Skip to content

Instantly share code, notes, and snippets.

@vdemeester

vdemeester/release.oc.v0.4.0.yaml

Created May 31, 2019 09:03
Show Gist options
  • Save vdemeester/057090166c0805e8204685b44f6eeb7c to your computer and use it in GitHub Desktop.
Save vdemeester/057090166c0805e8204685b44f6eeb7c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
release.oc.v0.4.0.yaml
apiVersion: v1
kind: Namespace
metadata:
name: tekton-pipelines
---
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: tekton-pipelines
spec:
allowPrivilegeEscalation: false
fsGroup:
ranges:
- max: 65535
min: 1
rule: MustRunAs
hostIPC: false
hostNetwork: false
hostPID: false
privileged: false
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
ranges:
- max: 65535
min: 1
rule: MustRunAs
volumes:
- emptyDir
- configMap
- secret
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tekton-pipelines-admin
rules:
- apiGroups:
- ""
resources:
- pods
- pods/log
- namespaces
- secrets
- events
- serviceaccounts
- configmaps
- persistentvolumeclaims
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- apps
resources:
- deployments/finalizers
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- tekton.dev
resources:
- tasks
- clustertasks
- taskruns
- pipelines
- pipelineruns
- pipelineresources
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- tekton.dev
resources:
- taskruns/finalizers
- pipelineruns/finalizers
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- tekton.dev
resources:
- tasks/status
- clustertasks/status
- taskruns/status
- pipelines/status
- pipelineruns/status
- pipelineresources/status
verbs:
- get
- list
- create
- update
- delete
- patch
- watch
- apiGroups:
- policy
resourceNames:
- tekton-pipelines
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tekton-pipelines-controller
namespace: tekton-pipelines
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: tekton-pipelines-controller-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: tekton-pipelines-admin
subjects:
- kind: ServiceAccount
name: tekton-pipelines-controller
namespace: tekton-pipelines
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clustertasks.tekton.dev
spec:
group: tekton.dev
names:
categories:
- all
- tekton-pipelines
kind: ClusterTask
plural: clustertasks
scope: Cluster
subresources:
status: {}
version: v1alpha1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: images.caching.internal.knative.dev
spec:
group: caching.internal.knative.dev
names:
categories:
- all
- knative-internal
- caching
kind: Image
plural: images
shortNames:
- img
singular: image
scope: Namespaced
subresources:
status: {}
version: v1alpha1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: pipelines.tekton.dev
spec:
group: tekton.dev
names:
categories:
- all
- tekton-pipelines
kind: Pipeline
plural: pipelines
scope: Namespaced
subresources:
status: {}
version: v1alpha1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: pipelineruns.tekton.dev
spec:
additionalPrinterColumns:
- JSONPath: .status.conditions[?(@.type=="Succeeded")].status
name: Succeeded
type: string
- JSONPath: .status.conditions[?(@.type=="Succeeded")].reason
name: Reason
type: string
- JSONPath: .status.startTime
name: StartTime
type: date
- JSONPath: .status.completionTime
name: CompletionTime
type: date
group: tekton.dev
names:
categories:
- all
- tekton-pipelines
kind: PipelineRun
plural: pipelineruns
shortNames:
- pr
- prs
scope: Namespaced
subresources:
status: {}
version: v1alpha1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: pipelineresources.tekton.dev
spec:
group: tekton.dev
names:
categories:
- all
- tekton-pipelines
kind: PipelineResource
plural: pipelineresources
scope: Namespaced
subresources:
status: {}
version: v1alpha1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tasks.tekton.dev
spec:
group: tekton.dev
names:
categories:
- all
- tekton-pipelines
kind: Task
plural: tasks
scope: Namespaced
subresources:
status: {}
version: v1alpha1
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: taskruns.tekton.dev
spec:
additionalPrinterColumns:
- JSONPath: .status.conditions[?(@.type=="Succeeded")].status
name: Succeeded
type: string
- JSONPath: .status.conditions[?(@.type=="Succeeded")].reason
name: Reason
type: string
- JSONPath: .status.startTime
name: StartTime
type: date
- JSONPath: .status.completionTime
name: CompletionTime
type: date
group: tekton.dev
names:
categories:
- all
- tekton-pipelines
kind: TaskRun
plural: taskruns
shortNames:
- tr
- trs
scope: Namespaced
subresources:
status: {}
version: v1alpha1
---
apiVersion: v1
kind: Service
metadata:
labels:
app: tekton-pipelines-controller
name: tekton-pipelines-controller
namespace: tekton-pipelines
spec:
ports:
- name: metrics
port: 9090
protocol: TCP
targetPort: 9090
selector:
app: tekton-pipelines-controller
---
apiVersion: v1
kind: Service
metadata:
labels:
app: tekton-pipelines-webhook
name: tekton-pipelines-webhook
namespace: tekton-pipelines
spec:
ports:
- port: 443
targetPort: 8443
selector:
app: tekton-pipelines-webhook
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: tekton-aggregate-edit
rules:
- apiGroups:
- tekton.dev
resources:
- tasks
- taskruns
- pipelines
- pipelineruns
- pipelineresources
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: tekton-aggregate-view
rules:
- apiGroups:
- tekton.dev
resources:
- tasks
- taskruns
- pipelines
- pipelineruns
- pipelineresources
verbs:
- get
- list
- watch
---
apiVersion: v1
data: null
kind: ConfigMap
metadata:
name: config-artifact-bucket
namespace: tekton-pipelines
---
apiVersion: v1
data: null
kind: ConfigMap
metadata:
name: config-artifact-pvc
namespace: tekton-pipelines
---
apiVersion: v1
data:
loglevel.controller: info
loglevel.webhook: info
zap-logger-config: |
{
"level": "info",
"development": false,
"sampling": {
"initial": 100,
"thereafter": 100
},
"outputPaths": ["stdout"],
"errorOutputPaths": ["stderr"],
"encoding": "json",
"encoderConfig": {
"timeKey": "",
"levelKey": "level",
"nameKey": "logger",
"callerKey": "caller",
"messageKey": "msg",
"stacktraceKey": "stacktrace",
"lineEnding": "",
"levelEncoder": "",
"timeEncoder": "",
"durationEncoder": "",
"callerEncoder": ""
}
}
kind: ConfigMap
metadata:
name: config-logging
namespace: tekton-pipelines
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: tekton-pipelines-controller
namespace: tekton-pipelines
spec:
replicas: 1
template:
metadata:
labels:
app: tekton-pipelines-controller
spec:
containers:
- args:
- -logtostderr
- -stderrthreshold
- INFO
- -kubeconfig-writer-image
- quay.io/openshift-pipeline/tektoncd-pipeline-kubeconfigwriter:v0.4.0
- -creds-image
- quay.io/openshift-pipeline/tektoncd-pipeline-creds-init:v0.4.0
- -git-image
- quay.io/openshift-pipeline/tektoncd-pipeline-git-init:v0.4.0
- -nop-image
- quay.io/openshift-pipeline/tektoncd-pipeline-nop:v0.4.0
- -bash-noop-image
- quay.io/openshift-pipeline/tektoncd-pipeline-bash:v0.4.0
- -gsutil-image
- quay.io/openshift-pipeline/tektoncd-pipeline-gsutil:v0.4.0
- -entrypoint-image
- quay.io/openshift-pipeline/tektoncd-pipeline-entrypoint:v0.4.0
- -imagedigest-exporter-image
- quay.io/openshift-pipeline/tektoncd-pipeline-imagedigestexporter:v0.4.0
image: quay.io/openshift-pipeline/tektoncd-pipeline-controller:v0.4.0
name: tekton-pipelines-controller
volumeMounts:
- mountPath: /etc/config-logging
name: config-logging
serviceAccountName: tekton-pipelines-controller
volumes:
- configMap:
name: config-logging
name: config-logging
---
apiVersion: apps/v1beta1
kind: Deployment
metadata:
name: tekton-pipelines-webhook
namespace: tekton-pipelines
spec:
replicas: 1
template:
metadata:
labels:
app: tekton-pipelines-webhook
spec:
containers:
- image: quay.io/openshift-pipeline/tektoncd-pipeline-webhook:v0.4.0
name: webhook
volumeMounts:
- mountPath: /etc/config-logging
name: config-logging
serviceAccountName: tekton-pipelines-controller
volumes:
- configMap:
name: config-logging
name: config-logging
---
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment