elocal-nexus\u003c/id\u003e\n \u003cusername\u003e{{ extsecret \"nexus\" \"username\" | default \"admin\"}}\u003c/username\u003e\n \u003cpassword\u003e{{ extsecret \"nexus\" \"password\" }}\u003c/password\u003e\n \u003c/server\u003e\n \u003cserver\u003e\n \u003cid\u003enexus\u003c/id\u003e\n \u003cusername\u003e{{ extsecret \"nexus\" \"username\" | default \"admin\"}}\u003c/username\u003e\n \u003cpassword\u003e{{ extsecret \"nexus\" \"password\" }}\u003c/password\u003e\n \u003c/server\u003e\n \u003cserver\u003e\n \u003cid\u003echartmuseum\u003c/id\u003e\n \u003cusername\u003e{{ extsecret \"jenkins-x-chartmuseum\" \"username\" }}\u003c/username\u003e\n \u003cpassword\u003e{{ extsecret \"jenkins-x-chartmuseum\" \"password\" }}\u003c/password\u003e\n \u003c/server\u003e\n \u003cserver\u003e\n \u003cid\u003ebucketrepo\u003c/id\u003e\n \u003cusername\u003e{{ extsecret \"jenkins-x-bucketrepo\" \"username\" }}\u003c/username\u003e\n \u003cpassword\u003e{{ extsecret \"jenkins-x-bucketrepo\" \"password\" }}\u003c/password\u003e\n \u003c/server\u003e\n \u003cserver\u003e\n \u003cid\u003eoss-sonatype-staging\u003c/id\u003e\n \u003cusername\u003e{{ extsecret \"sonatype\" \"username\" }}\u003c/username\u003e\n \u003cpassword\u003e{{ extsecret \"sonatype\" \"password\" }}\u003c/password\u003e\n \u003c/server\u003e\n \u003cserver\u003e\n \u003cid\u003edocker.io\u003c/id\u003e\n \u003cusername\u003e{{ extsecret \"docker-hub\" \"username\" }}\u003c/username\u003e\n \u003cpassword\u003e{{ extsecret \"docker-hub\" \"password\" }}\u003c/password\u003e\n \u003c/server\u003e\n \u003c/servers\u003e\n\n \u003cprofiles\u003e\n \u003cprofile\u003e\n \u003cid\u003enexus\u003c/id\u003e\n \u003cproperties\u003e\n{{- if and (hasKey .Requirements \"repository\") (eq .Requirements.repository \"bucketrepo\") }}\n \u003caltDeploymentRepository\u003elocal-nexus::default::http://bucketrepo/bucketrepo/deploy/maven-releases/\u003c/altDeploymentRepository\u003e\n \u003caltReleaseDeploymentRepository\u003elocal-nexus::default::http://bucketrepo/bucketrepo/deploy/maven-releases/\u003c/altReleaseDeploymentRepository\u003e\n \u003caltSnapshotDeploymentRepository\u003elocal-nexus::default::http://bucketrepo/bucketrepo/deploy/maven-snapshots/\u003c/altSnapshotDeploymentRepository\u003e\n{{- else if and (hasKey .Requirements \"repository\") (eq .Requirements.repository \"none\") }}\n{{- else }}\n \u003caltDeploymentRepository\u003elocal-nexus::default::http://nexus/repository/maven-releases/\u003c/altDeploymentRepository\u003e\n \u003caltReleaseDeploymentRepository\u003elocal-nexus::default::http://nexus/repository/maven-releases/\u003c/altReleaseDeploymentRepository\u003e\n \u003caltSnapshotDeploymentRepository\u003elocal-nexus::default::http://nexus/repository/maven-snapshots/\u003c/altSnapshotDeploymentRepository\u003e\n{{- end }}\n \u003c/properties\u003e\n\n \u003crepositories\u003e\n \u003crepository\u003e\n \u003cid\u003ecentral\u003c/id\u003e\n \u003curl\u003ehttp://central\u003c/url\u003e\n \u003creleases\u003e\u003cenabled\u003etrue\u003c/enabled\u003e\u003c/releases\u003e\n \u003csnapshots\u003e\u003cenabled\u003etrue\u003c/enabled\u003e\u003c/snapshots\u003e\n \u003c/repository\u003e\n \u003c/repositories\u003e\n \u003cpluginRepositories\u003e\n \u003cpluginRepository\u003e\n \u003cid\u003ecentral\u003c/id\u003e\n \u003curl\u003ehttp://central\u003c/url\u003e\n \u003creleases\u003e\u003cenabled\u003etrue\u003c/enabled\u003e\u003c/releases\u003e\n \u003csnapshots\u003e\u003cenabled\u003etrue\u003c/enabled\u003e\u003c/snapshots\u003e\n \u003c/pluginRepository\u003e\n \u003c/pluginRepositories\u003e\n \u003c/profile\u003e\n \u003cprofile\u003e\n \u003cid\u003erepo.jenkins-ci.org\u003c/id\u003e\n \u003cproperties\u003e\n \u003caltDeploymentRepository\u003erepo.jenkins-ci.org::default::https://repo.jenkins-ci.org/releases/\u003c/altDeploymentRepository\u003e\n \u003caltReleaseDeploymentRepository\u003erepo.jenkins-ci.org::default::https://repo.jenkins-ci.org/releases/\u003c/altReleaseDeploymentRepository\u003e\n \u003caltSnapshotDeploymentRepository\u003erepo.jenkins-ci.org::default::https://repo.jenkins-ci.org/snapshots/\u003c/altSnapshotDeploymentRepository\u003e\n \u003c/properties\u003e\n\n \u003c/profile\u003e\n \u003cprofile\u003e\n \u003cid\u003emaven.jenkins-ci.org\u003c/id\u003e\n \u003cproperties\u003e\n \u003caltDeploymentRepository\u003emaven.jenkins-ci.org::default::https://maven.jenkins-ci.org/releases/\u003c/altDeploymentRepository\u003e\n \u003caltReleaseDeploymentRepository\u003emaven.jenkins-ci.org::default::https://maven.jenkins-ci.org/releases/\u003c/altReleaseDeploymentRepository\u003e\n \u003caltSnapshotDeploymentRepository\u003emaven.jenkins-ci.org::default::https://maven.jenkins-ci.org/snapshots/\u003c/altSnapshotDeploymentRepository\u003e\n \u003c/properties\u003e\n\n \u003c/profile\u003e\n \u003cprofile\u003e\n \u003cid\u003erelease\u003c/id\u003e\n \u003cproperties\u003e\n \u003cgpg.executable\u003egpg\u003c/gpg.executable\u003e\n \u003c!-- TODO use: .Parameters.gpg.passphrase when it is always populated --\u003e\n \u003cgpg.passphrase\u003e{{ extsecret \"gpg\" \"passphrase\" }}\u003c/gpg.passphrase\u003e\n \u003c/properties\u003e\n \u003c/profile\u003e\n \u003c/profiles\u003e\n\n \u003cactiveProfiles\u003e\n \u003cactiveProfile\u003enexus\u003c/activeProfile\u003e\n \u003c/activeProfiles\u003e\n\u003c/settings\u003e"},{"name":"settings-security.xml","question":"Maven security XML contents","help":"This is the maven security XML which is mounted for Java builds","template":"\u003csettingsSecurity/\u003e"}]}' + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + backendType: local + data: + - name: settings.xml + key: settings.xml + property: settings.xml + - name: settings-security.xml + key: settings-security.xml + property: settings-security.xml + template: + type: Opaque + metadata: + annotations: + secret.jenkins-x.io/schema-object: '{"name":"jenkins-maven-settings","properties":[{"name":"settings.xml","question":"Maven settings XML contents","help":"This is the maven settings XML which is mounted for Java builds","template":"\u003csettings\u003e\n \u003clocalRepository\u003e/home/jenkins/.mvnrepository\u003c/localRepository\u003e\n \u003c!--This sends everything else to /public --\u003e\n{{- if and (hasKey .Requirements \"repository\") (eq .Requirements.repository \"bucketrepo\") }}\n \u003cmirrors\u003e\n \u003cmirror\u003e\n \u003cid\u003ebucketrepo\u003c/id\u003e\n \u003cname\u003ebucketrepo mirror\u003c/name\u003e\n \u003cmirrorOf\u003e*\u003c/mirrorOf\u003e\n \u003curl\u003ehttp://bucketrepo/bucketrepo/\u003c/url\u003e\n \u003c/mirror\u003e\n \u003c/mirrors\u003e\n{{- else if and (hasKey .Requirements \"repository\") (eq .Requirements.repository \"none\") }}\n \u003cmirrors\u003e\n \u003cmirror\u003e\n \u003cid\u003ecentral\u003c/id\u003e\n \u003cname\u003eUS Central\u003c/name\u003e\n \u003curl\u003ehttps://repo.maven.apache.org/maven2\u003c/url\u003e\n \u003cmirrorOf\u003ecentral\u003c/mirrorOf\u003e\n \u003c/mirror\u003e\n \u003cmirror\u003e\n \u003cid\u003eUK\u003c/id\u003e\n \u003cname\u003eUK Central\u003c/name\u003e\n \u003curl\u003ehttps://uk.maven.org/maven2\u003c/url\u003e\n \u003cmirrorOf\u003ecentral\u003c/mirrorOf\u003e\n \u003c/mirror\u003e\n \u003c/mirrors\u003e\n{{- else }}\n \u003cmirrors\u003e\n \u003cmirror\u003e\n \u003cid\u003enexus\u003c/id\u003e\n \u003cname\u003enexus mirror\u003c/name\u003e\n \u003cmirrorOf\u003eexternal:*\u003c/mirrorOf\u003e\n \u003curl\u003ehttp://nexus/repository/maven-group/\u003c/url\u003e\n \u003c/mirror\u003e\n \u003c/mirrors\u003e\n{{- end }}\n\n \u003c!-- lets disable the download progress indicator that fills up logs --\u003e\n \u003cinteractiveMode\u003efalse\u003c/interactiveMode\u003e\n\n \u003cservers\u003e\n \u003cserver\u003e\n \u003cid\u003elocal-nexus\u003c/id\u003e\n \u003cusername\u003e{{ extsecret \"nexus\" \"username\" | default \"admin\"}}\u003c/username\u003e\n \u003cpassword\u003e{{ extsecret \"nexus\" \"password\" }}\u003c/password\u003e\n \u003c/server\u003e\n \u003cserver\u003e\n \u003cid\u003enexus\u003c/id\u003e\n \u003cusername\u003e{{ extsecret \"nexus\" \"username\" | default \"admin\"}}\u003c/username\u003e\n \u003cpassword\u003e{{ extsecret \"nexus\" \"password\" }}\u003c/password\u003e\n \u003c/server\u003e\n \u003cserver\u003e\n \u003cid\u003echartmuseum\u003c/id\u003e\n \u003cusername\u003e{{ extsecret \"jenkins-x-chartmuseum\" \"username\" }}\u003c/username\u003e\n \u003cpassword\u003e{{ extsecret \"jenkins-x-chartmuseum\" \"password\" }}\u003c/password\u003e\n \u003c/server\u003e\n \u003cserver\u003e\n \u003cid\u003ebucketrepo\u003c/id\u003e\n \u003cusername\u003e{{ extsecret \"jenkins-x-bucketrepo\" \"username\" }}\u003c/username\u003e\n \u003cpassword\u003e{{ extsecret \"jenkins-x-bucketrepo\" \"password\" }}\u003c/password\u003e\n \u003c/server\u003e\n \u003cserver\u003e\n \u003cid\u003eoss-sonatype-staging\u003c/id\u003e\n \u003cusername\u003e{{ extsecret \"sonatype\" \"username\" }}\u003c/username\u003e\n \u003cpassword\u003e{{ extsecret \"sonatype\" \"password\" }}\u003c/password\u003e\n \u003c/server\u003e\n \u003cserver\u003e\n \u003cid\u003edocker.io\u003c/id\u003e\n \u003cusername\u003e{{ extsecret \"docker-hub\" \"username\" }}\u003c/username\u003e\n \u003cpassword\u003e{{ extsecret \"docker-hub\" \"password\" }}\u003c/password\u003e\n \u003c/server\u003e\n \u003c/servers\u003e\n\n \u003cprofiles\u003e\n \u003cprofile\u003e\n \u003cid\u003enexus\u003c/id\u003e\n \u003cproperties\u003e\n{{- if and (hasKey .Requirements \"repository\") (eq .Requirements.repository \"bucketrepo\") }}\n \u003caltDeploymentRepository\u003elocal-nexus::default::http://bucketrepo/bucketrepo/deploy/maven-releases/\u003c/altDeploymentRepository\u003e\n \u003caltReleaseDeploymentRepository\u003elocal-nexus::default::http://bucketrepo/bucketrepo/deploy/maven-releases/\u003c/altReleaseDeploymentRepository\u003e\n \u003caltSnapshotDeploymentRepository\u003elocal-nexus::default::http://bucketrepo/bucketrepo/deploy/maven-snapshots/\u003c/altSnapshotDeploymentRepository\u003e\n{{- else if and (hasKey .Requirements \"repository\") (eq .Requirements.repository \"none\") }}\n{{- else }}\n \u003caltDeploymentRepository\u003elocal-nexus::default::http://nexus/repository/maven-releases/\u003c/altDeploymentRepository\u003e\n \u003caltReleaseDeploymentRepository\u003elocal-nexus::default::http://nexus/repository/maven-releases/\u003c/altReleaseDeploymentRepository\u003e\n \u003caltSnapshotDeploymentRepository\u003elocal-nexus::default::http://nexus/repository/maven-snapshots/\u003c/altSnapshotDeploymentRepository\u003e\n{{- end }}\n \u003c/properties\u003e\n\n \u003crepositories\u003e\n \u003crepository\u003e\n \u003cid\u003ecentral\u003c/id\u003e\n \u003curl\u003ehttp://central\u003c/url\u003e\n \u003creleases\u003e\u003cenabled\u003etrue\u003c/enabled\u003e\u003c/releases\u003e\n \u003csnapshots\u003e\u003cenabled\u003etrue\u003c/enabled\u003e\u003c/snapshots\u003e\n \u003c/repository\u003e\n \u003c/repositories\u003e\n \u003cpluginRepositories\u003e\n \u003cpluginRepository\u003e\n \u003cid\u003ecentral\u003c/id\u003e\n \u003curl\u003ehttp://central\u003c/url\u003e\n \u003creleases\u003e\u003cenabled\u003etrue\u003c/enabled\u003e\u003c/releases\u003e\n \u003csnapshots\u003e\u003cenabled\u003etrue\u003c/enabled\u003e\u003c/snapshots\u003e\n \u003c/pluginRepository\u003e\n \u003c/pluginRepositories\u003e\n \u003c/profile\u003e\n \u003cprofile\u003e\n \u003cid\u003erepo.jenkins-ci.org\u003c/id\u003e\n \u003cproperties\u003e\n \u003caltDeploymentRepository\u003erepo.jenkins-ci.org::default::https://repo.jenkins-ci.org/releases/\u003c/altDeploymentRepository\u003e\n \u003caltReleaseDeploymentRepository\u003erepo.jenkins-ci.org::default::https://repo.jenkins-ci.org/releases/\u003c/altReleaseDeploymentRepository\u003e\n \u003caltSnapshotDeploymentRepository\u003erepo.jenkins-ci.org::default::https://repo.jenkins-ci.org/snapshots/\u003c/altSnapshotDeploymentRepository\u003e\n \u003c/properties\u003e\n\n \u003c/profile\u003e\n \u003cprofile\u003e\n \u003cid\u003emaven.jenkins-ci.org\u003c/id\u003e\n \u003cproperties\u003e\n \u003caltDeploymentRepository\u003emaven.jenkins-ci.org::default::https://maven.jenkins-ci.org/releases/\u003c/altDeploymentRepository\u003e\n \u003caltReleaseDeploymentRepository\u003emaven.jenkins-ci.org::default::https://maven.jenkins-ci.org/releases/\u003c/altReleaseDeploymentRepository\u003e\n \u003caltSnapshotDeploymentRepository\u003emaven.jenkins-ci.org::default::https://maven.jenkins-ci.org/snapshots/\u003c/altSnapshotDeploymentRepository\u003e\n \u003c/properties\u003e\n\n \u003c/profile\u003e\n \u003cprofile\u003e\n \u003cid\u003erelease\u003c/id\u003e\n \u003cproperties\u003e\n \u003cgpg.executable\u003egpg\u003c/gpg.executable\u003e\n \u003c!-- TODO use: .Parameters.gpg.passphrase when it is always populated --\u003e\n \u003cgpg.passphrase\u003e{{ extsecret \"gpg\" \"passphrase\" }}\u003c/gpg.passphrase\u003e\n \u003c/properties\u003e\n \u003c/profile\u003e\n \u003c/profiles\u003e\n\n \u003cactiveProfiles\u003e\n \u003cactiveProfile\u003enexus\u003c/activeProfile\u003e\n \u003c/activeProfiles\u003e\n\u003c/settings\u003e"},{"name":"settings-security.xml","question":"Maven security XML contents","help":"This is the maven security XML which is mounted for Java builds","template":"\u003csettingsSecurity/\u003e"}]}' diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-release-gpg-secret.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-release-gpg-secret.yaml new file mode 100644 index 0000000..4c864e1 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-release-gpg-secret.yaml @@ -0,0 +1,30 @@ +# Source: jxboot-helmfile-resources/templates/release-gpg-secret.yaml +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: jenkins-release-gpg + namespace: jx + annotations: + secret.jenkins-x.io/schema-object: '{"name":"jenkins-release-gpg","properties":[{"name":"pubring.gpg","question":"The gpg public ring","defaultValue":"todo"}]}' + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + backendType: local + data: + - name: pubring.gpg + key: pubring.gpg + property: pubring.gpg + - name: sec-jenkins.gpg + key: sec-jenkins.gpg + property: sec-jenkins.gpg + - name: secring.gpg + key: secring.gpg + property: secring.gpg + - name: trustdb.gpg + key: trustdb.gpg + property: trustdb.gpg + template: + type: Opaque + metadata: + annotations: + secret.jenkins-x.io/schema-object: '{"name":"jenkins-release-gpg","properties":[{"name":"pubring.gpg","question":"The gpg public ring","defaultValue":"todo"}]}' diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-x-docker-registry-cm.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-x-docker-registry-cm.yaml new file mode 100644 index 0000000..d1b0c34 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-x-docker-registry-cm.yaml @@ -0,0 +1,13 @@ +# Source: jxboot-helmfile-resources/templates/jenkins-x-docker-registry.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: jenkins-x-docker-registry + annotations: + expose.config.fabric8.io/clusterip-port-if-empty-key: docker.registry + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +data: + kaniko.flags: "" + docker.registry: ghcr.io diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-x-extensions-cm.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-x-extensions-cm.yaml new file mode 100644 index 0000000..cf1a2d7 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/jenkins-x-extensions-cm.yaml @@ -0,0 +1,16 @@ +# Source: jxboot-helmfile-resources/templates/jenkins-x-extensions-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: "jenkins-x-extensions" + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +data: + knownRepositories: | + repositories: + - chart: {} + github: jenkins-x/jenkins-x-extensions + repository: | + chart: {} + github: jenkins-x/jenkins-x-extensions diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/jx-basic-auth-htpasswd-secret.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/jx-basic-auth-htpasswd-secret.yaml new file mode 100644 index 0000000..23e613b --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/jx-basic-auth-htpasswd-secret.yaml @@ -0,0 +1,21 @@ +# Source: jxboot-helmfile-resources/templates/jx-basic-auth-htpasswd-secret.yaml +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: jx-basic-auth-htpasswd + namespace: jx + annotations: + secret.jenkins-x.io/schema-object: '{"name":"jx-basic-auth-htpasswd","properties":[{"name":"auth","question":"the htpasswd format basic auth for Ingress","help":"The htpasswd encoded user and password for basic auth ingresses","template":"{{ htpasswdExtSecret \"jx-basic-auth-user-password\" \"username\" \"password\" }}","retry":true}]}' + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + backendType: local + data: + - name: auth + key: auth + property: auth + template: + type: Opaque + metadata: + annotations: + secret.jenkins-x.io/schema-object: '{"name":"jx-basic-auth-htpasswd","properties":[{"name":"auth","question":"the htpasswd format basic auth for Ingress","help":"The htpasswd encoded user and password for basic auth ingresses","template":"{{ htpasswdExtSecret \"jx-basic-auth-user-password\" \"username\" \"password\" }}","retry":true}]}' diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/jx-basic-auth-user-password-secret.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/jx-basic-auth-user-password-secret.yaml new file mode 100644 index 0000000..14dd81b --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/jx-basic-auth-user-password-secret.yaml @@ -0,0 +1,24 @@ +# Source: jxboot-helmfile-resources/templates/jx-basic-auth-user-password-secret.yaml +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: jx-basic-auth-user-password + namespace: jx + annotations: + secret.jenkins-x.io/schema-object: '{"name":"jx-basic-auth-user-password","properties":[{"name":"username","question":"the username for basic auth ingresses","help":"The username to login to basic authenticated URLs","defaultValue":"admin"},{"name":"password","question":"the password for basic auth ingresses","help":"The password to login to basic authenticated URLs","generator":"password","minLength":5,"maxLength":41}],"mandatory":true}' + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + backendType: local + data: + - name: password + key: password + property: password + - name: username + key: username + property: username + template: + type: Opaque + metadata: + annotations: + secret.jenkins-x.io/schema-object: '{"name":"jx-basic-auth-user-password","properties":[{"name":"username","question":"the username for basic auth ingresses","help":"The username to login to basic authenticated URLs","defaultValue":"admin"},{"name":"password","question":"the password for basic auth ingresses","help":"The password to login to basic authenticated URLs","generator":"password","minLength":5,"maxLength":41}],"mandatory":true}' diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/jx-local-secrets-secret.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/jx-local-secrets-secret.yaml new file mode 100644 index 0000000..7fcaf08 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/jx-local-secrets-secret.yaml @@ -0,0 +1,16 @@ +# Source: jxboot-helmfile-resources/templates/local-secrets.yaml +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: jx-local-secrets + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + backendType: local + data: + - name: secrets.yaml + key: secrets.yaml + property: secrets.yaml + template: + type: Opaque diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/jx-pipeline-activity-updater-role.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/jx-pipeline-activity-updater-role.yaml new file mode 100644 index 0000000..b5ef84b --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/jx-pipeline-activity-updater-role.yaml @@ -0,0 +1,15 @@ +# Source: jxboot-helmfile-resources/templates/jx-pipeline-activity-reporter-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: jx-pipeline-activity-updater + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: + - jenkins.io + resources: + - '*' + verbs: + - '*' diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/jx-view-role.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/jx-view-role.yaml new file mode 100644 index 0000000..0bde74f --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/jx-view-role.yaml @@ -0,0 +1,29 @@ +# Source: jxboot-helmfile-resources/templates/jx-view-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: jx-view + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: + - jenkins.io + resources: + - teams + verbs: + - list + - get + - apiGroups: + - jenkins.io + resources: + - environments + verbs: + - list + - get + - apiGroups: + - prow.k8s.io + resources: + - prowjobs + verbs: + - create diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/kapp-config-cm.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/kapp-config-cm.yaml new file mode 100644 index 0000000..bb86523 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/kapp-config-cm.yaml @@ -0,0 +1,32 @@ +# Source: jxboot-helmfile-resources/templates/kapp-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: kapp-config + labels: + kapp.k14s.io/config: "" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx +data: + config.yml: | + apiVersion: kapp.k14s.io/v1alpha1 + kind: Config + + changeRuleBindings: + - rules: + - "upsert after upserting apps.jenkins-x.io/ingress-nginx" + resourceMatchers: + - apiVersionKindMatcher: {kind: Ingress, apiVersion: networking.k8s.io/v1beta1} + + - rules: + - "delete before deleting apps.jenkins-x.io/pusher-wave" + resourceMatchers: + - andMatcher: + matchers: + - apiVersionKindMatcher: {kind: Deployment, apiVersion: apps/v1} + - notMatcher: + matcher: + hasAnnotationMatcher: + keyvalues: + - key: kapp.k14s.io/change-group + value: apps.jenkins-x.io/pusher-wave diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/owner-role.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/owner-role.yaml new file mode 100644 index 0000000..683c3d7 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/owner-role.yaml @@ -0,0 +1,39 @@ +# Source: jxboot-helmfile-resources/templates/owner-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: owner + labels: + jenkins.io/kind: "EnvironmentRole" + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: + title: "Team Owner" + description: "A team owner can add/remove users and has write access to all team resources" + namespace: jx +rules: + - apiGroups: + - "" + - jenkins.io + - extensions + - apps + - apiextensions.k8s.io + - rbac.authorization.k8s.io + - batch + - tekton.dev + - flagger.app + - config.istio.io + - authentication.istio.io + - security.istio.io + - networking.istio.io + - rbac.istio.io + resources: + - "*" + - "pods/*" + verbs: + - list + - get + - watch + - create + - update + - patch + - delete diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/production-environment.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/production-environment.yaml new file mode 100644 index 0000000..68353dc --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/production-environment.yaml @@ -0,0 +1,16 @@ +# Source: jxboot-helmfile-resources/templates/environments.yaml +apiVersion: jenkins.io/v1 +kind: Environment +metadata: + labels: + env: "production" + team: jx + gitops.jenkins-x.io/pipeline: 'namespaces' + name: "production" + namespace: jx +spec: + kind: Permanent + label: Production + order: 500 + promotionStrategy: "Manual" + namespace: "jx-production" diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/staging-environment.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/staging-environment.yaml new file mode 100644 index 0000000..da4a33d --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/staging-environment.yaml @@ -0,0 +1,16 @@ +# Source: jxboot-helmfile-resources/templates/environments.yaml +apiVersion: jenkins.io/v1 +kind: Environment +metadata: + labels: + env: "staging" + team: jx + gitops.jenkins-x.io/pipeline: 'namespaces' + name: "staging" + namespace: jx +spec: + kind: Permanent + label: Staging + namespace: jx-staging + promotionStrategy: "Auto" + order: 100 diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-bot-rb.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-bot-rb.yaml new file mode 100644 index 0000000..19a625d --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-bot-rb.yaml @@ -0,0 +1,16 @@ +# Source: jxboot-helmfile-resources/templates/build-bot-rolebinding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: "tekton-bot" + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: "tekton-bot" +subjects: + - kind: ServiceAccount + name: "tekton-bot" + namespace: jx diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-bot-role.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-bot-role.yaml new file mode 100644 index 0000000..96df6ca --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-bot-role.yaml @@ -0,0 +1,15 @@ +# Source: jxboot-helmfile-resources/templates/build-bot-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: "tekton-bot" + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: + - "*" + resources: + - "*" + verbs: + - "*" diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-bot-sa.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-bot-sa.yaml new file mode 100644 index 0000000..30faa13 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-bot-sa.yaml @@ -0,0 +1,11 @@ +# Source: jxboot-helmfile-resources/templates/build-bot-serviceaccount.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "tekton-bot" + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +secrets: + - name: tekton-container-registry-auth + - name: tekton-git diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-container-registry-auth-secret.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-container-registry-auth-secret.yaml new file mode 100644 index 0000000..c4a7b07 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-container-registry-auth-secret.yaml @@ -0,0 +1,32 @@ +# Source: jxboot-helmfile-resources/templates/tekton-container-registry-auth-secret.yaml +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: tekton-container-registry-auth + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + secret.jenkins-x.io/replica-source: "true" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx + annotations: + secret.jenkins-x.io/schema-object: '{"name":"tekton-container-registry-auth","properties":[{"name":".dockerconfigjson","question":"Docker JSON Configuration","help":"This is the docker JSON configuration for authenticating with container registries","template":"{\n{{- if eq .Requirements.cluster.provider \"gke\" }}\n\n \"credHelpers\": {\n \"gcr.io\": \"gcr\",\n \"us.gcr.io\": \"gcr\",\n \"eu.gcr.io\": \"gcr\",\n \"asia.gcr.io\": \"gcr\",\n \"staging-k8s.gcr.io\": \"gcr\"\n },\n\n{{- else if and (eq .Requirements.cluster.provider \"eks\") (contains .Requirements.cluster.registry \"aws\") }}\n\n \"credHelpers\": {\n \"{{ .Requirements.cluster.registry }}\": \"ecr-login\"\n },\n\n{{- else if eq .Requirements.cluster.provider \"aws\" }}\n\n \"credsStore\": \"ecr-login\",\n\n{{- else if eq .Requirements.cluster.provider \"aks\" }}\n\n \"credHelpers\": {\n \"{{ .Requirements.cluster.registry }}\": \"acr-env\"\n },\n\n{{- end }}\n\n \"auths\":{\n {{- if secret \"jx.container-registry-auth\" \"password\" }}\n {{ secret \"jx.container-registry-auth\" \"url\" | default \"https://index.docker.io/v1/\" | quote }}: {\n \"auth\": {{ auth \"jx.container-registry-auth\" \"username\" \"password\" | b64enc | quote}},\n \"email\": {{ secret \"jx.container-registry-auth\" \"email\" | default \"jenkins-x@googlegroups.com\" | quote }}\n }\n {{- end }}\n {{- if or (eq .Requirements.cluster.gitServer \"https://github.com\") (eq .Requirements.cluster.gitServer \"https://github.com/\") }}\n {{- if secret \"jx.container-registry-auth\" \"password\" }}\n ,\n {{- end }}\n \"ghcr.io\": {\n {{- if secret \"jx-git-operator.jx-boot\" \"email\" }}\n \"email\": {{ secret \"jx-git-operator.jx-boot\" \"email\" | quote }},\n {{- end }}\n \"auth\": {{ auth \"jx-git-operator.jx-boot\" \"username\" \"password\" | b64enc | quote}}\n }\n {{- end }}\n }\n}"}],"mandatory":true}' + secret.jenkins-x.io/replicate-to: 'jx-production,jx-staging' +spec: + backendType: local + data: + - name: .dockerconfigjson + key: .dockerconfigjson + property: .dockerconfigjson + template: + metadata: + annotations: + tekton.dev/docker-0: "https://index.docker.io/v1/" + secret.jenkins-x.io/schema-object: '{"name":"tekton-container-registry-auth","properties":[{"name":".dockerconfigjson","question":"Docker JSON Configuration","help":"This is the docker JSON configuration for authenticating with container registries","template":"{\n{{- if eq .Requirements.cluster.provider \"gke\" }}\n\n \"credHelpers\": {\n \"gcr.io\": \"gcr\",\n \"us.gcr.io\": \"gcr\",\n \"eu.gcr.io\": \"gcr\",\n \"asia.gcr.io\": \"gcr\",\n \"staging-k8s.gcr.io\": \"gcr\"\n },\n\n{{- else if and (eq .Requirements.cluster.provider \"eks\") (contains .Requirements.cluster.registry \"aws\") }}\n\n \"credHelpers\": {\n \"{{ .Requirements.cluster.registry }}\": \"ecr-login\"\n },\n\n{{- else if eq .Requirements.cluster.provider \"aws\" }}\n\n \"credsStore\": \"ecr-login\",\n\n{{- else if eq .Requirements.cluster.provider \"aks\" }}\n\n \"credHelpers\": {\n \"{{ .Requirements.cluster.registry }}\": \"acr-env\"\n },\n\n{{- end }}\n\n \"auths\":{\n {{- if secret \"jx.container-registry-auth\" \"password\" }}\n {{ secret \"jx.container-registry-auth\" \"url\" | default \"https://index.docker.io/v1/\" | quote }}: {\n \"auth\": {{ auth \"jx.container-registry-auth\" \"username\" \"password\" | b64enc | quote}},\n \"email\": {{ secret \"jx.container-registry-auth\" \"email\" | default \"jenkins-x@googlegroups.com\" | quote }}\n }\n {{- end }}\n {{- if or (eq .Requirements.cluster.gitServer \"https://github.com\") (eq .Requirements.cluster.gitServer \"https://github.com/\") }}\n {{- if secret \"jx.container-registry-auth\" \"password\" }}\n ,\n {{- end }}\n \"ghcr.io\": {\n {{- if secret \"jx-git-operator.jx-boot\" \"email\" }}\n \"email\": {{ secret \"jx-git-operator.jx-boot\" \"email\" | quote }},\n {{- end }}\n \"auth\": {{ auth \"jx-git-operator.jx-boot\" \"username\" \"password\" | b64enc | quote}}\n }\n {{- end }}\n }\n}"}],"mandatory":true}' + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + secret.jenkins-x.io/replica-source: "true" + type: kubernetes.io/dockerconfigjson diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-git-secret.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-git-secret.yaml new file mode 100644 index 0000000..f7bea50 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/tekton-git-secret.yaml @@ -0,0 +1,32 @@ +# Source: jxboot-helmfile-resources/templates/tekton-git-secret.yaml +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: tekton-git + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx + annotations: + secret.jenkins-x.io/schema-object: '{"name":"tekton-git","properties":[{"name":"username","question":"the pipeline username","help":"the user name used by pipelines running in Jenkins X","generator":"gitOperator.username"},{"name":"password","question":"the pipeline token or password","help":"the token or password used by pipelines running in Jenkins X","generator":"gitOperator.password"}],"mandatory":true}' +spec: + backendType: local + data: + - name: password + key: password + property: password + - name: username + key: username + property: username + template: + metadata: + annotations: + tekton.dev/git-0: "https://github.com" + secret.jenkins-x.io/schema-object: '{"name":"tekton-git","properties":[{"name":"username","question":"the pipeline username","help":"the user name used by pipelines running in Jenkins X","generator":"gitOperator.username"},{"name":"password","question":"the pipeline token or password","help":"the token or password used by pipelines running in Jenkins X","generator":"gitOperator.password"}],"mandatory":true}' + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + type: kubernetes.io/basic-auth diff --git a/config-root/namespaces/jx/jxboot-helmfile-resources/viewer-role.yaml b/config-root/namespaces/jx/jxboot-helmfile-resources/viewer-role.yaml new file mode 100644 index 0000000..04f5e77 --- /dev/null +++ b/config-root/namespaces/jx/jxboot-helmfile-resources/viewer-role.yaml @@ -0,0 +1,34 @@ +# Source: jxboot-helmfile-resources/templates/viewer-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: viewer + labels: + jenkins.io/kind: "EnvironmentRole" + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: + title: "Viewer" + description: "A viewer can view all project resources" + namespace: jx +rules: + - apiGroups: + - "" + - jenkins.io + - extensions + - apps + - apiextensions.k8s.io + - rbac.authorization.k8s.io + - batch + - tekton.dev + - flagger.app + - config.istio.io + - authentication.istio.io + - security.istio.io + - networking.istio.io + - rbac.istio.io + resources: + - "*" + verbs: + - list + - get + - watch diff --git a/config-root/namespaces/jx/lighthouse-config/config-cm.yaml b/config-root/namespaces/jx/lighthouse-config/config-cm.yaml new file mode 100644 index 0000000..c1a70e4 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse-config/config-cm.yaml @@ -0,0 +1,51 @@ +apiVersion: v1 +data: + config.yaml: | + branch-protection: + protect-tested-repos: true + github: + LinkURL: null + in_repo_config: + enabled: + hwirnsberger/jx3-test-openshift4: true + plank: {} + pod_namespace: jx + prowjob_namespace: jx + push_gateway: + serve_metrics: false + tide: + context_options: + from-branch-protection: true + required-if-present-contexts: null + skip-unknown-contexts: false + merge_method: + hwirnsberger/jx3-test-openshift4: merge + queries: + - labels: + - approved + missingLabels: + - do-not-merge + - do-not-merge/hold + - do-not-merge/work-in-progress + - needs-ok-to-test + - needs-rebase + repos: + - hwirnsberger/jx3-test-openshift4 + - labels: + - updatebot + missingLabels: + - do-not-merge + - do-not-merge/hold + - do-not-merge/work-in-progress + - needs-ok-to-test + - needs-rebase + repos: + - hwirnsberger/jx3-test-openshift4 + target_url: http://dashboard-jx.apps.p.aws.ocp.gepardec.com +kind: ConfigMap +metadata: + creationTimestamp: null + name: config + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' diff --git a/config-root/namespaces/jx/lighthouse-config/install-config-cm.yaml b/config-root/namespaces/jx/lighthouse-config/install-config-cm.yaml new file mode 100644 index 0000000..fd630c7 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse-config/install-config-cm.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: jx-install-config + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +data: + kubeProvider: gke diff --git a/config-root/namespaces/jx/lighthouse-config/jx-meta-pipeline.yaml b/config-root/namespaces/jx/lighthouse-config/jx-meta-pipeline.yaml new file mode 100644 index 0000000..04b0ab0 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse-config/jx-meta-pipeline.yaml @@ -0,0 +1,251 @@ +apiVersion: tekton.dev/v1beta1 +kind: Pipeline +metadata: + name: jx-meta-pipeline + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + params: + - description: the unique build number + name: BUILD_ID + type: string + - description: the name of the job which is the trigger context name + name: JOB_NAME + type: string + - description: the specification of the job + name: JOB_SPEC + type: string + - description: 'the kind of job: postsubmit or presubmit' + name: JOB_TYPE + type: string + - default: master + description: the base git reference of the pull request + name: PULL_BASE_REF + type: string + - description: the git sha of the base of the pull request + name: PULL_BASE_SHA + type: string + - default: "" + description: git pull request number + name: PULL_NUMBER + type: string + - default: "" + description: git pull request ref in the form 'refs/pull/$PULL_NUMBER/head' + name: PULL_PULL_REF + type: string + - default: master + description: git revision to checkout (branch, tag, sha, ref…) + name: PULL_PULL_SHA + type: string + - description: git pull reference strings of base and latest in the form 'master:$PULL_BASE_SHA,$PULL_NUMBER:$PULL_PULL_SHA:refs/pull/$PULL_NUMBER/head' + name: PULL_REFS + type: string + - description: git repository name + name: REPO_NAME + type: string + - description: git repository owner (user or organisation) + name: REPO_OWNER + type: string + - description: git url to clone + name: REPO_URL + type: string + tasks: + - name: meta-pipeline + params: + - name: BUILD_ID + value: $(params.BUILD_ID) + - name: JOB_NAME + value: $(params.JOB_NAME) + - name: JOB_SPEC + value: $(params.JOB_SPEC) + - name: JOB_TYPE + value: $(params.JOB_TYPE) + - name: PULL_BASE_REF + value: $(params.PULL_BASE_REF) + - name: PULL_BASE_SHA + value: $(params.PULL_BASE_SHA) + - name: PULL_NUMBER + value: $(params.PULL_NUMBER) + - name: PULL_PULL_REF + value: $(params.PULL_PULL_REF) + - name: PULL_PULL_SHA + value: $(params.PULL_PULL_SHA) + - name: PULL_REFS + value: $(params.PULL_REFS) + - name: REPO_NAME + value: $(params.REPO_NAME) + - name: REPO_OWNER + value: $(params.REPO_OWNER) + - name: REPO_URL + value: $(params.REPO_URL) + taskSpec: + params: + - description: git url to clone + name: REPO_URL + type: string + - default: master + description: git revision to checkout (branch, tag, sha, ref…) + name: PULL_PULL_SHA + type: string + - default: source + description: subdirectory inside of /workspace to clone the git repo + name: subdirectory + type: string + - description: the unique build number + name: BUILD_ID + type: string + - description: the name of the job which is the trigger context name + name: JOB_NAME + type: string + - description: the specification of the job + name: JOB_SPEC + type: string + - description: 'the kind of job: postsubmit or presubmit' + name: JOB_TYPE + type: string + - default: master + description: the base git reference of the pull request + name: PULL_BASE_REF + type: string + - description: the git sha of the base of the pull request + name: PULL_BASE_SHA + type: string + - default: "" + description: git pull request number + name: PULL_NUMBER + type: string + - default: "" + description: git pull request ref in the form 'refs/pull/$PULL_NUMBER/head' + name: PULL_PULL_REF + type: string + - description: git pull reference strings of base and latest in the form 'master:$PULL_BASE_SHA,$PULL_NUMBER:$PULL_PULL_SHA:refs/pull/$PULL_NUMBER/head' + name: PULL_REFS + type: string + - description: git repository name + name: REPO_NAME + type: string + - description: git repository owner (user or organisation) + name: REPO_OWNER + type: string + stepTemplate: + env: + - name: BUILD_ID + value: $(params.BUILD_ID) + - name: JOB_NAME + value: $(params.JOB_NAME) + - name: JOB_SPEC + value: $(params.JOB_SPEC) + - name: JOB_TYPE + value: $(params.JOB_TYPE) + - name: PULL_BASE_REF + value: $(params.PULL_BASE_REF) + - name: PULL_BASE_SHA + value: $(params.PULL_BASE_SHA) + - name: PULL_NUMBER + value: $(params.PULL_NUMBER) + - name: PULL_PULL_REF + value: $(params.PULL_PULL_REF) + - name: PULL_PULL_SHA + value: $(params.PULL_PULL_SHA) + - name: PULL_REFS + value: $(params.PULL_REFS) + - name: REPO_NAME + value: $(params.REPO_NAME) + - name: REPO_OWNER + value: $(params.REPO_OWNER) + - name: REPO_URL + value: $(params.REPO_URL) + - name: XDG_CONFIG_HOME + value: /tekton/home + name: "" + resources: + requests: + cpu: 400m + memory: 512Mi + volumeMounts: + - mountPath: /home/jenkins + name: workspace-volume + - mountPath: /etc/podinfo + name: podinfo + readOnly: true + workingDir: /workspace/source + steps: + - args: + - -c + - 'mkdir -p $HOME; git config --global --add user.name ${GIT_AUTHOR_NAME:-jenkins-x-bot}; git config --global --add user.email ${GIT_AUTHOR_EMAIL:-jenkins-x@googlegroups.com}; git config --global credential.helper store; git clone $(params.REPO_URL) $(params.subdirectory); echo cloned url: $(params.REPO_URL) to dir: $(params.subdirectory); cd $(params.subdirectory); git checkout $(params.PULL_PULL_SHA); echo checked out revision: $(params.PULL_PULL_SHA) to dir: $(params.subdirectory)' + command: + - /bin/sh + image: gcr.io/jenkinsxio/builder-jx:2.1.32-662 + name: git-clone + resources: {} + workingDir: /workspace + - args: + - '[ -d /builder/home ] || mkdir -p /builder && ln -s /tekton/home /builder/home' + command: + - /bin/sh + - -c + image: gcr.io/jenkinsxio/builder-jx:2.1.142-761 + name: setup-builder-home + resources: {} + - args: + - gitops + - git + - setup + - --namespace + - jx-git-operator + command: + - jx + image: gcr.io/jenkinsxio/jx-cli:latest + name: git-setup + resources: {} + workingDir: /workspace + - args: + - step + - git + - merge + - --verbose + - --baseSHA + - $(params.PULL_BASE_SHA) + - --sha + - $(params.PULL_PULL_SHA) + - --baseBranch + - $(params.PULL_BASE_REF) + command: + - jx + image: gcr.io/jenkinsxio/builder-jx:2.1.142-761 + name: git-merge + resources: {} + - args: + - gitops + - variables + command: + - jx + image: gcr.io/jenkinsxio/jx-cli:latest + name: jx-variables + resources: {} + - args: + - "source .jx/variables.sh && jx step syntax effective --output-dir . --context ${JOB_NAME} --env BUILD_NUMBER=${BUILD_NUMBER} --env PIPELINE_KIND=${PIPELINE_KIND} --env PIPELINE_CONTEXT=${JOB_NAME} --env SOURCE_URL=${REPO_URL} --env REPO_OWNER=${REPO_OWNER} --env REPO_NAME=${REPO_NAME} --env APP_NAME=${APP_NAME} --env BRANCH_NAME=${BRANCH_NAME} --env JOB_NAME=${JOB_NAME} --env PULL_BASE_REF=${PULL_BASE_REF} --env PULL_BASE_SHA=${PULL_BASE_SHA} --env PULL_PULL_SHA=${PULL_PULL_SHA} --env JOB_TYPE=${JOB_TYPE} --env JOB_SPEC=${JOB_SPEC} --env PULL_NUMBER=${PULL_NUMBER}" + command: + - /bin/sh + - -c + image: gcr.io/jenkinsxio/builder-maven:2.1.142-761 + name: create-effective-pipeline + resources: {} + - args: + - "source .jx/variables.sh && jx step create task --clone-dir /workspace/source --kind ${PIPELINE_KIND} --pr-number ${PULL_NUMBER} --service-account tekton-bot --source source --branch ${BRANCH_NAME} --build-number 1 --context ${JOB_NAME} --url https://github.com/jenkins-x/jxr-packs-kubernetes" + command: + - /bin/sh + - -c + image: gcr.io/jenkinsxio/builder-maven:2.1.142-761 + name: create-tekton-crds + resources: {} + volumes: + - emptyDir: {} + name: workspace-volume + - downwardAPI: + items: + - fieldRef: + fieldPath: metadata.labels + path: labels + name: podinfo diff --git a/config-root/namespaces/jx/lighthouse-config/plugins-cm.yaml b/config-root/namespaces/jx/lighthouse-config/plugins-cm.yaml new file mode 100644 index 0000000..883ab72 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse-config/plugins-cm.yaml @@ -0,0 +1,58 @@ +apiVersion: v1 +data: + plugins.yaml: | + approve: + - lgtm_acts_as_approve: true + repos: + - hwirnsberger/jx3-test-openshift4 + require_self_approval: true + cat: {} + cherry_pick_unapproved: {} + config_updater: + gzip: false + maps: + env/prow/job.yaml: + name: config + env/prow/plugins.yaml: + name: plugins + heart: {} + label: + additional_labels: null + owners: {} + plugins: + hwirnsberger/jx3-test-openshift4: + - config-updater + - approve + - assign + - blunderbuss + - help + - hold + - lgtm + - lifecycle + - override + - size + - trigger + - wip + - heart + - cat + - dog + - pony + requiresig: {} + sigmention: {} + size: + l: 0 + m: 0 + s: 0 + xl: 0 + xxl: 0 + triggers: + - repos: + - hwirnsberger/jx3-test-openshift4 + trusted_org: todo +kind: ConfigMap +metadata: + creationTimestamp: null + name: plugins + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' diff --git a/config-root/namespaces/jx/lighthouse/hook-svc.yaml b/config-root/namespaces/jx/lighthouse/hook-svc.yaml new file mode 100644 index 0000000..6dbeffc --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/hook-svc.yaml @@ -0,0 +1,19 @@ +# Source: lighthouse/templates/webhooks-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: hook + labels: + chart: "lighthouse-0.0.939" + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: {} + namespace: jx +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: 8080 + protocol: TCP + name: http + selector: + app: lighthouse-webhooks diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-foghorn-deploy.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-foghorn-deploy.yaml new file mode 100644 index 0000000..9a8bcf0 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-foghorn-deploy.yaml @@ -0,0 +1,72 @@ +# Source: lighthouse/templates/foghorn-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lighthouse-foghorn + labels: + chart: "lighthouse-0.0.939" + app: lighthouse-foghorn + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx + annotations: + jenkins-x.io/hash: '20abea9189b201fab226d5743e05715fda9802c2556432072b13b6c879d96cae' + wave.pusher.com/update-on-config-change: 'true' +spec: + replicas: 1 + selector: + matchLabels: + app: lighthouse-foghorn + template: + metadata: + labels: + app: lighthouse-foghorn + spec: + serviceAccountName: lighthouse-foghorn + containers: + - name: lighthouse-foghorn + image: gcr.io/jenkinsxio/lighthouse-foghorn:0.0.0-SNAPSHOT-PR-1254-35 + imagePullPolicy: IfNotPresent + args: + - "--namespace=jx" + env: + - name: "GIT_KIND" + value: "github" + - name: "GIT_SERVER" + value: "https://github.com" + - name: "GIT_USER" + value: hwirnsberger + - name: "GIT_TOKEN" + valueFrom: + secretKeyRef: + name: lighthouse-oauth-token + key: oauth + - name: "HMAC_TOKEN" + valueFrom: + secretKeyRef: + name: "lighthouse-hmac-token" + key: hmac + optional: false + - name: "JX_LOG_FORMAT" + value: "json" + - name: "LOGRUS_FORMAT" + value: "json" + - name: DEFAULT_PIPELINE_RUN_SERVICE_ACCOUNT + value: "tekton-bot" + - name: DEFAULT_PIPELINE_RUN_TIMEOUT + value: "2h0m0s" + - name: FILE_BROWSER + value: "git" + - name: JX_DEFAULT_IMAGE + value: "gcr.io/jenkinsxio/builder-maven:2.1.142-761" + - name: LIGHTHOUSE_DASHBOARD_TEMPLATE + value: "namespaces/{{ .Namespace }}/pipelineruns/{{ .PipelineRun }}" + - name: LIGHTHOUSE_VERSIONSTREAM_JENKINS_X_JX3_PIPELINE_CATALOG + value: "554f99eaa1812eb0acabf046d833c47d60fd3dc4" + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 80m + memory: 128Mi + terminationGracePeriodSeconds: 180 diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-foghorn-rb.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-foghorn-rb.yaml new file mode 100644 index 0000000..178f98a --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-foghorn-rb.yaml @@ -0,0 +1,15 @@ +# Source: lighthouse/templates/foghorn-rb.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: lighthouse-foghorn + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: lighthouse-foghorn +subjects: + - kind: ServiceAccount + name: lighthouse-foghorn diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-foghorn-role.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-foghorn-role.yaml new file mode 100644 index 0000000..b04df9a --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-foghorn-role.yaml @@ -0,0 +1,43 @@ +# Source: lighthouse/templates/foghorn-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: lighthouse-foghorn + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: + - "" + resources: + - namespaces + - configmaps + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - lighthouse.jenkins.io + resources: + - lighthousejobs + verbs: + - create + - delete + - list + - update + - get + - watch + - patch + - apiGroups: + - lighthouse.jenkins.io + resources: + - lighthousejobs/status + verbs: + - create + - delete + - list + - update + - get + - watch + - patch diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-foghorn-sa.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-foghorn-sa.yaml new file mode 100644 index 0000000..73875e5 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-foghorn-sa.yaml @@ -0,0 +1,8 @@ +# Source: lighthouse/templates/foghorn-sa.yaml +kind: ServiceAccount +apiVersion: v1 +metadata: + name: lighthouse-foghorn + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-cronjob.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-cronjob.yaml new file mode 100644 index 0000000..dd13a59 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-cronjob.yaml @@ -0,0 +1,45 @@ +# Source: lighthouse/templates/gc-jobs-cj.yaml +apiVersion: batch/v1beta1 +kind: CronJob +metadata: + name: lighthouse-gc-jobs + labels: + app: jenkins-x-lighthouse-gcjobs + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 1 + jobTemplate: + metadata: + creationTimestamp: null + spec: + template: + metadata: + creationTimestamp: null + labels: + app: lighthouse-gc-jobs + release: lighthouse + spec: + containers: + - command: + - /home/jx/gc-jobs + image: gcr.io/jenkinsxio/lighthouse-gc-jobs:0.0.0-SNAPSHOT-PR-1254-35 + imagePullPolicy: IfNotPresent + args: + - "--namespace=jx" + - "--max-age=168h" + name: lighthouse-gc-jobs + resources: {} + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + restartPolicy: Never + schedulerName: default-scheduler + securityContext: {} + terminationGracePeriodSeconds: 30 + serviceAccountName: lighthouse-gc-jobs + successfulJobsHistoryLimit: 3 + schedule: "0/30 * * * *" + startingDeadlineSeconds: 4000 + suspend: false diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-rb.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-rb.yaml new file mode 100644 index 0000000..4e589e4 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-rb.yaml @@ -0,0 +1,15 @@ +# Source: lighthouse/templates/gc-jobs-rb.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: lighthouse-gc-jobs + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: lighthouse-gc-jobs +subjects: + - kind: ServiceAccount + name: lighthouse-gc-jobs diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-role.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-role.yaml new file mode 100644 index 0000000..3e89ffa --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-role.yaml @@ -0,0 +1,43 @@ +# Source: lighthouse/templates/gc-jobs-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: lighthouse-gc-jobs + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: + - "" + resources: + - namespaces + - configmaps + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - lighthouse.jenkins.io + resources: + - lighthousejobs + verbs: + - create + - delete + - list + - update + - get + - watch + - patch + - apiGroups: + - lighthouse.jenkins.io + resources: + - lighthousejobs/status + verbs: + - create + - delete + - list + - update + - get + - watch + - patch diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-sa.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-sa.yaml new file mode 100644 index 0000000..81ea88c --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-gc-jobs-sa.yaml @@ -0,0 +1,8 @@ +# Source: lighthouse/templates/gc-jobs-sa.yaml +kind: ServiceAccount +apiVersion: v1 +metadata: + name: lighthouse-gc-jobs + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-hmac-token-secret.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-hmac-token-secret.yaml new file mode 100644 index 0000000..51d901d --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-hmac-token-secret.yaml @@ -0,0 +1,30 @@ +# Source: lighthouse/templates/hmacsecret.yaml +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: lighthouse-hmac-token + labels: + app: lighthouse-lighthouse + chart: "lighthouse-0.0.939" + release: "lighthouse" + heritage: "Helm" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx + annotations: + secret.jenkins-x.io/schema-object: '{"name":"lighthouse-hmac-token","properties":[{"name":"hmac","question":"Lighthouse webhook token","help":"The webhook token is used as a secret to verify webhooks come from a trusted source","generator":"hmac"}],"mandatory":true}' +spec: + backendType: local + data: + - name: hmac + key: hmac + property: hmac + template: + metadata: + labels: + app: lighthouse-lighthouse + chart: "lighthouse-0.0.939" + release: "lighthouse" + heritage: "Helm" + annotations: + secret.jenkins-x.io/schema-object: '{"name":"lighthouse-hmac-token","properties":[{"name":"hmac","question":"Lighthouse webhook token","help":"The webhook token is used as a secret to verify webhooks come from a trusted source","generator":"hmac"}],"mandatory":true}' + type: Opaque diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-keeper-deploy.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-keeper-deploy.yaml new file mode 100644 index 0000000..0e70a60 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-keeper-deploy.yaml @@ -0,0 +1,84 @@ +# Source: lighthouse/templates/keeper-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lighthouse-keeper + labels: + chart: "lighthouse-0.0.939" + app: lighthouse-keeper + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx + annotations: + jenkins-x.io/hash: '20abea9189b201fab226d5743e05715fda9802c2556432072b13b6c879d96cae' + wave.pusher.com/update-on-config-change: 'true' +spec: + replicas: 1 + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + selector: + matchLabels: + app: lighthouse-keeper + template: + metadata: + annotations: + ad.datadoghq.com/keeper.logs: '[{"source":"lighthouse","service":"keeper"}]' + labels: + app: lighthouse-keeper + spec: + serviceAccountName: lighthouse-keeper + terminationGracePeriodSeconds: 30 + containers: + - name: lighthouse-keeper + image: gcr.io/jenkinsxio/lighthouse-keeper:0.0.0-SNAPSHOT-PR-1254-35 + imagePullPolicy: IfNotPresent + args: + - "--namespace=jx" + ports: + - name: http + containerPort: 8888 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 120 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + httpGet: + path: / + port: http + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + env: + - name: "GIT_KIND" + value: "github" + - name: "GIT_SERVER" + value: "https://github.com" + - name: "GIT_USER" + value: hwirnsberger + - name: "GIT_TOKEN" + valueFrom: + secretKeyRef: + name: lighthouse-oauth-token + key: oauth + - name: "JX_LOG_FORMAT" + value: "json" + - name: "LOGRUS_FORMAT" + value: "json" + - name: "LIGHTHOUSE_KEEPER_STATUS_CONTEXT_LABEL" + value: "Lighthouse Merge Status" + - name: LIGHTHOUSE_TRIGGER_ON_MISSING + value: disable + resources: + limits: + cpu: 400m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-keeper-rb.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-keeper-rb.yaml new file mode 100644 index 0000000..80cdc9b --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-keeper-rb.yaml @@ -0,0 +1,15 @@ +# Source: lighthouse/templates/keeper-rb.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: lighthouse-keeper + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: lighthouse-keeper +subjects: + - kind: ServiceAccount + name: lighthouse-keeper diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-keeper-role.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-keeper-role.yaml new file mode 100644 index 0000000..b6d342f --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-keeper-role.yaml @@ -0,0 +1,57 @@ +# Source: lighthouse/templates/keeper-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: lighthouse-keeper + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: + - "" + resources: + - namespaces + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - tekton.dev + resources: + - pipelineresources + - tasks + - pipelines + - pipelineruns + verbs: + - create + - list + - get + - update + - watch + - patch + - delete + - apiGroups: + - lighthouse.jenkins.io + resources: + - lighthousejobs + verbs: + - create + - delete + - list + - update + - get + - watch + - patch + - apiGroups: + - lighthouse.jenkins.io + resources: + - lighthousejobs/status + verbs: + - create + - delete + - list + - update + - get + - watch + - patch diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-keeper-sa.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-keeper-sa.yaml new file mode 100644 index 0000000..62c248c --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-keeper-sa.yaml @@ -0,0 +1,8 @@ +# Source: lighthouse/templates/keeper-sa.yaml +kind: ServiceAccount +apiVersion: v1 +metadata: + name: lighthouse-keeper + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-keeper-svc.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-keeper-svc.yaml new file mode 100644 index 0000000..d2c54fd --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-keeper-svc.yaml @@ -0,0 +1,17 @@ +# Source: lighthouse/templates/keeper-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: lighthouse-keeper + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + type: ClusterIP + selector: + app: lighthouse-keeper + ports: + - port: 80 + targetPort: 8888 + protocol: TCP + name: http diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-oauth-token-secret.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-oauth-token-secret.yaml new file mode 100644 index 0000000..0fbbc55 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-oauth-token-secret.yaml @@ -0,0 +1,30 @@ +# Source: lighthouse/templates/oauthsecret.yaml +apiVersion: kubernetes-client.io/v1 +kind: ExternalSecret +metadata: + name: lighthouse-oauth-token + labels: + app: lighthouse-lighthouse + chart: "lighthouse-0.0.939" + release: "lighthouse" + heritage: "Helm" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx + annotations: + secret.jenkins-x.io/schema-object: '{"name":"lighthouse-oauth-token","properties":[{"name":"oauth","question":"Lighthouse webhook token","help":"The webhook token is used as a secret to verify webhooks come from a trusted source","generator":"gitOperator.password"}],"mandatory":true}' +spec: + backendType: local + data: + - name: oauth + key: oauth + property: oauth + template: + metadata: + labels: + app: lighthouse-lighthouse + chart: "lighthouse-0.0.939" + release: "lighthouse" + heritage: "Helm" + annotations: + secret.jenkins-x.io/schema-object: '{"name":"lighthouse-oauth-token","properties":[{"name":"oauth","question":"Lighthouse webhook token","help":"The webhook token is used as a secret to verify webhooks come from a trusted source","generator":"gitOperator.password"}],"mandatory":true}' + type: Opaque diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-deploy.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-deploy.yaml new file mode 100644 index 0000000..5ebad7f --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-deploy.yaml @@ -0,0 +1,62 @@ +# Source: lighthouse/templates/tekton-controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lighthouse-tekton-controller + labels: + chart: "lighthouse-0.0.939" + app: lighthouse-tekton-controller + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx + annotations: + jenkins-x.io/hash: '20abea9189b201fab226d5743e05715fda9802c2556432072b13b6c879d96cae' + wave.pusher.com/update-on-config-change: 'true' +spec: + replicas: 1 + selector: + matchLabels: + app: lighthouse-tekton-controller + template: + metadata: + labels: + app: lighthouse-tekton-controller + annotations: {} + spec: + serviceAccountName: lighthouse-tekton-controller + containers: + - name: lighthouse-tekton-controller + image: gcr.io/jenkinsxio/lighthouse-tekton-controller:0.0.0-SNAPSHOT-PR-1254-35 + imagePullPolicy: IfNotPresent + args: + - --namespace=jx + - --dashboard-url=http://dashboard-jx.apps.p.aws.ocp.gepardec.com + - --dashboard-template=namespaces/{{ .Namespace }}/pipelineruns/{{ .PipelineRun }} + ports: + - name: metrics + containerPort: 8080 + env: + - name: "LOGRUS_FORMAT" + value: "json" + - name: DEFAULT_PIPELINE_RUN_SERVICE_ACCOUNT + value: "tekton-bot" + - name: DEFAULT_PIPELINE_RUN_TIMEOUT + value: "2h0m0s" + - name: FILE_BROWSER + value: "git" + - name: JX_DEFAULT_IMAGE + value: "gcr.io/jenkinsxio/builder-maven:2.1.142-761" + - name: LIGHTHOUSE_DASHBOARD_TEMPLATE + value: "namespaces/{{ .Namespace }}/pipelineruns/{{ .PipelineRun }}" + - name: LIGHTHOUSE_VERSIONSTREAM_JENKINS_X_JX3_PIPELINE_CATALOG + value: "554f99eaa1812eb0acabf046d833c47d60fd3dc4" + resources: + limits: + cpu: 100m + memory: 256Mi + requests: + cpu: 80m + memory: 128Mi + terminationGracePeriodSeconds: 180 + nodeSelector: {} + affinity: {} + tolerations: [] diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-rb.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-rb.yaml new file mode 100644 index 0000000..8925af6 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-rb.yaml @@ -0,0 +1,15 @@ +# Source: lighthouse/templates/tekton-controller-rb.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: lighthouse-tekton-controller + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: lighthouse-tekton-controller +subjects: + - kind: ServiceAccount + name: lighthouse-tekton-controller diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-role.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-role.yaml new file mode 100644 index 0000000..2405002 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-role.yaml @@ -0,0 +1,42 @@ +# Source: lighthouse/templates/tekton-controller-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: lighthouse-tekton-controller + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: + - tekton.dev + resources: + - pipelines + verbs: + - get + - apiGroups: + - tekton.dev + resources: + - pipelineruns + verbs: + - create + - list + - get + - watch + - apiGroups: + - lighthouse.jenkins.io + resources: + - lighthousejobs + verbs: + - get + - update + - list + - watch + - apiGroups: + - lighthouse.jenkins.io + resources: + - lighthousejobs/status + verbs: + - update + - get + - watch + - patch diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-sa.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-sa.yaml new file mode 100644 index 0000000..b757b2d --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-sa.yaml @@ -0,0 +1,8 @@ +# Source: lighthouse/templates/tekton-controller-sa.yaml +kind: ServiceAccount +apiVersion: v1 +metadata: + name: lighthouse-tekton-controller + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-svc.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-svc.yaml new file mode 100644 index 0000000..af67c30 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-tekton-controller-svc.yaml @@ -0,0 +1,18 @@ +# Source: lighthouse/templates/tekton-controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + name: lighthouse-tekton-controller + labels: + chart: "lighthouse-0.0.939" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: jx +spec: + type: ClusterIP + ports: + - port: 8080 + targetPort: metrics + protocol: TCP + name: metrics + selector: + app: lighthouse-tekton-controller diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-webhooks-deploy.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-webhooks-deploy.yaml new file mode 100644 index 0000000..eed76d3 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-webhooks-deploy.yaml @@ -0,0 +1,93 @@ +# Source: lighthouse/templates/webhooks-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: lighthouse-webhooks + labels: + chart: "lighthouse-0.0.939" + app: lighthouse-webhooks + git.jenkins-x.io/sha: annotate + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: + checksum/config: e718c47f868324d43eb072bfb006a73b6f26046fdc0dee46862f6e3c8fb35089 + jenkins-x.io/hash: '20abea9189b201fab226d5743e05715fda9802c2556432072b13b6c879d96cae' + wave.pusher.com/update-on-config-change: 'true' + namespace: jx +spec: + replicas: 1 + selector: + matchLabels: + app: lighthouse-webhooks + template: + metadata: + labels: + app: lighthouse-webhooks + spec: + serviceAccountName: lighthouse-webhooks + containers: + - name: lighthouse-webhooks + image: gcr.io/jenkinsxio/lighthouse-webhooks:0.0.0-SNAPSHOT-PR-1254-35 + imagePullPolicy: IfNotPresent + args: + - "--namespace=jx" + env: + - name: "GIT_KIND" + value: "github" + - name: "LH_CUSTOM_TRIGGER_COMMAND" + value: "jx" + - name: "GIT_SERVER" + value: "https://github.com" + - name: "GIT_USER" + value: hwirnsberger + - name: "GIT_TOKEN" + valueFrom: + secretKeyRef: + name: lighthouse-oauth-token + key: oauth + - name: "HMAC_TOKEN" + valueFrom: + secretKeyRef: + name: "lighthouse-hmac-token" + key: hmac + optional: false + - name: "JX_LOG_FORMAT" + value: "json" + - name: "LOGRUS_FORMAT" + value: "json" + - name: DEFAULT_PIPELINE_RUN_SERVICE_ACCOUNT + value: "tekton-bot" + - name: DEFAULT_PIPELINE_RUN_TIMEOUT + value: "2h0m0s" + - name: FILE_BROWSER + value: "git" + - name: JX_DEFAULT_IMAGE + value: "gcr.io/jenkinsxio/builder-maven:2.1.142-761" + - name: LIGHTHOUSE_DASHBOARD_TEMPLATE + value: "namespaces/{{ .Namespace }}/pipelineruns/{{ .PipelineRun }}" + - name: LIGHTHOUSE_VERSIONSTREAM_JENKINS_X_JX3_PIPELINE_CATALOG + value: "554f99eaa1812eb0acabf046d833c47d60fd3dc4" + ports: + - containerPort: 8080 + livenessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + httpGet: + path: / + port: 8080 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 80m + memory: 128Mi + terminationGracePeriodSeconds: 180 diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-webhooks-rb.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-webhooks-rb.yaml new file mode 100644 index 0000000..2a51bf7 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-webhooks-rb.yaml @@ -0,0 +1,15 @@ +# Source: lighthouse/templates/webhooks-rb.yaml +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: lighthouse-webhooks + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: lighthouse-webhooks +subjects: + - kind: ServiceAccount + name: lighthouse-webhooks diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-webhooks-role.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-webhooks-role.yaml new file mode 100644 index 0000000..1a2c29e --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-webhooks-role.yaml @@ -0,0 +1,45 @@ +# Source: lighthouse/templates/webhooks-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: lighthouse-webhooks + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: + - "" + resources: + - namespaces + - configmaps + - secrets + verbs: + - get + - update + - create + - list + - watch + - apiGroups: + - lighthouse.jenkins.io + resources: + - lighthousejobs + verbs: + - create + - delete + - list + - update + - get + - watch + - patch + - apiGroups: + - lighthouse.jenkins.io + resources: + - lighthousejobs/status + verbs: + - create + - delete + - list + - update + - get + - watch + - patch diff --git a/config-root/namespaces/jx/lighthouse/lighthouse-webhooks-sa.yaml b/config-root/namespaces/jx/lighthouse/lighthouse-webhooks-sa.yaml new file mode 100644 index 0000000..62024e8 --- /dev/null +++ b/config-root/namespaces/jx/lighthouse/lighthouse-webhooks-sa.yaml @@ -0,0 +1,8 @@ +# Source: lighthouse/templates/webhooks-sa.yaml +kind: ServiceAccount +apiVersion: v1 +metadata: + name: lighthouse-webhooks + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' diff --git a/config-root/namespaces/jx/local-external-secrets/local-external-secrets-0.0.6-release.yaml b/config-root/namespaces/jx/local-external-secrets/local-external-secrets-0.0.6-release.yaml new file mode 100644 index 0000000..ffa46f4 --- /dev/null +++ b/config-root/namespaces/jx/local-external-secrets/local-external-secrets-0.0.6-release.yaml @@ -0,0 +1,36 @@ +# Source: local-external-secrets/templates/release.yaml +apiVersion: jenkins.io/v1 +kind: Release +metadata: + creationTimestamp: "2020-11-12T10:35:39Z" + deletionTimestamp: null + name: 'local-external-secrets-0.0.6' + namespace: jx + labels: + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + commits: + - author: + accountReference: + - id: james-strachan-0 + provider: jenkins.io/git-github-userid + email: james.strachan@gmail.com + name: James Strachan + branch: master + committer: + accountReference: + - id: james-strachan-0 + provider: jenkins.io/git-github-userid + email: james.strachan@gmail.com + name: James Strachan + message: | + fix: use v1 + sha: 53345343fd586a77d0bc9fec57ae12e5c96c830d + gitCloneUrl: https://github.com/jenkins-x-charts/local-external-secrets.git + gitHttpUrl: https://github.com/jenkins-x-charts/local-external-secrets + gitOwner: jenkins-x-charts + gitRepository: local-external-secrets + name: 'local-external-secrets' + releaseNotesURL: https://github.com/jenkins-x-charts/local-external-secrets/releases/tag/v0.0.6 + version: v0.0.6 +status: {} diff --git a/config-root/namespaces/jx/source-repositories/README.md b/config-root/namespaces/jx/source-repositories/README.md new file mode 100644 index 0000000..c06a890 --- /dev/null +++ b/config-root/namespaces/jx/source-repositories/README.md @@ -0,0 +1,4 @@ + +## Source Repositories + +This folder contains any `SourceRepository` CRDs for repositories where we activate CI/CD \ No newline at end of file diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-artifact-bucket-cm.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-artifact-bucket-cm.yaml new file mode 100644 index 0000000..7b5782e --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-artifact-bucket-cm.yaml @@ -0,0 +1,35 @@ +# Source: tekton-pipeline/templates/config-artifact-bucket-cm.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-artifact-bucket + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +# data: +# # location of the gcs bucket to be used for artifact storage +# location: "gs://bucket-name" +# # name of the secret that will contain the credentials for the service account +# # with access to the bucket +# bucket.service.account.secret.name: +# # The key in the secret with the required service account json +# bucket.service.account.secret.key: +# # The field name that should be used for the service account +# # Valid values: GOOGLE_APPLICATION_CREDENTIALS, BOTO_CONFIG. +# bucket.service.account.field.name: GOOGLE_APPLICATION_CREDENTIALS diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-artifact-pvc-cm.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-artifact-pvc-cm.yaml new file mode 100644 index 0000000..b0b0d98 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-artifact-pvc-cm.yaml @@ -0,0 +1,30 @@ +# Source: tekton-pipeline/templates/config-artifact-pvc-cm.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-artifact-pvc + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +# data: +# # size of the PVC volume +# size: 5Gi +# +# # storage class of the PVC volume +# storageClassName: storage-class-name diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-defaults-cm.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-defaults-cm.yaml new file mode 100644 index 0000000..ca01f91 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-defaults-cm.yaml @@ -0,0 +1,72 @@ +# Source: tekton-pipeline/templates/config-defaults-cm.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-defaults + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # default-timeout-minutes contains the default number of + # minutes to use for TaskRun and PipelineRun, if none is specified. + default-timeout-minutes: "60" # 60 minutes + + # default-service-account contains the default service account name + # to use for TaskRun and PipelineRun, if none is specified. + default-service-account: "default" + + # default-managed-by-label-value contains the default value given to the + # "app.kubernetes.io/managed-by" label applied to all Pods created for + # TaskRuns. If a user's requested TaskRun specifies another value for this + # label, the user's request supercedes. + default-managed-by-label-value: "tekton-pipelines" + + # default-pod-template contains the default pod template to use + # TaskRun and PipelineRun, if none is specified. If a pod template + # is specified, the default pod template is ignored. + # default-pod-template: + + # default-cloud-events-sink contains the default CloudEvents sink to be + # used for TaskRun and PipelineRun, when no sink is specified. + # Note that right now it is still not possible to set a PipelineRun or + # TaskRun specific sink, so the default is the only option available. + # If no sink is specified, no CloudEvent is generated + # default-cloud-events-sink: + + # default-task-run-workspace-binding contains the default workspace + # configuration provided for any Workspaces that a Task declares + # but that a TaskRun does not explicitly provide. + # default-task-run-workspace-binding: | + # emptyDir: {} diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-leader-election-cm.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-leader-election-cm.yaml new file mode 100644 index 0000000..6dd3d55 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-leader-election-cm.yaml @@ -0,0 +1,29 @@ +# Source: tekton-pipeline/templates/config-leader-election-cm.yaml +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-leader-election + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +data: + # An inactive but valid configuration follows; see example. + leaseDuration: "15s" + renewDeadline: "10s" + retryPeriod: "2s" diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-logging-cm.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-logging-cm.yaml new file mode 100644 index 0000000..af5757e --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-logging-cm.yaml @@ -0,0 +1,54 @@ +# Source: tekton-pipeline/templates/config-logging-cm.yaml +# Copyright 2019 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +data: + # Common configuration for all knative codebase + zap-logger-config: | + { + "level": "info", + "development": false, + "sampling": { + "initial": 100, + "thereafter": 100 + }, + "outputPaths": ["stdout"], + "errorOutputPaths": ["stderr"], + "encoding": "json", + "encoderConfig": { + "timeKey": "ts", + "levelKey": "level", + "nameKey": "logger", + "callerKey": "caller", + "messageKey": "msg", + "stacktraceKey": "stacktrace", + "lineEnding": "", + "levelEncoder": "", + "timeEncoder": "iso8601", + "durationEncoder": "", + "callerEncoder": "" + } + } + # Log level overrides + loglevel.controller: "info" + loglevel.webhook: "info" diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-observability-cm.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-observability-cm.yaml new file mode 100644 index 0000000..3d68d9d --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-observability-cm.yaml @@ -0,0 +1,58 @@ +# Source: tekton-pipeline/templates/config-observability-cm.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using Stackdriver will incur additional charges. + metrics.backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used and metrics will be sent to the cluster's project if this field is + # not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed + # to send metrics to Stackdriver using "global" resource type and custom + # metric type. Setting this flag to "true" could cause extra Stackdriver + # charge. If metrics.backend-destination is not Stackdriver, this is + # ignored. + metrics.allow-stackdriver-custom-metrics: "false" diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-registry-cert-cm.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-registry-cert-cm.yaml new file mode 100644 index 0000000..9ad8008 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config-registry-cert-cm.yaml @@ -0,0 +1,27 @@ +# Source: tekton-pipeline/templates/config-registry-cert-cm.yaml +# Copyright 2020 Tekton Authors LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-registry-cert + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +# data: +# # Registry's self-signed certificate +# cert: | diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/config.webhook.pipeline.tekton.dev-valwebhookcfg.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config.webhook.pipeline.tekton.dev-valwebhookcfg.yaml new file mode 100644 index 0000000..9f83aeb --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/config.webhook.pipeline.tekton.dev-valwebhookcfg.yaml @@ -0,0 +1,24 @@ +# Source: tekton-pipeline/templates/config.webhook.pipeline.tekton.dev-valwebhookcfg.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: tekton-pipelines +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: config.webhook.pipeline.tekton.dev + objectSelector: + matchLabels: + app.kubernetes.io/part-of: tekton-pipelines diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/feature-flags-cm.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/feature-flags-cm.yaml new file mode 100644 index 0000000..667b8b4 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/feature-flags-cm.yaml @@ -0,0 +1,91 @@ +# Source: tekton-pipeline/templates/feature-flags-cm.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-flags + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +data: + # Setting this flag to "true" will prevent Tekton to create an + # Affinity Assistant for every TaskRun sharing a PVC workspace + # + # The default behaviour is for Tekton to create Affinity Assistants + # + # See more in the workspace documentation about Affinity Assistant + # https://github.com/tektoncd/pipeline/blob/master/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline + # or https://github.com/tektoncd/pipeline/pull/2630 for more info. + disable-affinity-assistant: "false" + # Setting this flag to "true" will prevent Tekton overriding your + # Task container's $HOME environment variable. + # + # The default behaviour currently is for Tekton to override the + # $HOME environment variable but this will change in an upcoming + # release. + # + # See https://github.com/tektoncd/pipeline/issues/2013 for more + # info. + disable-home-env-overwrite: "false" + # Setting this flag to "true" will prevent Tekton overriding your + # Task container's working directory. + # + # The default behaviour currently is for Tekton to override the + # working directory if not set by the user but this will change + # in an upcoming release. + # + # See https://github.com/tektoncd/pipeline/issues/1836 for more + # info. + disable-working-directory-overwrite: "false" + # Setting this flag to "true" will prevent Tekton scanning attached + # service accounts and injecting any credentials it finds into your + # Steps. + # + # The default behaviour currently is for Tekton to search service + # accounts for secrets matching a specified format and automatically + # mount those into your Steps. + # + # Note: setting this to "true" will prevent PipelineResources from + # working. + # + # See https://github.com/tektoncd/pipeline/issues/1836 for more + # info. + disable-creds-init: "false" + # This option should be set to false when Pipelines is running in a + # cluster that does not use injected sidecars such as Istio. Setting + # it to false should decrease the time it takes for a TaskRun to start + # running. For clusters that use injected sidecars, setting this + # option to false can lead to unexpected behavior. + # + # See https://github.com/tektoncd/pipeline/issues/2080 for more info. + running-in-environment-with-injected-sidecars: "true" + # Setting this flag to "true" will require that any Git SSH Secret + # offered to Tekton must have known_hosts included. + # + # See https://github.com/tektoncd/pipeline/issues/2981 for more + # info. + require-git-ssh-secret-known-hosts: "false" + # Setting this flag to "true" enables the use of Tekton OCI bundle. + # This is an experimental feature and thus should still be considered + # an alpha feature. + enable-tekton-oci-bundles: "false" + # Setting this flag to "true" enables the use of custom tasks from + # within pipelines. + # This is an experimental feature and thus should still be considered + # an alpha feature. + enable-custom-tasks: "false" diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-bot-sa.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-bot-sa.yaml new file mode 100644 index 0000000..80843fa --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-bot-sa.yaml @@ -0,0 +1,25 @@ +# Source: tekton-pipeline/templates/tekton-bot-sa.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-bot + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +secrets: diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-deploy.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-deploy.yaml new file mode 100644 index 0000000..3e7ee61 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-deploy.yaml @@ -0,0 +1,140 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-controller-deploy.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.21.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: + wave.pusher.com/update-on-config-change: 'true' +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.21.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-controller + version: "v0.21.0" + spec: + serviceAccountName: tekton-pipelines-controller + containers: + - name: tekton-pipelines-controller + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.21.0@sha256:972ee9c3f43c88495b074bfc0a8350eb34131355ab9ddc5da63c59f64d74e83d + args: [ + # Version, to be replace at release time + "-version", "v0.21.0", + # These images are built on-demand by `ko resolve` and are replaced + # by image references by digest. + "-kubeconfig-writer-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.21.0@sha256:1727868bd5a22dd8e45a4efca0a7f0b5b00cd1bbbe97068e60986ae221b828c3", "-git-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.21.0@sha256:db18a9c1607c8cbbcd72f61d0c4d795b9ff528669deacd5f8a1672e4ef198ffd", "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.21.0@sha256:d5af7d58c2ad222548e7fcaf7d8e8172837df254b49cc636d1f9d0d8c499beb8", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.21.0@sha256:8172a046a040a6267888ab9755b48631bbcf92ea58534ae506bb80125ee94cc2", "-imagedigest-exporter-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.21.0@sha256:265641edf8fbb19f844f7d2006d1b81927f43fd1b19f037709355938a1e3c78e", "-pr-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.21.0@sha256:6e2c398d27d5d9f6de3a41ed2d70d9c940e22a648a349c5cb5bbdbb76484c9fe", "-build-gcs-fetcher-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher:v0.21.0@sha256:41c251a2cc7e7c6e6c0f8d3bc3f0c3cc6a980325e754d4d95570c775a2a80b35", + # This is gcr.io/google.com/cloudsdktool/cloud-sdk:302.0.0-slim + "-gsutil-image", "gcr.io/google.com/cloudsdktool/cloud-sdk@sha256:27b2c22bf259d9bc1a291e99c63791ba0c27a04d2db0a43241ba0f1f20f4067f", + # The shell image must be root in order to create directories and copy files to PVCs. + # gcr.io/distroless/base:debug as of November 15, 2020 + # image shall not contains tag, so it will be supported on a runtime like cri-o + "-shell-image", "gcr.io/distroless/base@sha256:92720b2305d7315b5426aec19f8651e9e04222991f877cae71f40b3141d2f07e"] + volumeMounts: + - name: config-logging + mountPath: /etc/config-logging + - name: config-registry-cert + mountPath: /etc/config-registry-cert + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the controller's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_DEFAULTS_NAME + value: config-defaults + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_ARTIFACT_BUCKET_NAME + value: config-artifact-bucket + - name: CONFIG_ARTIFACT_PVC_NAME + value: config-artifact-pvc + - name: CONFIG_FEATURE_FLAGS_NAME + value: feature-flags + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: SSL_CERT_FILE + value: /etc/config-registry-cert/cert + - name: SSL_CERT_DIR + value: /etc/ssl/certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + ports: + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + volumes: + - name: config-logging + configMap: + name: config-logging + - name: config-registry-cert + configMap: + name: config-registry-cert diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-leaderelection-rb.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-leaderelection-rb.yaml new file mode 100644 index 0000000..6d7cd14 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-leaderelection-rb.yaml @@ -0,0 +1,19 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-controller-leaderelection-rb.yaml +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: tekton-pipelines-controller-leaderelection + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-rb.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-rb.yaml new file mode 100644 index 0000000..6567793 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-rb.yaml @@ -0,0 +1,33 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-controller-rb.yaml +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +subjects: + - kind: ServiceAccount + name: tekton-pipelines-controller + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-controller + apiGroup: rbac.authorization.k8s.io diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-role.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-role.yaml new file mode 100644 index 0000000..4ec83f5 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-role.yaml @@ -0,0 +1,38 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-controller-role.yaml +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The controller needs access to these configmaps for logging information and runtime configuration. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", "config-artifact-pvc", "feature-flags", "config-leader-election", "config-registry-cert"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-sa.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-sa.yaml new file mode 100644 index 0000000..58d3217 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-sa.yaml @@ -0,0 +1,24 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-controller-sa.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-controller + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-svc.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-svc.yaml new file mode 100644 index 0000000..0074c0c --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-controller-svc.yaml @@ -0,0 +1,31 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-controller-svc.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.21.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-controller + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'namespaces' + name: tekton-pipelines-controller + namespace: tekton-pipelines +spec: + ports: + - name: http-metrics + port: 9090 + protocol: TCP + targetPort: 9090 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: controller + app.kubernetes.io/component: controller + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-leader-election-role.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-leader-election-role.yaml new file mode 100644 index 0000000..57a388f --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-leader-election-role.yaml @@ -0,0 +1,15 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-leader-election-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-leader-election + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + # We uses leases for leaderelection + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-podsecuritypolicy.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-podsecuritypolicy.yaml new file mode 100644 index 0000000..7971ba9 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-podsecuritypolicy.yaml @@ -0,0 +1,48 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-podsecuritypolicy.yaml +# Copyright 2019 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: tekton-pipelines +spec: + privileged: false + allowPrivilegeEscalation: false + volumes: + - 'emptyDir' + - 'configMap' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-deploy.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-deploy.yaml new file mode 100644 index 0000000..c1e5705 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-deploy.yaml @@ -0,0 +1,139 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-webhook-deploy.yaml +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + # Note: the Deployment name must be the same as the Service name specified in + # config/400-webhook-service.yaml. If you change this name, you must also + # change the value of WEBHOOK_SERVICE_NAME below. + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.21.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'namespaces' + annotations: + wave.pusher.com/update-on-config-change: 'true' +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.21.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-webhook + version: "v0.21.0" + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: tekton-pipelines-webhook + containers: + - name: webhook + # This is the Go import path for the binary that is containerized + # and substituted here. + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.21.0@sha256:1c9c9acf8451fd40ce46dc4069d1b589a7fe1b9e5798652beb4f514e4a17e8cb + # Resource request required for autoscaler to take any action for a metric + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + # If you are changing these names, you will also need to update + # the webhook's Role in 200-role.yaml to include the new + # values in the "configmaps" "get" rule. + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: CONFIG_LEADERELECTION_NAME + value: config-leader-election + - name: WEBHOOK_SERVICE_NAME + value: tekton-pipelines-webhook + - name: WEBHOOK_SECRET_NAME + value: webhook-certs + - name: METRICS_DOMAIN + value: tekton.dev/pipeline + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + # User 65532 is the distroless nonroot user ID + runAsUser: 65532 + runAsGroup: 65532 + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + - name: probes + containerPort: 8080 + livenessProbe: + httpGet: + path: /health + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readiness + port: probes + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-horizontalpodautoscaler.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-horizontalpodautoscaler.yaml new file mode 100644 index 0000000..06928a7 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-horizontalpodautoscaler.yaml @@ -0,0 +1,43 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-webhook-horizontalpodautoscaler.yaml +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.21.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + minReplicas: 1 + maxReplicas: 5 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: tekton-pipelines-webhook + metrics: + - type: Resource + resource: + name: cpu + targetAverageUtilization: 100 diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-leaderelection-rb.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-leaderelection-rb.yaml new file mode 100644 index 0000000..353acf5 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-leaderelection-rb.yaml @@ -0,0 +1,19 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-webhook-leaderelection-rb.yaml +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: tekton-pipelines-webhook-leaderelection + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-leader-election + apiGroup: rbac.authorization.k8s.io diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-poddisruptionbudget.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-poddisruptionbudget.yaml new file mode 100644 index 0000000..51b0fea --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-poddisruptionbudget.yaml @@ -0,0 +1,25 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-webhook-poddisruptionbudget.yaml +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.21.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" + # labels below are related to istio and should not be used for resource lookup + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'namespaces' +spec: + minAvailable: 80% + selector: + matchLabels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-rb.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-rb.yaml new file mode 100644 index 0000000..dc3c78f --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-rb.yaml @@ -0,0 +1,19 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-webhook-rb.yaml +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +subjects: + - kind: ServiceAccount + name: tekton-pipelines-webhook + namespace: tekton-pipelines +roleRef: + kind: Role + name: tekton-pipelines-webhook + apiGroup: rbac.authorization.k8s.io diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-role.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-role.yaml new file mode 100644 index 0000000..55cfdc7 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-role.yaml @@ -0,0 +1,34 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-webhook-role.yaml +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["list", "watch"] + # The webhook needs access to these configmaps for logging information. + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get"] + resourceNames: ["config-logging", "config-observability", "config-leader-election"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch"] + # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever + # the secret changes it updates the webhook configurations with the certificates + # stored in the secret. + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update"] + resourceNames: ["webhook-certs"] + - apiGroups: ["policy"] + resources: ["podsecuritypolicies"] + resourceNames: ["tekton-pipelines"] + verbs: ["use"] diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-sa.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-sa.yaml new file mode 100644 index 0000000..f65371d --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-sa.yaml @@ -0,0 +1,11 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-webhook-sa.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + gitops.jenkins-x.io/pipeline: 'namespaces' diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-svc.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-svc.yaml new file mode 100644 index 0000000..f152a38 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/tekton-pipelines-webhook-svc.yaml @@ -0,0 +1,37 @@ +# Source: tekton-pipeline/templates/tekton-pipelines-webhook-svc.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/version: "v0.21.0" + app.kubernetes.io/part-of: tekton-pipelines + # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml + pipeline.tekton.dev/release: "v0.21.0" + # labels below are related to istio and should not be used for resource lookup + app: tekton-pipelines-webhook + version: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'namespaces' + name: tekton-pipelines-webhook + namespace: tekton-pipelines +spec: + ports: + # Define metrics and profiling for them to be accessible within service meshes. + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + - name: probes + port: 8080 + selector: + app.kubernetes.io/name: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/validation.webhook.pipeline.tekton.dev-valwebhookcfg.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/validation.webhook.pipeline.tekton.dev-valwebhookcfg.yaml new file mode 100644 index 0000000..fbdffbd --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/validation.webhook.pipeline.tekton.dev-valwebhookcfg.yaml @@ -0,0 +1,21 @@ +# Source: tekton-pipeline/templates/validation.webhook.pipeline.tekton.dev-valwebhookcfg.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: tekton-pipelines +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: validation.webhook.pipeline.tekton.dev diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/webhook-certs-secret.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/webhook-certs-secret.yaml new file mode 100644 index 0000000..9518813 --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/webhook-certs-secret.yaml @@ -0,0 +1,27 @@ +# Source: tekton-pipeline/templates/webhook-certs-secret.yaml +# Copyright 2020 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: webhook-certs + namespace: tekton-pipelines + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'namespaces' +# The data is populated at install time. diff --git a/config-root/namespaces/tekton-pipelines/tekton-pipeline/webhook.pipeline.tekton.dev-mutwebhookcfg.yaml b/config-root/namespaces/tekton-pipelines/tekton-pipeline/webhook.pipeline.tekton.dev-mutwebhookcfg.yaml new file mode 100644 index 0000000..80740ef --- /dev/null +++ b/config-root/namespaces/tekton-pipelines/tekton-pipeline/webhook.pipeline.tekton.dev-mutwebhookcfg.yaml @@ -0,0 +1,21 @@ +# Source: tekton-pipeline/templates/webhook.pipeline.tekton.dev-mutwebhookcfg.yaml +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.pipeline.tekton.dev + labels: + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines + pipeline.tekton.dev/release: "v0.21.0" + gitops.jenkins-x.io/pipeline: 'namespaces' + namespace: tekton-pipelines +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: tekton-pipelines-webhook + namespace: tekton-pipelines + failurePolicy: Fail + sideEffects: None + name: webhook.pipeline.tekton.dev diff --git a/helmfiles/jx/jx-values.yaml b/helmfiles/jx/jx-values.yaml index 348ce76..173a918 100644 --- a/helmfiles/jx/jx-values.yaml +++ b/helmfiles/jx/jx-values.yaml @@ -31,10 +31,12 @@ jxRequirements: registry: ghcr.io environments: - key: dev + owner: hwirnsberger + repository: jx3-test-openshift4 - key: staging - key: production ingress: - domain: change.me + domain: apps.p.aws.ocp.gepardec.com externalDNS: false kind: ingress namespaceSubDomain: -jx. @@ -42,6 +44,8 @@ jxRequirements: email: "" enabled: false production: false + pipelineUser: + username: hwirnsberger repository: bucketrepo secretStorage: local vault: {} diff --git a/helmfiles/tekton-pipelines/jx-values.yaml b/helmfiles/tekton-pipelines/jx-values.yaml index fae24db..962d631 100644 --- a/helmfiles/tekton-pipelines/jx-values.yaml +++ b/helmfiles/tekton-pipelines/jx-values.yaml @@ -31,10 +31,12 @@ jxRequirements: registry: ghcr.io environments: - key: dev + owner: hwirnsberger + repository: jx3-test-openshift4 - key: staging - key: production ingress: - domain: change.me + domain: apps.p.aws.ocp.gepardec.com externalDNS: false kind: ingress namespaceSubDomain: -tekton-pipelines. @@ -42,6 +44,8 @@ jxRequirements: email: "" enabled: false production: false + pipelineUser: + username: hwirnsberger repository: bucketrepo secretStorage: local vault: {} diff --git a/jx-requirements.yml b/jx-requirements.yml index ece3636..0dd302d 100644 --- a/jx-requirements.yml +++ b/jx-requirements.yml @@ -17,16 +17,21 @@ spec: registry: ghcr.io environments: - key: dev + owner: hwirnsberger + repository: jx3-test-openshift4 - key: staging - key: production ingress: domain: apps.p.aws.ocp.gepardec.com externalDNS: false + kind: ingress namespaceSubDomain: -jx. tls: email: "" enabled: false production: false + pipelineUser: + username: hwirnsberger repository: bucketrepo secretStorage: local vault: {}