├── .gitignore
├── clusters
    ├── flux
    │   └── base
    │   │   ├── flux-ns.yaml
    │   │   ├── flux-helm-operator-sa.yaml
    │   │   ├── flux-helm-operator-clusterrole.yaml
    │   │   ├── flux-helm-operator-svc.yaml
    │   │   ├── kustomization.yaml
    │   │   ├── flux-helm-operator-clusterrolebinding.yaml
    │   │   ├── flux-helm-operator-deploy.yaml
    │   │   └── flux-helm-release-crd.yaml
    ├── argocd
    │   ├── base
    │   │   ├── argocd-ns.yaml
    │   │   ├── argocd-metrics-sm.yaml
    │   │   ├── argocd-server-metrics-sm.yaml
    │   │   ├── argocd-ing.yaml
    │   │   ├── argocd-repo-server-metrics-sm.yaml
    │   │   └── kustomization.yaml
    │   ├── dev
    │   │   ├── kustomization.yaml
    │   │   └── argocd-ing.yaml
    │   └── prod
    │   │   ├── kustomization.yaml
    │   │   └── argocd-ing.yaml
    ├── server
    │   ├── base
    │   │   ├── server-ns.yaml
    │   │   ├── server-ing.yaml
    │   │   ├── kustomization.yaml
    │   │   ├── server-svc.yaml
    │   │   └── server-deploy.yaml
    │   ├── dev
    │   │   ├── kustomization.yaml
    │   │   ├── server-deploy.yaml
    │   │   └── server-ing.yaml
    │   └── prod
    │   │   ├── kustomization.yaml
    │   │   ├── server-deploy.yaml
    │   │   └── server-ing.yaml
    ├── monitoring
    │   ├── base
    │   │   ├── monitoring-ns.yaml
    │   │   ├── kustomization.yaml
    │   │   └── prometheus-operator-helm.yaml
    │   ├── dev
    │   │   ├── kustomization.yaml
    │   │   └── prometheus-operator-helm.yaml
    │   └── prod
    │   │   ├── kustomization.yaml
    │   │   └── prometheus-operator-helm.yaml
    ├── tekton
    │   ├── dev
    │   │   ├── kustomization.yaml
    │   │   └── tekton-dashboard-ing.yaml
    │   ├── prod
    │   │   ├── kustomization.yaml
    │   │   └── tekton-dashboard-ing.yaml
    │   └── base
    │   │   ├── pipeline-sa.yaml
    │   │   ├── tekton-dashboard-ing.yaml
    │   │   ├── pipeline-pvc.yaml
    │   │   ├── kustomization.yaml
    │   │   ├── pipeline-task-git-clone.yaml
    │   │   ├── pipeline-task-update-image.yaml
    │   │   ├── pipeline.yaml
    │   │   ├── tekton-dashboard-release.yaml
    │   │   ├── tekton-triggers-release.yaml
    │   │   └── tekton-pipeline-release.yaml
    └── apps
    │   ├── dev.yaml
    │   ├── prod.yaml
    │   ├── dev
    │       ├── flux.yaml
    │       ├── argocd.yaml
    │       ├── server.yaml
    │       ├── tekton.yaml
    │       └── monitoring.yaml
    │   └── prod
    │       ├── flux.yaml
    │       ├── argocd.yaml
    │       ├── server.yaml
    │       ├── tekton.yaml
    │       └── monitoring.yaml
├── assets
    ├── argocd.png
    ├── gitops.png
    ├── tekton.png
    └── grafana.png
├── go.mod
├── .editorconfig
├── Dockerfile
├── Makefile
├── cmd
    └── server
    │   └── server.go
├── README.md
└── go.sum


/.gitignore:
--------------------------------------------------------------------------------
1 | /bin
2 | 


--------------------------------------------------------------------------------
/clusters/flux/base/flux-ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 |   name: flux
5 | 


--------------------------------------------------------------------------------
/clusters/argocd/base/argocd-ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 |   name: argocd
5 | 


--------------------------------------------------------------------------------
/clusters/server/base/server-ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 |   name: server
5 | 


--------------------------------------------------------------------------------
/assets/argocd.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ricoberger/gitops-using-argo-cd-and-tekton/HEAD/assets/argocd.png


--------------------------------------------------------------------------------
/assets/gitops.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ricoberger/gitops-using-argo-cd-and-tekton/HEAD/assets/gitops.png


--------------------------------------------------------------------------------
/assets/tekton.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ricoberger/gitops-using-argo-cd-and-tekton/HEAD/assets/tekton.png


--------------------------------------------------------------------------------
/assets/grafana.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ricoberger/gitops-using-argo-cd-and-tekton/HEAD/assets/grafana.png


--------------------------------------------------------------------------------
/clusters/monitoring/base/monitoring-ns.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 |   name: monitoring
5 | 


--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/ricoberger/gitops-using-argo-cd-and-tekton
2 | 
3 | go 1.14
4 | 
5 | require github.com/prometheus/client_golang v1.8.0
6 | 


--------------------------------------------------------------------------------
/clusters/flux/base/flux-helm-operator-sa.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 |   name: flux-helm-operator
5 |   namespace: flux
6 | 


--------------------------------------------------------------------------------
/clusters/argocd/dev/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 |   - ../base/
5 | patchesStrategicMerge:
6 |   - argocd-ing.yaml
7 | 


--------------------------------------------------------------------------------
/clusters/argocd/prod/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 |   - ../base/
5 | patchesStrategicMerge:
6 |   - argocd-ing.yaml
7 | 


--------------------------------------------------------------------------------
/clusters/tekton/dev/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 |   - ../base/
5 | patchesStrategicMerge:
6 |   - tekton-dashboard-ing.yaml
7 | 


--------------------------------------------------------------------------------
/clusters/server/base/server-ing.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: extensions/v1beta1
2 | kind: Ingress
3 | metadata:
4 |   name: server
5 |   namespace: server
6 |   annotations:
7 |     kubernetes.io/ingress.class: nginx
8 | 


--------------------------------------------------------------------------------
/clusters/tekton/prod/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 |   - ../base/
5 | patchesStrategicMerge:
6 |   - tekton-dashboard-ing.yaml
7 | 


--------------------------------------------------------------------------------
/clusters/monitoring/dev/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 |   - ../base/
5 | patchesStrategicMerge:
6 |   - prometheus-operator-helm.yaml
7 | 


--------------------------------------------------------------------------------
/clusters/monitoring/prod/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 |   - ../base/
5 | patchesStrategicMerge:
6 |   - prometheus-operator-helm.yaml
7 | 


--------------------------------------------------------------------------------
/clusters/monitoring/base/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | namespace: argocd
4 | resources:
5 |   - monitoring-ns.yaml
6 |   - prometheus-operator-helm.yaml
7 | 


--------------------------------------------------------------------------------
/clusters/server/dev/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 |   - ../base/
5 | patchesStrategicMerge:
6 |   - server-deploy.yaml
7 |   - server-ing.yaml
8 | 


--------------------------------------------------------------------------------
/clusters/server/prod/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 |   - ../base/
5 | patchesStrategicMerge:
6 |   - server-deploy.yaml
7 |   - server-ing.yaml
8 | 


--------------------------------------------------------------------------------
/clusters/server/base/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 | resources:
4 |   - server-deploy.yaml
5 |   - server-ing.yaml
6 |   - server-ns.yaml
7 |   - server-svc.yaml
8 | 


--------------------------------------------------------------------------------
/clusters/tekton/base/pipeline-sa.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 |   name: pipeline-account
5 |   namespace: tekton-pipelines
6 | secrets:
7 |   - name: docker-registry-secret
8 |   - name: github-secret
9 | 


--------------------------------------------------------------------------------
/clusters/tekton/base/tekton-dashboard-ing.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: extensions/v1beta1
2 | kind: Ingress
3 | metadata:
4 |   name: tekton-dashboard
5 |   namespace: tekton-pipelines
6 |   annotations:
7 |     kubernetes.io/ingress.class: nginx
8 | 


--------------------------------------------------------------------------------
/clusters/tekton/base/pipeline-pvc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: PersistentVolumeClaim
 3 | metadata:
 4 |   name: git-source-pvc
 5 |   namespace: tekton-pipelines
 6 | spec:
 7 |   accessModes:
 8 |     - ReadWriteOnce
 9 |   resources:
10 |     requests:
11 |       storage: 1Gi
12 | 


--------------------------------------------------------------------------------
/clusters/server/base/server-svc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: server
 5 |   namespace: server
 6 | spec:
 7 |   type: ClusterIP
 8 |   ports:
 9 |     - port: 8080
10 |       targetPort: http
11 |       protocol: TCP
12 |       name: http
13 |   selector:
14 |     app: server
15 | 


--------------------------------------------------------------------------------
/.editorconfig:
--------------------------------------------------------------------------------
 1 | root = true
 2 | 
 3 | [*]
 4 | indent_style = space
 5 | indent_size = 2
 6 | end_of_line = lf
 7 | charset = utf-8
 8 | trim_trailing_whitespace = true
 9 | insert_final_newline = true
10 | 
11 | [*.go]
12 | indent_style = tab
13 | indent_size = 4
14 | 
15 | [Makefile]
16 | indent_style = tab
17 | indent_size = 4
18 | 


--------------------------------------------------------------------------------
/clusters/flux/base/flux-helm-operator-clusterrole.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1beta1
 2 | kind: ClusterRole
 3 | metadata:
 4 |   name: flux-helm-operator
 5 |   namespace: flux
 6 | rules:
 7 |   - apiGroups: ['*']
 8 |     resources: ['*']
 9 |     verbs: ['*']
10 |   - nonResourceURLs: ['*']
11 |     verbs: ['*']
12 | 


--------------------------------------------------------------------------------
/clusters/argocd/base/argocd-metrics-sm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: monitoring.coreos.com/v1
 2 | kind: ServiceMonitor
 3 | metadata:
 4 |   name: argocd-metrics
 5 |   labels:
 6 |     release: prometheus-operator
 7 | spec:
 8 |   selector:
 9 |     matchLabels:
10 |       app.kubernetes.io/name: argocd-metrics
11 |   endpoints:
12 |     - port: metrics
13 | 


--------------------------------------------------------------------------------
/clusters/flux/base/flux-helm-operator-svc.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: v1
 2 | kind: Service
 3 | metadata:
 4 |   name: flux-helm-operator
 5 |   namespace: flux
 6 | spec:
 7 |   type: ClusterIP
 8 |   ports:
 9 |     - port: 3030
10 |       targetPort: http
11 |       protocol: TCP
12 |       name: http
13 |   selector:
14 |     app: flux-helm-operator
15 | 


--------------------------------------------------------------------------------
/clusters/server/dev/server-deploy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: server
 5 |   namespace: server
 6 | spec:
 7 |   template:
 8 |     spec:
 9 |       containers:
10 |         - name: server
11 |           image: ricoberger/gitops-using-argo-cd-and-tekton:dev-4b487724fc96e0b2cd026550e06b420cb61d4ece
12 | 


--------------------------------------------------------------------------------
/clusters/server/prod/server-deploy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: server
 5 |   namespace: server
 6 | spec:
 7 |   template:
 8 |     spec:
 9 |       containers:
10 |         - name: server
11 |           image: ricoberger/gitops-using-argo-cd-and-tekton:main-ee9a5c1c73c97c348df4508788c21161439bdf39
12 | 


--------------------------------------------------------------------------------
/clusters/argocd/base/argocd-server-metrics-sm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: monitoring.coreos.com/v1
 2 | kind: ServiceMonitor
 3 | metadata:
 4 |   name: argocd-server-metrics
 5 |   labels:
 6 |     release: prometheus-operator
 7 | spec:
 8 |   selector:
 9 |     matchLabels:
10 |       app.kubernetes.io/name: argocd-server-metrics
11 |   endpoints:
12 |     - port: metrics
13 | 


--------------------------------------------------------------------------------
/clusters/server/dev/server-ing.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: server
 5 |   namespace: server
 6 | spec:
 7 |   rules:
 8 |     - host: server-dev.fake
 9 |       http:
10 |         paths:
11 |           - path: /
12 |             backend:
13 |               serviceName: server
14 |               servicePort: http
15 | 


--------------------------------------------------------------------------------
/clusters/server/prod/server-ing.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: server
 5 |   namespace: server
 6 | spec:
 7 |   rules:
 8 |     - host: server-prod.fake
 9 |       http:
10 |         paths:
11 |           - path: /
12 |             backend:
13 |               serviceName: server
14 |               servicePort: http
15 | 


--------------------------------------------------------------------------------
/clusters/argocd/base/argocd-ing.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: argocd-ui
 5 |   annotations:
 6 |     kubernetes.io/ingress.class: nginx
 7 |     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
 8 |     nginx.ingress.kubernetes.io/ssl-passthrough: "true"
 9 |     nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
10 | 


--------------------------------------------------------------------------------
/clusters/argocd/base/argocd-repo-server-metrics-sm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: monitoring.coreos.com/v1
 2 | kind: ServiceMonitor
 3 | metadata:
 4 |   name: argocd-repo-server-metrics
 5 |   labels:
 6 |     release: prometheus-operator
 7 | spec:
 8 |   selector:
 9 |     matchLabels:
10 |       app.kubernetes.io/name: argocd-repo-server
11 |   endpoints:
12 |     - port: metrics
13 | 


--------------------------------------------------------------------------------
/clusters/argocd/base/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: kustomize.config.k8s.io/v1beta1
 2 | kind: Kustomization
 3 | namespace: argocd
 4 | resources:
 5 |   - argocd-ns.yaml
 6 |   - github.com/argoproj/argo-cd/manifests/cluster-install/?ref=v1.7.8
 7 |   - argocd-ing.yaml
 8 |   - argocd-metrics-sm.yaml
 9 |   - argocd-repo-server-metrics-sm.yaml
10 |   - argocd-server-metrics-sm.yaml
11 | 


--------------------------------------------------------------------------------
/clusters/tekton/dev/tekton-dashboard-ing.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: tekton-dashboard
 5 |   namespace: tekton-pipelines
 6 | spec:
 7 |   rules:
 8 |     - host: tekton-dev.fake
 9 |       http:
10 |         paths:
11 |           - path: /
12 |             backend:
13 |               serviceName: tekton-dashboard
14 |               servicePort: http
15 | 


--------------------------------------------------------------------------------
/clusters/flux/base/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: kustomize.config.k8s.io/v1beta1
 2 | kind: Kustomization
 3 | namespace: flux
 4 | resources:
 5 |   - flux-ns.yaml
 6 |   - flux-helm-operator-clusterrole.yaml
 7 |   - flux-helm-operator-clusterrolebinding.yaml
 8 |   - flux-helm-operator-deploy.yaml
 9 |   - flux-helm-operator-sa.yaml
10 |   - flux-helm-operator-svc.yaml
11 |   - flux-helm-release-crd.yaml
12 | 


--------------------------------------------------------------------------------
/clusters/tekton/prod/tekton-dashboard-ing.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: tekton-dashboard
 5 |   namespace: tekton-pipelines
 6 | spec:
 7 |   rules:
 8 |     - host: tekton-prod.fake
 9 |       http:
10 |         paths:
11 |           - path: /
12 |             backend:
13 |               serviceName: tekton-dashboard
14 |               servicePort: http
15 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM golang:1.13-alpine3.10 as build
 2 | 
 3 | RUN apk add --no-cache --update git make
 4 | 
 5 | RUN mkdir /build
 6 | WORKDIR /build
 7 | COPY . .
 8 | RUN make build
 9 | 
10 | 
11 | FROM alpine:3.10
12 | 
13 | RUN apk add --no-cache --update curl ca-certificates
14 | 
15 | USER nobody
16 | 
17 | COPY --from=build /build/bin/server /bin/server
18 | EXPOSE 8080
19 | 
20 | ENTRYPOINT  [ "/bin/server" ]
21 | 


--------------------------------------------------------------------------------
/clusters/flux/base/flux-helm-operator-clusterrolebinding.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: rbac.authorization.k8s.io/v1beta1
 2 | kind: ClusterRoleBinding
 3 | metadata:
 4 |   name: flux-helm-operator
 5 |   namespace: flux
 6 | roleRef:
 7 |   apiGroup: rbac.authorization.k8s.io
 8 |   kind: ClusterRole
 9 |   name: flux-helm-operator
10 | subjects:
11 |   - kind: ServiceAccount
12 |     name: flux-helm-operator
13 |     namespace: flux
14 | 


--------------------------------------------------------------------------------
/clusters/argocd/dev/argocd-ing.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: argocd-ui
 5 | spec:
 6 |   rules:
 7 |     - host: argocd-dev.fake
 8 |       http:
 9 |         paths:
10 |           - path: /
11 |             backend:
12 |               serviceName: argocd-server
13 |               servicePort: https
14 |   tls:
15 |     - hosts:
16 |         - argocd-dev.fake
17 |       secretName: argocd-secret
18 | 


--------------------------------------------------------------------------------
/clusters/argocd/prod/argocd-ing.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: extensions/v1beta1
 2 | kind: Ingress
 3 | metadata:
 4 |   name: argo-cd-ui
 5 | spec:
 6 |   rules:
 7 |     - host: argocd-prod.fake
 8 |       http:
 9 |         paths:
10 |           - path: /
11 |             backend:
12 |               serviceName: argocd-server
13 |               servicePort: https
14 |   tls:
15 |     - hosts:
16 |         - argocd-prod.fake
17 |       secretName: argocd-secret
18 | 


--------------------------------------------------------------------------------
/clusters/tekton/base/kustomization.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: kustomize.config.k8s.io/v1beta1
 2 | kind: Kustomization
 3 | resources:
 4 |   - tekton-pipeline-release.yaml
 5 |   - tekton-triggers-release.yaml
 6 |   - tekton-dashboard-release.yaml
 7 |   - tekton-dashboard-ing.yaml
 8 |   - https://raw.githubusercontent.com/tektoncd/catalog/master/task/kaniko/0.1/kaniko.yaml
 9 |   - pipeline-task-git-clone.yaml
10 |   - pipeline-task-update-image.yaml
11 |   - pipeline.yaml
12 |   - pipeline-sa.yaml
13 |   - pipeline-pvc.yaml
14 | 


--------------------------------------------------------------------------------
/clusters/apps/dev.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: apps
 5 |   namespace: argocd
 6 |   finalizers:
 7 |     - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   destination:
11 |     server: https://kubernetes.default.svc
12 |     namespace: argocd
13 |   syncPolicy:
14 |     automated:
15 |       prune: true
16 |       selfHeal: true
17 |   source:
18 |     repoURL: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton.git
19 |     targetRevision: dev
20 |     path: clusters/apps/dev
21 | 


--------------------------------------------------------------------------------
/clusters/apps/prod.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: apps
 5 |   namespace: argocd
 6 |   finalizers:
 7 |     - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   destination:
11 |     server: https://kubernetes.default.svc
12 |     namespace: argocd
13 |   syncPolicy:
14 |     automated:
15 |       prune: true
16 |       selfHeal: true
17 |   source:
18 |     repoURL: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton.git
19 |     targetRevision: HEAD
20 |     path: clusters/apps/prod
21 | 


--------------------------------------------------------------------------------
/clusters/apps/dev/flux.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: flux
 5 |   namespace: argocd
 6 |   finalizers:
 7 |     - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   destination:
11 |     server: https://kubernetes.default.svc
12 |     namespace: flux
13 |   syncPolicy:
14 |     automated:
15 |       prune: true
16 |       selfHeal: true
17 |   source:
18 |     repoURL: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton.git
19 |     targetRevision: dev
20 |     path: clusters/flux/base
21 | 


--------------------------------------------------------------------------------
/clusters/apps/prod/flux.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: flux
 5 |   namespace: argocd
 6 |   finalizers:
 7 |     - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   destination:
11 |     server: https://kubernetes.default.svc
12 |     namespace: flux
13 |   syncPolicy:
14 |     automated:
15 |       prune: true
16 |       selfHeal: true
17 |   source:
18 |     repoURL: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton.git
19 |     targetRevision: HEAD
20 |     path: clusters/flux/base
21 | 


--------------------------------------------------------------------------------
/clusters/apps/dev/argocd.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: argocd
 5 |   namespace: argocd
 6 |   finalizers:
 7 |     - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   destination:
11 |     server: https://kubernetes.default.svc
12 |     namespace: argocd
13 |   syncPolicy:
14 |     automated:
15 |       prune: true
16 |       selfHeal: true
17 |   source:
18 |     repoURL: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton.git
19 |     targetRevision: dev
20 |     path: clusters/argocd/dev
21 | 


--------------------------------------------------------------------------------
/clusters/apps/dev/server.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: server
 5 |   namespace: argocd
 6 |   finalizers:
 7 |     - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   destination:
11 |     server: https://kubernetes.default.svc
12 |     namespace: server
13 |   syncPolicy:
14 |     automated:
15 |       prune: true
16 |       selfHeal: true
17 |   source:
18 |     repoURL: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton.git
19 |     targetRevision: dev
20 |     path: clusters/server/dev
21 | 


--------------------------------------------------------------------------------
/clusters/apps/prod/argocd.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: argocd
 5 |   namespace: argocd
 6 |   finalizers:
 7 |     - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   destination:
11 |     server: https://kubernetes.default.svc
12 |     namespace: argocd
13 |   syncPolicy:
14 |     automated:
15 |       prune: true
16 |       selfHeal: true
17 |   source:
18 |     repoURL: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton.git
19 |     targetRevision: HEAD
20 |     path: clusters/argocd/prod
21 | 


--------------------------------------------------------------------------------
/clusters/apps/prod/server.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: server
 5 |   namespace: argocd
 6 |   finalizers:
 7 |     - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   destination:
11 |     server: https://kubernetes.default.svc
12 |     namespace: server
13 |   syncPolicy:
14 |     automated:
15 |       prune: true
16 |       selfHeal: true
17 |   source:
18 |     repoURL: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton.git
19 |     targetRevision: HEAD
20 |     path: clusters/server/prod
21 | 


--------------------------------------------------------------------------------
/clusters/apps/dev/tekton.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: tekton
 5 |   namespace: argocd
 6 |   finalizers:
 7 |     - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   destination:
11 |     server: https://kubernetes.default.svc
12 |     namespace: tekton-pipelines
13 |   syncPolicy:
14 |     automated:
15 |       prune: true
16 |       selfHeal: true
17 |   source:
18 |     repoURL: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton.git
19 |     targetRevision: dev
20 |     path: clusters/tekton/dev
21 | 


--------------------------------------------------------------------------------
/clusters/apps/dev/monitoring.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: monitoring
 5 |   namespace: argocd
 6 |   finalizers:
 7 |     - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   destination:
11 |     server: https://kubernetes.default.svc
12 |     namespace: monitoring
13 |   syncPolicy:
14 |     automated:
15 |       prune: true
16 |       selfHeal: true
17 |   source:
18 |     repoURL: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton.git
19 |     targetRevision: dev
20 |     path: clusters/monitoring/dev
21 | 


--------------------------------------------------------------------------------
/clusters/apps/prod/tekton.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: tekton
 5 |   namespace: argocd
 6 |   finalizers:
 7 |     - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   destination:
11 |     server: https://kubernetes.default.svc
12 |     namespace: tekton-pipelines
13 |   syncPolicy:
14 |     automated:
15 |       prune: true
16 |       selfHeal: true
17 |   source:
18 |     repoURL: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton.git
19 |     targetRevision: HEAD
20 |     path: clusters/tekton/prod
21 | 


--------------------------------------------------------------------------------
/clusters/monitoring/dev/prometheus-operator-helm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: helm.fluxcd.io/v1
 2 | kind: HelmRelease
 3 | metadata:
 4 |   name: prometheus-operator
 5 |   namespace: monitoring
 6 | spec:
 7 |   releaseName: prometheus-operator
 8 |   chart:
 9 |     repository: https://prometheus-community.github.io/helm-charts
10 |     name: kube-prometheus-stack
11 |     version: 10.1.0
12 |   helmVersion: v3
13 |   values:
14 |     grafana:
15 |       ingress:
16 |         hosts:
17 |           - grafana-dev.fake
18 |     prometheus:
19 |       ingress:
20 |         hosts:
21 |           - prometheus-dev.fake
22 | 


--------------------------------------------------------------------------------
/clusters/apps/prod/monitoring.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: argoproj.io/v1alpha1
 2 | kind: Application
 3 | metadata:
 4 |   name: monitoring
 5 |   namespace: argocd
 6 |   finalizers:
 7 |     - resources-finalizer.argocd.argoproj.io
 8 | spec:
 9 |   project: default
10 |   destination:
11 |     server: https://kubernetes.default.svc
12 |     namespace: monitoring
13 |   syncPolicy:
14 |     automated:
15 |       prune: true
16 |       selfHeal: true
17 |   source:
18 |     repoURL: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton.git
19 |     targetRevision: HEAD
20 |     path: clusters/monitoring/prod
21 | 


--------------------------------------------------------------------------------
/clusters/monitoring/prod/prometheus-operator-helm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: helm.fluxcd.io/v1
 2 | kind: HelmRelease
 3 | metadata:
 4 |   name: prometheus-operator
 5 |   namespace: monitoring
 6 | spec:
 7 |   releaseName: prometheus-operator
 8 |   chart:
 9 |     repository: https://prometheus-community.github.io/helm-charts
10 |     name: kube-prometheus-stack
11 |     version: 10.1.0
12 |   helmVersion: v3
13 |   values:
14 |     grafana:
15 |       ingress:
16 |         hosts:
17 |           - grafana-prod.fake
18 |     prometheus:
19 |       ingress:
20 |         hosts:
21 |           - prometheus-prod.fake
22 | 


--------------------------------------------------------------------------------
/clusters/monitoring/base/prometheus-operator-helm.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: helm.fluxcd.io/v1
 2 | kind: HelmRelease
 3 | metadata:
 4 |   name: prometheus-operator
 5 |   namespace: monitoring
 6 | spec:
 7 |   releaseName: prometheus-operator
 8 |   chart:
 9 |     repository: https://prometheus-community.github.io/helm-charts
10 |     name: kube-prometheus-stack
11 |     version: 10.1.0
12 |   helmVersion: v3
13 |   values:
14 |     alertmanager:
15 |       enabled: false
16 |     grafana:
17 |       adminPassword: admin
18 |       ingress:
19 |         enabled: true
20 |         annotations:
21 |           kubernetes.io/ingress.class: nginx
22 |     prometheus:
23 |       ingress:
24 |         enabled: true
25 |         annotations:
26 |           kubernetes.io/ingress.class: nginx
27 |       prometheusSpec:
28 |         enableAdminAPI: true
29 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | .PHONY: build release-major release-minor release-patch
 2 | 
 3 | build:
 4 | 	go build -o ./bin/server ./cmd/server
 5 | 
 6 | release-major:
 7 | 	$(eval MAJORVERSION=$(shell git describe --tags --abbrev=0 | sed s/v// | awk -F. '{print $$1+1".0.0"}'))
 8 | 	git checkout master
 9 | 	git pull
10 | 	git tag -a $(MAJORVERSION) -m 'Release $(MAJORVERSION)'
11 | 	git push origin --tags
12 | 
13 | release-minor:
14 | 	$(eval MINORVERSION=$(shell git describe --tags --abbrev=0 | sed s/v// | awk -F. '{print $$1"."$$2+1".0"}'))
15 | 	git checkout master
16 | 	git pull
17 | 	git tag -a $(MINORVERSION) -m 'Release $(MINORVERSION)'
18 | 	git push origin --tags
19 | 
20 | release-patch:
21 | 	$(eval PATCHVERSION=$(shell git describe --tags --abbrev=0 | sed s/v// | awk -F. '{print $$1"."$$2"."$$3+1}'))
22 | 	git checkout master
23 | 	git pull
24 | 	git tag -a $(PATCHVERSION) -m 'Release $(PATCHVERSION)'
25 | 	git push origin --tags
26 | 


--------------------------------------------------------------------------------
/clusters/server/base/server-deploy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: server
 5 |   namespace: server
 6 | spec:
 7 |   replicas: 1
 8 |   selector:
 9 |     matchLabels:
10 |       app: server
11 |   strategy:
12 |     type: Recreate
13 |   template:
14 |     metadata:
15 |       labels:
16 |         app: server
17 |     spec:
18 |       containers:
19 |         - name: server
20 |           # image: <KUSTOMIZE>
21 |           imagePullPolicy: IfNotPresent
22 |           ports:
23 |             - name: http
24 |               containerPort: 8080
25 |           livenessProbe:
26 |             httpGet:
27 |               port: 8080
28 |               path: /health
29 |             initialDelaySeconds: 1
30 |             timeoutSeconds: 5
31 |           readinessProbe:
32 |             httpGet:
33 |               port: 8080
34 |               path: /health
35 |             initialDelaySeconds: 1
36 |             timeoutSeconds: 5
37 | 


--------------------------------------------------------------------------------
/clusters/tekton/base/pipeline-task-git-clone.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: tekton.dev/v1beta1
 2 | kind: Task
 3 | metadata:
 4 |   name: git-clone
 5 | spec:
 6 |   workspaces:
 7 |     - name: source
 8 |       description: The git repo will be cloned onto the volume backing this workspace
 9 |   params:
10 |     - name: url
11 |       description: git url to clone
12 |       type: string
13 |     - name: revision
14 |       description: git revision to checkout (branch, tag, sha, ref…)
15 |       type: string
16 |       default: main
17 |   results:
18 |     - name: commit
19 |       description: The precise commit SHA that was fetched by this Task
20 |   steps:
21 |     - name: git-clone
22 |       image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.12.1
23 |       securityContext:
24 |         privileged: true
25 |       script: |
26 |         cd $(workspaces.source.path)
27 |         rm -rf gitops-using-argo-cd-and-tekton
28 |         git clone -b "$(params.revision)" "$(params.url)"
29 |         cd gitops-using-argo-cd-and-tekton
30 |         RESULT_SHA="$(git rev-parse HEAD)"
31 |         echo -n "$RESULT_SHA" > $(results.commit.path)
32 | 


--------------------------------------------------------------------------------
/clusters/tekton/base/pipeline-task-update-image.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: tekton.dev/v1beta1
 2 | kind: Task
 3 | metadata:
 4 |   name: update-image
 5 | spec:
 6 |   workspaces:
 7 |     - name: source
 8 |   params:
 9 |     - name: SERVICE_NAME
10 |       description: Name of the service which should be updated
11 |     - name: FILE_PATH
12 |       description: Path to the file which should be updated
13 |     - name: YAML_FIELD
14 |       description: YAML path which contains the image
15 |     - name: IMAGE
16 |       description: Image which should be used
17 |   steps:
18 |   - name: update-file
19 |     image: docker.io/mikefarah/yq
20 |     securityContext:
21 |       privileged: true
22 |     script: |
23 |       yq w -i $(workspaces.source.path)/gitops-using-argo-cd-and-tekton/$(params.FILE_PATH) $(params.YAML_FIELD) $(params.IMAGE)
24 |   - name: git-push
25 |     image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.12.1
26 |     securityContext:
27 |       privileged: true
28 |     script: |
29 |       cd $(workspaces.source.path)/gitops-using-argo-cd-and-tekton
30 |       git config --global user.email "mail@ricoberger.de"
31 |       git config --global user.name "ricoberger"
32 |       git add $(params.FILE_PATH)
33 |       MESSAGE="Automated commit by Tekton: $(params.SERVICE_NAME): $(params.IMAGE)"
34 |       git commit -m "$MESSAGE"
35 |       git push
36 | 


--------------------------------------------------------------------------------
/clusters/flux/base/flux-helm-operator-deploy.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: apps/v1
 2 | kind: Deployment
 3 | metadata:
 4 |   name: flux-helm-operator
 5 |   namespace: flux
 6 | spec:
 7 |   replicas: 1
 8 |   selector:
 9 |     matchLabels:
10 |       app: flux-helm-operator
11 |   strategy:
12 |     type: Recreate
13 |   template:
14 |     metadata:
15 |       labels:
16 |         app: flux-helm-operator
17 |     spec:
18 |       serviceAccountName: flux-helm-operator
19 |       containers:
20 |         - name: flux-helm-operator
21 |           image: docker.io/fluxcd/helm-operator:1.2.0
22 |           imagePullPolicy: IfNotPresent
23 |           ports:
24 |             - name: http
25 |               containerPort: 3030
26 |           livenessProbe:
27 |             httpGet:
28 |               port: 3030
29 |               path: /healthz
30 |             initialDelaySeconds: 1
31 |             timeoutSeconds: 5
32 |           readinessProbe:
33 |             httpGet:
34 |               port: 3030
35 |               path: /healthz
36 |             initialDelaySeconds: 1
37 |             timeoutSeconds: 5
38 |           args:
39 |             - --enabled-helm-versions=v3
40 |             - --log-format=json
41 |             - --git-timeout=1m
42 |             - --git-poll-interval=5m
43 |             - --charts-sync-interval=3m
44 |             - --update-chart-deps=true
45 |             - --log-release-diffs=false
46 |             - --workers=5
47 | 


--------------------------------------------------------------------------------
/clusters/tekton/base/pipeline.yaml:
--------------------------------------------------------------------------------
 1 | apiVersion: tekton.dev/v1beta1
 2 | kind: Pipeline
 3 | metadata:
 4 |   name: build-and-deploy-pipeline
 5 |   namespace: tekton-pipelines
 6 | spec:
 7 |   workspaces:
 8 |     - name: git-source
 9 |       description: Git repository
10 |   params:
11 |     - name: gitUrl
12 |       description: Git repository url
13 |     - name: gitRevision
14 |       description: Git revision to check out
15 |       default: main
16 |     - name: pathToContext
17 |       description: The path to the build context, used by Kaniko - within the workspace
18 |       default: gitops-using-argo-cd-and-tekton
19 |     - name: imageUrl
20 |       description: Image name including repository
21 |     - name: serviceName
22 |       description: Name of the service which is updated
23 |     - name: filePath
24 |       description: Path to the yaml file which should be updated
25 |     - name: yamlField
26 |       description: Field which should be updated
27 |   tasks:
28 |     - name: clone-repo
29 |       taskRef:
30 |         name: git-clone
31 |       workspaces:
32 |         - name: source
33 |           workspace: git-source
34 |       params:
35 |         - name: url
36 |           value: $(params.gitUrl)
37 |         - name: revision
38 |           value: $(params.gitRevision)
39 |     - name: source-to-image
40 |       taskRef:
41 |         name: kaniko
42 |       runAfter:
43 |         - clone-repo
44 |       workspaces:
45 |         - name: source
46 |           workspace: git-source
47 |       params:
48 |         - name: CONTEXT
49 |           value: $(params.pathToContext)
50 |         - name: IMAGE
51 |           value: $(params.imageUrl):$(params.gitRevision)-$(tasks.clone-repo.results.commit)
52 |     - name: update-image
53 |       taskRef:
54 |         name: update-image
55 |       runAfter:
56 |         - source-to-image
57 |       workspaces:
58 |         - name: source
59 |           workspace: git-source
60 |       params:
61 |         - name: SERVICE_NAME
62 |           value: $(params.serviceName)
63 |         - name: FILE_PATH
64 |           value: $(params.filePath)
65 |         - name: YAML_FIELD
66 |           value: $(params.yamlField)
67 |         - name: IMAGE
68 |           value: $(params.imageUrl):$(params.gitRevision)-$(tasks.clone-repo.results.commit)
69 | 


--------------------------------------------------------------------------------
/cmd/server/server.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"context"
  5 | 	"fmt"
  6 | 	"log"
  7 | 	"math/rand"
  8 | 	"net/http"
  9 | 	"os"
 10 | 	"os/signal"
 11 | 	"strconv"
 12 | 	"syscall"
 13 | 	"time"
 14 | 
 15 | 	"github.com/prometheus/client_golang/prometheus"
 16 | 	"github.com/prometheus/client_golang/prometheus/promhttp"
 17 | )
 18 | 
 19 | const (
 20 | 	listenAddress = ":8080"
 21 | )
 22 | 
 23 | func checkStatusCode(code int, codes []int) bool {
 24 | 	for _, c := range codes {
 25 | 		if c == code {
 26 | 			return true
 27 | 		}
 28 | 	}
 29 | 
 30 | 	return false
 31 | }
 32 | 
 33 | func main() {
 34 | 	reqs := prometheus.NewCounterVec(
 35 | 		prometheus.CounterOpts{
 36 | 			Namespace: "http",
 37 | 			Name:      "requests_total",
 38 | 			Help:      "Total requests by HTTP result code and method.",
 39 | 		},
 40 | 		[]string{"code", "method"})
 41 | 
 42 | 	prometheus.MustRegister(reqs)
 43 | 
 44 | 	var statusCodes = []int{200, 200, 200, 200, 200, 400, 500, 502, 503}
 45 | 
 46 | 	router := http.NewServeMux()
 47 | 	router.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {
 48 | 		fmt.Fprintf(w, "OK")
 49 | 	})
 50 | 	router.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 51 | 		log.Printf("host: %s, address: %s, method: %s, requestURI: %s, proto: %s, useragent: %s", r.Host, r.RemoteAddr, r.Method, r.RequestURI, r.Proto, r.UserAgent())
 52 | 		fmt.Fprintf(w, "Hello World")
 53 | 	})
 54 | 	router.HandleFunc("/status", promhttp.InstrumentHandlerCounter(reqs, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 55 | 		log.Printf("host: %s, address: %s, method: %s, requestURI: %s, proto: %s, useragent: %s", r.Host, r.RemoteAddr, r.Method, r.RequestURI, r.Proto, r.UserAgent())
 56 | 		status, ok := r.URL.Query()["status"]
 57 | 		if !ok || len(status[0]) < 1 || status[0] == "random" {
 58 | 			index := rand.Intn(len(statusCodes))
 59 | 			w.WriteHeader(statusCodes[index])
 60 | 			return
 61 | 		}
 62 | 
 63 | 		s, err := strconv.Atoi(status[0])
 64 | 		if err == nil && checkStatusCode(s, statusCodes) {
 65 | 			w.WriteHeader(s)
 66 | 			return
 67 | 		}
 68 | 
 69 | 		w.WriteHeader(400)
 70 | 	})))
 71 | 	router.Handle("/metrics", promhttp.Handler())
 72 | 
 73 | 	server := &http.Server{
 74 | 		Addr:    listenAddress,
 75 | 		Handler: router,
 76 | 	}
 77 | 
 78 | 	go func() {
 79 | 		term := make(chan os.Signal, 1)
 80 | 		signal.Notify(term, os.Interrupt, syscall.SIGTERM)
 81 | 
 82 | 		<-term
 83 | 		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 84 | 		defer cancel()
 85 | 
 86 | 		err := server.Shutdown(ctx)
 87 | 		if err != nil {
 88 | 			log.Fatalf("Failed to shutdown server gracefully: %s", err.Error())
 89 | 		}
 90 | 
 91 | 		log.Printf("Shutdown server...")
 92 | 		os.Exit(0)
 93 | 	}()
 94 | 
 95 | 	log.Printf("Server listen on: %s", listenAddress)
 96 | 
 97 | 	if err := server.ListenAndServe(); err != http.ErrServerClosed {
 98 | 		log.Fatalf("HTTP server died unexpected: %s", err.Error())
 99 | 	}
100 | }
101 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # GitOps using Argo CD and Tekton
  2 | 
  3 | This repository demonstrates a possible GitOps workflow using [Argo CD](https://argoproj.github.io/projects/argo-cd) and [Tekton](https://tekton.dev). We are using Argo CD to setup our Kubernetes clusters `dev` and `prod` (in the following we will only use the `dev` cluster) and Tekton to build and update our example application.
  4 | 
  5 | ![GitOps](./assets/gitops.png)
  6 | 
  7 | ## Argo CD
  8 | 
  9 | In the first step we are creating a new Kubernetes cluster using Minikube and we enable the NGINX Ingress controller:
 10 | 
 11 | ```sh
 12 | minikube start --driver=virtualbox --cpus=4 --memory=8192m --profile=dev
 13 | minikube addons enable ingress --profile=dev
 14 | ```
 15 | 
 16 | In the next step we have to to install Argo CD by running the following command:
 17 | 
 18 | ```sh
 19 | kustomize build clusters/argocd/dev | k apply -f -
 20 | ```
 21 | 
 22 | After some minutes we have to verify that Argo CD is running:
 23 | 
 24 | ```sh
 25 | kubectl get pods -n argocd
 26 | ```
 27 | 
 28 | ```txt
 29 | argocd-application-controller-75b4dcd7bb-97wm8   1/1     Running   0          3m50s
 30 | argocd-dex-server-996685b6d-zffmd                1/1     Running   0          3m50s
 31 | argocd-redis-99fb49846-pqn7p                     1/1     Running   0          3m50s
 32 | argocd-repo-server-5c76bd686b-79gjn              1/1     Running   0          3m49s
 33 | argocd-server-67885bdcff-5q5cz                   1/1     Running   0          3m49s
 34 | ```
 35 | 
 36 | To deploy our manifests to the cluster we are using the **app of apps** pattern. For that we have to create a new `Application`, which manages all other applications (including Argo CD):
 37 | 
 38 | ```sh
 39 | kubectl apply -f clusters/apps/dev.yaml
 40 | ```
 41 | 
 42 | Now we have to add our Ingresses to the `/etc/hosts` file:
 43 | 
 44 | ```sh
 45 | sudo echo "`minikube ip --profile=dev` argocd-dev.fake grafana-dev.fake prometheus-dev.fake tekton-dev.fake server-dev.fake" | sudo tee -a /etc/hosts
 46 | ```
 47 | 
 48 | Now we can visit [argocd-dev.fake](https://argocd-dev.fake) and login with the default `admin` user. The initial password is autogenerated to be the pod name of the Argo CD API server. This can be retrieved with the command:
 49 | 
 50 | ```sh
 51 | kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
 52 | ```
 53 | 
 54 | In the UI of Argo CD we can now see all deployed applications:
 55 | 
 56 | ![Argo CD](./assets/argocd.png)
 57 | 
 58 | This example also deploys the Prometheus Stack via the [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) Helm chart. We are using the [Flux Helm Operator](https://docs.fluxcd.io/projects/helm-operator/en/stable/) instead of the Argo CD to deploy the Helm chart. When the Helm chart was successfully synced Prometheus is available at [prometheus-dev.fake](https://prometheus-dev.fake) and Grafana at [grafana-dev.fake](https://grafana-dev.fake).
 59 | 
 60 | In the next step we can login to Grafana with the `admin` user and the password `admin`. Then we can import the example Dashboard for Argo CD. The dashboard can be found in the GitHub repository of the Argo CD project at [https://github.com/argoproj/argo-cd/blob/master/examples/dashboard.json](https://github.com/argoproj/argo-cd/blob/master/examples/dashboard.json).
 61 | 
 62 | ![Grafana](./assets/grafana.png)
 63 | 
 64 | ## Tekton
 65 | 
 66 | > **NOTE:** To deploy Tekton using Argo CD we had slightly adjusted the following files:
 67 | >
 68 | > - [tekton-dashboard-release.yaml](https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml)
 69 | > - [tekton-pipeline-release.yaml](https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml)
 70 | > - [tekton-triggers-release.yaml](https://github.com/tektoncd/dashboard/releases/latest/download/tekton-dashboard-release.yaml)
 71 | >
 72 | > We had to remove the `preserveUnknownFields` field from all CRDs and we had to change the `app.kubernetes.io/instance` label from `default` to `tekton` for all manifests.
 73 | 
 74 | We are using Tekton Pipelines to build our example application and to update the deployed Docker image. The required tasks and pipelines are deployed by Argo CD, but we have to manually provide the credentials for Docker Hub and GitHub. To create the secrets we have to run the following commands:
 75 | 
 76 | ```sh
 77 | kubectl create secret docker-registry docker-registry-secret --docker-server="https://index.docker.io/v1/" --docker-username=<DOCKER_USERNAME> --docker-password=<DOCKER_PASSWORD>
 78 | kubectl annotate secret docker-registry-secret tekton.dev/docker-0=https://index.docker.io/v1/
 79 | kubectl create secret generic github-secret --type="kubernetes.io/basic-auth" --from-literal=username=<GITHUB_USERNAME> --from-literal=password=<GITHUB_PASSWORD>
 80 | kubectl annotate secret github-secret tekton.dev/git-0=https://github.com
 81 | ```
 82 | 
 83 | > In a production ready setup, we should use the [Vault Secrets Operator](https://github.com/ricoberger/vault-secrets-operator) or a similar tool to manage our secrets.
 84 | 
 85 | When we have created the secrets, we can run our pipeline, to build a new Docker image for the development and production environment:
 86 | 
 87 | ```sh
 88 | cat <<EOF | kubectl create -f -
 89 | apiVersion: tekton.dev/v1beta1
 90 | kind: PipelineRun
 91 | metadata:
 92 |   name: build-and-deploy-dev-1
 93 |   annotations:
 94 |     argocd.argoproj.io/compare-options: IgnoreExtraneous
 95 | spec:
 96 |   pipelineRef:
 97 |     name: build-and-deploy-pipeline
 98 |   params:
 99 |     - name: gitUrl
100 |       value: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton
101 |     - name: gitRevision
102 |       value: dev
103 |     - name: imageUrl
104 |       value: ricoberger/gitops-using-argo-cd-and-tekton
105 |     - name: serviceName
106 |       value: server
107 |     - name: filePath
108 |       value: clusters/server/dev/server-deploy.yaml
109 |     - name: yamlField
110 |       value: spec.template.spec.containers[0].image
111 |   serviceAccountName: pipeline-account
112 |   workspaces:
113 |     - name: git-source
114 |       persistentVolumeClaim:
115 |         claimName: git-source-pvc
116 | EOF
117 | ```
118 | 
119 | ```sh
120 | cat <<EOF | kubectl create -f -
121 | apiVersion: tekton.dev/v1beta1
122 | kind: PipelineRun
123 | metadata:
124 |   name: build-and-deploy-prod-1
125 |   annotations:
126 |     argocd.argoproj.io/compare-options: IgnoreExtraneous
127 | spec:
128 |   pipelineRef:
129 |     name: build-and-deploy-pipeline
130 |   params:
131 |     - name: gitUrl
132 |       value: https://github.com/ricoberger/gitops-using-argo-cd-and-tekton
133 |     - name: gitRevision
134 |       value: main
135 |     - name: imageUrl
136 |       value: ricoberger/gitops-using-argo-cd-and-tekton
137 |     - name: serviceName
138 |       value: server
139 |     - name: filePath
140 |       value: clusters/server/prod/server-deploy.yaml
141 |     - name: yamlField
142 |       value: spec.template.spec.containers[0].image
143 |   serviceAccountName: pipeline-account
144 |   workspaces:
145 |     - name: git-source
146 |       persistentVolumeClaim:
147 |         claimName: git-source-pvc
148 | EOF
149 | ```
150 | 
151 | Now we can visit [tekton-dev.fake](http://tekton-dev.fake/#/namespaces/tekton-pipelines/pipelineruns) to see the results of our above pipeline runs.
152 | 
153 | ![Tekton](./assets/tekton.png)
154 | 
155 | When the pipeline ran successfully, we can also watch the Pods in the `server` Namespace, were we can see that our example application is automatically updated after some time:
156 | 
157 | ```sh
158 | k get pods -w --namespace server
159 | ```
160 | 
161 | ```txt
162 | NAME                     READY   STATUS    RESTARTS   AGE
163 | server-cbfbc758f-7w6lx   1/1     Running   0          14s
164 | server-cbfbc758f-7w6lx   1/1     Terminating   0          24s
165 | server-cbfbc758f-7w6lx   0/1     Terminating   0          25s
166 | server-cbfbc758f-7w6lx   0/1     Terminating   0          26s
167 | server-cbfbc758f-7w6lx   0/1     Terminating   0          26s
168 | server-5b5c778558-2krtw   0/1     Pending       0          0s
169 | server-5b5c778558-2krtw   0/1     Pending       0          0s
170 | server-5b5c778558-2krtw   0/1     ContainerCreating   0          0s
171 | server-5b5c778558-2krtw   0/1     Running             0          1s
172 | server-5b5c778558-2krtw   1/1     Running             0          8s
173 | ```
174 | 
175 | We can also visit [server-dev.fake](http://server-dev.fake/) were we should see the greeting `Hello World`. When we change line 25 in the `cmd/server/server.go` file and merge our changes to the `dev` branch and rerun our pipeline, we should also see an updated greeting.
176 | 
177 | Instead of manually running our pipeline, we can also use [Tekton Triggers](https://github.com/tektoncd/triggers) in the future to run our pipeline on each commit to the `dev` and `main` branch.
178 | 


--------------------------------------------------------------------------------
/clusters/tekton/base/tekton-dashboard-release.yaml:
--------------------------------------------------------------------------------
  1 | apiVersion: apiextensions.k8s.io/v1beta1
  2 | kind: CustomResourceDefinition
  3 | metadata:
  4 |   labels:
  5 |     app.kubernetes.io/component: dashboard
  6 |     app.kubernetes.io/instance: tekton
  7 |     app.kubernetes.io/part-of: tekton-dashboard
  8 |   name: extensions.dashboard.tekton.dev
  9 | spec:
 10 |   additionalPrinterColumns:
 11 |   - JSONPath: .spec.apiVersion
 12 |     name: API version
 13 |     type: string
 14 |   - JSONPath: .spec.name
 15 |     name: Kind
 16 |     type: string
 17 |   - JSONPath: .spec.displayname
 18 |     name: Display name
 19 |     type: string
 20 |   - JSONPath: .metadata.creationTimestamp
 21 |     name: Age
 22 |     type: date
 23 |   group: dashboard.tekton.dev
 24 |   names:
 25 |     categories:
 26 |     - tekton
 27 |     - tekton-dashboard
 28 |     kind: Extension
 29 |     plural: extensions
 30 |     shortNames:
 31 |     - ext
 32 |     - exts
 33 |   scope: Namespaced
 34 |   subresources:
 35 |     status: {}
 36 |   validation:
 37 |     openAPIV3Schema:
 38 |       type: object
 39 |       x-kubernetes-preserve-unknown-fields: true
 40 |   versions:
 41 |   - name: v1alpha1
 42 |     served: true
 43 |     storage: true
 44 | ---
 45 | apiVersion: v1
 46 | kind: ServiceAccount
 47 | metadata:
 48 |   labels:
 49 |     app.kubernetes.io/component: dashboard
 50 |     app.kubernetes.io/instance: tekton
 51 |     app.kubernetes.io/part-of: tekton-dashboard
 52 |   name: tekton-dashboard
 53 |   namespace: tekton-pipelines
 54 | ---
 55 | apiVersion: rbac.authorization.k8s.io/v1
 56 | kind: ClusterRole
 57 | metadata:
 58 |   labels:
 59 |     app.kubernetes.io/component: dashboard
 60 |     app.kubernetes.io/instance: tekton
 61 |     app.kubernetes.io/part-of: tekton-dashboard
 62 |   name: tekton-dashboard-backend
 63 | rules:
 64 | - apiGroups:
 65 |   - apiextensions.k8s.io
 66 |   resources:
 67 |   - customresourcedefinitions
 68 |   verbs:
 69 |   - get
 70 |   - list
 71 | - apiGroups:
 72 |   - security.openshift.io
 73 |   resources:
 74 |   - securitycontextconstraints
 75 |   verbs:
 76 |   - use
 77 | - apiGroups:
 78 |   - tekton.dev
 79 |   resources:
 80 |   - clustertasks
 81 |   - clustertasks/status
 82 |   verbs:
 83 |   - get
 84 |   - list
 85 |   - watch
 86 | - apiGroups:
 87 |   - triggers.tekton.dev
 88 |   resources:
 89 |   - clustertriggerbindings
 90 |   verbs:
 91 |   - get
 92 |   - list
 93 |   - watch
 94 | - apiGroups:
 95 |   - dashboard.tekton.dev
 96 |   resources:
 97 |   - extensions
 98 |   verbs:
 99 |   - create
100 |   - update
101 |   - delete
102 |   - patch
103 | - apiGroups:
104 |   - tekton.dev
105 |   resources:
106 |   - clustertasks
107 |   - clustertasks/status
108 |   verbs:
109 |   - create
110 |   - update
111 |   - delete
112 |   - patch
113 | - apiGroups:
114 |   - triggers.tekton.dev
115 |   resources:
116 |   - clustertriggerbindings
117 |   verbs:
118 |   - create
119 |   - update
120 |   - delete
121 |   - patch
122 |   - add
123 | ---
124 | apiVersion: rbac.authorization.k8s.io/v1
125 | kind: ClusterRole
126 | metadata:
127 |   labels:
128 |     app.kubernetes.io/component: dashboard
129 |     app.kubernetes.io/instance: tekton
130 |     app.kubernetes.io/part-of: tekton-dashboard
131 |   name: tekton-dashboard-dashboard
132 | rules:
133 | - apiGroups:
134 |   - apps
135 |   resources:
136 |   - deployments
137 |   verbs:
138 |   - list
139 | ---
140 | aggregationRule:
141 |   clusterRoleSelectors:
142 |   - matchLabels:
143 |       rbac.dashboard.tekton.dev/aggregate-to-dashboard: "true"
144 | apiVersion: rbac.authorization.k8s.io/v1
145 | kind: ClusterRole
146 | metadata:
147 |   labels:
148 |     app.kubernetes.io/component: dashboard
149 |     app.kubernetes.io/instance: tekton
150 |     app.kubernetes.io/part-of: tekton-dashboard
151 |   name: tekton-dashboard-extensions
152 | ---
153 | apiVersion: rbac.authorization.k8s.io/v1
154 | kind: ClusterRole
155 | metadata:
156 |   labels:
157 |     app.kubernetes.io/component: dashboard
158 |     app.kubernetes.io/instance: tekton
159 |     app.kubernetes.io/part-of: tekton-dashboard
160 |   name: tekton-dashboard-pipelines
161 | rules:
162 | - apiGroups:
163 |   - apps
164 |   resources:
165 |   - deployments
166 |   verbs:
167 |   - list
168 | ---
169 | apiVersion: rbac.authorization.k8s.io/v1
170 | kind: ClusterRole
171 | metadata:
172 |   labels:
173 |     app.kubernetes.io/component: dashboard
174 |     app.kubernetes.io/instance: tekton
175 |     app.kubernetes.io/part-of: tekton-dashboard
176 |   name: tekton-dashboard-tenant
177 | rules:
178 | - apiGroups:
179 |   - ""
180 |   resources:
181 |   - services
182 |   verbs:
183 |   - get
184 |   - list
185 |   - watch
186 | - apiGroups:
187 |   - dashboard.tekton.dev
188 |   resources:
189 |   - extensions
190 |   verbs:
191 |   - get
192 |   - list
193 |   - watch
194 | - apiGroups:
195 |   - ""
196 |   resources:
197 |   - serviceaccounts
198 |   - pods/log
199 |   - namespaces
200 |   verbs:
201 |   - get
202 |   - list
203 |   - watch
204 | - apiGroups:
205 |   - tekton.dev
206 |   resources:
207 |   - tasks
208 |   - taskruns
209 |   - pipelines
210 |   - pipelineruns
211 |   - pipelineresources
212 |   - conditions
213 |   - tasks/status
214 |   - taskruns/status
215 |   - pipelines/status
216 |   - pipelineruns/status
217 |   - taskruns/finalizers
218 |   - pipelineruns/finalizers
219 |   verbs:
220 |   - get
221 |   - list
222 |   - watch
223 | - apiGroups:
224 |   - triggers.tekton.dev
225 |   resources:
226 |   - eventlisteners
227 |   - triggerbindings
228 |   - triggertemplates
229 |   verbs:
230 |   - get
231 |   - list
232 |   - watch
233 | - apiGroups:
234 |   - ""
235 |   resources:
236 |   - serviceaccounts
237 |   verbs:
238 |   - update
239 |   - patch
240 | - apiGroups:
241 |   - ""
242 |   resources:
243 |   - secrets
244 |   verbs:
245 |   - get
246 |   - list
247 |   - watch
248 |   - create
249 |   - update
250 |   - delete
251 | - apiGroups:
252 |   - tekton.dev
253 |   resources:
254 |   - tasks
255 |   - taskruns
256 |   - pipelines
257 |   - pipelineruns
258 |   - pipelineresources
259 |   - conditions
260 |   - taskruns/finalizers
261 |   - pipelineruns/finalizers
262 |   - tasks/status
263 |   - taskruns/status
264 |   - pipelines/status
265 |   - pipelineruns/status
266 |   verbs:
267 |   - create
268 |   - update
269 |   - delete
270 |   - patch
271 | - apiGroups:
272 |   - triggers.tekton.dev
273 |   resources:
274 |   - eventlisteners
275 |   - triggerbindings
276 |   - triggertemplates
277 |   verbs:
278 |   - create
279 |   - update
280 |   - delete
281 |   - patch
282 |   - add
283 | ---
284 | apiVersion: rbac.authorization.k8s.io/v1
285 | kind: ClusterRole
286 | metadata:
287 |   labels:
288 |     app.kubernetes.io/component: dashboard
289 |     app.kubernetes.io/instance: tekton
290 |     app.kubernetes.io/part-of: tekton-dashboard
291 |   name: tekton-dashboard-triggers
292 | rules:
293 | - apiGroups:
294 |   - apps
295 |   resources:
296 |   - deployments
297 |   verbs:
298 |   - list
299 | ---
300 | apiVersion: rbac.authorization.k8s.io/v1
301 | kind: ClusterRoleBinding
302 | metadata:
303 |   labels:
304 |     app.kubernetes.io/component: dashboard
305 |     app.kubernetes.io/instance: tekton
306 |     app.kubernetes.io/part-of: tekton-dashboard
307 |   name: tekton-dashboard-backend
308 | roleRef:
309 |   apiGroup: rbac.authorization.k8s.io
310 |   kind: ClusterRole
311 |   name: tekton-dashboard-backend
312 | subjects:
313 | - kind: ServiceAccount
314 |   name: tekton-dashboard
315 |   namespace: tekton-pipelines
316 | ---
317 | apiVersion: v1
318 | kind: Service
319 | metadata:
320 |   labels:
321 |     app: tekton-dashboard
322 |     app.kubernetes.io/component: dashboard
323 |     app.kubernetes.io/instance: tekton
324 |     app.kubernetes.io/name: dashboard
325 |     app.kubernetes.io/part-of: tekton-dashboard
326 |     app.kubernetes.io/version: v0.10.1
327 |     dashboard.tekton.dev/release: v0.10.1
328 |     version: v0.10.1
329 |   name: tekton-dashboard
330 |   namespace: tekton-pipelines
331 | spec:
332 |   ports:
333 |   - name: http
334 |     port: 9097
335 |     protocol: TCP
336 |     targetPort: 9097
337 |   selector:
338 |     app.kubernetes.io/component: dashboard
339 |     app.kubernetes.io/instance: tekton
340 |     app.kubernetes.io/name: dashboard
341 |     app.kubernetes.io/part-of: tekton-dashboard
342 | ---
343 | apiVersion: apps/v1
344 | kind: Deployment
345 | metadata:
346 |   labels:
347 |     app: tekton-dashboard
348 |     app.kubernetes.io/component: dashboard
349 |     app.kubernetes.io/instance: tekton
350 |     app.kubernetes.io/name: dashboard
351 |     app.kubernetes.io/part-of: tekton-dashboard
352 |     app.kubernetes.io/version: v0.10.1
353 |     dashboard.tekton.dev/release: v0.10.1
354 |     version: v0.10.1
355 |   name: tekton-dashboard
356 |   namespace: tekton-pipelines
357 | spec:
358 |   replicas: 1
359 |   selector:
360 |     matchLabels:
361 |       app.kubernetes.io/component: dashboard
362 |       app.kubernetes.io/instance: tekton
363 |       app.kubernetes.io/name: dashboard
364 |       app.kubernetes.io/part-of: tekton-dashboard
365 |   template:
366 |     metadata:
367 |       labels:
368 |         app: tekton-dashboard
369 |         app.kubernetes.io/component: dashboard
370 |         app.kubernetes.io/instance: tekton
371 |         app.kubernetes.io/name: dashboard
372 |         app.kubernetes.io/part-of: tekton-dashboard
373 |         app.kubernetes.io/version: v0.10.1
374 |       name: tekton-dashboard
375 |     spec:
376 |       containers:
377 |       - args:
378 |         - --port=9097
379 |         - --logout-url=
380 |         - --pipelines-namespace=tekton-pipelines
381 |         - --triggers-namespace=tekton-pipelines
382 |         - --read-only=false
383 |         - --csrf-secure-cookie=false
384 |         - --log-level=info
385 |         - --log-format=json
386 |         - --namespace=
387 |         - --openshift=false
388 |         - --stream-logs=false
389 |         - --external-logs=
390 |         env:
391 |         - name: INSTALLED_NAMESPACE
392 |           valueFrom:
393 |             fieldRef:
394 |               fieldPath: metadata.namespace
395 |         image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard@sha256:e72593477e8cb09b718b9b0b38731de5b4cb7ef0c04712f7b97f51be5c5e06c7
396 |         livenessProbe:
397 |           httpGet:
398 |             path: /health
399 |             port: 9097
400 |         name: tekton-dashboard
401 |         ports:
402 |         - containerPort: 9097
403 |         readinessProbe:
404 |           httpGet:
405 |             path: /readiness
406 |             port: 9097
407 |       securityContext:
408 |         runAsNonRoot: true
409 |         runAsUser: 65532
410 |       serviceAccountName: tekton-dashboard
411 |       volumes: []
412 | 
413 | ---
414 | ---
415 | apiVersion: rbac.authorization.k8s.io/v1
416 | kind: RoleBinding
417 | metadata:
418 |   labels:
419 |     app.kubernetes.io/component: dashboard
420 |     app.kubernetes.io/instance: tekton
421 |     app.kubernetes.io/part-of: tekton-dashboard
422 |   name: tekton-dashboard-pipelines
423 |   namespace: tekton-pipelines
424 | roleRef:
425 |   apiGroup: rbac.authorization.k8s.io
426 |   kind: ClusterRole
427 |   name: tekton-dashboard-pipelines
428 | subjects:
429 |   - kind: ServiceAccount
430 |     name: tekton-dashboard
431 |     namespace: tekton-pipelines
432 | ---
433 | apiVersion: rbac.authorization.k8s.io/v1
434 | kind: RoleBinding
435 | metadata:
436 |   labels:
437 |     app.kubernetes.io/component: dashboard
438 |     app.kubernetes.io/instance: tekton
439 |     app.kubernetes.io/part-of: tekton-dashboard
440 |   name: tekton-dashboard-dashboard
441 |   namespace: tekton-pipelines
442 | roleRef:
443 |   apiGroup: rbac.authorization.k8s.io
444 |   kind: ClusterRole
445 |   name: tekton-dashboard-dashboard
446 | subjects:
447 |   - kind: ServiceAccount
448 |     name: tekton-dashboard
449 |     namespace: tekton-pipelines
450 | ---
451 | apiVersion: rbac.authorization.k8s.io/v1
452 | kind: RoleBinding
453 | metadata:
454 |   labels:
455 |     app.kubernetes.io/component: dashboard
456 |     app.kubernetes.io/instance: tekton
457 |     app.kubernetes.io/part-of: tekton-dashboard
458 |   name: tekton-dashboard-triggers
459 |   namespace: tekton-pipelines
460 | roleRef:
461 |   apiGroup: rbac.authorization.k8s.io
462 |   kind: ClusterRole
463 |   name: tekton-dashboard-triggers
464 | subjects:
465 |   - kind: ServiceAccount
466 |     name: tekton-dashboard
467 |     namespace: tekton-pipelines
468 | ---
469 | apiVersion: rbac.authorization.k8s.io/v1
470 | kind: ClusterRoleBinding
471 | metadata:
472 |   labels:
473 |     app.kubernetes.io/component: dashboard
474 |     app.kubernetes.io/instance: tekton
475 |     app.kubernetes.io/part-of: tekton-dashboard
476 |   name: tekton-dashboard-tenant
477 | roleRef:
478 |   apiGroup: rbac.authorization.k8s.io
479 |   kind: ClusterRole
480 |   name: tekton-dashboard-tenant
481 | subjects:
482 |   - kind: ServiceAccount
483 |     name: tekton-dashboard
484 |     namespace: tekton-pipelines
485 | ---
486 | apiVersion: rbac.authorization.k8s.io/v1
487 | kind: ClusterRoleBinding
488 | metadata:
489 |   labels:
490 |     app.kubernetes.io/component: dashboard
491 |     app.kubernetes.io/instance: tekton
492 |     app.kubernetes.io/part-of: tekton-dashboard
493 |   name: tekton-dashboard-extensions
494 | roleRef:
495 |   apiGroup: rbac.authorization.k8s.io
496 |   kind: ClusterRole
497 |   name: tekton-dashboard-extensions
498 | subjects:
499 |   - kind: ServiceAccount
500 |     name: tekton-dashboard
501 |     namespace: tekton-pipelines
502 | 


--------------------------------------------------------------------------------
/clusters/flux/base/flux-helm-release-crd.yaml:
--------------------------------------------------------------------------------
  1 | apiVersion: apiextensions.k8s.io/v1beta1
  2 | kind: CustomResourceDefinition
  3 | metadata:
  4 |   name: helmreleases.helm.fluxcd.io
  5 | spec:
  6 |   additionalPrinterColumns:
  7 |     - JSONPath: .status.releaseName
  8 |       name: Release
  9 |       type: string
 10 |       description: ReleaseName is the name of the Helm release managed by the HelmRelease,
 11 |         as given by Helm.
 12 |     - JSONPath: .status.phase
 13 |       name: Phase
 14 |       type: string
 15 |       description: Phase is the current release phase being performed for the HelmRelease.
 16 |     - JSONPath: .status.releaseStatus
 17 |       name: Status
 18 |       type: string
 19 |       description: ReleaseStatus is the status of the Helm release managed by the HelmRelease,
 20 |         as given by Helm.
 21 |     - JSONPath: .status.conditions[?(@.type=="Released")].message
 22 |       name: Message
 23 |       type: string
 24 |     - JSONPath: .metadata.creationTimestamp
 25 |       description: CreationTimestamp is a timestamp representing the server time when
 26 |         this object was created. It is not guaranteed to be set in happens-before order
 27 |         across separate operations. Clients may not set this value. It is represented
 28 |         in RFC3339 form and is in UTC.
 29 |       name: Age
 30 |       type: date
 31 |   group: helm.fluxcd.io
 32 |   names:
 33 |     kind: HelmRelease
 34 |     listKind: HelmReleaseList
 35 |     plural: helmreleases
 36 |     shortNames:
 37 |       - hr
 38 |       - hrs
 39 |     singular: helmrelease
 40 |   scope: Namespaced
 41 |   subresources:
 42 |     status: {}
 43 |   validation:
 44 |     openAPIV3Schema:
 45 |       description: HelmRelease is a type to represent a Helm release.
 46 |       type: object
 47 |       required:
 48 |         - metadata
 49 |         - spec
 50 |       properties:
 51 |         apiVersion:
 52 |           description: 'APIVersion defines the versioned schema of this representation
 53 |             of an object. Servers should convert recognized schemas to the latest
 54 |             internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
 55 |           type: string
 56 |         kind:
 57 |           description: 'Kind is a string value representing the REST resource this
 58 |             object represents. Servers may infer this from the endpoint the client
 59 |             submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
 60 |           type: string
 61 |         metadata:
 62 |           type: object
 63 |         spec:
 64 |           type: object
 65 |           required:
 66 |             - chart
 67 |           properties:
 68 |             chart:
 69 |               type: object
 70 |               properties:
 71 |                 chartPullSecret:
 72 |                   description: ChartPullSecret holds the reference to the authentication
 73 |                     secret for accessing the Helm repository using HTTPS basic auth.
 74 |                     NOT IMPLEMENTED!
 75 |                   type: object
 76 |                   required:
 77 |                     - name
 78 |                   properties:
 79 |                     name:
 80 |                       type: string
 81 |                 git:
 82 |                   description: Git URL is the URL of the Git repository, e.g. `git@github.com:org/repo`,
 83 |                     `http://github.com/org/repo`, or `ssh://git@example.com:2222/org/repo.git`.
 84 |                   type: string
 85 |                 name:
 86 |                   description: Name is the name of the Helm chart _without_ an alias,
 87 |                     e.g. redis (for `helm upgrade [flags] stable/redis`).
 88 |                   type: string
 89 |                 path:
 90 |                   description: Path is the path to the chart relative to the repository
 91 |                     root.
 92 |                   type: string
 93 |                 ref:
 94 |                   description: Ref is the Git branch (or other reference) to use.
 95 |                     Defaults to 'master', or the configured default Git ref.
 96 |                   type: string
 97 |                 repository:
 98 |                   description: RepoURL is the URL of the Helm repository, e.g. `https://kubernetes-charts.storage.googleapis.com`
 99 |                     or `https://charts.example.com`.
100 |                   type: string
101 |                 secretRef:
102 |                   description: SecretRef holds the authentication secret for accessing
103 |                     the Git repository (over HTTPS). The credentials will be added
104 |                     to an HTTPS GitURL before the mirror is started.
105 |                   type: object
106 |                   required:
107 |                     - name
108 |                   properties:
109 |                     name:
110 |                       type: string
111 |                     namespace:
112 |                       type: string
113 |                 skipDepUpdate:
114 |                   description: SkipDepUpdate will tell the operator to skip running
115 |                     'helm dep update' before installing or upgrading the chart, the
116 |                     chart dependencies _must_ be present for this to succeed.
117 |                   type: boolean
118 |                 version:
119 |                   description: Version is the targeted Helm chart version, e.g. 7.0.1.
120 |                   type: string
121 |             disableOpenAPIValidation:
122 |               description: DisableOpenAPIValidation controls whether OpenAPI validation
123 |                 is enforced.
124 |               type: boolean
125 |             forceUpgrade:
126 |               description: Force will mark this Helm release to `--force` upgrades.
127 |                 This forces the resource updates through delete/recreate if needed.
128 |               type: boolean
129 |             helmVersion:
130 |               description: 'HelmVersion is the version of Helm to target. If not supplied,
131 |                 the lowest _enabled Helm version_ will be targeted. Valid HelmVersion
132 |                 values are: "v2", "v3"'
133 |               type: string
134 |               enum:
135 |                 - v2
136 |                 - v3
137 |             maxHistory:
138 |               description: MaxHistory is the maximum amount of revisions to keep for
139 |                 the Helm release. If not supplied, it defaults to 10.
140 |               type: integer
141 |             releaseName:
142 |               description: ReleaseName is the name of the The Helm release. If not
143 |                 supplied, it will be generated by affixing the namespace to the resource
144 |                 name.
145 |               type: string
146 |             resetValues:
147 |               description: ResetValues will mark this Helm release to reset the values
148 |                 to the defaults of the targeted chart before performing an upgrade.
149 |                 Not explicitly setting this to `false` equals to `true` due to the
150 |                 declarative nature of the operator.
151 |               type: boolean
152 |             rollback:
153 |               description: The rollback settings for this Helm release.
154 |               type: object
155 |               properties:
156 |                 disableHooks:
157 |                   description: DisableHooks will mark this Helm release to prevent
158 |                     hooks from running during the rollback.
159 |                   type: boolean
160 |                 enable:
161 |                   description: Enable will mark this Helm release for rollbacks.
162 |                   type: boolean
163 |                 force:
164 |                   description: Force will mark this Helm release to `--force` rollbacks.
165 |                     This forces the resource updates through delete/recreate if needed.
166 |                   type: boolean
167 |                 maxRetries:
168 |                   description: MaxRetries is the maximum amount of upgrade retries
169 |                     the operator should make before bailing.
170 |                   type: integer
171 |                   format: int64
172 |                 recreate:
173 |                   description: Recreate will mark this Helm release to `--recreate-pods`
174 |                     for if applicable. This performs pod restarts.
175 |                   type: boolean
176 |                 retry:
177 |                   description: Retry will mark this Helm release for upgrade retries
178 |                     after a rollback.
179 |                   type: boolean
180 |                 timeout:
181 |                   description: Timeout is the time to wait for any individual Kubernetes
182 |                     operation (like Jobs for hooks) during rollback.
183 |                   type: integer
184 |                   format: int64
185 |                 wait:
186 |                   description: Wait will mark this Helm release to wait until all
187 |                     Pods, PVCs, Services, and minimum number of Pods of a Deployment,
188 |                     StatefulSet, or ReplicaSet are in a ready state before marking
189 |                     the release as successful.
190 |                   type: boolean
191 |             skipCRDs:
192 |               description: SkipCRDs will mark this Helm release to skip the creation
193 |                 of CRDs during a Helm 3 installation.
194 |               type: boolean
195 |             targetNamespace:
196 |               description: TargetNamespace overrides the targeted namespace for the
197 |                 Helm release. The default namespace equals to the namespace of the
198 |                 HelmRelease resource.
199 |               type: string
200 |             test:
201 |               description: The test settings for this Helm release.
202 |               type: object
203 |               properties:
204 |                 cleanup:
205 |                   description: Cleanup, when targeting Helm 2, determines whether
206 |                     to delete test pods between each test run initiated by the Helm
207 |                     Operator.
208 |                   type: boolean
209 |                 enable:
210 |                   description: Enable will mark this Helm release for tests.
211 |                   type: boolean
212 |                 ignoreFailures:
213 |                   description: IgnoreFailures will cause a Helm release to be rolled
214 |                     back if it fails otherwise it will be left in a released state
215 |                   type: boolean
216 |                 timeout:
217 |                   description: Timeout is the time to wait for any individual Kubernetes
218 |                     operation (like Jobs for hooks) during test.
219 |                   type: integer
220 |                   format: int64
221 |             timeout:
222 |               description: Timeout is the time to wait for any individual Kubernetes
223 |                 operation (like Jobs for hooks) during installation and upgrade operations.
224 |               type: integer
225 |               format: int64
226 |             valueFileSecrets:
227 |               description: ValueFileSecrets holds the local name references to secrets.
228 |                 DEPRECATED, use ValuesFrom.secretKeyRef instead.
229 |               type: array
230 |               items:
231 |                 type: object
232 |                 required:
233 |                   - name
234 |                 properties:
235 |                   name:
236 |                     type: string
237 |             values:
238 |               description: Values holds the values for this Helm release.
239 |               type: object
240 |             valuesFrom:
241 |               type: array
242 |               items:
243 |                 type: object
244 |                 properties:
245 |                   chartFileRef:
246 |                     description: The reference to a local chart file with release
247 |                       values.
248 |                     type: object
249 |                     required:
250 |                       - path
251 |                     properties:
252 |                       optional:
253 |                         description: Optional will mark this ChartFileSelector as
254 |                           optional. The result of this are that operations are permitted
255 |                           without the source, due to it e.g. being temporarily unavailable.
256 |                         type: boolean
257 |                       path:
258 |                         description: Path is the file path to the source relative
259 |                           to the chart root.
260 |                         type: string
261 |                   configMapKeyRef:
262 |                     description: The reference to a config map with release values.
263 |                     type: object
264 |                     required:
265 |                       - name
266 |                     properties:
267 |                       key:
268 |                         type: string
269 |                       name:
270 |                         type: string
271 |                       namespace:
272 |                         type: string
273 |                       optional:
274 |                         type: boolean
275 |                   externalSourceRef:
276 |                     description: The reference to an external source with release
277 |                       values.
278 |                     type: object
279 |                     required:
280 |                       - url
281 |                     properties:
282 |                       optional:
283 |                         description: Optional will mark this ExternalSourceSelector
284 |                           as optional. The result of this are that operations are
285 |                           permitted without the source, due to it e.g. being temporarily
286 |                           unavailable.
287 |                         type: boolean
288 |                       url:
289 |                         description: URL is the URL of the external source.
290 |                         type: string
291 |                   secretKeyRef:
292 |                     description: The reference to a secret with release values.
293 |                     type: object
294 |                     required:
295 |                       - name
296 |                     properties:
297 |                       key:
298 |                         type: string
299 |                       name:
300 |                         type: string
301 |                       namespace:
302 |                         type: string
303 |                       optional:
304 |                         type: boolean
305 |             wait:
306 |               description: Wait will mark this Helm release to wait until all Pods,
307 |                 PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet,
308 |                 or ReplicaSet are in a ready state before marking the release as successful.
309 |               type: boolean
310 |         status:
311 |           description: HelmReleaseStatus contains status information about an HelmRelease.
312 |           type: object
313 |           properties:
314 |             conditions:
315 |               description: Conditions contains observations of the resource's state,
316 |                 e.g., has the chart which it refers to been fetched.
317 |               type: array
318 |               items:
319 |                 type: object
320 |                 required:
321 |                   - status
322 |                   - type
323 |                 properties:
324 |                   lastTransitionTime:
325 |                     description: LastTransitionTime is the timestamp corresponding
326 |                       to the last status change of this condition.
327 |                     type: string
328 |                     format: date-time
329 |                   lastUpdateTime:
330 |                     description: LastUpdateTime is the timestamp corresponding to
331 |                       the last status update of this condition.
332 |                     type: string
333 |                     format: date-time
334 |                   message:
335 |                     description: Message is a human readable description of the details
336 |                       of the last transition, complementing reason.
337 |                     type: string
338 |                   reason:
339 |                     description: Reason is a brief machine readable explanation for
340 |                       the condition's last transition.
341 |                     type: string
342 |                   status:
343 |                     description: Status of the condition, one of ('True', 'False',
344 |                       'Unknown').
345 |                     type: string
346 |                     enum:
347 |                       - "True"
348 |                       - "False"
349 |                       - Unknown
350 |                   type:
351 |                     description: Type of the condition, one of ('ChartFetched', 'Deployed',
352 |                       'Released', 'RolledBack', 'Tested').
353 |                     type: string
354 |                     enum:
355 |                       - ChartFetched
356 |                       - Deployed
357 |                       - Released
358 |                       - RolledBack
359 |                       - Tested
360 |             lastAttemptedRevision:
361 |               description: LastAttemptedRevision is the revision of the latest chart
362 |                 sync, and may be of a failed release.
363 |               type: string
364 |             observedGeneration:
365 |               description: ObservedGeneration is the most recent generation observed
366 |                 by the operator.
367 |               type: integer
368 |               format: int64
369 |             phase:
370 |               description: Phase the release is in, one of ('ChartFetched', 'ChartFetchFailed',
371 |                 'Installing', 'Upgrading', 'Deployed', 'DeployFailed', 'Testing',
372 |                 'TestFailed', 'Tested', 'Succeeded', 'RollingBack', 'RolledBack',
373 |                 'RollbackFailed')
374 |               type: string
375 |               enum:
376 |                 - ChartFetched
377 |                 - ChartFetchFailed
378 |                 - Installing
379 |                 - Upgrading
380 |                 - Deployed
381 |                 - DeployFailed
382 |                 - Testing
383 |                 - TestFailed
384 |                 - Tested
385 |                 - Succeeded
386 |                 - Failed
387 |                 - RollingBack
388 |                 - RolledBack
389 |                 - RollbackFailed
390 |             releaseName:
391 |               description: ReleaseName is the name as either supplied or generated.
392 |               type: string
393 |             releaseStatus:
394 |               description: ReleaseStatus is the status as given by Helm for the release
395 |                 managed by this resource.
396 |               type: string
397 |             revision:
398 |               description: Revision holds the Git hash or version of the chart currently
399 |                 deployed.
400 |               type: string
401 |             rollbackCount:
402 |               description: RollbackCount records the amount of rollback attempts made,
403 |                 it is incremented after a rollback failure and reset after a successful
404 |                 upgrade or revision change.
405 |               type: integer
406 |               format: int64
407 |   version: v1
408 |   versions:
409 |     - name: v1
410 |       served: true
411 |       storage: true
412 | status:
413 |   acceptedNames:
414 |     kind: ""
415 |     plural: ""
416 |   conditions: []
417 |   storedVersions: []
418 | 


--------------------------------------------------------------------------------
/clusters/tekton/base/tekton-triggers-release.yaml:
--------------------------------------------------------------------------------
  1 | # Copyright 2019 The Tekton Authors
  2 | #
  3 | # Licensed under the Apache License, Version 2.0 (the "License");
  4 | # you may not use this file except in compliance with the License.
  5 | # You may obtain a copy of the License at
  6 | #
  7 | #     http://www.apache.org/licenses/LICENSE-2.0
  8 | #
  9 | # Unless required by applicable law or agreed to in writing, software
 10 | # distributed under the License is distributed on an "AS IS" BASIS,
 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 12 | # See the License for the specific language governing permissions and
 13 | # limitations under the License.
 14 | 
 15 | apiVersion: policy/v1beta1
 16 | kind: PodSecurityPolicy
 17 | metadata:
 18 |   name: tekton-triggers
 19 |   labels:
 20 |     app.kubernetes.io/instance: tekton
 21 |     app.kubernetes.io/part-of: tekton-triggers
 22 | spec:
 23 |   privileged: false
 24 |   allowPrivilegeEscalation: false
 25 |   volumes:
 26 |     - 'emptyDir'
 27 |     - 'configMap'
 28 |     - 'secret'
 29 |   hostNetwork: false
 30 |   hostIPC: false
 31 |   hostPID: false
 32 |   runAsUser:
 33 |     rule: 'MustRunAsNonRoot'
 34 |   seLinux:
 35 |     rule: 'RunAsAny'
 36 |   supplementalGroups:
 37 |     rule: 'MustRunAs'
 38 |     ranges:
 39 |       - min: 1
 40 |         max: 65535
 41 |   fsGroup:
 42 |     rule: 'MustRunAs'
 43 |     ranges:
 44 |       - min: 1
 45 |         max: 65535
 46 | 
 47 | ---
 48 | # Copyright 2019 The Tekton Authors
 49 | #
 50 | # Licensed under the Apache License, Version 2.0 (the "License");
 51 | # you may not use this file except in compliance with the License.
 52 | # You may obtain a copy of the License at
 53 | #
 54 | #     http://www.apache.org/licenses/LICENSE-2.0
 55 | #
 56 | # Unless required by applicable law or agreed to in writing, software
 57 | # distributed under the License is distributed on an "AS IS" BASIS,
 58 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 59 | # See the License for the specific language governing permissions and
 60 | # limitations under the License.
 61 | 
 62 | kind: ClusterRole
 63 | apiVersion: rbac.authorization.k8s.io/v1
 64 | metadata:
 65 |   name: tekton-triggers-admin
 66 |   labels:
 67 |     app.kubernetes.io/instance: tekton
 68 |     app.kubernetes.io/part-of: tekton-triggers
 69 | rules:
 70 |   - apiGroups: [""]
 71 |     resources: ["configmaps", "services", "events"]
 72 |     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 73 |   - apiGroups: ["apps"]
 74 |     resources: ["deployments", "deployments/finalizers"]
 75 |     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 76 |   - apiGroups: ["admissionregistration.k8s.io"]
 77 |     resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
 78 |     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 79 |   - apiGroups: ["triggers.tekton.dev"]
 80 |     resources: ["clustertriggerbindings", "eventlisteners", "triggerbindings", "triggertemplates", "triggers", "eventlisteners/finalizers"]
 81 |     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 82 |   - apiGroups: ["triggers.tekton.dev"]
 83 |     resources: ["clustertriggerbindings/status", "eventlisteners/status", "triggerbindings/status", "triggertemplates/status", "triggers/status"]
 84 |     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 85 |   # We uses leases for leaderelection
 86 |   - apiGroups: ["coordination.k8s.io"]
 87 |     resources: ["leases"]
 88 |     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 89 | 
 90 | ---
 91 | # Copyright 2020 The Tekton Authors
 92 | #
 93 | # Licensed under the Apache License, Version 2.0 (the "License");
 94 | # you may not use this file except in compliance with the License.
 95 | # You may obtain a copy of the License at
 96 | #
 97 | #     http://www.apache.org/licenses/LICENSE-2.0
 98 | #
 99 | # Unless required by applicable law or agreed to in writing, software
100 | # distributed under the License is distributed on an "AS IS" BASIS,
101 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
102 | # See the License for the specific language governing permissions and
103 | # limitations under the License.
104 | 
105 | # NOTE:  when multi-tenant EventListener progresses, moving this Role
106 | # to a ClusterRole is not the advisable path.  Additional Roles that
107 | # adds access to Secrets to the Namespaces managed by the multi-tenant
108 | # EventListener is what should be done.  While not as simple, it avoids
109 | # giving access to K8S system level, cluster admin privileged level Secrets
110 | 
111 | kind: Role
112 | apiVersion: rbac.authorization.k8s.io/v1
113 | metadata:
114 |   name: tekton-triggers-admin
115 |   namespace: tekton-pipelines
116 |   labels:
117 |     app.kubernetes.io/instance: tekton
118 |     app.kubernetes.io/part-of: tekton-triggers
119 | rules:
120 |   - apiGroups: ["policy"]
121 |     resources: ["podsecuritypolicies"]
122 |     resourceNames: ["tekton-triggers"]
123 |     verbs: ["use"]
124 |   - apiGroups: [""]
125 |     resources: ["secrets"]
126 |     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
127 | 
128 | ---
129 | # Copyright 2019 The Tekton Authors
130 | #
131 | # Licensed under the Apache License, Version 2.0 (the "License");
132 | # you may not use this file except in compliance with the License.
133 | # You may obtain a copy of the License at
134 | #
135 | #     http://www.apache.org/licenses/LICENSE-2.0
136 | #
137 | # Unless required by applicable law or agreed to in writing, software
138 | # distributed under the License is distributed on an "AS IS" BASIS,
139 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
140 | # See the License for the specific language governing permissions and
141 | # limitations under the License.
142 | 
143 | apiVersion: v1
144 | kind: ServiceAccount
145 | metadata:
146 |   name: tekton-triggers-controller
147 |   namespace: tekton-pipelines
148 |   labels:
149 |     app.kubernetes.io/instance: tekton
150 |     app.kubernetes.io/part-of: tekton-triggers
151 | 
152 | ---
153 | # Copyright 2019 The Tekton Authors
154 | #
155 | # Licensed under the Apache License, Version 2.0 (the "License");
156 | # you may not use this file except in compliance with the License.
157 | # You may obtain a copy of the License at
158 | #
159 | #     http://www.apache.org/licenses/LICENSE-2.0
160 | #
161 | # Unless required by applicable law or agreed to in writing, software
162 | # distributed under the License is distributed on an "AS IS" BASIS,
163 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
164 | # See the License for the specific language governing permissions and
165 | # limitations under the License.
166 | 
167 | apiVersion: rbac.authorization.k8s.io/v1beta1
168 | kind: ClusterRoleBinding
169 | metadata:
170 |   name: tekton-triggers-controller-admin
171 |   labels:
172 |     app.kubernetes.io/instance: tekton
173 |     app.kubernetes.io/part-of: tekton-triggers
174 | subjects:
175 |   - kind: ServiceAccount
176 |     name: tekton-triggers-controller
177 |     namespace: tekton-pipelines
178 | roleRef:
179 |   kind: ClusterRole
180 |   name: tekton-triggers-admin
181 |   apiGroup: rbac.authorization.k8s.io
182 | 
183 | ---
184 | # Copyright 2020 The Tekton Authors
185 | #
186 | # Licensed under the Apache License, Version 2.0 (the "License");
187 | # you may not use this file except in compliance with the License.
188 | # You may obtain a copy of the License at
189 | #
190 | #     http://www.apache.org/licenses/LICENSE-2.0
191 | #
192 | # Unless required by applicable law or agreed to in writing, software
193 | # distributed under the License is distributed on an "AS IS" BASIS,
194 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
195 | # See the License for the specific language governing permissions and
196 | # limitations under the License.
197 | 
198 | apiVersion: rbac.authorization.k8s.io/v1
199 | kind: RoleBinding
200 | metadata:
201 |   name: tekton-triggers-controller-admin
202 |   namespace: tekton-pipelines
203 |   labels:
204 |     app.kubernetes.io/instance: tekton
205 |     app.kubernetes.io/part-of: tekton-triggers
206 | subjects:
207 |   - kind: ServiceAccount
208 |     name: tekton-triggers-controller
209 |     namespace: tekton-pipelines
210 | roleRef:
211 |   kind: Role
212 |   name: tekton-triggers-admin
213 |   apiGroup: rbac.authorization.k8s.io
214 | 
215 | ---
216 | # Copyright 2019 The Tekton Authors
217 | #
218 | # Licensed under the Apache License, Version 2.0 (the "License");
219 | # you may not use this file except in compliance with the License.
220 | # You may obtain a copy of the License at
221 | #
222 | #     https://www.apache.org/licenses/LICENSE-2.0
223 | #
224 | # Unless required by applicable law or agreed to in writing, software
225 | # distributed under the License is distributed on an "AS IS" BASIS,
226 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
227 | # See the License for the specific language governing permissions and
228 | # limitations under the License.
229 | 
230 | apiVersion: apiextensions.k8s.io/v1beta1
231 | kind: CustomResourceDefinition
232 | metadata:
233 |   name: clustertriggerbindings.triggers.tekton.dev
234 |   labels:
235 |     app.kubernetes.io/instance: tekton
236 |     app.kubernetes.io/part-of: tekton-triggers
237 |     triggers.tekton.dev/release: "v0.9.1"
238 |     version: "v0.9.1"
239 | spec:
240 |   group: triggers.tekton.dev
241 |   scope: Cluster
242 |   versions:
243 |     - name: v1alpha1
244 |       served: true
245 |       storage: true
246 |   names:
247 |     kind: ClusterTriggerBinding
248 |     plural: clustertriggerbindings
249 |     singular: clustertriggerbinding
250 |     shortNames:
251 |       - ctb
252 |     categories:
253 |       - tekton
254 |       - tekton-triggers
255 |   subresources:
256 |     status: {}
257 |   version: v1alpha1
258 | 
259 | ---
260 | # Copyright 2019 The Tekton Authors
261 | #
262 | # Licensed under the Apache License, Version 2.0 (the "License");
263 | # you may not use this file except in compliance with the License.
264 | # You may obtain a copy of the License at
265 | #
266 | #     https://www.apache.org/licenses/LICENSE-2.0
267 | #
268 | # Unless required by applicable law or agreed to in writing, software
269 | # distributed under the License is distributed on an "AS IS" BASIS,
270 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
271 | # See the License for the specific language governing permissions and
272 | # limitations under the License.
273 | 
274 | apiVersion: apiextensions.k8s.io/v1beta1
275 | kind: CustomResourceDefinition
276 | metadata:
277 |   name: eventlisteners.triggers.tekton.dev
278 |   labels:
279 |     app.kubernetes.io/instance: tekton
280 |     app.kubernetes.io/part-of: tekton-triggers
281 |     triggers.tekton.dev/release: "v0.9.1"
282 |     version: "v0.9.1"
283 | spec:
284 |   group: triggers.tekton.dev
285 |   scope: Namespaced
286 |   versions:
287 |     - name: v1alpha1
288 |       served: true
289 |       storage: true
290 |   names:
291 |     kind: EventListener
292 |     plural: eventlisteners
293 |     singular: eventlistener
294 |     shortNames:
295 |       - el
296 |     categories:
297 |       - tekton
298 |       - tekton-triggers
299 |   # Opt into the status subresource so metadata.generation
300 |   # starts to increment
301 |   subresources:
302 |     status: {}
303 |   version: v1alpha1
304 |   additionalPrinterColumns:
305 |     - name: Address
306 |       type: string
307 |       JSONPath: .status.address.url
308 |     - name: Available
309 |       type: string
310 |       JSONPath: ".status.conditions[?(@.type=='Available')].status"
311 |     - name: Reason
312 |       type: string
313 |       JSONPath: ".status.conditions[?(@.type=='Available')].reason"
314 | 
315 | ---
316 | # Copyright 2019 The Tekton Authors
317 | #
318 | # Licensed under the Apache License, Version 2.0 (the "License");
319 | # you may not use this file except in compliance with the License.
320 | # You may obtain a copy of the License at
321 | #
322 | #     https://www.apache.org/licenses/LICENSE-2.0
323 | #
324 | # Unless required by applicable law or agreed to in writing, software
325 | # distributed under the License is distributed on an "AS IS" BASIS,
326 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
327 | # See the License for the specific language governing permissions and
328 | # limitations under the License.
329 | 
330 | apiVersion: apiextensions.k8s.io/v1beta1
331 | kind: CustomResourceDefinition
332 | metadata:
333 |   name: triggers.triggers.tekton.dev
334 |   labels:
335 |     app.kubernetes.io/instance: tekton
336 |     app.kubernetes.io/part-of: tekton-triggers
337 |     triggers.tekton.dev/release: "v0.9.1"
338 |     version: "v0.9.1"
339 | spec:
340 |   group: triggers.tekton.dev
341 |   scope: Namespaced
342 |   versions:
343 |     - name: v1alpha1
344 |       served: true
345 |       storage: true
346 |   names:
347 |     kind: Trigger
348 |     plural: triggers
349 |     singular: trigger
350 |     shortNames:
351 |       - tri
352 |     categories:
353 |       - tekton
354 |       - tekton-triggers
355 |   # Opt into the status subresource so metadata.generation
356 |   # starts to increment
357 |   subresources:
358 |     status: {}
359 |   version: v1alpha1
360 | 
361 | ---
362 | # Copyright 2019 The Tekton Authors
363 | #
364 | # Licensed under the Apache License, Version 2.0 (the "License");
365 | # you may not use this file except in compliance with the License.
366 | # You may obtain a copy of the License at
367 | #
368 | #     https://www.apache.org/licenses/LICENSE-2.0
369 | #
370 | # Unless required by applicable law or agreed to in writing, software
371 | # distributed under the License is distributed on an "AS IS" BASIS,
372 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
373 | # See the License for the specific language governing permissions and
374 | # limitations under the License.
375 | 
376 | apiVersion: apiextensions.k8s.io/v1beta1
377 | kind: CustomResourceDefinition
378 | metadata:
379 |   name: triggerbindings.triggers.tekton.dev
380 |   labels:
381 |     app.kubernetes.io/instance: tekton
382 |     app.kubernetes.io/part-of: tekton-triggers
383 |     triggers.tekton.dev/release: "v0.9.1"
384 |     version: "v0.9.1"
385 | spec:
386 |   group: triggers.tekton.dev
387 |   scope: Namespaced
388 |   versions:
389 |     - name: v1alpha1
390 |       served: true
391 |       storage: true
392 |   names:
393 |     kind: TriggerBinding
394 |     plural: triggerbindings
395 |     singular: triggerbinding
396 |     shortNames:
397 |       - tb
398 |     categories:
399 |       - tekton
400 |       - tekton-triggers
401 |   # Opt into the status subresource so metadata.generation
402 |   # starts to increment
403 |   subresources:
404 |     status: {}
405 |   version: v1alpha1
406 | 
407 | ---
408 | # Copyright 2019 The Tekton Authors
409 | #
410 | # Licensed under the Apache License, Version 2.0 (the "License");
411 | # you may not use this file except in compliance with the License.
412 | # You may obtain a copy of the License at
413 | #
414 | #     https://www.apache.org/licenses/LICENSE-2.0
415 | #
416 | # Unless required by applicable law or agreed to in writing, software
417 | # distributed under the License is distributed on an "AS IS" BASIS,
418 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
419 | # See the License for the specific language governing permissions and
420 | # limitations under the License.
421 | 
422 | apiVersion: apiextensions.k8s.io/v1beta1
423 | kind: CustomResourceDefinition
424 | metadata:
425 |   name: triggertemplates.triggers.tekton.dev
426 |   labels:
427 |     app.kubernetes.io/instance: tekton
428 |     app.kubernetes.io/part-of: tekton-triggers
429 |     triggers.tekton.dev/release: "v0.9.1"
430 |     version: "v0.9.1"
431 | spec:
432 |   group: triggers.tekton.dev
433 |   scope: Namespaced
434 |   versions:
435 |     - name: v1alpha1
436 |       served: true
437 |       storage: true
438 |   names:
439 |     kind: TriggerTemplate
440 |     plural: triggertemplates
441 |     singular: triggertemplate
442 |     shortNames:
443 |       - tt
444 |     categories:
445 |       - tekton
446 |       - tekton-triggers
447 |   # Opt into the status subresource so metadata.generation
448 |   # starts to increment
449 |   subresources:
450 |     status: {}
451 |   version: v1alpha1
452 | 
453 | ---
454 | # Copyright 2020 The Tekton Authors
455 | #
456 | # Licensed under the Apache License, Version 2.0 (the "License");
457 | # you may not use this file except in compliance with the License.
458 | # You may obtain a copy of the License at
459 | #
460 | #     https://www.apache.org/licenses/LICENSE-2.0
461 | #
462 | # Unless required by applicable law or agreed to in writing, software
463 | # distributed under the License is distributed on an "AS IS" BASIS,
464 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
465 | # See the License for the specific language governing permissions and
466 | # limitations under the License.
467 | 
468 | apiVersion: v1
469 | kind: Secret
470 | metadata:
471 |   name: triggers-webhook-certs
472 |   namespace: tekton-pipelines
473 |   labels:
474 |     app.kubernetes.io/component: webhook
475 |     app.kubernetes.io/instance: tekton
476 |     app.kubernetes.io/part-of: tekton-triggers
477 |     triggers.tekton.dev/release: "v0.9.1"
478 | # The data is populated at install time.
479 | ---
480 | apiVersion: admissionregistration.k8s.io/v1beta1
481 | kind: ValidatingWebhookConfiguration
482 | metadata:
483 |   name: validation.webhook.triggers.tekton.dev
484 |   labels:
485 |     app.kubernetes.io/component: webhook
486 |     app.kubernetes.io/instance: tekton
487 |     app.kubernetes.io/part-of: tekton-triggers
488 |     triggers.tekton.dev/release: "v0.9.1"
489 | webhooks:
490 |   - admissionReviewVersions:
491 |       - v1beta1
492 |     clientConfig:
493 |       service:
494 |         name: tekton-triggers-webhook
495 |         namespace: tekton-pipelines
496 |     failurePolicy: Fail
497 |     sideEffects: None
498 |     name: validation.webhook.triggers.tekton.dev
499 | ---
500 | apiVersion: admissionregistration.k8s.io/v1beta1
501 | kind: MutatingWebhookConfiguration
502 | metadata:
503 |   name: webhook.triggers.tekton.dev
504 |   labels:
505 |     app.kubernetes.io/component: webhook
506 |     app.kubernetes.io/instance: tekton
507 |     app.kubernetes.io/part-of: tekton-triggers
508 |     triggers.tekton.dev/release: "v0.9.1"
509 | webhooks:
510 |   - admissionReviewVersions:
511 |       - v1beta1
512 |     clientConfig:
513 |       service:
514 |         name: tekton-triggers-webhook
515 |         namespace: tekton-pipelines
516 |     failurePolicy: Fail
517 |     sideEffects: None
518 |     name: webhook.triggers.tekton.dev
519 | ---
520 | apiVersion: admissionregistration.k8s.io/v1beta1
521 | kind: ValidatingWebhookConfiguration
522 | metadata:
523 |   name: config.webhook.triggers.tekton.dev
524 |   labels:
525 |     app.kubernetes.io/component: webhook
526 |     app.kubernetes.io/instance: tekton
527 |     app.kubernetes.io/part-of: tekton-triggers
528 |     triggers.tekton.dev/release: "v0.9.1"
529 | webhooks:
530 |   - admissionReviewVersions:
531 |       - v1beta1
532 |     clientConfig:
533 |       service:
534 |         name: tekton-triggers-webhook
535 |         namespace: tekton-pipelines
536 |     failurePolicy: Fail
537 |     sideEffects: None
538 |     name: config.webhook.triggers.tekton.dev
539 |     namespaceSelector:
540 |       matchExpressions:
541 |         - key: triggers.tekton.dev/release
542 |           operator: Exists
543 | 
544 | ---
545 | # Copyright 2019 The Tekton Authors
546 | #
547 | # Licensed under the Apache License, Version 2.0 (the "License");
548 | # you may not use this file except in compliance with the License.
549 | # You may obtain a copy of the License at
550 | #
551 | #     http://www.apache.org/licenses/LICENSE-2.0
552 | #
553 | # Unless required by applicable law or agreed to in writing, software
554 | # distributed under the License is distributed on an "AS IS" BASIS,
555 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
556 | # See the License for the specific language governing permissions and
557 | # limitations under the License.
558 | 
559 | apiVersion: rbac.authorization.k8s.io/v1
560 | kind: ClusterRole
561 | metadata:
562 |   name: tekton-triggers-aggregate-edit
563 |   labels:
564 |     app.kubernetes.io/instance: tekton
565 |     app.kubernetes.io/part-of: tekton-triggers
566 |     rbac.authorization.k8s.io/aggregate-to-edit: "true"
567 |     rbac.authorization.k8s.io/aggregate-to-admin: "true"
568 | rules:
569 |   - apiGroups:
570 |       - triggers.tekton.dev
571 |     resources:
572 |       - clustertriggerbindings
573 |       - eventlisteners
574 |       - triggers
575 |       - triggerbindings
576 |       - triggertemplates
577 |     verbs:
578 |       - create
579 |       - delete
580 |       - deletecollection
581 |       - get
582 |       - list
583 |       - patch
584 |       - update
585 |       - watch
586 | 
587 | ---
588 | # Copyright 2019 The Tekton Authors
589 | #
590 | # Licensed under the Apache License, Version 2.0 (the "License");
591 | # you may not use this file except in compliance with the License.
592 | # You may obtain a copy of the License at
593 | #
594 | #     http://www.apache.org/licenses/LICENSE-2.0
595 | #
596 | # Unless required by applicable law or agreed to in writing, software
597 | # distributed under the License is distributed on an "AS IS" BASIS,
598 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
599 | # See the License for the specific language governing permissions and
600 | # limitations under the License.
601 | 
602 | apiVersion: rbac.authorization.k8s.io/v1
603 | kind: ClusterRole
604 | metadata:
605 |   name: tekton-triggers-aggregate-view
606 |   labels:
607 |     app.kubernetes.io/instance: tekton
608 |     app.kubernetes.io/part-of: tekton-triggers
609 |     rbac.authorization.k8s.io/aggregate-to-view: "true"
610 | rules:
611 |   - apiGroups:
612 |       - triggers.tekton.dev
613 |     resources:
614 |       - clustertriggerbindings
615 |       - eventlisteners
616 |       - triggers
617 |       - triggerbindings
618 |       - triggertemplates
619 |     verbs:
620 |       - get
621 |       - list
622 |       - watch
623 | 
624 | ---
625 | # Copyright 2019 Tekton Authors LLC
626 | #
627 | # Licensed under the Apache License, Version 2.0 (the "License");
628 | # you may not use this file except in compliance with the License.
629 | # You may obtain a copy of the License at
630 | #
631 | #     https://www.apache.org/licenses/LICENSE-2.0
632 | #
633 | # Unless required by applicable law or agreed to in writing, software
634 | # distributed under the License is distributed on an "AS IS" BASIS,
635 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
636 | # See the License for the specific language governing permissions and
637 | # limitations under the License.
638 | 
639 | apiVersion: v1
640 | kind: ConfigMap
641 | metadata:
642 |   name: config-logging-triggers
643 |   namespace: tekton-pipelines
644 |   labels:
645 |     app.kubernetes.io/instance: tekton
646 |     app.kubernetes.io/part-of: tekton-triggers
647 | data:
648 |   # Common configuration for all knative codebase
649 |   zap-logger-config: |
650 |     {
651 |       "level": "info",
652 |       "development": false,
653 |       "sampling": {
654 |         "initial": 100,
655 |         "thereafter": 100
656 |       },
657 |       "outputPaths": ["stdout"],
658 |       "errorOutputPaths": ["stderr"],
659 |       "encoding": "json",
660 |       "encoderConfig": {
661 |         "timeKey": "",
662 |         "levelKey": "level",
663 |         "nameKey": "logger",
664 |         "callerKey": "caller",
665 |         "messageKey": "msg",
666 |         "stacktraceKey": "stacktrace",
667 |         "lineEnding": "",
668 |         "levelEncoder": "",
669 |         "timeEncoder": "",
670 |         "durationEncoder": "",
671 |         "callerEncoder": ""
672 |       }
673 |     }
674 |   # Log level overrides
675 |   loglevel.controller: "info"
676 |   loglevel.webhook: "info"
677 |   loglevel.eventlistener: "info"
678 | 
679 | ---
680 | # Copyright 2019 The Tekton Authors
681 | #
682 | # Licensed under the Apache License, Version 2.0 (the "License");
683 | # you may not use this file except in compliance with the License.
684 | # You may obtain a copy of the License at
685 | #
686 | #     https://www.apache.org/licenses/LICENSE-2.0
687 | #
688 | # Unless required by applicable law or agreed to in writing, software
689 | # distributed under the License is distributed on an "AS IS" BASIS,
690 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
691 | # See the License for the specific language governing permissions and
692 | # limitations under the License.
693 | 
694 | apiVersion: v1
695 | kind: ConfigMap
696 | metadata:
697 |   name: config-observability-triggers
698 |   namespace: tekton-pipelines
699 |   labels:
700 |     app.kubernetes.io/instance: tekton
701 |     app.kubernetes.io/part-of: tekton-triggers
702 | data:
703 |   _example: |
704 |     ################################
705 |     #                              #
706 |     #    EXAMPLE CONFIGURATION     #
707 |     #                              #
708 |     ################################
709 | 
710 |     # This block is not actually functional configuration,
711 |     # but serves to illustrate the available configuration
712 |     # options and document them in a way that is accessible
713 |     # to users that `kubectl edit` this config map.
714 |     #
715 |     # These sample configuration options may be copied out of
716 |     # this example block and unindented to be in the data block
717 |     # to actually change the configuration.
718 | 
719 |     # metrics.backend-destination field specifies the system metrics destination.
720 |     # It supports either prometheus (the default) or stackdriver.
721 |     # Note: Using stackdriver will incur additional charges
722 |     metrics.backend-destination: prometheus
723 | 
724 |     # metrics.stackdriver-project-id field specifies the stackdriver project ID. This
725 |     # field is optional. When running on GCE, application default credentials will be
726 |     # used if this field is not provided.
727 |     metrics.stackdriver-project-id: "<your stackdriver project id>"
728 | 
729 |     # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to
730 |     # Stackdriver using "global" resource type and custom metric type if the
731 |     # metrics are not supported by "knative_revision" resource type. Setting this
732 |     # flag to "true" could cause extra Stackdriver charge.
733 |     # If metrics.backend-destination is not Stackdriver, this is ignored.
734 |     metrics.allow-stackdriver-custom-metrics: "false"
735 | 
736 | ---
737 | # Copyright 2019 Tekton Authors LLC
738 | #
739 | # Licensed under the Apache License, Version 2.0 (the "License");
740 | # you may not use this file except in compliance with the License.
741 | # You may obtain a copy of the License at
742 | #
743 | #     https://www.apache.org/licenses/LICENSE-2.0
744 | #
745 | # Unless required by applicable law or agreed to in writing, software
746 | # distributed under the License is distributed on an "AS IS" BASIS,
747 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
748 | # See the License for the specific language governing permissions and
749 | # limitations under the License.
750 | 
751 | apiVersion: v1
752 | kind: Service
753 | metadata:
754 |   labels:
755 |     app.kubernetes.io/name: controller
756 |     app.kubernetes.io/component: controller
757 |     app.kubernetes.io/instance: tekton
758 |     app.kubernetes.io/version: "v0.9.1"
759 |     app.kubernetes.io/part-of: tekton-triggers
760 |     triggers.tekton.dev/release: "v0.9.1"
761 |     app: tekton-triggers-controller
762 |     version: "v0.9.1"
763 |   name: tekton-triggers-controller
764 |   namespace: tekton-pipelines
765 | spec:
766 |   ports:
767 |     - name: http-metrics
768 |       port: 9090
769 |       protocol: TCP
770 |       targetPort: 9090
771 |   selector:
772 |     app.kubernetes.io/name: controller
773 |     app.kubernetes.io/component: controller
774 |     app.kubernetes.io/instance: tekton
775 |     app.kubernetes.io/part-of: tekton-triggers
776 | 
777 | ---
778 | # Copyright 2019 The Tekton Authors
779 | #
780 | # Licensed under the Apache License, Version 2.0 (the "License");
781 | # you may not use this file except in compliance with the License.
782 | # You may obtain a copy of the License at
783 | #
784 | #     http://www.apache.org/licenses/LICENSE-2.0
785 | #
786 | # Unless required by applicable law or agreed to in writing, software
787 | # distributed under the License is distributed on an "AS IS" BASIS,
788 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
789 | # See the License for the specific language governing permissions and
790 | # limitations under the License.
791 | 
792 | apiVersion: apps/v1
793 | kind: Deployment
794 | metadata:
795 |   name: tekton-triggers-controller
796 |   namespace: tekton-pipelines
797 |   labels:
798 |     app.kubernetes.io/name: controller
799 |     app.kubernetes.io/component: controller
800 |     app.kubernetes.io/instance: tekton
801 |     app.kubernetes.io/version: "v0.9.1"
802 |     app.kubernetes.io/part-of: tekton-triggers
803 |     # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml
804 |     triggers.tekton.dev/release: "v0.9.1"
805 | spec:
806 |   replicas: 1
807 |   selector:
808 |     matchLabels:
809 |       app.kubernetes.io/name: controller
810 |       app.kubernetes.io/component: controller
811 |       app.kubernetes.io/instance: tekton
812 |       app.kubernetes.io/part-of: tekton-triggers
813 |   template:
814 |     metadata:
815 |       annotations:
816 |         cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
817 |       labels:
818 |         app.kubernetes.io/name: controller
819 |         app.kubernetes.io/component: controller
820 |         app.kubernetes.io/instance: tekton
821 |         app.kubernetes.io/version: "v0.9.1"
822 |         app.kubernetes.io/part-of: tekton-triggers
823 |         app: tekton-triggers-controller
824 |         triggers.tekton.dev/release: "v0.9.1"
825 |         # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml
826 |         version: "v0.9.1"
827 |     spec:
828 |       serviceAccountName: tekton-triggers-controller
829 |       containers:
830 |         - name: tekton-triggers-controller
831 |           image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controller:v0.9.1@sha256:89e105cacb853ef8866baf0e2f0030651ec719e9bdc7cf56972edbd68dbd4779"
832 |           args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink:v0.9.1@sha256:b687fc18b818f6e031083735b1833e6db3ba18d5113cfdc1ec8eb3c980e0f67d", "-el-port", "8080", "-period-seconds", "10", "-failure-threshold", "1"]
833 |           env:
834 |             - name: SYSTEM_NAMESPACE
835 |               valueFrom:
836 |                 fieldRef:
837 |                   fieldPath: metadata.namespace
838 |             - name: CONFIG_LOGGING_NAME
839 |               value: config-logging-triggers
840 |             - name: CONFIG_OBSERVABILITY_NAME
841 |               value: config-observability-triggers
842 |             - name: METRICS_DOMAIN
843 |               value: tekton.dev/triggers
844 |           securityContext:
845 |             allowPrivilegeEscalation: false
846 |             # User 65532 is the distroless nonroot user ID
847 |             runAsUser: 65532
848 | 
849 | ---
850 | # Copyright 2019 The Tekton Authors
851 | #
852 | # Licensed under the Apache License, Version 2.0 (the "License");
853 | # you may not use this file except in compliance with the License.
854 | # You may obtain a copy of the License at
855 | #
856 | #     http://www.apache.org/licenses/LICENSE-2.0
857 | #
858 | # Unless required by applicable law or agreed to in writing, software
859 | # distributed under the License is distributed on an "AS IS" BASIS,
860 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
861 | # See the License for the specific language governing permissions and
862 | # limitations under the License.
863 | 
864 | apiVersion: v1
865 | kind: Service
866 | metadata:
867 |   name: tekton-triggers-webhook
868 |   namespace: tekton-pipelines
869 |   labels:
870 |     app.kubernetes.io/name: webhook
871 |     app.kubernetes.io/component: webhook
872 |     app.kubernetes.io/instance: tekton
873 |     app.kubernetes.io/version: "v0.9.1"
874 |     app.kubernetes.io/part-of: tekton-triggers
875 |     app: tekton-triggers-webhook
876 |     version: "v0.9.1"
877 |     triggers.tekton.dev/release: "v0.9.1"
878 | spec:
879 |   ports:
880 |     - name: https-webhook
881 |       port: 443
882 |       targetPort: 8443
883 |   selector:
884 |     app.kubernetes.io/name: webhook
885 |     app.kubernetes.io/component: webhook
886 |     app.kubernetes.io/instance: tekton
887 |     app.kubernetes.io/part-of: tekton-triggers
888 | 
889 | ---
890 | # Copyright 2019 The Tekton Authors
891 | #
892 | # Licensed under the Apache License, Version 2.0 (the "License");
893 | # you may not use this file except in compliance with the License.
894 | # You may obtain a copy of the License at
895 | #
896 | #     https://www.apache.org/licenses/LICENSE-2.0
897 | #
898 | # Unless required by applicable law or agreed to in writing, software
899 | # distributed under the License is distributed on an "AS IS" BASIS,
900 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
901 | # See the License for the specific language governing permissions and
902 | # limitations under the License.
903 | 
904 | apiVersion: apps/v1
905 | kind: Deployment
906 | metadata:
907 |   name: tekton-triggers-webhook
908 |   namespace: tekton-pipelines
909 |   labels:
910 |     app.kubernetes.io/name: webhook
911 |     app.kubernetes.io/component: webhook
912 |     app.kubernetes.io/instance: tekton
913 |     app.kubernetes.io/version: "v0.9.1"
914 |     app.kubernetes.io/part-of: tekton-triggers
915 |     # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml
916 |     triggers.tekton.dev/release: "v0.9.1"
917 | spec:
918 |   replicas: 1
919 |   selector:
920 |     matchLabels:
921 |       app.kubernetes.io/name: webhook
922 |       app.kubernetes.io/component: webhook
923 |       app.kubernetes.io/instance: tekton
924 |       app.kubernetes.io/part-of: tekton-triggers
925 |   template:
926 |     metadata:
927 |       annotations:
928 |         cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
929 |       labels:
930 |         app.kubernetes.io/name: webhook
931 |         app.kubernetes.io/component: webhook
932 |         app.kubernetes.io/instance: tekton
933 |         app.kubernetes.io/version: "v0.9.1"
934 |         app.kubernetes.io/part-of: tekton-triggers
935 |         app: tekton-triggers-webhook
936 |         triggers.tekton.dev/release: "v0.9.1"
937 |         # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml
938 |         version: "v0.9.1"
939 |     spec:
940 |       serviceAccountName: tekton-triggers-controller
941 |       containers:
942 |         - name: webhook
943 |           # This is the Go import path for the binary that is containerized
944 |           # and substituted here.
945 |           image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/webhook:v0.9.1@sha256:496bea4b0524c21be6bfe4eb5e99f92119cea3e58a93ed06a76536d7a1d9032c"
946 |           env:
947 |             - name: SYSTEM_NAMESPACE
948 |               valueFrom:
949 |                 fieldRef:
950 |                   fieldPath: metadata.namespace
951 |             - name: CONFIG_LOGGING_NAME
952 |               value: config-logging-triggers
953 |             - name: WEBHOOK_SERVICE_NAME
954 |               value: tekton-triggers-webhook
955 |             - name: WEBHOOK_SECRET_NAME
956 |               value: triggers-webhook-certs
957 |             - name: METRICS_DOMAIN
958 |               value: tekton.dev/triggers
959 |           ports:
960 |             - name: metrics
961 |               containerPort: 9090
962 |             - name: profiling
963 |               containerPort: 8008
964 |             - name: https-webhook
965 |               containerPort: 8443
966 |           securityContext:
967 |             allowPrivilegeEscalation: false
968 |             # User 65532 is the distroless nonroot user ID
969 |             runAsUser: 65532
970 | 
971 | ---
972 | 


--------------------------------------------------------------------------------
/go.sum:
--------------------------------------------------------------------------------
  1 | cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
  2 | cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
  3 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
  4 | github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
  5 | github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
  6 | github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
  7 | github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
  8 | github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
  9 | github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 10 | github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 11 | github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 12 | github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 13 | github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 14 | github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 15 | github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 16 | github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 17 | github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 18 | github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 19 | github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
 20 | github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
 21 | github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 22 | github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
 23 | github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 24 | github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 25 | github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 26 | github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 27 | github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 28 | github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
 29 | github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 30 | github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 31 | github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
 32 | github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 33 | github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
 34 | github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 35 | github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
 36 | github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
 37 | github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 38 | github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 39 | github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 40 | github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 41 | github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 42 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 43 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 44 | github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 45 | github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 46 | github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
 47 | github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
 48 | github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
 49 | github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
 50 | github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
 51 | github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 52 | github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 53 | github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 54 | github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
 55 | github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
 56 | github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 57 | github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 58 | github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 59 | github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 60 | github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
 61 | github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 62 | github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 63 | github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 64 | github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 65 | github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 66 | github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
 67 | github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 68 | github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 69 | github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 70 | github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 71 | github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 72 | github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 73 | github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 74 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 75 | github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 76 | github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 77 | github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 78 | github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 79 | github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 80 | github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 81 | github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 82 | github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 83 | github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
 84 | github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 85 | github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 86 | github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 87 | github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 88 | github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 89 | github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 90 | github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 91 | github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 92 | github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 93 | github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 94 | github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 95 | github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 96 | github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 97 | github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 98 | github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 99 | github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
100 | github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
101 | github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
102 | github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
103 | github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE=
104 | github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
105 | github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
106 | github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
107 | github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
108 | github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
109 | github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
110 | github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
111 | github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
112 | github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
113 | github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
114 | github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
115 | github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
116 | github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
117 | github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
118 | github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
119 | github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
120 | github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
121 | github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
122 | github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
123 | github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
124 | github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg=
125 | github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
126 | github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
127 | github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
128 | github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
129 | github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
130 | github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
131 | github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
132 | github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
133 | github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
134 | github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
135 | github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
136 | github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
137 | github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
138 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
139 | github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
140 | github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
141 | github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
142 | github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
143 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
144 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
145 | github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
146 | github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
147 | github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
148 | github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
149 | github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
150 | github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
151 | github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
152 | github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
153 | github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
154 | github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
155 | github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
156 | github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
157 | github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
158 | github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
159 | github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
160 | github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
161 | github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
162 | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
163 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
164 | github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
165 | github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
166 | github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
167 | github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
168 | github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg=
169 | github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU=
170 | github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k=
171 | github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w=
172 | github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
173 | github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
174 | github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
175 | github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs=
176 | github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
177 | github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
178 | github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
179 | github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
180 | github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
181 | github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
182 | github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
183 | github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74=
184 | github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
185 | github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
186 | github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA=
187 | github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
188 | github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
189 | github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
190 | github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
191 | github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
192 | github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
193 | github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
194 | github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
195 | github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
196 | github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
197 | github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
198 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
199 | github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
200 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
201 | github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
202 | github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
203 | github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
204 | github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
205 | github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
206 | github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
207 | github.com/prometheus/client_golang v1.8.0 h1:zvJNkoCFAnYFNC24FV8nW4JdRJ3GIFcLbg65lL/JDcw=
208 | github.com/prometheus/client_golang v1.8.0/go.mod h1:O9VU6huf47PktckDQfMTX0Y8tY0/7TSWwj+ITvv0TnM=
209 | github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
210 | github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
211 | github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
212 | github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
213 | github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
214 | github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
215 | github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
216 | github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
217 | github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
218 | github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
219 | github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
220 | github.com/prometheus/common v0.14.0 h1:RHRyE8UocrbjU+6UvRzwi6HjiDfxrrBU91TtbKzkGp4=
221 | github.com/prometheus/common v0.14.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
222 | github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
223 | github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
224 | github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
225 | github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
226 | github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
227 | github.com/prometheus/procfs v0.2.0 h1:wH4vA7pcjKuZzjF7lM8awk4fnuJO6idemZXoKnULUx4=
228 | github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
229 | github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
230 | github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
231 | github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
232 | github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
233 | github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
234 | github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
235 | github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
236 | github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
237 | github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
238 | github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
239 | github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
240 | github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
241 | github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
242 | github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
243 | github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
244 | github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
245 | github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
246 | github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
247 | github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
248 | github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
249 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
250 | github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
251 | github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
252 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
253 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
254 | github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
255 | github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
256 | github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
257 | github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
258 | go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
259 | go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
260 | go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
261 | go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
262 | go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
263 | go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
264 | go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
265 | go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
266 | go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
267 | go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
268 | go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
269 | go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
270 | golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
271 | golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
272 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
273 | golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
274 | golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
275 | golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
276 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
277 | golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
278 | golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
279 | golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
280 | golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
281 | golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
282 | golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
283 | golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
284 | golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
285 | golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
286 | golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
287 | golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
288 | golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
289 | golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
290 | golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
291 | golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
292 | golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
293 | golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
294 | golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
295 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
296 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
297 | golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
298 | golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
299 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
300 | golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
301 | golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
302 | golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
303 | golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
304 | golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
305 | golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
306 | golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
307 | golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
308 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
309 | golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
310 | golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
311 | golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
312 | golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
313 | golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
314 | golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
315 | golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
316 | golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
317 | golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
318 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
319 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
320 | golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
321 | golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
322 | golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
323 | golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
324 | golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
325 | golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
326 | golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
327 | golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
328 | golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
329 | golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211 h1:9UQO31fZ+0aKQOFldThf7BKPMJTiBfWycGh/u3UoO88=
330 | golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
331 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
332 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
333 | golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
334 | golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
335 | golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
336 | golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
337 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
338 | golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
339 | golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
340 | golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
341 | golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
342 | golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
343 | golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
344 | golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
345 | golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
346 | golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
347 | golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
348 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
349 | golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
350 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
351 | google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
352 | google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
353 | google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
354 | google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
355 | google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
356 | google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
357 | google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
358 | google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
359 | google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
360 | google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
361 | google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
362 | google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
363 | google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
364 | google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
365 | google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
366 | google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
367 | google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
368 | google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
369 | google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
370 | google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
371 | google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
372 | google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
373 | google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
374 | google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM=
375 | google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
376 | gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
377 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
378 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
379 | gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
380 | gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
381 | gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
382 | gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
383 | gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
384 | gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
385 | gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
386 | gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
387 | gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
388 | gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
389 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
390 | gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
391 | gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
392 | gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
393 | honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
394 | honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
395 | honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
396 | honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
397 | sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
398 | sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU=
399 | 


--------------------------------------------------------------------------------
/clusters/tekton/base/tekton-pipeline-release.yaml:
--------------------------------------------------------------------------------
   1 | # Copyright 2019 The Tekton Authors
   2 | #
   3 | # Licensed under the Apache License, Version 2.0 (the "License");
   4 | # you may not use this file except in compliance with the License.
   5 | # You may obtain a copy of the License at
   6 | #
   7 | #     http://www.apache.org/licenses/LICENSE-2.0
   8 | #
   9 | # Unless required by applicable law or agreed to in writing, software
  10 | # distributed under the License is distributed on an "AS IS" BASIS,
  11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12 | # See the License for the specific language governing permissions and
  13 | # limitations under the License.
  14 | 
  15 | apiVersion: v1
  16 | kind: Namespace
  17 | metadata:
  18 |   name: tekton-pipelines
  19 |   labels:
  20 |     app.kubernetes.io/instance: tekton
  21 |     app.kubernetes.io/part-of: tekton-pipelines
  22 | 
  23 | ---
  24 | # Copyright 2019 The Tekton Authors
  25 | #
  26 | # Licensed under the Apache License, Version 2.0 (the "License");
  27 | # you may not use this file except in compliance with the License.
  28 | # You may obtain a copy of the License at
  29 | #
  30 | #     http://www.apache.org/licenses/LICENSE-2.0
  31 | #
  32 | # Unless required by applicable law or agreed to in writing, software
  33 | # distributed under the License is distributed on an "AS IS" BASIS,
  34 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  35 | # See the License for the specific language governing permissions and
  36 | # limitations under the License.
  37 | 
  38 | apiVersion: policy/v1beta1
  39 | kind: PodSecurityPolicy
  40 | metadata:
  41 |   name: tekton-pipelines
  42 |   labels:
  43 |     app.kubernetes.io/instance: tekton
  44 |     app.kubernetes.io/part-of: tekton-pipelines
  45 | spec:
  46 |   privileged: false
  47 |   allowPrivilegeEscalation: false
  48 |   volumes:
  49 |   - 'emptyDir'
  50 |   - 'configMap'
  51 |   - 'secret'
  52 |   hostNetwork: false
  53 |   hostIPC: false
  54 |   hostPID: false
  55 |   runAsUser:
  56 |     rule: 'MustRunAsNonRoot'
  57 |   seLinux:
  58 |     rule: 'RunAsAny'
  59 |   supplementalGroups:
  60 |     rule: 'MustRunAs'
  61 |     ranges:
  62 |     - min: 1
  63 |       max: 65535
  64 |   fsGroup:
  65 |     rule: 'MustRunAs'
  66 |     ranges:
  67 |     - min: 1
  68 |       max: 65535
  69 | 
  70 | ---
  71 | # Copyright 2020 The Tekton Authors
  72 | #
  73 | # Licensed under the Apache License, Version 2.0 (the "License");
  74 | # you may not use this file except in compliance with the License.
  75 | # You may obtain a copy of the License at
  76 | #
  77 | #     https://www.apache.org/licenses/LICENSE-2.0
  78 | #
  79 | # Unless required by applicable law or agreed to in writing, software
  80 | # distributed under the License is distributed on an "AS IS" BASIS,
  81 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  82 | # See the License for the specific language governing permissions and
  83 | # limitations under the License.
  84 | 
  85 | kind: ClusterRole
  86 | apiVersion: rbac.authorization.k8s.io/v1
  87 | metadata:
  88 |   name: tekton-pipelines-controller-cluster-access
  89 |   labels:
  90 |     app.kubernetes.io/component: controller
  91 |     app.kubernetes.io/instance: tekton
  92 |     app.kubernetes.io/part-of: tekton-pipelines
  93 | rules:
  94 | - apiGroups: [""]
  95 |   # Namespace access is required because the controller timeout handling logic
  96 |   # iterates over all namespaces and times out any PipelineRuns that have expired.
  97 |   # Pod access is required because the taskrun controller wants to be updated when
  98 |   # a Pod underlying a TaskRun changes state.
  99 |   resources: ["namespaces", "pods"]
 100 |   verbs: ["list", "watch"]
 101 |   # Controller needs cluster access to all of the CRDs that it is responsible for
 102 |   # managing.
 103 | - apiGroups: ["tekton.dev"]
 104 |   resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources",
 105 |     "conditions"]
 106 |   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 107 | - apiGroups: ["tekton.dev"]
 108 |   resources: ["taskruns/finalizers", "pipelineruns/finalizers"]
 109 |   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 110 | - apiGroups: ["tekton.dev"]
 111 |   resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status",
 112 |     "pipelineruns/status", "pipelineresources/status"]
 113 |   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 114 | ---
 115 | kind: ClusterRole
 116 | apiVersion: rbac.authorization.k8s.io/v1
 117 | metadata:
 118 |   # This is the access that the controller needs on a per-namespace basis.
 119 |   name: tekton-pipelines-controller-tenant-access
 120 |   labels:
 121 |     app.kubernetes.io/component: controller
 122 |     app.kubernetes.io/instance: tekton
 123 |     app.kubernetes.io/part-of: tekton-pipelines
 124 | rules:
 125 | - apiGroups: [""]
 126 |   resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps",
 127 |     "persistentvolumeclaims", "limitranges"]
 128 |   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 129 |   # Unclear if this access is actually required.  Simply a hold-over from the previous
 130 |   # incarnation of the controller's ClusterRole.
 131 | - apiGroups: ["apps"]
 132 |   resources: ["deployments", "statefulsets"]
 133 |   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 134 | - apiGroups: ["apps"]
 135 |   resources: ["deployments/finalizers"]
 136 |   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 137 | ---
 138 | kind: ClusterRole
 139 | apiVersion: rbac.authorization.k8s.io/v1
 140 | metadata:
 141 |   name: tekton-pipelines-webhook-cluster-access
 142 |   labels:
 143 |     app.kubernetes.io/component: webhook
 144 |     app.kubernetes.io/instance: tekton
 145 |     app.kubernetes.io/part-of: tekton-pipelines
 146 | rules:
 147 | - # The webhook needs to be able to list and update customresourcedefinitions,
 148 |   # mainly to update the webhook certificates.
 149 |   apiGroups: ["apiextensions.k8s.io"]
 150 |   resources: ["customresourcedefinitions", "customresourcedefinitions/status"]
 151 |   verbs: ["get", "list", "update", "patch", "watch"]
 152 | - apiGroups: ["admissionregistration.k8s.io"]
 153 |   # The webhook performs a reconciliation on these two resources and continuously
 154 |   # updates configuration.
 155 |   resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
 156 |   # knative starts informers on these things, which is why we need get, list and watch.
 157 |   verbs: ["list", "watch"]
 158 | - apiGroups: ["admissionregistration.k8s.io"]
 159 |   resources: ["mutatingwebhookconfigurations"]
 160 |   # This mutating webhook is responsible for applying defaults to tekton objects
 161 |   # as they are received.
 162 |   resourceNames: ["webhook.pipeline.tekton.dev"]
 163 |   # When there are changes to the configs or secrets, knative updates the mutatingwebhook config
 164 |   # with the updated certificates or the refreshed set of rules.
 165 |   verbs: ["get", "update"]
 166 | - apiGroups: ["admissionregistration.k8s.io"]
 167 |   resources: ["validatingwebhookconfigurations"]
 168 |   # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns.
 169 |   # config.webhook.pipeline.tekton.dev validates the logging configuration against knative's logging structure
 170 |   resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"]
 171 |   # When there are changes to the configs or secrets, knative updates the validatingwebhook config
 172 |   # with the updated certificates or the refreshed set of rules.
 173 |   verbs: ["get", "update"]
 174 | - apiGroups: ["policy"]
 175 |   resources: ["podsecuritypolicies"]
 176 |   resourceNames: ["tekton-pipelines"]
 177 |   verbs: ["use"]
 178 | ---
 179 | kind: ClusterRole
 180 | apiVersion: rbac.authorization.k8s.io/v1
 181 | metadata:
 182 |   name: tekton-pipelines-leader-election
 183 |   labels:
 184 |     app.kubernetes.io/instance: tekton
 185 |     app.kubernetes.io/part-of: tekton-pipelines
 186 | rules:
 187 | - # We uses leases for leaderelection
 188 |   apiGroups: ["coordination.k8s.io"]
 189 |   resources: ["leases"]
 190 |   verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
 191 | 
 192 | ---
 193 | # Copyright 2020 The Tekton Authors
 194 | #
 195 | # Licensed under the Apache License, Version 2.0 (the "License");
 196 | # you may not use this file except in compliance with the License.
 197 | # You may obtain a copy of the License at
 198 | #
 199 | #     https://www.apache.org/licenses/LICENSE-2.0
 200 | #
 201 | # Unless required by applicable law or agreed to in writing, software
 202 | # distributed under the License is distributed on an "AS IS" BASIS,
 203 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 204 | # See the License for the specific language governing permissions and
 205 | # limitations under the License.
 206 | 
 207 | kind: Role
 208 | apiVersion: rbac.authorization.k8s.io/v1
 209 | metadata:
 210 |   name: tekton-pipelines-controller
 211 |   namespace: tekton-pipelines
 212 |   labels:
 213 |     app.kubernetes.io/component: controller
 214 |     app.kubernetes.io/instance: tekton
 215 |     app.kubernetes.io/part-of: tekton-pipelines
 216 | rules:
 217 | - apiGroups: [""]
 218 |   resources: ["configmaps"]
 219 |   verbs: ["list", "watch"]
 220 | - # The controller needs access to these configmaps for logging information and runtime configuration.
 221 |   apiGroups: [""]
 222 |   resources: ["configmaps"]
 223 |   verbs: ["get"]
 224 |   resourceNames: ["config-logging", "config-observability", "config-artifact-bucket",
 225 |     "config-artifact-pvc", "feature-flags", "config-leader-election"]
 226 | - apiGroups: ["policy"]
 227 |   resources: ["podsecuritypolicies"]
 228 |   resourceNames: ["tekton-pipelines"]
 229 |   verbs: ["use"]
 230 | ---
 231 | kind: Role
 232 | apiVersion: rbac.authorization.k8s.io/v1
 233 | metadata:
 234 |   name: tekton-pipelines-webhook
 235 |   namespace: tekton-pipelines
 236 |   labels:
 237 |     app.kubernetes.io/component: webhook
 238 |     app.kubernetes.io/instance: tekton
 239 |     app.kubernetes.io/part-of: tekton-pipelines
 240 | rules:
 241 | - apiGroups: [""]
 242 |   resources: ["configmaps"]
 243 |   verbs: ["list", "watch"]
 244 | - # The webhook needs access to these configmaps for logging information.
 245 |   apiGroups: [""]
 246 |   resources: ["configmaps"]
 247 |   verbs: ["get"]
 248 |   resourceNames: ["config-logging", "config-observability", "config-leader-election"]
 249 | - apiGroups: [""]
 250 |   resources: ["secrets"]
 251 |   verbs: ["list", "watch"]
 252 | - # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever
 253 |   # the secret changes it updates the webhook configurations with the certificates
 254 |   # stored in the secret.
 255 |   apiGroups: [""]
 256 |   resources: ["secrets"]
 257 |   verbs: ["get", "update"]
 258 |   resourceNames: ["webhook-certs"]
 259 | - apiGroups: ["policy"]
 260 |   resources: ["podsecuritypolicies"]
 261 |   resourceNames: ["tekton-pipelines"]
 262 |   verbs: ["use"]
 263 | 
 264 | ---
 265 | # Copyright 2019 The Tekton Authors
 266 | #
 267 | # Licensed under the Apache License, Version 2.0 (the "License");
 268 | # you may not use this file except in compliance with the License.
 269 | # You may obtain a copy of the License at
 270 | #
 271 | #     http://www.apache.org/licenses/LICENSE-2.0
 272 | #
 273 | # Unless required by applicable law or agreed to in writing, software
 274 | # distributed under the License is distributed on an "AS IS" BASIS,
 275 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 276 | # See the License for the specific language governing permissions and
 277 | # limitations under the License.
 278 | apiVersion: v1
 279 | kind: ServiceAccount
 280 | metadata:
 281 |   name: tekton-pipelines-controller
 282 |   namespace: tekton-pipelines
 283 |   labels:
 284 |     app.kubernetes.io/component: controller
 285 |     app.kubernetes.io/instance: tekton
 286 |     app.kubernetes.io/part-of: tekton-pipelines
 287 | ---
 288 | apiVersion: v1
 289 | kind: ServiceAccount
 290 | metadata:
 291 |   name: tekton-pipelines-webhook
 292 |   namespace: tekton-pipelines
 293 |   labels:
 294 |     app.kubernetes.io/component: webhook
 295 |     app.kubernetes.io/instance: tekton
 296 |     app.kubernetes.io/part-of: tekton-pipelines
 297 | 
 298 | ---
 299 | # Copyright 2019 The Tekton Authors
 300 | #
 301 | # Licensed under the Apache License, Version 2.0 (the "License");
 302 | # you may not use this file except in compliance with the License.
 303 | # You may obtain a copy of the License at
 304 | #
 305 | #     http://www.apache.org/licenses/LICENSE-2.0
 306 | #
 307 | # Unless required by applicable law or agreed to in writing, software
 308 | # distributed under the License is distributed on an "AS IS" BASIS,
 309 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 310 | # See the License for the specific language governing permissions and
 311 | # limitations under the License.
 312 | 
 313 | apiVersion: rbac.authorization.k8s.io/v1beta1
 314 | kind: ClusterRoleBinding
 315 | metadata:
 316 |   name: tekton-pipelines-controller-cluster-access
 317 |   labels:
 318 |     app.kubernetes.io/component: controller
 319 |     app.kubernetes.io/instance: tekton
 320 |     app.kubernetes.io/part-of: tekton-pipelines
 321 | subjects:
 322 | - kind: ServiceAccount
 323 |   name: tekton-pipelines-controller
 324 |   namespace: tekton-pipelines
 325 | roleRef:
 326 |   kind: ClusterRole
 327 |   name: tekton-pipelines-controller-cluster-access
 328 |   apiGroup: rbac.authorization.k8s.io
 329 | ---
 330 | apiVersion: rbac.authorization.k8s.io/v1beta1
 331 | kind: ClusterRoleBinding
 332 | metadata:
 333 |   name: tekton-pipelines-controller-leaderelection
 334 |   labels:
 335 |     app.kubernetes.io/component: controller
 336 |     app.kubernetes.io/instance: tekton
 337 |     app.kubernetes.io/part-of: tekton-pipelines
 338 | subjects:
 339 | - kind: ServiceAccount
 340 |   name: tekton-pipelines-controller
 341 |   namespace: tekton-pipelines
 342 | roleRef:
 343 |   kind: ClusterRole
 344 |   name: tekton-pipelines-leader-election
 345 |   apiGroup: rbac.authorization.k8s.io
 346 | ---
 347 | # If this ClusterRoleBinding is replaced with a RoleBinding
 348 | # then the ClusterRole would be namespaced. The access described by
 349 | # the tekton-pipelines-controller-tenant-access ClusterRole would
 350 | # be scoped to individual tenant namespaces.
 351 | apiVersion: rbac.authorization.k8s.io/v1beta1
 352 | kind: ClusterRoleBinding
 353 | metadata:
 354 |   name: tekton-pipelines-controller-tenant-access
 355 |   labels:
 356 |     app.kubernetes.io/component: controller
 357 |     app.kubernetes.io/instance: tekton
 358 |     app.kubernetes.io/part-of: tekton-pipelines
 359 | subjects:
 360 | - kind: ServiceAccount
 361 |   name: tekton-pipelines-controller
 362 |   namespace: tekton-pipelines
 363 | roleRef:
 364 |   kind: ClusterRole
 365 |   name: tekton-pipelines-controller-tenant-access
 366 |   apiGroup: rbac.authorization.k8s.io
 367 | ---
 368 | apiVersion: rbac.authorization.k8s.io/v1beta1
 369 | kind: ClusterRoleBinding
 370 | metadata:
 371 |   name: tekton-pipelines-webhook-cluster-access
 372 |   labels:
 373 |     app.kubernetes.io/component: webhook
 374 |     app.kubernetes.io/instance: tekton
 375 |     app.kubernetes.io/part-of: tekton-pipelines
 376 | subjects:
 377 | - kind: ServiceAccount
 378 |   name: tekton-pipelines-webhook
 379 |   namespace: tekton-pipelines
 380 | roleRef:
 381 |   kind: ClusterRole
 382 |   name: tekton-pipelines-webhook-cluster-access
 383 |   apiGroup: rbac.authorization.k8s.io
 384 | ---
 385 | apiVersion: rbac.authorization.k8s.io/v1beta1
 386 | kind: ClusterRoleBinding
 387 | metadata:
 388 |   name: tekton-pipelines-webhook-leaderelection
 389 |   labels:
 390 |     app.kubernetes.io/component: webhook
 391 |     app.kubernetes.io/instance: tekton
 392 |     app.kubernetes.io/part-of: tekton-pipelines
 393 | subjects:
 394 | - kind: ServiceAccount
 395 |   name: tekton-pipelines-webhook
 396 |   namespace: tekton-pipelines
 397 | roleRef:
 398 |   kind: ClusterRole
 399 |   name: tekton-pipelines-leader-election
 400 |   apiGroup: rbac.authorization.k8s.io
 401 | 
 402 | ---
 403 | # Copyright 2020 The Tekton Authors
 404 | #
 405 | # Licensed under the Apache License, Version 2.0 (the "License");
 406 | # you may not use this file except in compliance with the License.
 407 | # You may obtain a copy of the License at
 408 | #
 409 | #     http://www.apache.org/licenses/LICENSE-2.0
 410 | #
 411 | # Unless required by applicable law or agreed to in writing, software
 412 | # distributed under the License is distributed on an "AS IS" BASIS,
 413 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 414 | # See the License for the specific language governing permissions and
 415 | # limitations under the License.
 416 | 
 417 | apiVersion: rbac.authorization.k8s.io/v1beta1
 418 | kind: RoleBinding
 419 | metadata:
 420 |   name: tekton-pipelines-controller
 421 |   namespace: tekton-pipelines
 422 |   labels:
 423 |     app.kubernetes.io/component: controller
 424 |     app.kubernetes.io/instance: tekton
 425 |     app.kubernetes.io/part-of: tekton-pipelines
 426 | subjects:
 427 | - kind: ServiceAccount
 428 |   name: tekton-pipelines-controller
 429 |   namespace: tekton-pipelines
 430 | roleRef:
 431 |   kind: Role
 432 |   name: tekton-pipelines-controller
 433 |   apiGroup: rbac.authorization.k8s.io
 434 | ---
 435 | apiVersion: rbac.authorization.k8s.io/v1beta1
 436 | kind: RoleBinding
 437 | metadata:
 438 |   name: tekton-pipelines-webhook
 439 |   namespace: tekton-pipelines
 440 |   labels:
 441 |     app.kubernetes.io/component: webhook
 442 |     app.kubernetes.io/instance: tekton
 443 |     app.kubernetes.io/part-of: tekton-pipelines
 444 | subjects:
 445 | - kind: ServiceAccount
 446 |   name: tekton-pipelines-webhook
 447 |   namespace: tekton-pipelines
 448 | roleRef:
 449 |   kind: Role
 450 |   name: tekton-pipelines-webhook
 451 |   apiGroup: rbac.authorization.k8s.io
 452 | 
 453 | ---
 454 | # Copyright 2019 The Tekton Authors
 455 | #
 456 | # Licensed under the Apache License, Version 2.0 (the "License");
 457 | # you may not use this file except in compliance with the License.
 458 | # You may obtain a copy of the License at
 459 | #
 460 | #     https://www.apache.org/licenses/LICENSE-2.0
 461 | #
 462 | # Unless required by applicable law or agreed to in writing, software
 463 | # distributed under the License is distributed on an "AS IS" BASIS,
 464 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 465 | # See the License for the specific language governing permissions and
 466 | # limitations under the License.
 467 | 
 468 | apiVersion: apiextensions.k8s.io/v1
 469 | kind: CustomResourceDefinition
 470 | metadata:
 471 |   name: clustertasks.tekton.dev
 472 |   labels:
 473 |     app.kubernetes.io/instance: tekton
 474 |     app.kubernetes.io/part-of: tekton-pipelines
 475 |     pipeline.tekton.dev/release: "v0.17.1"
 476 |     version: "v0.17.1"
 477 | spec:
 478 |   group: tekton.dev
 479 |   versions:
 480 |   - &version
 481 |     name: v1alpha1
 482 |     served: true
 483 |     storage: false
 484 |     schema:
 485 |       openAPIV3Schema:
 486 |         type: object
 487 |         # One can use x-kubernetes-preserve-unknown-fields: true
 488 |         # at the root of the schema (and inside any properties, additionalProperties)
 489 |         # to get the traditional CRD behaviour that nothing is pruned, despite
 490 |         # setting spec.preserveUnknownProperties: false.
 491 |         #
 492 |         # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
 493 |         # See issue: https://github.com/knative/serving/issues/912
 494 |         x-kubernetes-preserve-unknown-fields: true
 495 |     # Opt into the status subresource so metadata.generation
 496 |     # starts to increment
 497 |     subresources:
 498 |       status: {}
 499 |   - !!merge <<: *version
 500 |     name: v1beta1
 501 |     storage: true
 502 |   names:
 503 |     kind: ClusterTask
 504 |     plural: clustertasks
 505 |     categories:
 506 |     - tekton
 507 |     - tekton-pipelines
 508 |   scope: Cluster
 509 |   conversion:
 510 |     strategy: Webhook
 511 |     webhook:
 512 |       conversionReviewVersions: ["v1beta1"]
 513 |       clientConfig:
 514 |         service:
 515 |           name: tekton-pipelines-webhook
 516 |           namespace: tekton-pipelines
 517 | 
 518 | ---
 519 | # Copyright 2019 The Tekton Authors
 520 | #
 521 | # Licensed under the Apache License, Version 2.0 (the "License");
 522 | # you may not use this file except in compliance with the License.
 523 | # You may obtain a copy of the License at
 524 | #
 525 | #     https://www.apache.org/licenses/LICENSE-2.0
 526 | #
 527 | # Unless required by applicable law or agreed to in writing, software
 528 | # distributed under the License is distributed on an "AS IS" BASIS,
 529 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 530 | # See the License for the specific language governing permissions and
 531 | # limitations under the License.
 532 | 
 533 | apiVersion: apiextensions.k8s.io/v1
 534 | kind: CustomResourceDefinition
 535 | metadata:
 536 |   name: conditions.tekton.dev
 537 |   labels:
 538 |     app.kubernetes.io/instance: tekton
 539 |     app.kubernetes.io/part-of: tekton-pipelines
 540 |     pipeline.tekton.dev/release: "v0.17.1"
 541 |     version: "v0.17.1"
 542 | spec:
 543 |   group: tekton.dev
 544 |   versions:
 545 |   - name: v1alpha1
 546 |     served: true
 547 |     storage: true
 548 |     schema:
 549 |       openAPIV3Schema:
 550 |         type: object
 551 |         # One can use x-kubernetes-preserve-unknown-fields: true
 552 |         # at the root of the schema (and inside any properties, additionalProperties)
 553 |         # to get the traditional CRD behaviour that nothing is pruned, despite
 554 |         # setting spec.preserveUnknownProperties: false.
 555 |         #
 556 |         # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
 557 |         # See issue: https://github.com/knative/serving/issues/912
 558 |         x-kubernetes-preserve-unknown-fields: true
 559 |     # Opt into the status subresource so metadata.generation
 560 |     # starts to increment
 561 |     subresources:
 562 |       status: {}
 563 |   names:
 564 |     kind: Condition
 565 |     plural: conditions
 566 |     categories:
 567 |     - tekton
 568 |     - tekton-pipelines
 569 |   scope: Namespaced
 570 | 
 571 | ---
 572 | # Copyright 2018 The Knative Authors
 573 | #
 574 | # Licensed under the Apache License, Version 2.0 (the "License");
 575 | # you may not use this file except in compliance with the License.
 576 | # You may obtain a copy of the License at
 577 | #
 578 | #     https://www.apache.org/licenses/LICENSE-2.0
 579 | #
 580 | # Unless required by applicable law or agreed to in writing, software
 581 | # distributed under the License is distributed on an "AS IS" BASIS,
 582 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 583 | # See the License for the specific language governing permissions and
 584 | # limitations under the License.
 585 | 
 586 | apiVersion: apiextensions.k8s.io/v1beta1
 587 | kind: CustomResourceDefinition
 588 | metadata:
 589 |   name: images.caching.internal.knative.dev
 590 |   labels:
 591 |     app.kubernetes.io/instance: tekton
 592 |     app.kubernetes.io/part-of: tekton-pipelines
 593 |     knative.dev/crd-install: "true"
 594 | spec:
 595 |   group: caching.internal.knative.dev
 596 |   version: v1alpha1
 597 |   names:
 598 |     kind: Image
 599 |     plural: images
 600 |     singular: image
 601 |     categories:
 602 |     - knative-internal
 603 |     - caching
 604 |     shortNames:
 605 |     - img
 606 |   scope: Namespaced
 607 |   subresources:
 608 |     status: {}
 609 | 
 610 | ---
 611 | # Copyright 2019 The Tekton Authors
 612 | #
 613 | # Licensed under the Apache License, Version 2.0 (the "License");
 614 | # you may not use this file except in compliance with the License.
 615 | # You may obtain a copy of the License at
 616 | #
 617 | #     https://www.apache.org/licenses/LICENSE-2.0
 618 | #
 619 | # Unless required by applicable law or agreed to in writing, software
 620 | # distributed under the License is distributed on an "AS IS" BASIS,
 621 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 622 | # See the License for the specific language governing permissions and
 623 | # limitations under the License.
 624 | 
 625 | apiVersion: apiextensions.k8s.io/v1
 626 | kind: CustomResourceDefinition
 627 | metadata:
 628 |   name: pipelines.tekton.dev
 629 |   labels:
 630 |     app.kubernetes.io/instance: tekton
 631 |     app.kubernetes.io/part-of: tekton-pipelines
 632 |     pipeline.tekton.dev/release: "v0.17.1"
 633 |     version: "v0.17.1"
 634 | spec:
 635 |   group: tekton.dev
 636 |   versions:
 637 |   - &version
 638 |     name: v1alpha1
 639 |     served: true
 640 |     storage: false
 641 |     # Opt into the status subresource so metadata.generation
 642 |     # starts to increment
 643 |     subresources:
 644 |       status: {}
 645 |     schema:
 646 |       openAPIV3Schema:
 647 |         type: object
 648 |         # One can use x-kubernetes-preserve-unknown-fields: true
 649 |         # at the root of the schema (and inside any properties, additionalProperties)
 650 |         # to get the traditional CRD behaviour that nothing is pruned, despite
 651 |         # setting spec.preserveUnknownProperties: false.
 652 |         #
 653 |         # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
 654 |         # See issue: https://github.com/knative/serving/issues/912
 655 |         x-kubernetes-preserve-unknown-fields: true
 656 |   - !!merge <<: *version
 657 |     name: v1beta1
 658 |     storage: true
 659 |   names:
 660 |     kind: Pipeline
 661 |     plural: pipelines
 662 |     categories:
 663 |     - tekton
 664 |     - tekton-pipelines
 665 |   scope: Namespaced
 666 |   conversion:
 667 |     strategy: Webhook
 668 |     webhook:
 669 |       conversionReviewVersions: ["v1beta1"]
 670 |       clientConfig:
 671 |         service:
 672 |           name: tekton-pipelines-webhook
 673 |           namespace: tekton-pipelines
 674 | 
 675 | ---
 676 | # Copyright 2019 The Tekton Authors
 677 | #
 678 | # Licensed under the Apache License, Version 2.0 (the "License");
 679 | # you may not use this file except in compliance with the License.
 680 | # You may obtain a copy of the License at
 681 | #
 682 | #     https://www.apache.org/licenses/LICENSE-2.0
 683 | #
 684 | # Unless required by applicable law or agreed to in writing, software
 685 | # distributed under the License is distributed on an "AS IS" BASIS,
 686 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 687 | # See the License for the specific language governing permissions and
 688 | # limitations under the License.
 689 | 
 690 | apiVersion: apiextensions.k8s.io/v1
 691 | kind: CustomResourceDefinition
 692 | metadata:
 693 |   name: pipelineruns.tekton.dev
 694 |   labels:
 695 |     app.kubernetes.io/instance: tekton
 696 |     app.kubernetes.io/part-of: tekton-pipelines
 697 |     pipeline.tekton.dev/release: "v0.17.1"
 698 |     version: "v0.17.1"
 699 | spec:
 700 |   group: tekton.dev
 701 |   versions:
 702 |   - &version
 703 |     name: v1alpha1
 704 |     served: true
 705 |     storage: false
 706 |     schema:
 707 |       openAPIV3Schema:
 708 |         type: object
 709 |         # One can use x-kubernetes-preserve-unknown-fields: true
 710 |         # at the root of the schema (and inside any properties, additionalProperties)
 711 |         # to get the traditional CRD behaviour that nothing is pruned, despite
 712 |         # setting spec.preserveUnknownProperties: false.
 713 |         #
 714 |         # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
 715 |         # See issue: https://github.com/knative/serving/issues/912
 716 |         x-kubernetes-preserve-unknown-fields: true
 717 |     additionalPrinterColumns:
 718 |     - name: Succeeded
 719 |       type: string
 720 |       jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
 721 |     - name: Reason
 722 |       type: string
 723 |       jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
 724 |     - name: StartTime
 725 |       type: date
 726 |       jsonPath: .status.startTime
 727 |     - name: CompletionTime
 728 |       type: date
 729 |       jsonPath: .status.completionTime
 730 |     # Opt into the status subresource so metadata.generation
 731 |     # starts to increment
 732 |     subresources:
 733 |       status: {}
 734 |   - !!merge <<: *version
 735 |     name: v1beta1
 736 |     storage: true
 737 |   names:
 738 |     kind: PipelineRun
 739 |     plural: pipelineruns
 740 |     categories:
 741 |     - tekton
 742 |     - tekton-pipelines
 743 |     shortNames:
 744 |     - pr
 745 |     - prs
 746 |   scope: Namespaced
 747 |   conversion:
 748 |     strategy: Webhook
 749 |     webhook:
 750 |       conversionReviewVersions: ["v1beta1"]
 751 |       clientConfig:
 752 |         service:
 753 |           name: tekton-pipelines-webhook
 754 |           namespace: tekton-pipelines
 755 | 
 756 | ---
 757 | # Copyright 2019 The Tekton Authors
 758 | #
 759 | # Licensed under the Apache License, Version 2.0 (the "License");
 760 | # you may not use this file except in compliance with the License.
 761 | # You may obtain a copy of the License at
 762 | #
 763 | #     https://www.apache.org/licenses/LICENSE-2.0
 764 | #
 765 | # Unless required by applicable law or agreed to in writing, software
 766 | # distributed under the License is distributed on an "AS IS" BASIS,
 767 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 768 | # See the License for the specific language governing permissions and
 769 | # limitations under the License.
 770 | 
 771 | apiVersion: apiextensions.k8s.io/v1
 772 | kind: CustomResourceDefinition
 773 | metadata:
 774 |   name: pipelineresources.tekton.dev
 775 |   labels:
 776 |     app.kubernetes.io/instance: tekton
 777 |     app.kubernetes.io/part-of: tekton-pipelines
 778 |     pipeline.tekton.dev/release: "v0.17.1"
 779 |     version: "v0.17.1"
 780 | spec:
 781 |   group: tekton.dev
 782 |   versions:
 783 |   - name: v1alpha1
 784 |     served: true
 785 |     storage: true
 786 |     schema:
 787 |       openAPIV3Schema:
 788 |         type: object
 789 |         # One can use x-kubernetes-preserve-unknown-fields: true
 790 |         # at the root of the schema (and inside any properties, additionalProperties)
 791 |         # to get the traditional CRD behaviour that nothing is pruned, despite
 792 |         # setting spec.preserveUnknownProperties: false.
 793 |         #
 794 |         # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
 795 |         # See issue: https://github.com/knative/serving/issues/912
 796 |         x-kubernetes-preserve-unknown-fields: true
 797 |     # Opt into the status subresource so metadata.generation
 798 |     # starts to increment
 799 |     subresources:
 800 |       status: {}
 801 |   names:
 802 |     kind: PipelineResource
 803 |     plural: pipelineresources
 804 |     categories:
 805 |     - tekton
 806 |     - tekton-pipelines
 807 |   scope: Namespaced
 808 | 
 809 | ---
 810 | # Copyright 2020 The Tekton Authors
 811 | #
 812 | # Licensed under the Apache License, Version 2.0 (the "License");
 813 | # you may not use this file except in compliance with the License.
 814 | # You may obtain a copy of the License at
 815 | #
 816 | #     https://www.apache.org/licenses/LICENSE-2.0
 817 | #
 818 | # Unless required by applicable law or agreed to in writing, software
 819 | # distributed under the License is distributed on an "AS IS" BASIS,
 820 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 821 | # See the License for the specific language governing permissions and
 822 | # limitations under the License.
 823 | 
 824 | apiVersion: apiextensions.k8s.io/v1
 825 | kind: CustomResourceDefinition
 826 | metadata:
 827 |   name: runs.tekton.dev
 828 |   labels:
 829 |     app.kubernetes.io/instance: tekton
 830 |     app.kubernetes.io/part-of: tekton-pipelines
 831 |     pipeline.tekton.dev/release: "v0.17.1"
 832 |     version: "v0.17.1"
 833 | spec:
 834 |   group: tekton.dev
 835 |   versions:
 836 |   - name: v1alpha1
 837 |     served: true
 838 |     storage: true
 839 |     schema:
 840 |       openAPIV3Schema:
 841 |         type: object
 842 |         # One can use x-kubernetes-preserve-unknown-fields: true
 843 |         # at the root of the schema (and inside any properties, additionalProperties)
 844 |         # to get the traditional CRD behaviour that nothing is pruned, despite
 845 |         # setting spec.preserveUnknownProperties: false.
 846 |         #
 847 |         # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
 848 |         # See issue: https://github.com/knative/serving/issues/912
 849 |         x-kubernetes-preserve-unknown-fields: true
 850 |     additionalPrinterColumns:
 851 |     - name: Succeeded
 852 |       type: string
 853 |       jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
 854 |     - name: Reason
 855 |       type: string
 856 |       jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
 857 |     - name: StartTime
 858 |       type: date
 859 |       jsonPath: .status.startTime
 860 |     - name: CompletionTime
 861 |       type: date
 862 |       jsonPath: .status.completionTime
 863 |     # Opt into the status subresource so metadata.generation
 864 |     # starts to increment
 865 |     subresources:
 866 |       status: {}
 867 |   names:
 868 |     kind: Run
 869 |     plural: runs
 870 |     categories:
 871 |     - tekton
 872 |     - tekton-pipelines
 873 |   scope: Namespaced
 874 | 
 875 | ---
 876 | # Copyright 2019 The Tekton Authors
 877 | #
 878 | # Licensed under the Apache License, Version 2.0 (the "License");
 879 | # you may not use this file except in compliance with the License.
 880 | # You may obtain a copy of the License at
 881 | #
 882 | #     https://www.apache.org/licenses/LICENSE-2.0
 883 | #
 884 | # Unless required by applicable law or agreed to in writing, software
 885 | # distributed under the License is distributed on an "AS IS" BASIS,
 886 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 887 | # See the License for the specific language governing permissions and
 888 | # limitations under the License.
 889 | 
 890 | apiVersion: apiextensions.k8s.io/v1
 891 | kind: CustomResourceDefinition
 892 | metadata:
 893 |   name: tasks.tekton.dev
 894 |   labels:
 895 |     app.kubernetes.io/instance: tekton
 896 |     app.kubernetes.io/part-of: tekton-pipelines
 897 |     pipeline.tekton.dev/release: "v0.17.1"
 898 |     version: "v0.17.1"
 899 | spec:
 900 |   group: tekton.dev
 901 |   versions:
 902 |   - &version
 903 |     name: v1alpha1
 904 |     served: true
 905 |     storage: false
 906 |     schema:
 907 |       openAPIV3Schema:
 908 |         type: object
 909 |         # One can use x-kubernetes-preserve-unknown-fields: true
 910 |         # at the root of the schema (and inside any properties, additionalProperties)
 911 |         # to get the traditional CRD behaviour that nothing is pruned, despite
 912 |         # setting spec.preserveUnknownProperties: false.
 913 |         #
 914 |         # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
 915 |         # See issue: https://github.com/knative/serving/issues/912
 916 |         x-kubernetes-preserve-unknown-fields: true
 917 |     # Opt into the status subresource so metadata.generation
 918 |     # starts to increment
 919 |     subresources:
 920 |       status: {}
 921 |   - !!merge <<: *version
 922 |     name: v1beta1
 923 |     storage: true
 924 |   names:
 925 |     kind: Task
 926 |     plural: tasks
 927 |     categories:
 928 |     - tekton
 929 |     - tekton-pipelines
 930 |   scope: Namespaced
 931 |   conversion:
 932 |     strategy: Webhook
 933 |     webhook:
 934 |       conversionReviewVersions: ["v1beta1"]
 935 |       clientConfig:
 936 |         service:
 937 |           name: tekton-pipelines-webhook
 938 |           namespace: tekton-pipelines
 939 | 
 940 | ---
 941 | # Copyright 2019 The Tekton Authors
 942 | #
 943 | # Licensed under the Apache License, Version 2.0 (the "License");
 944 | # you may not use this file except in compliance with the License.
 945 | # You may obtain a copy of the License at
 946 | #
 947 | #     https://www.apache.org/licenses/LICENSE-2.0
 948 | #
 949 | # Unless required by applicable law or agreed to in writing, software
 950 | # distributed under the License is distributed on an "AS IS" BASIS,
 951 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 952 | # See the License for the specific language governing permissions and
 953 | # limitations under the License.
 954 | 
 955 | apiVersion: apiextensions.k8s.io/v1
 956 | kind: CustomResourceDefinition
 957 | metadata:
 958 |   name: taskruns.tekton.dev
 959 |   labels:
 960 |     app.kubernetes.io/instance: tekton
 961 |     app.kubernetes.io/part-of: tekton-pipelines
 962 |     pipeline.tekton.dev/release: "v0.17.1"
 963 |     version: "v0.17.1"
 964 | spec:
 965 |   group: tekton.dev
 966 |   versions:
 967 |   - &version
 968 |     name: v1alpha1
 969 |     served: true
 970 |     storage: false
 971 |     schema:
 972 |       openAPIV3Schema:
 973 |         type: object
 974 |         # One can use x-kubernetes-preserve-unknown-fields: true
 975 |         # at the root of the schema (and inside any properties, additionalProperties)
 976 |         # to get the traditional CRD behaviour that nothing is pruned, despite
 977 |         # setting spec.preserveUnknownProperties: false.
 978 |         #
 979 |         # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/
 980 |         # See issue: https://github.com/knative/serving/issues/912
 981 |         x-kubernetes-preserve-unknown-fields: true
 982 |     additionalPrinterColumns:
 983 |     - name: Succeeded
 984 |       type: string
 985 |       jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status"
 986 |     - name: Reason
 987 |       type: string
 988 |       jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason"
 989 |     - name: StartTime
 990 |       type: date
 991 |       jsonPath: .status.startTime
 992 |     - name: CompletionTime
 993 |       type: date
 994 |       jsonPath: .status.completionTime
 995 |     # Opt into the status subresource so metadata.generation
 996 |     # starts to increment
 997 |     subresources:
 998 |       status: {}
 999 |   - !!merge <<: *version
1000 |     name: v1beta1
1001 |     storage: true
1002 |   names:
1003 |     kind: TaskRun
1004 |     plural: taskruns
1005 |     categories:
1006 |     - tekton
1007 |     - tekton-pipelines
1008 |     shortNames:
1009 |     - tr
1010 |     - trs
1011 |   scope: Namespaced
1012 |   conversion:
1013 |     strategy: Webhook
1014 |     webhook:
1015 |       conversionReviewVersions: ["v1beta1"]
1016 |       clientConfig:
1017 |         service:
1018 |           name: tekton-pipelines-webhook
1019 |           namespace: tekton-pipelines
1020 | 
1021 | ---
1022 | # Copyright 2020 The Tekton Authors
1023 | #
1024 | # Licensed under the Apache License, Version 2.0 (the "License");
1025 | # you may not use this file except in compliance with the License.
1026 | # You may obtain a copy of the License at
1027 | #
1028 | #     https://www.apache.org/licenses/LICENSE-2.0
1029 | #
1030 | # Unless required by applicable law or agreed to in writing, software
1031 | # distributed under the License is distributed on an "AS IS" BASIS,
1032 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1033 | # See the License for the specific language governing permissions and
1034 | # limitations under the License.
1035 | 
1036 | apiVersion: v1
1037 | kind: Secret
1038 | metadata:
1039 |   name: webhook-certs
1040 |   namespace: tekton-pipelines
1041 |   labels:
1042 |     app.kubernetes.io/component: webhook
1043 |     app.kubernetes.io/instance: tekton
1044 |     app.kubernetes.io/part-of: tekton-pipelines
1045 |     pipeline.tekton.dev/release: "v0.17.1"
1046 | # The data is populated at install time.
1047 | ---
1048 | apiVersion: admissionregistration.k8s.io/v1beta1
1049 | kind: ValidatingWebhookConfiguration
1050 | metadata:
1051 |   name: validation.webhook.pipeline.tekton.dev
1052 |   labels:
1053 |     app.kubernetes.io/component: webhook
1054 |     app.kubernetes.io/instance: tekton
1055 |     app.kubernetes.io/part-of: tekton-pipelines
1056 |     pipeline.tekton.dev/release: "v0.17.1"
1057 | webhooks:
1058 | - admissionReviewVersions:
1059 |   - v1beta1
1060 |   clientConfig:
1061 |     service:
1062 |       name: tekton-pipelines-webhook
1063 |       namespace: tekton-pipelines
1064 |   failurePolicy: Fail
1065 |   sideEffects: None
1066 |   name: validation.webhook.pipeline.tekton.dev
1067 | ---
1068 | apiVersion: admissionregistration.k8s.io/v1beta1
1069 | kind: MutatingWebhookConfiguration
1070 | metadata:
1071 |   name: webhook.pipeline.tekton.dev
1072 |   labels:
1073 |     app.kubernetes.io/component: webhook
1074 |     app.kubernetes.io/instance: tekton
1075 |     app.kubernetes.io/part-of: tekton-pipelines
1076 |     pipeline.tekton.dev/release: "v0.17.1"
1077 | webhooks:
1078 | - admissionReviewVersions:
1079 |   - v1beta1
1080 |   clientConfig:
1081 |     service:
1082 |       name: tekton-pipelines-webhook
1083 |       namespace: tekton-pipelines
1084 |   failurePolicy: Fail
1085 |   sideEffects: None
1086 |   name: webhook.pipeline.tekton.dev
1087 | ---
1088 | apiVersion: admissionregistration.k8s.io/v1beta1
1089 | kind: ValidatingWebhookConfiguration
1090 | metadata:
1091 |   name: config.webhook.pipeline.tekton.dev
1092 |   labels:
1093 |     app.kubernetes.io/component: webhook
1094 |     app.kubernetes.io/instance: tekton
1095 |     app.kubernetes.io/part-of: tekton-pipelines
1096 |     pipeline.tekton.dev/release: "v0.17.1"
1097 | webhooks:
1098 | - admissionReviewVersions:
1099 |   - v1beta1
1100 |   clientConfig:
1101 |     service:
1102 |       name: tekton-pipelines-webhook
1103 |       namespace: tekton-pipelines
1104 |   failurePolicy: Fail
1105 |   sideEffects: None
1106 |   name: config.webhook.pipeline.tekton.dev
1107 |   objectSelector:
1108 |     matchLabels:
1109 |       app.kubernetes.io/part-of: tekton-pipelines
1110 | 
1111 | ---
1112 | # Copyright 2019 The Tekton Authors
1113 | #
1114 | # Licensed under the Apache License, Version 2.0 (the "License");
1115 | # you may not use this file except in compliance with the License.
1116 | # You may obtain a copy of the License at
1117 | #
1118 | #     https://www.apache.org/licenses/LICENSE-2.0
1119 | #
1120 | # Unless required by applicable law or agreed to in writing, software
1121 | # distributed under the License is distributed on an "AS IS" BASIS,
1122 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1123 | # See the License for the specific language governing permissions and
1124 | # limitations under the License.
1125 | 
1126 | apiVersion: rbac.authorization.k8s.io/v1
1127 | kind: ClusterRole
1128 | metadata:
1129 |   name: tekton-aggregate-edit
1130 |   labels:
1131 |     app.kubernetes.io/instance: tekton
1132 |     app.kubernetes.io/part-of: tekton-pipelines
1133 |     rbac.authorization.k8s.io/aggregate-to-edit: "true"
1134 |     rbac.authorization.k8s.io/aggregate-to-admin: "true"
1135 | rules:
1136 | - apiGroups:
1137 |   - tekton.dev
1138 |   resources:
1139 |   - tasks
1140 |   - taskruns
1141 |   - pipelines
1142 |   - pipelineruns
1143 |   - pipelineresources
1144 |   - conditions
1145 |   verbs:
1146 |   - create
1147 |   - delete
1148 |   - deletecollection
1149 |   - get
1150 |   - list
1151 |   - patch
1152 |   - update
1153 |   - watch
1154 | 
1155 | ---
1156 | # Copyright 2019 The Tekton Authors
1157 | #
1158 | # Licensed under the Apache License, Version 2.0 (the "License");
1159 | # you may not use this file except in compliance with the License.
1160 | # You may obtain a copy of the License at
1161 | #
1162 | #     https://www.apache.org/licenses/LICENSE-2.0
1163 | #
1164 | # Unless required by applicable law or agreed to in writing, software
1165 | # distributed under the License is distributed on an "AS IS" BASIS,
1166 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1167 | # See the License for the specific language governing permissions and
1168 | # limitations under the License.
1169 | 
1170 | apiVersion: rbac.authorization.k8s.io/v1
1171 | kind: ClusterRole
1172 | metadata:
1173 |   name: tekton-aggregate-view
1174 |   labels:
1175 |     app.kubernetes.io/instance: tekton
1176 |     app.kubernetes.io/part-of: tekton-pipelines
1177 |     rbac.authorization.k8s.io/aggregate-to-view: "true"
1178 | rules:
1179 | - apiGroups:
1180 |   - tekton.dev
1181 |   resources:
1182 |   - tasks
1183 |   - taskruns
1184 |   - pipelines
1185 |   - pipelineruns
1186 |   - pipelineresources
1187 |   - conditions
1188 |   verbs:
1189 |   - get
1190 |   - list
1191 |   - watch
1192 | 
1193 | ---
1194 | # Copyright 2019 The Tekton Authors
1195 | #
1196 | # Licensed under the Apache License, Version 2.0 (the "License");
1197 | # you may not use this file except in compliance with the License.
1198 | # You may obtain a copy of the License at
1199 | #
1200 | #     https://www.apache.org/licenses/LICENSE-2.0
1201 | #
1202 | # Unless required by applicable law or agreed to in writing, software
1203 | # distributed under the License is distributed on an "AS IS" BASIS,
1204 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1205 | # See the License for the specific language governing permissions and
1206 | # limitations under the License.
1207 | 
1208 | apiVersion: v1
1209 | kind: ConfigMap
1210 | metadata:
1211 |   name: config-artifact-bucket
1212 |   namespace: tekton-pipelines
1213 |   labels:
1214 |     app.kubernetes.io/instance: tekton
1215 |     app.kubernetes.io/part-of: tekton-pipelines
1216 | # data:
1217 | #  # location of the gcs bucket to be used for artifact storage
1218 | #  location: "gs://bucket-name"
1219 | #  # name of the secret that will contain the credentials for the service account
1220 | #  # with access to the bucket
1221 | #  bucket.service.account.secret.name:
1222 | #  # The key in the secret with the required service account json
1223 | #  bucket.service.account.secret.key:
1224 | #  # The field name that should be used for the service account
1225 | #  # Valid values: GOOGLE_APPLICATION_CREDENTIALS, BOTO_CONFIG.
1226 | #  bucket.service.account.field.name: GOOGLE_APPLICATION_CREDENTIALS
1227 | 
1228 | ---
1229 | # Copyright 2019 The Tekton Authors
1230 | #
1231 | # Licensed under the Apache License, Version 2.0 (the "License");
1232 | # you may not use this file except in compliance with the License.
1233 | # You may obtain a copy of the License at
1234 | #
1235 | #     https://www.apache.org/licenses/LICENSE-2.0
1236 | #
1237 | # Unless required by applicable law or agreed to in writing, software
1238 | # distributed under the License is distributed on an "AS IS" BASIS,
1239 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1240 | # See the License for the specific language governing permissions and
1241 | # limitations under the License.
1242 | 
1243 | apiVersion: v1
1244 | kind: ConfigMap
1245 | metadata:
1246 |   name: config-artifact-pvc
1247 |   namespace: tekton-pipelines
1248 |   labels:
1249 |     app.kubernetes.io/instance: tekton
1250 |     app.kubernetes.io/part-of: tekton-pipelines
1251 | # data:
1252 | #   # size of the PVC volume
1253 | #   size: 5Gi
1254 | #
1255 | #   # storage class of the PVC volume
1256 | #   storageClassName: storage-class-name
1257 | 
1258 | ---
1259 | # Copyright 2019 The Tekton Authors
1260 | #
1261 | # Licensed under the Apache License, Version 2.0 (the "License");
1262 | # you may not use this file except in compliance with the License.
1263 | # You may obtain a copy of the License at
1264 | #
1265 | #     https://www.apache.org/licenses/LICENSE-2.0
1266 | #
1267 | # Unless required by applicable law or agreed to in writing, software
1268 | # distributed under the License is distributed on an "AS IS" BASIS,
1269 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1270 | # See the License for the specific language governing permissions and
1271 | # limitations under the License.
1272 | 
1273 | apiVersion: v1
1274 | kind: ConfigMap
1275 | metadata:
1276 |   name: config-defaults
1277 |   namespace: tekton-pipelines
1278 |   labels:
1279 |     app.kubernetes.io/instance: tekton
1280 |     app.kubernetes.io/part-of: tekton-pipelines
1281 | data:
1282 |   _example: |
1283 |     ################################
1284 |     #                              #
1285 |     #    EXAMPLE CONFIGURATION     #
1286 |     #                              #
1287 |     ################################
1288 | 
1289 |     # This block is not actually functional configuration,
1290 |     # but serves to illustrate the available configuration
1291 |     # options and document them in a way that is accessible
1292 |     # to users that `kubectl edit` this config map.
1293 |     #
1294 |     # These sample configuration options may be copied out of
1295 |     # this example block and unindented to be in the data block
1296 |     # to actually change the configuration.
1297 | 
1298 |     # default-timeout-minutes contains the default number of
1299 |     # minutes to use for TaskRun and PipelineRun, if none is specified.
1300 |     default-timeout-minutes: "60"  # 60 minutes
1301 | 
1302 |     # default-service-account contains the default service account name
1303 |     # to use for TaskRun and PipelineRun, if none is specified.
1304 |     default-service-account: "default"
1305 | 
1306 |     # default-managed-by-label-value contains the default value given to the
1307 |     # "app.kubernetes.io/managed-by" label applied to all Pods created for
1308 |     # TaskRuns. If a user's requested TaskRun specifies another value for this
1309 |     # label, the user's request supercedes.
1310 |     default-managed-by-label-value: "tekton-pipelines"
1311 | 
1312 |     # default-pod-template contains the default pod template to use
1313 |     # TaskRun and PipelineRun, if none is specified. If a pod template
1314 |     # is specified, the default pod template is ignored.
1315 |     # default-pod-template:
1316 | 
1317 |     # default-cloud-events-sink contains the default CloudEvents sink to be
1318 |     # used for TaskRun and PipelineRun, when no sink is specified.
1319 |     # Note that right now it is still not possible to set a PipelineRun or
1320 |     # TaskRun specific sink, so the default is the only option available.
1321 |     # If no sink is specified, no CloudEvent is generated
1322 |     # default-cloud-events-sink:
1323 | 
1324 |     # default-task-run-workspace-binding contains the default workspace
1325 |     # configuration provided for any Workspaces that a Task declares
1326 |     # but that a TaskRun does not explicitly provide.
1327 |     # default-task-run-workspace-binding: |
1328 |     #   emptyDir: {}
1329 | 
1330 | ---
1331 | # Copyright 2019 The Tekton Authors
1332 | #
1333 | # Licensed under the Apache License, Version 2.0 (the "License");
1334 | # you may not use this file except in compliance with the License.
1335 | # You may obtain a copy of the License at
1336 | #
1337 | #     https://www.apache.org/licenses/LICENSE-2.0
1338 | #
1339 | # Unless required by applicable law or agreed to in writing, software
1340 | # distributed under the License is distributed on an "AS IS" BASIS,
1341 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1342 | # See the License for the specific language governing permissions and
1343 | # limitations under the License.
1344 | 
1345 | apiVersion: v1
1346 | kind: ConfigMap
1347 | metadata:
1348 |   name: feature-flags
1349 |   namespace: tekton-pipelines
1350 |   labels:
1351 |     app.kubernetes.io/instance: tekton
1352 |     app.kubernetes.io/part-of: tekton-pipelines
1353 | data:
1354 |   # Setting this flag to "true" will prevent Tekton to create an
1355 |   # Affinity Assistant for every TaskRun sharing a PVC workspace
1356 |   #
1357 |   # The default behaviour is for Tekton to create Affinity Assistants
1358 |   #
1359 |   # See more in the workspace documentation about Affinity Assistant
1360 |   # https://github.com/tektoncd/pipeline/blob/master/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline
1361 |   # or https://github.com/tektoncd/pipeline/pull/2630 for more info.
1362 |   disable-affinity-assistant: "false"
1363 |   # Setting this flag to "true" will prevent Tekton overriding your
1364 |   # Task container's $HOME environment variable.
1365 |   #
1366 |   # The default behaviour currently is for Tekton to override the
1367 |   # $HOME environment variable but this will change in an upcoming
1368 |   # release.
1369 |   #
1370 |   # See https://github.com/tektoncd/pipeline/issues/2013 for more
1371 |   # info.
1372 |   disable-home-env-overwrite: "false"
1373 |   # Setting this flag to "true" will prevent Tekton overriding your
1374 |   # Task container's working directory.
1375 |   #
1376 |   # The default behaviour currently is for Tekton to override the
1377 |   # working directory if not set by the user but this will change
1378 |   # in an upcoming release.
1379 |   #
1380 |   # See https://github.com/tektoncd/pipeline/issues/1836 for more
1381 |   # info.
1382 |   disable-working-directory-overwrite: "false"
1383 |   # This option should be set to false when Pipelines is running in a
1384 |   # cluster that does not use injected sidecars such as Istio. Setting
1385 |   # it to false should decrease the time it takes for a TaskRun to start
1386 |   # running. For clusters that use injected sidecars, setting this
1387 |   # option to false can lead to unexpected behavior.
1388 |   #
1389 |   # See https://github.com/tektoncd/pipeline/issues/2080 for more info.
1390 |   running-in-environment-with-injected-sidecars: "true"
1391 |   # Setting this flag to "true" will require that any Git SSH Secret
1392 |   # offered to Tekton must have known_hosts included.
1393 |   #
1394 |   # See https://github.com/tektoncd/pipeline/issues/2981 for more
1395 |   # info.
1396 |   require-git-ssh-secret-known-hosts: "false"
1397 | 
1398 | ---
1399 | # Copyright 2020 Tekton Authors LLC
1400 | #
1401 | # Licensed under the Apache License, Version 2.0 (the "License");
1402 | # you may not use this file except in compliance with the License.
1403 | # You may obtain a copy of the License at
1404 | #
1405 | #     https://www.apache.org/licenses/LICENSE-2.0
1406 | #
1407 | # Unless required by applicable law or agreed to in writing, software
1408 | # distributed under the License is distributed on an "AS IS" BASIS,
1409 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1410 | # See the License for the specific language governing permissions and
1411 | # limitations under the License.
1412 | 
1413 | apiVersion: v1
1414 | kind: ConfigMap
1415 | metadata:
1416 |   name: config-leader-election
1417 |   namespace: tekton-pipelines
1418 |   labels:
1419 |     app.kubernetes.io/instance: tekton
1420 |     app.kubernetes.io/part-of: tekton-pipelines
1421 | data:
1422 |   # An inactive but valid configuration follows; see example.
1423 |   resourceLock: "leases"
1424 |   leaseDuration: "15s"
1425 |   renewDeadline: "10s"
1426 |   retryPeriod: "2s"
1427 | 
1428 | ---
1429 | # Copyright 2019 Tekton Authors LLC
1430 | #
1431 | # Licensed under the Apache License, Version 2.0 (the "License");
1432 | # you may not use this file except in compliance with the License.
1433 | # You may obtain a copy of the License at
1434 | #
1435 | #     https://www.apache.org/licenses/LICENSE-2.0
1436 | #
1437 | # Unless required by applicable law or agreed to in writing, software
1438 | # distributed under the License is distributed on an "AS IS" BASIS,
1439 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1440 | # See the License for the specific language governing permissions and
1441 | # limitations under the License.
1442 | 
1443 | apiVersion: v1
1444 | kind: ConfigMap
1445 | metadata:
1446 |   name: config-logging
1447 |   namespace: tekton-pipelines
1448 |   labels:
1449 |     app.kubernetes.io/instance: tekton
1450 |     app.kubernetes.io/part-of: tekton-pipelines
1451 | data:
1452 |   # Common configuration for all knative codebase
1453 |   zap-logger-config: |
1454 |     {
1455 |       "level": "info",
1456 |       "development": false,
1457 |       "sampling": {
1458 |         "initial": 100,
1459 |         "thereafter": 100
1460 |       },
1461 |       "outputPaths": ["stdout"],
1462 |       "errorOutputPaths": ["stderr"],
1463 |       "encoding": "json",
1464 |       "encoderConfig": {
1465 |         "timeKey": "",
1466 |         "levelKey": "level",
1467 |         "nameKey": "logger",
1468 |         "callerKey": "caller",
1469 |         "messageKey": "msg",
1470 |         "stacktraceKey": "stacktrace",
1471 |         "lineEnding": "",
1472 |         "levelEncoder": "",
1473 |         "timeEncoder": "",
1474 |         "durationEncoder": "",
1475 |         "callerEncoder": ""
1476 |       }
1477 |     }
1478 |   # Log level overrides
1479 |   loglevel.controller: "info"
1480 |   loglevel.webhook: "info"
1481 | 
1482 | ---
1483 | # Copyright 2019 The Tekton Authors
1484 | #
1485 | # Licensed under the Apache License, Version 2.0 (the "License");
1486 | # you may not use this file except in compliance with the License.
1487 | # You may obtain a copy of the License at
1488 | #
1489 | #     https://www.apache.org/licenses/LICENSE-2.0
1490 | #
1491 | # Unless required by applicable law or agreed to in writing, software
1492 | # distributed under the License is distributed on an "AS IS" BASIS,
1493 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1494 | # See the License for the specific language governing permissions and
1495 | # limitations under the License.
1496 | 
1497 | apiVersion: v1
1498 | kind: ConfigMap
1499 | metadata:
1500 |   name: config-observability
1501 |   namespace: tekton-pipelines
1502 |   labels:
1503 |     app.kubernetes.io/instance: tekton
1504 |     app.kubernetes.io/part-of: tekton-pipelines
1505 | data:
1506 |   _example: |
1507 |     ################################
1508 |     #                              #
1509 |     #    EXAMPLE CONFIGURATION     #
1510 |     #                              #
1511 |     ################################
1512 | 
1513 |     # This block is not actually functional configuration,
1514 |     # but serves to illustrate the available configuration
1515 |     # options and document them in a way that is accessible
1516 |     # to users that `kubectl edit` this config map.
1517 |     #
1518 |     # These sample configuration options may be copied out of
1519 |     # this example block and unindented to be in the data block
1520 |     # to actually change the configuration.
1521 | 
1522 |     # metrics.backend-destination field specifies the system metrics destination.
1523 |     # It supports either prometheus (the default) or stackdriver.
1524 |     # Note: Using Stackdriver will incur additional charges.
1525 |     metrics.backend-destination: prometheus
1526 | 
1527 |     # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This
1528 |     # field is optional. When running on GCE, application default credentials will be
1529 |     # used and metrics will be sent to the cluster's project if this field is
1530 |     # not provided.
1531 |     metrics.stackdriver-project-id: "<your stackdriver project id>"
1532 | 
1533 |     # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed
1534 |     # to send metrics to Stackdriver using "global" resource type and custom
1535 |     # metric type. Setting this flag to "true" could cause extra Stackdriver
1536 |     # charge.  If metrics.backend-destination is not Stackdriver, this is
1537 |     # ignored.
1538 |     metrics.allow-stackdriver-custom-metrics: "false"
1539 | 
1540 | ---
1541 | # Copyright 2019 The Tekton Authors
1542 | #
1543 | # Licensed under the Apache License, Version 2.0 (the "License");
1544 | # you may not use this file except in compliance with the License.
1545 | # You may obtain a copy of the License at
1546 | #
1547 | #     http://www.apache.org/licenses/LICENSE-2.0
1548 | #
1549 | # Unless required by applicable law or agreed to in writing, software
1550 | # distributed under the License is distributed on an "AS IS" BASIS,
1551 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1552 | # See the License for the specific language governing permissions and
1553 | # limitations under the License.
1554 | 
1555 | apiVersion: apps/v1
1556 | kind: Deployment
1557 | metadata:
1558 |   name: tekton-pipelines-controller
1559 |   namespace: tekton-pipelines
1560 |   labels:
1561 |     app.kubernetes.io/name: controller
1562 |     app.kubernetes.io/component: controller
1563 |     app.kubernetes.io/instance: tekton
1564 |     app.kubernetes.io/version: "v0.17.1"
1565 |     app.kubernetes.io/part-of: tekton-pipelines
1566 |     # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
1567 |     pipeline.tekton.dev/release: "v0.17.1"
1568 |     # labels below are related to istio and should not be used for resource lookup
1569 |     version: "v0.17.1"
1570 | spec:
1571 |   replicas: 1
1572 |   selector:
1573 |     matchLabels:
1574 |       app.kubernetes.io/name: controller
1575 |       app.kubernetes.io/component: controller
1576 |       app.kubernetes.io/instance: tekton
1577 |       app.kubernetes.io/part-of: tekton-pipelines
1578 |   template:
1579 |     metadata:
1580 |       annotations:
1581 |         cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
1582 |       labels:
1583 |         app.kubernetes.io/name: controller
1584 |         app.kubernetes.io/component: controller
1585 |         app.kubernetes.io/instance: tekton
1586 |         app.kubernetes.io/version: "v0.17.1"
1587 |         app.kubernetes.io/part-of: tekton-pipelines
1588 |         # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
1589 |         pipeline.tekton.dev/release: "v0.17.1"
1590 |         # labels below are related to istio and should not be used for resource lookup
1591 |         app: tekton-pipelines-controller
1592 |         version: "v0.17.1"
1593 |     spec:
1594 |       serviceAccountName: tekton-pipelines-controller
1595 |       containers:
1596 |       - name: tekton-pipelines-controller
1597 |         image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.17.1@sha256:e35782523472e105fe68a91c346df73733f70255ac84fe8cfcbf299c2cbf82c0
1598 |         args: [
1599 |           # Version, to be replace at release time
1600 |           "-version", "v0.17.1",
1601 |           # These images are built on-demand by `ko resolve` and are replaced
1602 |           # by image references by digest.
1603 |           "-kubeconfig-writer-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.17.1@sha256:a0c3c63766ce30bf0c94dd30ff51a0745a629bd5ef10aae863a4aadd31917adc",
1604 |           "-creds-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/creds-init:v0.17.1@sha256:58026c677a33465160177de5bd1e86fd51a5982c72d6bdc59ef3eab630a1e459",
1605 |           "-git-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.17.1@sha256:a39b8c647d6eaf609dc04bc7b0fc0f787b3b25fd6b1c9b182066a5c29a64a18c",
1606 |           "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.17.1@sha256:ec3db704fd4fd6007f41cb8949f14f1ab0d9d76d472f1942677a9e245a1c35af",
1607 |           "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.17.1@sha256:d0eeff76cc844c502652a4397795a36b4dd84211cddaa538a9d364822398ccb9",
1608 |           "-imagedigest-exporter-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.17.1@sha256:5821552e75cffb4f739c8cfbeaeab8de511340a74a20233b10535ee2a89829cf",
1609 |           "-pr-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.17.1@sha256:7f64f991fab8941d424474fbc3f9fbe124f375382b2ae62c039583b5febc9d64",
1610 |           "-build-gcs-fetcher-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher:v0.17.1@sha256:0252efb5c939c33067b6cc33db07b311aec2108b37855b3fda9409661268b709",
1611 |           # This is gcr.io/google.com/cloudsdktool/cloud-sdk:302.0.0-slim
1612 |           "-gsutil-image", "gcr.io/google.com/cloudsdktool/cloud-sdk@sha256:27b2c22bf259d9bc1a291e99c63791ba0c27a04d2db0a43241ba0f1f20f4067f",
1613 |           # The shell image must be root in order to create directories and copy files to PVCs.
1614 |           # gcr.io/distroless/base:debug-nonroot as of July 23, 2020
1615 |           "-shell-image", "gcr.io/distroless/base@sha256:60f5ffe6fc481e9102747b043b3873a01893a5a8138f970c5f5fc06fb7494656"]
1616 |         volumeMounts:
1617 |         - name: config-logging
1618 |           mountPath: /etc/config-logging
1619 |         env:
1620 |         - name: SYSTEM_NAMESPACE
1621 |           valueFrom:
1622 |             fieldRef:
1623 |               fieldPath: metadata.namespace
1624 |         - # If you are changing these names, you will also need to update
1625 |           # the controller's Role in 200-role.yaml to include the new
1626 |           # values in the "configmaps" "get" rule.
1627 |           name: CONFIG_DEFAULTS_NAME
1628 |           value: config-defaults
1629 |         - name: CONFIG_LOGGING_NAME
1630 |           value: config-logging
1631 |         - name: CONFIG_OBSERVABILITY_NAME
1632 |           value: config-observability
1633 |         - name: CONFIG_ARTIFACT_BUCKET_NAME
1634 |           value: config-artifact-bucket
1635 |         - name: CONFIG_ARTIFACT_PVC_NAME
1636 |           value: config-artifact-pvc
1637 |         - name: CONFIG_FEATURE_FLAGS_NAME
1638 |           value: feature-flags
1639 |         - name: CONFIG_LEADERELECTION_NAME
1640 |           value: config-leader-election
1641 |         - name: METRICS_DOMAIN
1642 |           value: tekton.dev/pipeline
1643 |         securityContext:
1644 |           allowPrivilegeEscalation: false
1645 |           # User 65532 is the distroless nonroot user ID
1646 |           runAsUser: 65532
1647 |       volumes:
1648 |       - name: config-logging
1649 |         configMap:
1650 |           name: config-logging
1651 | ---
1652 | apiVersion: v1
1653 | kind: Service
1654 | metadata:
1655 |   labels:
1656 |     app.kubernetes.io/name: controller
1657 |     app.kubernetes.io/component: controller
1658 |     app.kubernetes.io/instance: tekton
1659 |     app.kubernetes.io/version: "v0.17.1"
1660 |     app.kubernetes.io/part-of: tekton-pipelines
1661 |     # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
1662 |     pipeline.tekton.dev/release: "v0.17.1"
1663 |     # labels below are related to istio and should not be used for resource lookup
1664 |     app: tekton-pipelines-controller
1665 |     version: "v0.17.1"
1666 |   name: tekton-pipelines-controller
1667 |   namespace: tekton-pipelines
1668 | spec:
1669 |   ports:
1670 |   - name: http-metrics
1671 |     port: 9090
1672 |     protocol: TCP
1673 |     targetPort: 9090
1674 |   selector:
1675 |     app.kubernetes.io/name: controller
1676 |     app.kubernetes.io/component: controller
1677 |     app.kubernetes.io/instance: tekton
1678 |     app.kubernetes.io/part-of: tekton-pipelines
1679 | 
1680 | ---
1681 | # Copyright 2019 The Tekton Authors
1682 | #
1683 | # Licensed under the Apache License, Version 2.0 (the "License");
1684 | # you may not use this file except in compliance with the License.
1685 | # You may obtain a copy of the License at
1686 | #
1687 | #     https://www.apache.org/licenses/LICENSE-2.0
1688 | #
1689 | # Unless required by applicable law or agreed to in writing, software
1690 | # distributed under the License is distributed on an "AS IS" BASIS,
1691 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1692 | # See the License for the specific language governing permissions and
1693 | # limitations under the License.
1694 | 
1695 | apiVersion: apps/v1
1696 | kind: Deployment
1697 | metadata:
1698 |   # Note: the Deployment name must be the same as the Service name specified in
1699 |   # config/400-webhook-service.yaml. If you change this name, you must also
1700 |   # change the value of WEBHOOK_SERVICE_NAME below.
1701 |   name: tekton-pipelines-webhook
1702 |   namespace: tekton-pipelines
1703 |   labels:
1704 |     app.kubernetes.io/name: webhook
1705 |     app.kubernetes.io/component: webhook
1706 |     app.kubernetes.io/instance: tekton
1707 |     app.kubernetes.io/version: "v0.17.1"
1708 |     app.kubernetes.io/part-of: tekton-pipelines
1709 |     # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
1710 |     pipeline.tekton.dev/release: "v0.17.1"
1711 |     # labels below are related to istio and should not be used for resource lookup
1712 |     version: "v0.17.1"
1713 | spec:
1714 |   replicas: 1
1715 |   selector:
1716 |     matchLabels:
1717 |       app.kubernetes.io/name: webhook
1718 |       app.kubernetes.io/component: webhook
1719 |       app.kubernetes.io/instance: tekton
1720 |       app.kubernetes.io/part-of: tekton-pipelines
1721 |   template:
1722 |     metadata:
1723 |       annotations:
1724 |         cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
1725 |       labels:
1726 |         app.kubernetes.io/name: webhook
1727 |         app.kubernetes.io/component: webhook
1728 |         app.kubernetes.io/instance: tekton
1729 |         app.kubernetes.io/version: "v0.17.1"
1730 |         app.kubernetes.io/part-of: tekton-pipelines
1731 |         # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
1732 |         pipeline.tekton.dev/release: "v0.17.1"
1733 |         # labels below are related to istio and should not be used for resource lookup
1734 |         app: tekton-pipelines-webhook
1735 |         version: "v0.17.1"
1736 |     spec:
1737 |       serviceAccountName: tekton-pipelines-webhook
1738 |       containers:
1739 |       - name: webhook
1740 |         # This is the Go import path for the binary that is containerized
1741 |         # and substituted here.
1742 |         image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.17.1@sha256:0ebac19d31ae7e76b2a6df13afe4d49b8381c524f21829cbb3b86733de105f67
1743 |         env:
1744 |         - name: SYSTEM_NAMESPACE
1745 |           valueFrom:
1746 |             fieldRef:
1747 |               fieldPath: metadata.namespace
1748 |         - # If you are changing these names, you will also need to update
1749 |           # the webhook's Role in 200-role.yaml to include the new
1750 |           # values in the "configmaps" "get" rule.
1751 |           name: CONFIG_LOGGING_NAME
1752 |           value: config-logging
1753 |         - name: CONFIG_OBSERVABILITY_NAME
1754 |           value: config-observability
1755 |         - name: CONFIG_LEADERELECTION_NAME
1756 |           value: config-leader-election
1757 |         - name: WEBHOOK_SERVICE_NAME
1758 |           value: tekton-pipelines-webhook
1759 |         - name: WEBHOOK_SECRET_NAME
1760 |           value: webhook-certs
1761 |         - name: METRICS_DOMAIN
1762 |           value: tekton.dev/pipeline
1763 |         securityContext:
1764 |           allowPrivilegeEscalation: false
1765 |           # User 65532 is the distroless nonroot user ID
1766 |           runAsUser: 65532
1767 |         ports:
1768 |         - name: metrics
1769 |           containerPort: 9090
1770 |         - name: profiling
1771 |           containerPort: 8008
1772 |         - name: https-webhook
1773 |           containerPort: 8443
1774 |         livenessProbe:
1775 |           tcpSocket:
1776 |             port: https-webhook
1777 |           initialDelaySeconds: 5
1778 |           periodSeconds: 10
1779 |           timeoutSeconds: 5
1780 |         readinessProbe:
1781 |           tcpSocket:
1782 |             port: https-webhook
1783 |           initialDelaySeconds: 5
1784 |           periodSeconds: 10
1785 | ---
1786 | apiVersion: v1
1787 | kind: Service
1788 | metadata:
1789 |   labels:
1790 |     app.kubernetes.io/name: webhook
1791 |     app.kubernetes.io/component: webhook
1792 |     app.kubernetes.io/instance: tekton
1793 |     app.kubernetes.io/version: "v0.17.1"
1794 |     app.kubernetes.io/part-of: tekton-pipelines
1795 |     # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
1796 |     pipeline.tekton.dev/release: "v0.17.1"
1797 |     # labels below are related to istio and should not be used for resource lookup
1798 |     app: tekton-pipelines-webhook
1799 |     version: "v0.17.1"
1800 |   name: tekton-pipelines-webhook
1801 |   namespace: tekton-pipelines
1802 | spec:
1803 |   ports:
1804 |   - # Define metrics and profiling for them to be accessible within service meshes.
1805 |     name: http-metrics
1806 |     port: 9090
1807 |     targetPort: 9090
1808 |   - name: http-profiling
1809 |     port: 8008
1810 |     targetPort: 8008
1811 |   - name: https-webhook
1812 |     port: 443
1813 |     targetPort: 8443
1814 |   selector:
1815 |     app.kubernetes.io/name: webhook
1816 |     app.kubernetes.io/component: webhook
1817 |     app.kubernetes.io/instance: tekton
1818 |     app.kubernetes.io/part-of: tekton-pipelines
1819 | 
1820 | ---
1821 | 


--------------------------------------------------------------------------------