diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go index 4b54c0d4390..e9b547196fa 100644 --- a/cmd/webhook/main.go +++ b/cmd/webhook/main.go @@ -56,7 +56,6 @@ var types = map[schema.GroupVersionKind]resourcesemantics.GenericCRD{ // v1beta1 v1beta1.SchemeGroupVersion.WithKind("Pipeline"): &v1beta1.Pipeline{}, v1beta1.SchemeGroupVersion.WithKind("Task"): &v1beta1.Task{}, - v1beta1.SchemeGroupVersion.WithKind("ClusterTask"): &v1beta1.ClusterTask{}, v1beta1.SchemeGroupVersion.WithKind("TaskRun"): &v1beta1.TaskRun{}, v1beta1.SchemeGroupVersion.WithKind("PipelineRun"): &v1beta1.PipelineRun{}, v1beta1.SchemeGroupVersion.WithKind("CustomRun"): &v1beta1.CustomRun{}, diff --git a/config/200-clusterrole.yaml b/config/200-clusterrole.yaml index 2fd97b4a9f0..f8cd0f96288 100644 --- a/config/200-clusterrole.yaml +++ b/config/200-clusterrole.yaml @@ -32,7 +32,7 @@ rules: # Controller needs cluster access to all of the CRDs that it is responsible for # managing. - apiGroups: ["tekton.dev"] - resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns", "stepactions"] + resources: ["tasks", "taskruns", "pipelines", "pipelineruns", "customruns", "stepactions"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["tekton.dev"] resources: ["verificationpolicies"] @@ -41,7 +41,7 @@ rules: resources: ["taskruns/finalizers", "pipelineruns/finalizers", "customruns/finalizers"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - apiGroups: ["tekton.dev"] - resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "customruns/status", "verificationpolicies/status", "stepactions/status"] + resources: ["tasks/status", "taskruns/status", "pipelines/status", "pipelineruns/status", "customruns/status", "verificationpolicies/status", "stepactions/status"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] # resolution.tekton.dev - apiGroups: ["resolution.tekton.dev"] @@ -93,7 +93,6 @@ rules: - pipelines.tekton.dev - pipelineruns.tekton.dev - tasks.tekton.dev - - clustertasks.tekton.dev - taskruns.tekton.dev - resolutionrequests.resolution.tekton.dev - customruns.tekton.dev @@ -148,5 +147,5 @@ metadata: app.kubernetes.io/part-of: tekton-pipelines rules: - apiGroups: ["tekton.dev"] - resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "customruns"] + resources: ["tasks", "taskruns", "pipelines", "pipelineruns", "customruns"] verbs: ["get", "list", "watch"] diff --git a/config/300-crds/300-clustertask.yaml b/config/300-crds/300-clustertask.yaml deleted file mode 100644 index 3996a8dea9d..00000000000 --- a/config/300-crds/300-clustertask.yaml +++ /dev/null @@ -1,4492 +0,0 @@ -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: clustertasks.tekton.dev - labels: - app.kubernetes.io/instance: default - app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - preserveUnknownFields: false - versions: - - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - description: |- - ClusterTask is a Task with a cluster scope. ClusterTasks are used to - represent Tasks that should be publicly addressable from any namespace in the - cluster. - - Deprecated: Please use the cluster resolver instead. - type: object - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: Spec holds the desired state of the Task from the client - type: object - properties: - description: - description: |- - Description is a user-facing description of the task that may be - used to populate a UI. - type: string - displayName: - description: |- - DisplayName is a user-facing name of the task that may be - used to populate a UI. - type: string - params: - description: |- - Params is a list of input parameters required to run the task. Params - must be supplied as inputs in TaskRuns unless they declare a default - value. - type: array - items: - description: |- - ParamSpec defines arbitrary parameters needed beyond typed inputs (such as - resources). Parameter values are provided by users as inputs on a TaskRun - or PipelineRun. - type: object - required: - - name - properties: - default: - description: |- - Default is the value a parameter takes if no input value is supplied. If - default is set, a Task may be executed without a supplied value for the - parameter. - x-kubernetes-preserve-unknown-fields: true - description: - description: |- - Description is a user-facing description of the parameter that may be - used to populate a UI. - type: string - enum: - description: |- - Enum declares a set of allowed param input values for tasks/pipelines that can be validated. - If Enum is not set, no input validation is performed for the param. - type: array - items: - type: string - name: - description: Name declares the name by which a parameter is referenced. - type: string - properties: - description: Properties is the JSON Schema properties to support key-value pairs parameter. - type: object - additionalProperties: - description: PropertySpec defines the struct for object keys - type: object - properties: - type: - description: |- - ParamType indicates the type of an input parameter; - Used to distinguish between a single string and an array of strings. - type: string - type: - description: |- - Type is the user-specified type of the parameter. The possible types - are currently "string", "array" and "object", and "string" is the default. - type: string - x-kubernetes-list-type: atomic - resources: - description: |- - Resources is a list input and output resource to run the task - Resources are represented in TaskRuns as bindings to instances of - PipelineResources. - - Deprecated: Unused, preserved only for backwards compatibility - type: object - properties: - inputs: - description: |- - Inputs holds the mapping from the PipelineResources declared in - DeclaredPipelineResources to the input PipelineResources required by the Task. - type: array - items: - description: |- - TaskResource defines an input or output Resource declared as a requirement - by a Task. The Name field will be used to refer to these Resources within - the Task definition, and when provided as an Input, the Name will be the - path to the volume mounted containing this Resource as an input (e.g. - an input Resource named `workspace` will be mounted at `/workspace`). - - Deprecated: Unused, preserved only for backwards compatibility - type: object - required: - - name - - type - properties: - description: - description: |- - Description is a user-facing description of the declared resource that may be - used to populate a UI. - type: string - name: - description: |- - Name declares the name by which a resource is referenced in the - definition. Resources may be referenced by name in the definition of a - Task's steps. - type: string - optional: - description: |- - Optional declares the resource as optional. - By default optional is set to false which makes a resource required. - optional: true - the resource is considered optional - optional: false - the resource is considered required (equivalent of not specifying it) - type: boolean - targetPath: - description: |- - TargetPath is the path in workspace directory where the resource - will be copied. - type: string - type: - description: Type is the type of this resource; - type: string - x-kubernetes-list-type: atomic - outputs: - description: |- - Outputs holds the mapping from the PipelineResources declared in - DeclaredPipelineResources to the input PipelineResources required by the Task. - type: array - items: - description: |- - TaskResource defines an input or output Resource declared as a requirement - by a Task. The Name field will be used to refer to these Resources within - the Task definition, and when provided as an Input, the Name will be the - path to the volume mounted containing this Resource as an input (e.g. - an input Resource named `workspace` will be mounted at `/workspace`). - - Deprecated: Unused, preserved only for backwards compatibility - type: object - required: - - name - - type - properties: - description: - description: |- - Description is a user-facing description of the declared resource that may be - used to populate a UI. - type: string - name: - description: |- - Name declares the name by which a resource is referenced in the - definition. Resources may be referenced by name in the definition of a - Task's steps. - type: string - optional: - description: |- - Optional declares the resource as optional. - By default optional is set to false which makes a resource required. - optional: true - the resource is considered optional - optional: false - the resource is considered required (equivalent of not specifying it) - type: boolean - targetPath: - description: |- - TargetPath is the path in workspace directory where the resource - will be copied. - type: string - type: - description: Type is the type of this resource; - type: string - x-kubernetes-list-type: atomic - results: - description: Results are values that this Task can output - type: array - items: - description: TaskResult used to describe the results of a task - type: object - required: - - name - properties: - description: - description: Description is a human-readable description of the result - type: string - name: - description: Name the given name - type: string - properties: - description: Properties is the JSON Schema properties to support key-value pairs results. - type: object - additionalProperties: - description: PropertySpec defines the struct for object keys - type: object - properties: - type: - description: |- - ParamType indicates the type of an input parameter; - Used to distinguish between a single string and an array of strings. - type: string - type: - description: |- - Type is the user-specified type of the result. The possible type - is currently "string" and will support "array" in following work. - type: string - value: - description: Value the expression used to retrieve the value of the result from an underlying Step. - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-list-type: atomic - sidecars: - description: |- - Sidecars are run alongside the Task's step containers. They begin before - the steps start and end after the steps complete. - type: array - items: - description: Sidecar has nearly the same data structure as Step but does not have the ability to timeout. - type: object - required: - - name - properties: - args: - description: |- - Arguments to the entrypoint. - The image's CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - type: array - items: - type: string - x-kubernetes-list-type: atomic - command: - description: |- - Entrypoint array. Not executed within a shell. - The image's ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the Sidecar's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - type: array - items: - type: string - x-kubernetes-list-type: atomic - env: - description: |- - List of environment variables to set in the Sidecar. - Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - default: "" - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - default: "" - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - x-kubernetes-list-type: atomic - envFrom: - description: |- - List of sources to populate environment variables in the Sidecar. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the Sidecar is starting. When a key exists in multiple - sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. - Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - default: "" - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - default: "" - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - x-kubernetes-list-type: atomic - image: - description: |- - Image name to be used by the Sidecar. - More info: https://kubernetes.io/docs/concepts/containers/images - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - lifecycle: - description: |- - Actions that the management system should take in response to Sidecar lifecycle events. - Cannot be updated. - type: object - properties: - postStart: - description: |- - PostStart is called immediately after a container is created. If the handler fails, - the container is terminated and restarted according to its restart policy. - Other management of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - sleep: - description: Sleep represents the duration that the container should sleep before being terminated. - type: object - required: - - seconds - properties: - seconds: - description: Seconds is the number of seconds to sleep. - type: integer - format: int64 - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: |- - PreStop is called immediately before a container is terminated due to an - API request or management event such as liveness/startup probe failure, - preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the - container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - sleep: - description: Sleep represents the duration that the container should sleep before being terminated. - type: object - required: - - seconds - properties: - seconds: - description: Seconds is the number of seconds to sleep. - type: integer - format: int64 - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: |- - Periodic probe of Sidecar liveness. - Container will be restarted if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - type: integer - format: int32 - grpc: - description: GRPC specifies an action involving a GRPC port. - type: object - required: - - port - properties: - port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. - type: integer - format: int32 - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - default: "" - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - type: integer - format: int64 - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - name: - description: |- - Name of the Sidecar specified as a DNS_LABEL. - Each Sidecar in a Task must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: |- - List of ports to expose from the Sidecar. Exposing a port here gives - the system additional information about the network connections a - container uses, but is primarily informational. Not specifying a port here - DOES NOT prevent that port from being exposed. Any port which is - listening on the default "0.0.0.0" address inside a container will be - accessible from the network. - Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - type: integer - format: int32 - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: |- - Periodic probe of Sidecar service readiness. - Container will be removed from service endpoints if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - type: integer - format: int32 - grpc: - description: GRPC specifies an action involving a GRPC port. - type: object - required: - - port - properties: - port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. - type: integer - format: int32 - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - default: "" - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - type: integer - format: int64 - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - resources: - description: |- - Compute Resources required by this Sidecar. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - type: array - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - type: object - required: - - name - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - restartPolicy: - description: |- - RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an - initContainer and must have it's policy set to "Always". It is currently - left optional to help support Kubernetes versions prior to 1.29 when this feature - was introduced. - type: string - script: - description: |- - Script is the contents of an executable file to execute. - - If Script is not empty, the Step cannot have an Command or Args. - type: string - securityContext: - description: |- - SecurityContext defines the security options the Sidecar should be run with. - If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - type: object - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by this container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - x-kubernetes-list-type: atomic - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default value is Default which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - type: object - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - startupProbe: - description: |- - StartupProbe indicates that the Pod the Sidecar is running in has successfully initialized. - If specified, no other probes are executed until this completes successfully. - If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - type: integer - format: int32 - grpc: - description: GRPC specifies an action involving a GRPC port. - type: object - required: - - port - properties: - port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. - type: integer - format: int32 - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - default: "" - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - type: integer - format: int64 - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - stdin: - description: |- - Whether this Sidecar should allocate a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the Sidecar will always result in EOF. - Default is false. - type: boolean - stdinOnce: - description: |- - Whether the container runtime should close the stdin channel after it has been opened by - a single attach. When stdin is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on Sidecar start, is empty until the - first client attaches to stdin, and then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the Sidecar is restarted. If this - flag is false, a container processes that reads from stdin will never receive an EOF. - Default is false - type: boolean - terminationMessagePath: - description: |- - Optional: Path at which the file to which the Sidecar's termination message - will be written is mounted into the Sidecar's filesystem. - Message written is intended to be brief final status, such as an assertion failure message. - Will be truncated by the node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. - Defaults to /dev/termination-log. - Cannot be updated. - type: string - terminationMessagePolicy: - description: |- - Indicate how the termination message should be populated. File will use the contents of - terminationMessagePath to populate the Sidecar status message on both success and failure. - FallbackToLogsOnError will use the last chunk of Sidecar log output if the termination - message file is empty and the Sidecar exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever is smaller. - Defaults to File. - Cannot be updated. - type: string - tty: - description: |- - Whether this Sidecar should allocate a TTY for itself, also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the Sidecar. - type: array - items: - description: volumeDevice describes a mapping of a raw block device within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - x-kubernetes-list-type: atomic - volumeMounts: - description: |- - Volumes to mount into the Sidecar's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified - (which defaults to None). - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - recursiveReadOnly: - description: |- - RecursiveReadOnly specifies whether read-only mounts should be handled - recursively. - - If ReadOnly is false, this field has no meaning and must be unspecified. - - If ReadOnly is true, and this field is set to Disabled, the mount is not made - recursively read-only. If this field is set to IfPossible, the mount is made - recursively read-only, if it is supported by the container runtime. If this - field is set to Enabled, the mount is made recursively read-only if it is - supported by the container runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - - If this field is set to IfPossible or Enabled, MountPropagation must be set to - None (or be unspecified, which defaults to None). - - If this field is not specified, it is treated as an equivalent of Disabled. - type: string - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - x-kubernetes-list-type: atomic - workingDir: - description: |- - Sidecar's working directory. - If not specified, the container runtime's default will be used, which - might be configured in the container image. - Cannot be updated. - type: string - workspaces: - description: |- - This is an alpha field. You must set the "enable-api-fields" feature flag to "alpha" - for this field to be supported. - - Workspaces is a list of workspaces from the Task that this Sidecar wants - exclusive access to. Adding a workspace to this list means that any - other Step or Sidecar that does not also request this Workspace will - not have access to it. - type: array - items: - description: |- - WorkspaceUsage is used by a Step or Sidecar to declare that it wants isolated access - to a Workspace defined in a Task. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: |- - MountPath is the path that the workspace should be mounted to inside the Step or Sidecar, - overriding any MountPath specified in the Task's WorkspaceDeclaration. - type: string - name: - description: Name is the name of the workspace this Step or Sidecar wants access to. - type: string - x-kubernetes-list-type: atomic - x-kubernetes-list-type: atomic - stepTemplate: - description: |- - StepTemplate can be used as the basis for all step containers within the - Task, so that the steps inherit settings on the base container. - type: object - required: - - name - properties: - args: - description: |- - Arguments to the entrypoint. - The image's CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the Step's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - type: array - items: - type: string - x-kubernetes-list-type: atomic - command: - description: |- - Entrypoint array. Not executed within a shell. - The docker image's ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the Step's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - type: array - items: - type: string - x-kubernetes-list-type: atomic - env: - description: |- - List of environment variables to set in the container. - Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - default: "" - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - default: "" - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - x-kubernetes-list-type: atomic - envFrom: - description: |- - List of sources to populate environment variables in the Step. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. - Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - default: "" - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - default: "" - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - x-kubernetes-list-type: atomic - image: - description: |- - Default image name to use for each Step. - More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management to default or override - container images in workload controllers like Deployments and StatefulSets. - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - lifecycle: - description: |- - Actions that the management system should take in response to container lifecycle events. - Cannot be updated. - - Deprecated: This field will be removed in a future release. - type: object - properties: - postStart: - description: |- - PostStart is called immediately after a container is created. If the handler fails, - the container is terminated and restarted according to its restart policy. - Other management of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - sleep: - description: Sleep represents the duration that the container should sleep before being terminated. - type: object - required: - - seconds - properties: - seconds: - description: Seconds is the number of seconds to sleep. - type: integer - format: int64 - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: |- - PreStop is called immediately before a container is terminated due to an - API request or management event such as liveness/startup probe failure, - preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the - container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - sleep: - description: Sleep represents the duration that the container should sleep before being terminated. - type: object - required: - - seconds - properties: - seconds: - description: Seconds is the number of seconds to sleep. - type: integer - format: int64 - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: |- - Periodic probe of container liveness. - Container will be restarted if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - - Deprecated: This field will be removed in a future release. - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - type: integer - format: int32 - grpc: - description: GRPC specifies an action involving a GRPC port. - type: object - required: - - port - properties: - port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. - type: integer - format: int32 - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - default: "" - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - type: integer - format: int64 - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - name: - description: |- - Default name for each Step specified as a DNS_LABEL. - Each Step in a Task must have a unique name. - Cannot be updated. - - Deprecated: This field will be removed in a future release. - type: string - ports: - description: |- - List of ports to expose from the Step's container. Exposing a port here gives - the system additional information about the network connections a - container uses, but is primarily informational. Not specifying a port here - DOES NOT prevent that port from being exposed. Any port which is - listening on the default "0.0.0.0" address inside a container will be - accessible from the network. - Cannot be updated. - - Deprecated: This field will be removed in a future release. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - type: integer - format: int32 - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: |- - Periodic probe of container service readiness. - Container will be removed from service endpoints if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - - Deprecated: This field will be removed in a future release. - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - type: integer - format: int32 - grpc: - description: GRPC specifies an action involving a GRPC port. - type: object - required: - - port - properties: - port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. - type: integer - format: int32 - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - default: "" - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - type: integer - format: int64 - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - resources: - description: |- - Compute Resources required by this Step. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - type: array - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - type: object - required: - - name - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: |- - SecurityContext defines the security options the Step should be run with. - If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - type: object - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by this container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - x-kubernetes-list-type: atomic - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default value is Default which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - type: object - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - startupProbe: - description: |- - DeprecatedStartupProbe indicates that the Pod has successfully initialized. - If specified, no other probes are executed until this completes successfully. - If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - - Deprecated: This field will be removed in a future release. - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - type: integer - format: int32 - grpc: - description: GRPC specifies an action involving a GRPC port. - type: object - required: - - port - properties: - port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. - type: integer - format: int32 - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - default: "" - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - type: integer - format: int64 - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - stdin: - description: |- - Whether this Step should allocate a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the Step will always result in EOF. - Default is false. - - Deprecated: This field will be removed in a future release. - type: boolean - stdinOnce: - description: |- - Whether the container runtime should close the stdin channel after it has been opened by - a single attach. When stdin is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - first client attaches to stdin, and then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin will never receive an EOF. - Default is false - - Deprecated: This field will be removed in a future release. - type: boolean - terminationMessagePath: - description: 'Deprecated: This field will be removed in a future release and cannot be meaningfully used.' - type: string - terminationMessagePolicy: - description: 'Deprecated: This field will be removed in a future release and cannot be meaningfully used.' - type: string - tty: - description: |- - Whether this Step should allocate a DeprecatedTTY for itself, also requires 'stdin' to be true. - Default is false. - - Deprecated: This field will be removed in a future release. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the Step. - type: array - items: - description: volumeDevice describes a mapping of a raw block device within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - x-kubernetes-list-type: atomic - volumeMounts: - description: |- - Volumes to mount into the Step's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified - (which defaults to None). - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - recursiveReadOnly: - description: |- - RecursiveReadOnly specifies whether read-only mounts should be handled - recursively. - - If ReadOnly is false, this field has no meaning and must be unspecified. - - If ReadOnly is true, and this field is set to Disabled, the mount is not made - recursively read-only. If this field is set to IfPossible, the mount is made - recursively read-only, if it is supported by the container runtime. If this - field is set to Enabled, the mount is made recursively read-only if it is - supported by the container runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - - If this field is set to IfPossible or Enabled, MountPropagation must be set to - None (or be unspecified, which defaults to None). - - If this field is not specified, it is treated as an equivalent of Disabled. - type: string - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - x-kubernetes-list-type: atomic - workingDir: - description: |- - Step's working directory. - If not specified, the container runtime's default will be used, which - might be configured in the container image. - Cannot be updated. - type: string - steps: - description: |- - Steps are the steps of the build; each step is run sequentially with the - source mounted into /workspace. - type: array - items: - description: Step runs a subcomponent of a Task - type: object - required: - - name - properties: - args: - description: |- - Arguments to the entrypoint. - The image's CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - type: array - items: - type: string - x-kubernetes-list-type: atomic - command: - description: |- - Entrypoint array. Not executed within a shell. - The image's ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container's environment. If a variable - cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will - produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless - of whether the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - type: array - items: - type: string - x-kubernetes-list-type: atomic - env: - description: |- - List of environment variables to set in the container. - Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - default: "" - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - default: "" - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - x-kubernetes-map-type: atomic - x-kubernetes-list-type: atomic - envFrom: - description: |- - List of sources to populate environment variables in the container. - The keys defined within a source must be a C_IDENTIFIER. All invalid keys - will be reported as an event when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. - Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - default: "" - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - default: "" - optional: - description: Specify whether the Secret must be defined - type: boolean - x-kubernetes-map-type: atomic - x-kubernetes-list-type: atomic - image: - description: |- - Image reference name to run for this Step. - More info: https://kubernetes.io/docs/concepts/containers/images - type: string - imagePullPolicy: - description: |- - Image pull policy. - One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - type: string - lifecycle: - description: |- - Actions that the management system should take in response to container lifecycle events. - Cannot be updated. - - Deprecated: This field will be removed in a future release. - type: object - properties: - postStart: - description: |- - PostStart is called immediately after a container is created. If the handler fails, - the container is terminated and restarted according to its restart policy. - Other management of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - sleep: - description: Sleep represents the duration that the container should sleep before being terminated. - type: object - required: - - seconds - properties: - seconds: - description: Seconds is the number of seconds to sleep. - type: integer - format: int64 - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: |- - PreStop is called immediately before a container is terminated due to an - API request or management event such as liveness/startup probe failure, - preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the - container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - sleep: - description: Sleep represents the duration that the container should sleep before being terminated. - type: object - required: - - seconds - properties: - seconds: - description: Seconds is the number of seconds to sleep. - type: integer - format: int64 - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: |- - Periodic probe of container liveness. - Step will be restarted if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - - Deprecated: This field will be removed in a future release. - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - type: integer - format: int32 - grpc: - description: GRPC specifies an action involving a GRPC port. - type: object - required: - - port - properties: - port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. - type: integer - format: int32 - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - default: "" - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - type: integer - format: int64 - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - name: - description: |- - Name of the Step specified as a DNS_LABEL. - Each Step in a Task must have a unique name. - type: string - onError: - description: |- - OnError defines the exiting behavior of a container on error - can be set to [ continue | stopAndFail ] - type: string - params: - description: Params declares parameters passed to this step action. - type: array - items: - description: Param declares an ParamValues to use for the parameter called name. - type: object - required: - - name - - value - properties: - name: - type: string - value: - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-list-type: atomic - ports: - description: |- - List of ports to expose from the Step's container. Exposing a port here gives - the system additional information about the network connections a - container uses, but is primarily informational. Not specifying a port here - DOES NOT prevent that port from being exposed. Any port which is - listening on the default "0.0.0.0" address inside a container will be - accessible from the network. - Cannot be updated. - - Deprecated: This field will be removed in a future release. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - type: integer - format: int32 - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: |- - Periodic probe of container service readiness. - Step will be removed from service endpoints if the probe fails. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - - Deprecated: This field will be removed in a future release. - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - type: integer - format: int32 - grpc: - description: GRPC specifies an action involving a GRPC port. - type: object - required: - - port - properties: - port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. - type: integer - format: int32 - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - default: "" - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - type: integer - format: int64 - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - ref: - description: Contains the reference to an existing StepAction. - type: object - properties: - name: - description: Name of the referenced step - type: string - params: - description: |- - Params contains the parameters used to identify the - referenced Tekton resource. Example entries might include - "repo" or "path" but the set of params ultimately depends on - the chosen resolver. - type: array - items: - description: Param declares an ParamValues to use for the parameter called name. - type: object - required: - - name - - value - properties: - name: - type: string - value: - x-kubernetes-preserve-unknown-fields: true - x-kubernetes-list-type: atomic - resolver: - description: |- - Resolver is the name of the resolver that should perform - resolution of the referenced Tekton resource, such as "git". - type: string - resources: - description: |- - Compute Resources required by this Step. - Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - This field is immutable. It can only be set for containers. - type: array - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - type: object - required: - - name - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - request: - description: |- - Request is the name chosen for a request in the referenced claim. - If empty, everything from the claim is made available, otherwise - only the result of this request. - type: string - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - results: - description: |- - Results declares StepResults produced by the Step. - - This is field is at an ALPHA stability level and gated by "enable-step-actions" feature flag. - - It can be used in an inlined Step when used to store Results to $(step.results.resultName.path). - It cannot be used when referencing StepActions using [v1beta1.Step.Ref]. - The Results declared by the StepActions will be stored here instead. - type: array - items: - description: |- - StepResult used to describe the Results of a Step. - - This is field is at an BETA stability level and gated by "enable-step-actions" feature flag. - type: object - required: - - name - properties: - description: - description: Description is a human-readable description of the result - type: string - name: - description: Name the given name - type: string - properties: - description: Properties is the JSON Schema properties to support key-value pairs results. - type: object - additionalProperties: - description: PropertySpec defines the struct for object keys - type: object - properties: - type: - description: |- - ParamType indicates the type of an input parameter; - Used to distinguish between a single string and an array of strings. - type: string - type: - description: The possible types are 'string', 'array', and 'object', with 'string' as the default. - type: string - x-kubernetes-list-type: atomic - script: - description: |- - Script is the contents of an executable file to execute. - - If Script is not empty, the Step cannot have an Command and the Args will be passed to the Script. - type: string - securityContext: - description: |- - SecurityContext defines the security options the Step should be run with. - If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - type: object - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - appArmorProfile: - description: |- - appArmorProfile is the AppArmor options to use by this container. If set, this profile - overrides the pod's appArmorProfile. - Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile loaded on the node that should be used. - The profile must be preconfigured on the node to work. - Must match the loaded name of the profile. - Must be set if and only if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of AppArmor profile will be applied. - Valid options are: - Localhost - a profile pre-loaded on the node. - RuntimeDefault - the container runtime's default profile. - Unconfined - no AppArmor enforcement. - type: string - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - x-kubernetes-list-type: atomic - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - x-kubernetes-list-type: atomic - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default value is Default which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - type: integer - format: int64 - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - type: object - required: - - type - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must be set if type is "Localhost". Must NOT be set for any other type. - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - type: object - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - All of a Pod's containers must have the same effective HostProcess value - (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). - In addition, if HostProcess is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - startupProbe: - description: |- - DeprecatedStartupProbe indicates that the Pod this Step runs in has successfully initialized. - If specified, no other probes are executed until this completes successfully. - If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. - This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, - when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - - Deprecated: This field will be removed in a future release. - type: object - properties: - exec: - description: Exec specifies the action to take. - type: object - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - x-kubernetes-list-type: atomic - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - type: integer - format: int32 - grpc: - description: GRPC specifies an action involving a GRPC port. - type: object - required: - - port - properties: - port: - description: Port number of the gRPC service. Number must be in the range 1 to 65535. - type: integer - format: int32 - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - If this is not specified, the default behavior is defined by gRPC. - type: string - default: "" - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - x-kubernetes-list-type: atomic - path: - description: Path to access on the HTTP server. - type: string - port: - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - type: integer - format: int64 - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - type: integer - format: int32 - stderrConfig: - description: Stores configuration for the stderr stream of the step. - type: object - properties: - path: - description: Path to duplicate stdout stream to on container's local filesystem. - type: string - stdin: - description: |- - Whether this container should allocate a buffer for stdin in the container runtime. If this - is not set, reads from stdin in the container will always result in EOF. - Default is false. - - Deprecated: This field will be removed in a future release. - type: boolean - stdinOnce: - description: |- - Whether the container runtime should close the stdin channel after it has been opened by - a single attach. When stdin is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the - first client attaches to stdin, and then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container is restarted. If this - flag is false, a container processes that reads from stdin will never receive an EOF. - Default is false - - Deprecated: This field will be removed in a future release. - type: boolean - stdoutConfig: - description: Stores configuration for the stdout stream of the step. - type: object - properties: - path: - description: Path to duplicate stdout stream to on container's local filesystem. - type: string - terminationMessagePath: - description: 'Deprecated: This field will be removed in a future release and can''t be meaningfully used.' - type: string - terminationMessagePolicy: - description: 'Deprecated: This field will be removed in a future release and can''t be meaningfully used.' - type: string - timeout: - description: |- - Timeout is the time after which the step times out. Defaults to never. - Refer to Go's ParseDuration documentation for expected format: https://golang.org/pkg/time/#ParseDuration - type: string - tty: - description: |- - Whether this container should allocate a DeprecatedTTY for itself, also requires 'stdin' to be true. - Default is false. - - Deprecated: This field will be removed in a future release. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the Step. - type: array - items: - description: volumeDevice describes a mapping of a raw block device within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - x-kubernetes-list-type: atomic - volumeMounts: - description: |- - Volumes to mount into the Step's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified - (which defaults to None). - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - recursiveReadOnly: - description: |- - RecursiveReadOnly specifies whether read-only mounts should be handled - recursively. - - If ReadOnly is false, this field has no meaning and must be unspecified. - - If ReadOnly is true, and this field is set to Disabled, the mount is not made - recursively read-only. If this field is set to IfPossible, the mount is made - recursively read-only, if it is supported by the container runtime. If this - field is set to Enabled, the mount is made recursively read-only if it is - supported by the container runtime, otherwise the pod will not be started and - an error will be generated to indicate the reason. - - If this field is set to IfPossible or Enabled, MountPropagation must be set to - None (or be unspecified, which defaults to None). - - If this field is not specified, it is treated as an equivalent of Disabled. - type: string - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - x-kubernetes-list-type: atomic - when: - description: |- - WhenExpressions are used to specify whether a Task should be executed or skipped - All of them need to evaluate to True for a guarded Task to be executed. - type: array - items: - description: |- - WhenExpression allows a PipelineTask to declare expressions to be evaluated before the Task is run - to determine whether the Task should be executed or skipped - type: object - properties: - cel: - description: |- - CEL is a string of Common Language Expression, which can be used to conditionally execute - the task based on the result of the expression evaluation - More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md - type: string - input: - description: Input is the string for guard checking which can be a static input or an output from a parent Task - type: string - operator: - description: Operator that represents an Input's relationship to the values - type: string - values: - description: |- - Values is an array of strings, which is compared against the input, for guard checking - It must be non-empty - type: array - items: - type: string - x-kubernetes-list-type: atomic - workingDir: - description: |- - Step's working directory. - If not specified, the container runtime's default will be used, which - might be configured in the container image. - Cannot be updated. - type: string - workspaces: - description: |- - This is an alpha field. You must set the "enable-api-fields" feature flag to "alpha" - for this field to be supported. - - Workspaces is a list of workspaces from the Task that this Step wants - exclusive access to. Adding a workspace to this list means that any - other Step or Sidecar that does not also request this Workspace will - not have access to it. - type: array - items: - description: |- - WorkspaceUsage is used by a Step or Sidecar to declare that it wants isolated access - to a Workspace defined in a Task. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: |- - MountPath is the path that the workspace should be mounted to inside the Step or Sidecar, - overriding any MountPath specified in the Task's WorkspaceDeclaration. - type: string - name: - description: Name is the name of the workspace this Step or Sidecar wants access to. - type: string - x-kubernetes-list-type: atomic - x-kubernetes-list-type: atomic - volumes: - description: |- - Volumes is a collection of volumes that are available to mount into the - steps of the build. - See Pod.spec.volumes (API version: v1) - x-kubernetes-preserve-unknown-fields: true - workspaces: - description: Workspaces are the volumes that this Task requires. - type: array - items: - description: WorkspaceDeclaration is a declaration of a volume that a Task requires. - type: object - required: - - name - properties: - description: - description: Description is an optional human readable description of this volume. - type: string - mountPath: - description: MountPath overrides the directory that the volume will be made available at. - type: string - name: - description: Name is the name by which you can bind the volume at runtime. - type: string - optional: - description: |- - Optional marks a Workspace as not being required in TaskRuns. By default - this field is false and so declared workspaces are required. - type: boolean - readOnly: - description: |- - ReadOnly dictates whether a mounted volume is writable. By default this - field is false and so mounted volumes are writable. - type: boolean - x-kubernetes-list-type: atomic - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - names: - kind: ClusterTask - plural: clustertasks - singular: clustertask - categories: - - tekton - - tekton-pipelines - scope: Cluster diff --git a/config/300-crds/300-customrun.yaml b/config/300-crds/300-customrun.yaml index ecc5330c1a1..e17392d61c1 100644 --- a/config/300-crds/300-customrun.yaml +++ b/config/300-crds/300-customrun.yaml @@ -74,8 +74,7 @@ spec: description: |- TaskKind indicates the Kind of the Task: 1. Namespaced Task when Kind is set to "Task". If Kind is "", it defaults to "Task". - 2. Cluster-Scoped Task when Kind is set to "ClusterTask" - 3. Custom Task when Kind is non-empty and APIVersion is non-empty + 2. Custom Task when Kind is non-empty and APIVersion is non-empty type: string name: description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' diff --git a/config/300-crds/300-pipeline.yaml b/config/300-crds/300-pipeline.yaml index 06b333ff6bd..661f3a288b8 100644 --- a/config/300-crds/300-pipeline.yaml +++ b/config/300-crds/300-pipeline.yaml @@ -311,8 +311,7 @@ spec: description: |- TaskKind indicates the Kind of the Task: 1. Namespaced Task when Kind is set to "Task". If Kind is "", it defaults to "Task". - 2. Cluster-Scoped Task when Kind is set to "ClusterTask" - 3. Custom Task when Kind is non-empty and APIVersion is non-empty + 2. Custom Task when Kind is non-empty and APIVersion is non-empty type: string name: description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' @@ -757,8 +756,7 @@ spec: description: |- TaskKind indicates the Kind of the Task: 1. Namespaced Task when Kind is set to "Task". If Kind is "", it defaults to "Task". - 2. Cluster-Scoped Task when Kind is set to "ClusterTask" - 3. Custom Task when Kind is non-empty and APIVersion is non-empty + 2. Custom Task when Kind is non-empty and APIVersion is non-empty type: string name: description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' diff --git a/config/300-crds/300-taskrun.yaml b/config/300-crds/300-taskrun.yaml index dc43cf7a378..951ec56a8c1 100644 --- a/config/300-crds/300-taskrun.yaml +++ b/config/300-crds/300-taskrun.yaml @@ -1213,8 +1213,7 @@ spec: description: |- TaskKind indicates the Kind of the Task: 1. Namespaced Task when Kind is set to "Task". If Kind is "", it defaults to "Task". - 2. Cluster-Scoped Task when Kind is set to "ClusterTask" - 3. Custom Task when Kind is non-empty and APIVersion is non-empty + 2. Custom Task when Kind is non-empty and APIVersion is non-empty type: string name: description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' diff --git a/docs/labels.md b/docs/labels.md index 94c07e37a67..72c1d6e627c 100644 --- a/docs/labels.md +++ b/docs/labels.md @@ -69,12 +69,6 @@ Tekton automatically adds labels to Tekton entities as described in the followin Pods Name of the Task that the TaskRun references. - - tekton.dev/clusterTask - TaskRuns that reference an existing ClusterTask. - Pods - Name of the ClusterTask that the TaskRun references. - tekton.dev/taskRun Pods @@ -112,12 +106,6 @@ The following command finds all `TaskRuns` that reference a `Task` named `test-t kubectl get taskruns --all-namespaces -l tekton.dev/task=test-task ``` -The following command finds all `TaskRuns` that reference a `ClusterTask` named `test-clustertask`: - -```shell -kubectl get taskruns --all-namespaces -l tekton.dev/clusterTask=test-clustertask -``` - ## Annotations propagation Annotation propagate among Tekton entities as follows (similar to Labels): diff --git a/docs/pipeline-api.md b/docs/pipeline-api.md index 6342223af64..3de4724062e 100644 --- a/docs/pipeline-api.md +++ b/docs/pipeline-api.md @@ -5177,11 +5177,7 @@ failed step will not exit

Description -

"ClusterTask"

-

ClusterTaskRefKind is the task type for a reference to a task with cluster scope. -ClusterTasks are not supported in v1, but v1 types may reference ClusterTasks.

- -

"Task"

+

"Task"

NamespacedTaskKind indicates that the task type has a namespaced scope.

@@ -8480,8 +8476,6 @@ controller.

Resource Types: -

ClusterTask -

-
-

ClusterTask is a Task with a cluster scope. ClusterTasks are used to -represent Tasks that should be publicly addressable from any namespace in the -cluster.

-

Deprecated: Please use the cluster resolver instead.

-
- - - - - - - - - - - - - - - - - - - - - - - - - -
FieldDescription
-apiVersion
-string		 - -tekton.dev/v1beta1 - -
-kind
-string -		ClusterTask
-metadata
- - -Kubernetes meta/v1.ObjectMeta - - -		 -(Optional) -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
-spec
- - -TaskSpec - - -		 -(Optional) -

Spec holds the desired state of the Task from the client

-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-resources
- - -TaskResources - - -		 -(Optional) -

Resources is a list input and output resource to run the task -Resources are represented in TaskRuns as bindings to instances of -PipelineResources.

-

Deprecated: Unused, preserved only for backwards compatibility

-
-params
- - -ParamSpecs - - -		 -(Optional) -

Params is a list of input parameters required to run the task. Params -must be supplied as inputs in TaskRuns unless they declare a default -value.

-
-displayName
- -string - -		 -(Optional) -

DisplayName is a user-facing name of the task that may be -used to populate a UI.

-
-description
- -string - -		 -(Optional) -

Description is a user-facing description of the task that may be -used to populate a UI.

-
-steps
- - -[]Step - - -		 -

Steps are the steps of the build; each step is run sequentially with the -source mounted into /workspace.

-
-volumes
- - -[]Kubernetes core/v1.Volume - - -		 -

Volumes is a collection of volumes that are available to mount into the -steps of the build. -See Pod.spec.volumes (API version: v1)

-
-stepTemplate
- - -StepTemplate - - -		 -

StepTemplate can be used as the basis for all step containers within the -Task, so that the steps inherit settings on the base container.

-
-sidecars
- - -[]Sidecar - - -		 -

Sidecars are run alongside the Task’s step containers. They begin before -the steps start and end after the steps complete.

-
-workspaces
- - -[]WorkspaceDeclaration - - -		 -

Workspaces are the volumes that this Task requires.

-
-results
- - -[]TaskResult - - -		 -

Results are values that this Task can output

-
-

CustomRun

@@ -14985,7 +14769,7 @@ failed step will not exit

TaskObject

-

TaskObject is implemented by Task and ClusterTask

+

TaskObject is implemented by Task

TaskRef

@@ -15026,8 +14810,7 @@ TaskKind

TaskKind indicates the Kind of the Task: 1. Namespaced Task when Kind is set to “Task”. If Kind is “”, it defaults to “Task”. -2. Cluster-Scoped Task when Kind is set to “ClusterTask” -3. Custom Task when Kind is non-empty and APIVersion is non-empty

+2. Custom Task when Kind is non-empty and APIVersion is non-empty

@@ -16075,7 +15858,7 @@ Kubernetes core/v1.ResourceRequirements

TaskSpec

-(Appears on:ClusterTask, Task, EmbeddedTask, TaskRunSpec, TaskRunStatusFields) +(Appears on:Task, EmbeddedTask, TaskRunSpec, TaskRunStatusFields)

TaskSpec defines the desired state of Task.

diff --git a/docs/tasks.md b/docs/tasks.md index d9b3ddcab4d..de6cc40f09c 100644 --- a/docs/tasks.md +++ b/docs/tasks.md @@ -9,7 +9,6 @@ weight: 201 - [Overview](#overview) - [Configuring a `Task`](#configuring-a-task) - - [`Task` vs. `ClusterTask`](#task-vs-clustertask) - [Defining `Steps`](#defining-steps) - [Reserved directories](#reserved-directories) - [Running scripts within `Steps`](#running-scripts-within-steps) @@ -46,23 +45,24 @@ weight: 201 - [Inspecting the file structure](#inspecting-the-file-structure) - [Inspecting the `Pod`](#inspecting-the-pod) - [Running Step Containers as a Non Root User](#running-step-containers-as-a-non-root-user) -- [`Task` Authoring Recommendations](#task-authoring-recommendations) ## Overview -A `Task` is a collection of `Steps` that you -define and arrange in a specific order of execution as part of your continuous integration flow. -A `Task` executes as a Pod on your Kubernetes cluster. A `Task` is available within a specific -namespace, while a `ClusterTask` is available across the entire cluster. +A `Task` is a collection of `Steps` that you define and arrange in a specific order +of execution as part of your continuous integration flow. A `Task` executes as a +Pod on your Kubernetes cluster. A `Task` is available within a specific namespace, +while a cluster resolver can be used to access Tasks across the entire cluster. + +**Note:** The cluster resolver is the recommended way to access Tasks across the cluster. ClusterTasks are deprecated. A `Task` declaration includes the following elements: - [Parameters](#specifying-parameters) -- [Steps](#defining-steps) +- [Steps](#steps) - [Workspaces](#specifying-workspaces) - [Results](#emitting-results) -## Configuring a `Task` +## Configuring a Task A `Task` definition supports the following fields: @@ -74,14 +74,14 @@ A `Task` definition supports the following fields: `Task` resource object. For example, a `name`. - [`spec`][kubernetes-overview] - Specifies the configuration information for this `Task` resource object. - - [`steps`](#defining-steps) - Specifies one or more container images to run in the `Task`. + - [`steps`](#steps) - Specifies one or more container images to run in the `Task`. - Optional: - - [`description`](#adding-a-description) - An informative description of the `Task`. + - [`description`](#adding-description) - An informative description of the `Task`. - [`params`](#specifying-parameters) - Specifies execution parameters for the `Task`. - [`workspaces`](#specifying-workspaces) - Specifies paths to volumes required by the `Task`. - [`results`](#emitting-results) - Specifies the names under which `Tasks` write execution results. - [`volumes`](#specifying-volumes) - Specifies one or more volumes that will be available to the `Steps` in the `Task`. - - [`stepTemplate`](#specifying-a-step-template) - Specifies a `Container` step definition to use as the basis for all `Steps` in the `Task`. + - [`stepTemplate`](#specifying-step-template) - Specifies a `Container` step definition to use as the basis for all `Steps` in the `Task`. - [`sidecars`](#specifying-sidecars) - Specifies `Sidecar` containers to run alongside the `Steps` in the `Task`. [kubernetes-overview]: @@ -121,62 +121,6 @@ spec: emptyDir: {} ``` -### `Task` vs. `ClusterTask` - -**Note: ClusterTasks are deprecated.** Please use the [cluster resolver](./cluster-resolver.md) instead. - -A `ClusterTask` is a `Task` scoped to the entire cluster instead of a single namespace. -A `ClusterTask` behaves identically to a `Task` and therefore everything in this document -applies to both. - -**Note:** When using a `ClusterTask`, you must explicitly set the `kind` sub-field in the `taskRef` field to `ClusterTask`. - If not specified, the `kind` sub-field defaults to `Task.` - -Below is an example of a Pipeline declaration that uses a `ClusterTask`: -**Note**: -- There is no `v1` API specification for `ClusterTask` but a `v1beta1 clustertask` can still be referenced in a `v1 pipeline`. -- The cluster resolver syntax below can be used to reference any task, not just a clustertask. - -{{< tabs >}} -{{% tab header="v1 & v1beta1" %}} -```yaml -apiVersion: tekton.dev/v1 -kind: Pipeline -metadata: - name: demo-pipeline -spec: - tasks: - - name: build-skaffold-web - taskRef: - resolver: cluster - params: - - name: kind - value: task - - name: name - value: build-push - - name: namespace - value: default -``` -{{% /tab %}} - -{{% tab header="v1beta1" %}} -```yaml -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: demo-pipeline - namespace: default -spec: - tasks: - - name: build-skaffold-web - taskRef: - name: build-push - kind: ClusterTask - params: .... -``` -{{% /tab %}} -{{< /tabs >}} - ### Defining `Steps` A `Step` is a reference to a container image that executes a specific tool on a @@ -669,7 +613,7 @@ For example, `foo.Is-Bar_` is a valid parameter name for string or array type, b > NOTE: > 1. Parameter names are **case insensitive**. For example, `APPLE` and `apple` will be treated as equal. If they appear in the same TaskSpec's params, it will be rejected as invalid. -> 2. If a parameter name contains dots (.), it must be referenced by using the [bracket notation](#substituting-parameters-and-resources) with either single or double quotes i.e. `$(params['foo.bar'])`, `$(params["foo.bar"])`. See the following example for more information. +> 2. If a parameter name contains dots (.), it must be referenced by using the [bracket notation](#using-variable-substitution) with either single or double quotes i.e. `$(params['foo.bar'])`, `$(params["foo.bar"])`. See the following example for more information. #### Parameter type Each declared parameter has a `type` field, which can be set to `string`, `array` or `object`. @@ -792,55 +736,7 @@ spec: value: "http://google.com" ``` -#### Default value -Parameter declarations (within Tasks and Pipelines) can include default values which will be used if the parameter is -not specified, for example to specify defaults for both string params and array params -([full example](../examples/v1/taskruns/array-default.yaml)) : - -```yaml -apiVersion: tekton.dev/v1 # or tekton.dev/v1beta1 -kind: Task -metadata: - name: task-with-array-default -spec: - params: - - name: flags - type: array - default: - - "--set" - - "arg1=foo" - - "--randomflag" - - "--someotherflag" -``` - -#### Param enum -> :seedling: **`enum` is an [alpha](additional-configs.md#alpha-features) feature.** The `enable-param-enum` feature flag must be set to `"true"` to enable this feature. - -Parameter declarations can include `enum` which is a predefine set of valid values that can be accepted by the `Param`. If a `Param` has both `enum` and default value, the default value must be in the `enum` set. For example, the valid/allowed values for `Param` "message" is bounded to `v1`, `v2` and `v3`: - -``` yaml -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: param-enum-demo -spec: - params: - - name: message - type: string - enum: ["v1", "v2", "v3"] - default: "v1" - steps: - - name: build - image: bash:latest - script: | - echo "$(params.message)" -``` - -If the `Param` value passed in by `TaskRuns` is **NOT** in the predefined `enum` list, the `TaskRuns` will fail with reason `InvalidParamValue`. - -See usage in this [example](../examples/v1/taskruns/alpha/param-enum.yaml) - -### Specifying `Workspaces` +#### Specifying Workspaces [`Workspaces`](workspaces.md#using-workspaces-in-tasks) allow you to specify one or more volumes that your `Task` requires during execution. It is recommended that `Tasks` uses **at most** @@ -868,7 +764,7 @@ and the [`Workspaces` in a `TaskRun`](../examples/v1/taskruns/workspace.yaml) ex Workspaces can be propagated to embedded task specs, not referenced Tasks. For more information, see [Propagated Workspaces](taskruns.md#propagated-workspaces). -### Emitting `Results` +### Emitting Results A Task is able to emit string results that can be viewed by users and passed to other Tasks in a Pipeline. These results have a wide variety of potential uses. To highlight just a few examples from the Tekton Catalog: the @@ -1146,7 +1042,7 @@ leading to bad user experience. Refer to the detailed instructions listed in [additional config](additional-configs.md#enabling-larger-results-using-sidecar-logs) to learn how to enable this feature. -### Specifying `Volumes` +### Specifying Volumes Specifies one or more [`Volumes`](https://kubernetes.io/docs/concepts/storage/volumes/) that the `Steps` in your `Task` require to execute in addition to volumes that are implicitly created for input and output resources. @@ -1161,7 +1057,7 @@ For example, you can use `Volumes` to do the following: **Note:** Building a container image on-cluster using `docker build` is **very unsafe** and is mentioned only for the sake of the example. Use [kaniko](https://github.com/GoogleContainerTools/kaniko) instead. -### Specifying a `Step` template +### Specifying Step Template The `stepTemplate` field specifies a [`Container`](https://kubernetes.io/docs/concepts/containers/) configuration that will be used as the starting point for all of the `Steps` in your @@ -1207,7 +1103,7 @@ data: token: "cHJpdmF0ZQo=" ``` -### Specifying `Sidecars` +### Specifying Sidecars The `sidecars` field specifies a list of [`Containers`](https://kubernetes.io/docs/concepts/containers/) to run alongside the `Steps` in your `Task`. You can use `Sidecars` to provide auxiliary functionality, such as @@ -1272,15 +1168,11 @@ was executing before receiving a "stop" signal, the `Sidecar` keeps running, eventually causing the `TaskRun` to time out with an error. For more information, see [issue 1347](https://github.com/tektoncd/pipeline/issues/1347). -### Specifying a display name - -The `displayName` field is an optional field that allows you to add a user-facing name to the task that may be used to populate a UI. - -### Adding a description +### Adding Description The `description` field is an optional field that allows you to add an informative description to the `Task`. -### Using variable substitution +### Using Variable Substitution Tekton provides variables to inject values into the contents of certain fields. The values you can inject come from a range of sources including other fields @@ -1292,15 +1184,15 @@ performed by the Tekton Controller when a TaskRun is executed. `Tasks` allow you to substitute variable names for the following entities: -- [Parameters and resources](#substituting-parameters-and-resources) -- [`Array` parameters](#substituting-array-parameters) -- [`Workspaces`](#substituting-workspace-paths) -- [`Volume` names and types](#substituting-volume-names-and-paths) +- [Parameters and resources](#using-variable-substitution) +- [`Array` parameters](#using-variable-substitution) +- [`Workspaces`](#using-variable-substitution) +- [`Volume` names and types](#using-variable-substitution) See the [complete list of variable substitutions for Tasks](./variables.md#variables-available-in-a-task) and the [list of fields that accept substitutions](./variables.md#fields-that-accept-variable-substitutions). -#### Substituting parameters and resources +#### Using Variable Substitution [`params`](#specifying-parameters) and [`resources`](#specifying-resources) attributes can replace variable values as follows: @@ -1317,130 +1209,6 @@ variable values as follows: ``` - To access parameter values from resources, see [variable substitution](resources.md#variable-substitution) -#### Substituting `Array` parameters - -You can expand referenced parameters of type `array` using the star operator. To do so, add the operator (`[*]`) -to the named parameter to insert the array elements in the spot of the reference string. - -For example, given a `params` field with the contents listed below, you can expand -`command: ["first", "$(params.array-param[*])", "last"]` to `command: ["first", "some", "array", "elements", "last"]`: - -```yaml -params: - - name: array-param - value: - - "some" - - "array" - - "elements" -``` - -You **must** reference parameters of type `array` in a completely isolated string within a larger `string` array. -Referencing an `array` parameter in any other way will result in an error. For example, if `build-args` is a parameter of -type `array`, then the following example is an invalid `Step` because the string isn't isolated: - -```yaml -- name: build-step - image: gcr.io/cloud-builders/some-image - args: ["build", "additionalArg $(params.build-args[*])"] -``` - -Similarly, referencing `build-args` in a non-`array` field is also invalid: - -```yaml -- name: build-step - image: "$(params.build-args[*])" - args: ["build", "args"] -``` - -A valid reference to the `build-args` parameter is isolated and in an eligible field (`args`, in this case): - -```yaml -- name: build-step - image: gcr.io/cloud-builders/some-image - args: ["build", "$(params.build-args[*])", "additionalArg"] -``` - -`array` param when referenced in `args` section of the `step` can be utilized in the `script` as command line arguments: - -```yaml -- name: build-step - image: gcr.io/cloud-builders/some-image - args: ["$(params.flags[*])"] - script: | - #!/usr/bin/env bash - echo "The script received $# flags." - echo "The first command line argument is $1." -``` - -Indexing into an array to reference an individual array element is supported as an **alpha** feature (`enable-api-fields: alpha`). -Referencing an individual array element in `args`: - -```yaml -- name: build-step - image: gcr.io/cloud-builders/some-image - args: ["$(params.flags[0])"] -``` - -Referencing an individual array element in `script`: - -```yaml -- name: build-step - image: gcr.io/cloud-builders/some-image - script: | - #!/usr/bin/env bash - echo "$(params.flags[0])" -``` - -#### Substituting `Workspace` paths - -You can substitute paths to `Workspaces` specified within a `Task` as follows: - -```yaml -$(workspaces.myworkspace.path) -``` - -Since the `Volume` name is randomized and only set when the `Task` executes, you can also -substitute the volume name as follows: - -```yaml -$(workspaces.myworkspace.volume) -``` - -#### Substituting `Volume` names and types - -You can substitute `Volume` names and [types](https://kubernetes.io/docs/concepts/storage/volumes/#types-of-volumes) -by parameterizing them. Tekton supports popular `Volume` types such as `ConfigMap`, `Secret`, and `PersistentVolumeClaim`. -See this [example](#mounting-a-configmap-as-a-volume-source) to find out how to perform this type of substitution -in your `Task.` - -#### Substituting in `Script` blocks - -Variables can contain any string, including snippets of script that can -be injected into a Task's `Script` field. If you are using Tekton's variables -in your Task's `Script` field be aware that the strings you're interpolating -could include executable instructions. - -Preventing a substituted variable from executing as code depends on the container -image, language or shell that your Task uses. Here's an example of interpolating -a Tekton variable into a `bash` `Script` block that prevents the variable's string -contents from being executed: - -```yaml -# Task.yaml -spec: - steps: - - image: an-image-that-runs-bash - env: - - name: SCRIPT_CONTENTS - value: $(params.script) - script: | - printf '%s' "${SCRIPT_CONTENTS}" > input-script -``` - -This works by injecting Tekton's variable as an environment variable into the Step's -container. The `printf` program is then used to write the environment variable's -content to a file. - ## Code examples Study the following code examples to better understand how to configure your `Tasks`: diff --git a/examples/v1beta1/pipelineruns/clustertask-pipelinerun.yaml b/examples/v1beta1/pipelineruns/clustertask-pipelinerun.yaml deleted file mode 100644 index 458043ca5dd..00000000000 --- a/examples/v1beta1/pipelineruns/clustertask-pipelinerun.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Note: ClusterTasks are deprecated. Please use the cluster resolver instead. -# https://github.com/tektoncd/pipeline/blob/main/docs/cluster-resolver.md -apiVersion: tekton.dev/v1beta1 -kind: ClusterTask -metadata: - name: cluster-task-pipeline-4 -spec: - steps: - - name: task-two-step-one - image: mirror.gcr.io/ubuntu - command: ["/bin/bash"] - args: ['-c', 'echo success'] ---- -apiVersion: tekton.dev/v1beta1 -kind: Pipeline -metadata: - name: sample-pipeline-cluster-task-4 -spec: - tasks: - - name: cluster-task-pipeline-4 - taskRef: - name: cluster-task-pipeline-4 - kind: ClusterTask ---- -apiVersion: tekton.dev/v1beta1 -kind: PipelineRun -metadata: - name: demo-pipeline-run-4 -spec: - pipelineRef: - name: sample-pipeline-cluster-task-4 - serviceAccountName: 'default' diff --git a/examples/v1beta1/taskruns/clustertask.yaml b/examples/v1beta1/taskruns/clustertask.yaml deleted file mode 100644 index 1dd8b6b8696..00000000000 --- a/examples/v1beta1/taskruns/clustertask.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Note: ClusterTasks are deprecated. Please use the cluster resolver instead. -# https://github.com/tektoncd/pipeline/blob/main/docs/cluster-resolver.md -apiVersion: tekton.dev/v1beta1 -kind: ClusterTask -metadata: - name: clustertask-v1beta1 -spec: - steps: - - image: mirror.gcr.io/ubuntu - script: echo hello ---- -apiVersion: tekton.dev/v1beta1 -kind: TaskRun -metadata: - generateName: clustertask- -spec: - taskRef: - name: clustertask-v1beta1 - kind: ClusterTask diff --git a/examples/v1beta1/taskruns/image-params.yaml b/examples/v1beta1/taskruns/image-params.yaml deleted file mode 100644 index ec1f4f85be0..00000000000 --- a/examples/v1beta1/taskruns/image-params.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: ClusterTask -metadata: - name: image-params -spec: - params: - - name: image - type: string - default: ubuntu - - name: imagePullPolicy - type: string - default: IfNotPresent - steps: - - image: $(params.image) - imagePullPolicy: $(params.imagePullPolicy) - script: echo hello ---- -apiVersion: tekton.dev/v1beta1 -kind: TaskRun -metadata: - generateName: image-params- -spec: - taskRef: - name: image-params - kind: ClusterTask diff --git a/examples/v1beta1/taskruns/no-ci/.keep b/examples/v1beta1/taskruns/no-ci/.keep deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/pkg/apis/pipeline/controller.go b/pkg/apis/pipeline/controller.go index 5f155007093..a5b2580c30b 100644 --- a/pkg/apis/pipeline/controller.go +++ b/pkg/apis/pipeline/controller.go @@ -29,9 +29,6 @@ const ( // TaskControllerName holds the name of the Task controller TaskControllerName = "Task" - // ClusterTaskControllerName holds the name of the Task controller - ClusterTaskControllerName = "ClusterTask" - // RunControllerName holds the name of the Custom Task controller RunControllerName = "Run" diff --git a/pkg/apis/pipeline/register.go b/pkg/apis/pipeline/register.go index 9971a9b79d6..40662f31882 100644 --- a/pkg/apis/pipeline/register.go +++ b/pkg/apis/pipeline/register.go @@ -22,9 +22,6 @@ const ( // GroupName is the Kubernetes resource group name for Pipeline types. GroupName = "tekton.dev" - // ClusterTaskLabelKey is used as the label identifier for a ClusterTask - ClusterTaskLabelKey = GroupName + "/clusterTask" - // StepActionLabelKey is used as the label identifier for a StepAction StepActionLabelKey = GroupName + "/stepAction" @@ -71,11 +68,6 @@ var ( Group: GroupName, Resource: "tasks", } - // ClusterTaskResource represents a Tekton ClusterTask - ClusterTaskResource = schema.GroupResource{ - Group: GroupName, - Resource: "clustertasks", - } // TaskRunResource represents a Tekton TaskRun TaskRunResource = schema.GroupResource{ Group: GroupName, diff --git a/pkg/apis/pipeline/v1/pipeline_validation.go b/pkg/apis/pipeline/v1/pipeline_validation.go index c17293a02b9..718252a0aea 100644 --- a/pkg/apis/pipeline/v1/pipeline_validation.go +++ b/pkg/apis/pipeline/v1/pipeline_validation.go @@ -188,7 +188,6 @@ func (pt PipelineTask) Validate(ctx context.Context) (errs *apis.FieldError) { taskKinds := map[TaskKind]bool{ "": true, NamespacedTaskKind: true, - ClusterTaskRefKind: true, } if pt.OnError != "" { diff --git a/pkg/apis/pipeline/v1/pipeline_validation_test.go b/pkg/apis/pipeline/v1/pipeline_validation_test.go index 2dd9b22d55b..78efda9fa88 100644 --- a/pkg/apis/pipeline/v1/pipeline_validation_test.go +++ b/pkg/apis/pipeline/v1/pipeline_validation_test.go @@ -80,14 +80,6 @@ func TestPipeline_Validate_Success(t *testing.T) { Tasks: []PipelineTask{{Name: "foo", TaskRef: &TaskRef{Name: "bar", Kind: NamespacedTaskKind}}}, }, }, - }, { - name: "valid reference to clusterTask", - p: &Pipeline{ - ObjectMeta: metav1.ObjectMeta{Name: "pipeline"}, - Spec: PipelineSpec{ - Tasks: []PipelineTask{{Name: "foo", TaskRef: &TaskRef{Name: "bar", Kind: ClusterTaskRefKind}}}, - }, - }, }, { name: "valid task with pipelineRef", wc: cfgtesting.EnableAlphaAPIFields, diff --git a/pkg/apis/pipeline/v1/taskref_types.go b/pkg/apis/pipeline/v1/taskref_types.go index f7558333cfc..2bb395dac27 100644 --- a/pkg/apis/pipeline/v1/taskref_types.go +++ b/pkg/apis/pipeline/v1/taskref_types.go @@ -42,9 +42,6 @@ type TaskKind string const ( // NamespacedTaskKind indicates that the task type has a namespaced scope. NamespacedTaskKind TaskKind = "Task" - // ClusterTaskRefKind is the task type for a reference to a task with cluster scope. - // ClusterTasks are not supported in v1, but v1 types may reference ClusterTasks. - ClusterTaskRefKind TaskKind = "ClusterTask" ) // IsCustomTask checks whether the reference is to a Custom Task diff --git a/pkg/apis/pipeline/v1beta1/cluster_task_conversion.go b/pkg/apis/pipeline/v1beta1/cluster_task_conversion.go deleted file mode 100644 index e7bac12b36d..00000000000 --- a/pkg/apis/pipeline/v1beta1/cluster_task_conversion.go +++ /dev/null @@ -1,42 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "context" - "fmt" - - "knative.dev/pkg/apis" -) - -var _ apis.Convertible = (*ClusterTask)(nil) - -// ConvertTo implements apis.Convertible -func (ct *ClusterTask) ConvertTo(ctx context.Context, sink apis.Convertible) error { - if apis.IsInDelete(ctx) { - return nil - } - return fmt.Errorf("v1beta1 is the highest known version, got: %T", sink) -} - -// ConvertFrom implements apis.Convertible -func (ct *ClusterTask) ConvertFrom(ctx context.Context, source apis.Convertible) error { - if apis.IsInDelete(ctx) { - return nil - } - return fmt.Errorf("v1beta1 is the highest known version, got: %T", source) -} diff --git a/pkg/apis/pipeline/v1beta1/cluster_task_conversion_test.go b/pkg/apis/pipeline/v1beta1/cluster_task_conversion_test.go deleted file mode 100644 index 8dce05a0e3f..00000000000 --- a/pkg/apis/pipeline/v1beta1/cluster_task_conversion_test.go +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2020 The Tetkon Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1_test - -import ( - "context" - "testing" - - v1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" -) - -func TestClusterTaskConversionBadType(t *testing.T) { - good, bad := &v1beta1.ClusterTask{}, &v1beta1.Pipeline{} - - if err := good.ConvertTo(context.Background(), bad); err == nil { - t.Errorf("ConvertTo() = %#v, wanted error", bad) - } - - if err := good.ConvertFrom(context.Background(), bad); err == nil { - t.Errorf("ConvertFrom() = %#v, wanted error", good) - } -} diff --git a/pkg/apis/pipeline/v1beta1/cluster_task_defaults.go b/pkg/apis/pipeline/v1beta1/cluster_task_defaults.go deleted file mode 100644 index fda6d76eadc..00000000000 --- a/pkg/apis/pipeline/v1beta1/cluster_task_defaults.go +++ /dev/null @@ -1,30 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "context" - - "knative.dev/pkg/apis" -) - -var _ apis.Defaultable = (*ClusterTask)(nil) - -// SetDefaults sets the default values for the ClusterTask's Spec. -func (t *ClusterTask) SetDefaults(ctx context.Context) { - t.Spec.SetDefaults(ctx) -} diff --git a/pkg/apis/pipeline/v1beta1/cluster_task_types.go b/pkg/apis/pipeline/v1beta1/cluster_task_types.go deleted file mode 100644 index aaaf03b9cf7..00000000000 --- a/pkg/apis/pipeline/v1beta1/cluster_task_types.go +++ /dev/null @@ -1,77 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "github.com/tektoncd/pipeline/pkg/apis/pipeline" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - "knative.dev/pkg/kmeta" -) - -// +genclient -// +genclient:noStatus -// +genclient:nonNamespaced -// +genreconciler:krshapedlogic=false -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterTask is a Task with a cluster scope. ClusterTasks are used to -// represent Tasks that should be publicly addressable from any namespace in the -// cluster. -// -// Deprecated: Please use the cluster resolver instead. -type ClusterTask struct { - metav1.TypeMeta `json:",inline"` - // +optional - metav1.ObjectMeta `json:"metadata,omitempty"` - - // Spec holds the desired state of the Task from the client - // +optional - Spec TaskSpec `json:"spec,omitempty"` -} - -var _ kmeta.OwnerRefable = (*ClusterTask)(nil) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object - -// ClusterTaskList contains a list of ClusterTask -type ClusterTaskList struct { - metav1.TypeMeta `json:",inline"` - // +optional - metav1.ListMeta `json:"metadata,omitempty"` - Items []ClusterTask `json:"items"` -} - -// TaskSpec returns the ClusterTask's Spec -func (t *ClusterTask) TaskSpec() TaskSpec { - return t.Spec -} - -// TaskMetadata returns the ObjectMeta for the ClusterTask -func (t *ClusterTask) TaskMetadata() metav1.ObjectMeta { - return t.ObjectMeta -} - -// Copy returns a DeepCopy of the ClusterTask -func (t *ClusterTask) Copy() TaskObject { - return t.DeepCopy() -} - -// GetGroupVersionKind implements kmeta.OwnerRefable. -func (*ClusterTask) GetGroupVersionKind() schema.GroupVersionKind { - return SchemeGroupVersion.WithKind(pipeline.ClusterTaskControllerName) -} diff --git a/pkg/apis/pipeline/v1beta1/cluster_task_validation.go b/pkg/apis/pipeline/v1beta1/cluster_task_validation.go deleted file mode 100644 index 5dfa6278c48..00000000000 --- a/pkg/apis/pipeline/v1beta1/cluster_task_validation.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - "context" - - "github.com/tektoncd/pipeline/pkg/apis/validate" - "knative.dev/pkg/apis" -) - -var _ apis.Validatable = (*ClusterTask)(nil) - -// Validate performs validation of the metadata and spec of this ClusterTask. -func (t *ClusterTask) Validate(ctx context.Context) *apis.FieldError { - if apis.IsInDelete(ctx) { - return nil - } - errs := validate.ObjectMetadata(t.GetObjectMeta()).ViaField("metadata") - errs = errs.Also(t.Spec.Validate(apis.WithinSpec(ctx)).ViaField("spec")) - // We do not support propagated parameters in ClusterTasks. - // Validate that all params the ClusterTask uses are declared. - return errs.Also(ValidateUsageOfDeclaredParameters(ctx, t.Spec.Steps, t.Spec.Params)) -} diff --git a/pkg/apis/pipeline/v1beta1/openapi_generated.go b/pkg/apis/pipeline/v1beta1/openapi_generated.go index ca73211c326..7983ec0adf9 100644 --- a/pkg/apis/pipeline/v1beta1/openapi_generated.go +++ b/pkg/apis/pipeline/v1beta1/openapi_generated.go @@ -36,8 +36,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ChildStatusReference": schema_pkg_apis_pipeline_v1beta1_ChildStatusReference(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.CloudEventDelivery": schema_pkg_apis_pipeline_v1beta1_CloudEventDelivery(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.CloudEventDeliveryState": schema_pkg_apis_pipeline_v1beta1_CloudEventDeliveryState(ref), - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ClusterTask": schema_pkg_apis_pipeline_v1beta1_ClusterTask(ref), - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ClusterTaskList": schema_pkg_apis_pipeline_v1beta1_ClusterTaskList(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ConfigSource": schema_pkg_apis_pipeline_v1beta1_ConfigSource(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.CustomRun": schema_pkg_apis_pipeline_v1beta1_CustomRun(ref), "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.CustomRunList": schema_pkg_apis_pipeline_v1beta1_CustomRunList(ref), @@ -683,97 +681,6 @@ func schema_pkg_apis_pipeline_v1beta1_CloudEventDeliveryState(ref common.Referen } } -func schema_pkg_apis_pipeline_v1beta1_ClusterTask(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ClusterTask is a Task with a cluster scope. ClusterTasks are used to represent Tasks that should be publicly addressable from any namespace in the cluster.\n\nDeprecated: Please use the cluster resolver instead.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Description: "Spec holds the desired state of the Task from the client", - Default: map[string]interface{}{}, - Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskSpec"), - }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.TaskSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, - } -} - -func schema_pkg_apis_pipeline_v1beta1_ClusterTaskList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ClusterTaskList contains a list of ClusterTask", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), - }, - }, - "items": { - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ClusterTask"), - }, - }, - }, - }, - }, - }, - Required: []string{"items"}, - }, - }, - Dependencies: []string{ - "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1.ClusterTask", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, - } -} - func schema_pkg_apis_pipeline_v1beta1_ConfigSource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -4910,7 +4817,7 @@ func schema_pkg_apis_pipeline_v1beta1_TaskRef(ref common.ReferenceCallback) comm }, "kind": { SchemaProps: spec.SchemaProps{ - Description: "TaskKind indicates the Kind of the Task: 1. Namespaced Task when Kind is set to \"Task\". If Kind is \"\", it defaults to \"Task\". 2. Cluster-Scoped Task when Kind is set to \"ClusterTask\" 3. Custom Task when Kind is non-empty and APIVersion is non-empty", + Description: "TaskKind indicates the Kind of the Task: 1. Namespaced Task when Kind is set to \"Task\". If Kind is \"\", it defaults to \"Task\". 2. Custom Task when Kind is non-empty and APIVersion is non-empty", Type: []string{"string"}, Format: "", }, diff --git a/pkg/apis/pipeline/v1beta1/pipeline_validation.go b/pkg/apis/pipeline/v1beta1/pipeline_validation.go index 8f8d6a1f002..b8345db6b22 100644 --- a/pkg/apis/pipeline/v1beta1/pipeline_validation.go +++ b/pkg/apis/pipeline/v1beta1/pipeline_validation.go @@ -193,7 +193,6 @@ func (pt PipelineTask) Validate(ctx context.Context) (errs *apis.FieldError) { taskKinds := map[TaskKind]bool{ "": true, NamespacedTaskKind: true, - ClusterTaskKind: true, } if pt.OnError != "" { diff --git a/pkg/apis/pipeline/v1beta1/pipeline_validation_test.go b/pkg/apis/pipeline/v1beta1/pipeline_validation_test.go index 234f7832676..94ffd31fac9 100644 --- a/pkg/apis/pipeline/v1beta1/pipeline_validation_test.go +++ b/pkg/apis/pipeline/v1beta1/pipeline_validation_test.go @@ -80,14 +80,6 @@ func TestPipeline_Validate_Success(t *testing.T) { Tasks: []PipelineTask{{Name: "foo", TaskRef: &TaskRef{Name: "bar", Kind: NamespacedTaskKind}}}, }, }, - }, { - name: "valid Cluster Task without apiversion", - p: &Pipeline{ - ObjectMeta: metav1.ObjectMeta{Name: "pipeline"}, - Spec: PipelineSpec{ - Tasks: []PipelineTask{{Name: "foo", TaskRef: &TaskRef{Name: "task", Kind: ClusterTaskKind}}}, - }, - }, }, { name: "valid task with pipelineRef", wc: cfgtesting.EnableAlphaAPIFields, diff --git a/pkg/apis/pipeline/v1beta1/register.go b/pkg/apis/pipeline/v1beta1/register.go index c33fa8a848b..e5164996a71 100644 --- a/pkg/apis/pipeline/v1beta1/register.go +++ b/pkg/apis/pipeline/v1beta1/register.go @@ -50,8 +50,6 @@ func addKnownTypes(scheme *runtime.Scheme) error { &TaskList{}, &Pipeline{}, &PipelineList{}, - &ClusterTask{}, - &ClusterTaskList{}, &TaskRun{}, &TaskRunList{}, &PipelineRun{}, diff --git a/pkg/apis/pipeline/v1beta1/swagger.json b/pkg/apis/pipeline/v1beta1/swagger.json index fa9d95899c8..5fd6da7f636 100644 --- a/pkg/apis/pipeline/v1beta1/swagger.json +++ b/pkg/apis/pipeline/v1beta1/swagger.json @@ -294,57 +294,6 @@ } } }, - "v1beta1.ClusterTask": { - "description": "ClusterTask is a Task with a cluster scope. ClusterTasks are used to represent Tasks that should be publicly addressable from any namespace in the cluster.\n\nDeprecated: Please use the cluster resolver instead.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "default": {}, - "$ref": "#/definitions/v1.ObjectMeta" - }, - "spec": { - "description": "Spec holds the desired state of the Task from the client", - "default": {}, - "$ref": "#/definitions/v1beta1.TaskSpec" - } - } - }, - "v1beta1.ClusterTaskList": { - "description": "ClusterTaskList contains a list of ClusterTask", - "type": "object", - "required": [ - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/v1beta1.ClusterTask" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "default": {}, - "$ref": "#/definitions/v1.ListMeta" - } - } - }, "v1beta1.ConfigSource": { "description": "ConfigSource contains the information that can uniquely identify where a remote built definition came from i.e. Git repositories, Tekton Bundles in OCI registry and hub.", "type": "object", @@ -2702,7 +2651,7 @@ "type": "string" }, "kind": { - "description": "TaskKind indicates the Kind of the Task: 1. Namespaced Task when Kind is set to \"Task\". If Kind is \"\", it defaults to \"Task\". 2. Cluster-Scoped Task when Kind is set to \"ClusterTask\" 3. Custom Task when Kind is non-empty and APIVersion is non-empty", + "description": "TaskKind indicates the Kind of the Task: 1. Namespaced Task when Kind is set to \"Task\". If Kind is \"\", it defaults to \"Task\". 2. Custom Task when Kind is non-empty and APIVersion is non-empty", "type": "string" }, "name": { diff --git a/pkg/apis/pipeline/v1beta1/task_interface.go b/pkg/apis/pipeline/v1beta1/task_interface.go index ac018081be0..91acc8327c5 100644 --- a/pkg/apis/pipeline/v1beta1/task_interface.go +++ b/pkg/apis/pipeline/v1beta1/task_interface.go @@ -21,7 +21,7 @@ import ( "knative.dev/pkg/apis" ) -// TaskObject is implemented by Task and ClusterTask +// TaskObject is implemented by Task type TaskObject interface { apis.Defaultable TaskMetadata() metav1.ObjectMeta diff --git a/pkg/apis/pipeline/v1beta1/taskref_types.go b/pkg/apis/pipeline/v1beta1/taskref_types.go index 9781a4a2133..b3bb2c9f1e4 100644 --- a/pkg/apis/pipeline/v1beta1/taskref_types.go +++ b/pkg/apis/pipeline/v1beta1/taskref_types.go @@ -22,8 +22,7 @@ type TaskRef struct { Name string `json:"name,omitempty"` // TaskKind indicates the Kind of the Task: // 1. Namespaced Task when Kind is set to "Task". If Kind is "", it defaults to "Task". - // 2. Cluster-Scoped Task when Kind is set to "ClusterTask" - // 3. Custom Task when Kind is non-empty and APIVersion is non-empty + // 2. Custom Task when Kind is non-empty and APIVersion is non-empty Kind TaskKind `json:"kind,omitempty"` // API version of the referent // Note: A Task with non-empty APIVersion and Kind is considered a Custom Task @@ -51,8 +50,6 @@ type TaskKind string const ( // NamespacedTaskKind indicates that the task type has a namespaced scope. NamespacedTaskKind TaskKind = "Task" - // ClusterTaskKind indicates that task type has a cluster scope. - ClusterTaskKind TaskKind = "ClusterTask" ) // IsCustomTask checks whether the reference is to a Custom Task diff --git a/pkg/apis/pipeline/v1beta1/taskrun_defaults_test.go b/pkg/apis/pipeline/v1beta1/taskrun_defaults_test.go index f0801824d85..0ee24d91f2d 100644 --- a/pkg/apis/pipeline/v1beta1/taskrun_defaults_test.go +++ b/pkg/apis/pipeline/v1beta1/taskrun_defaults_test.go @@ -64,16 +64,6 @@ func TestTaskRunSpec_SetDefaults(t *testing.T) { ServiceAccountName: config.DefaultServiceAccountValue, Timeout: &metav1.Duration{Duration: 500 * time.Millisecond}, }, - }, { - desc: "timeout is nil", - trs: &v1beta1.TaskRunSpec{ - TaskRef: &v1beta1.TaskRef{Kind: v1beta1.ClusterTaskKind}, - }, - want: &v1beta1.TaskRunSpec{ - TaskRef: &v1beta1.TaskRef{Kind: v1beta1.ClusterTaskKind}, - ServiceAccountName: config.DefaultServiceAccountValue, - Timeout: &metav1.Duration{Duration: config.DefaultTimeoutMinutes * time.Minute}, - }, }, { desc: "pod template is nil", trs: &v1beta1.TaskRunSpec{}, diff --git a/pkg/apis/pipeline/v1beta1/types_test.go b/pkg/apis/pipeline/v1beta1/types_test.go index 546b8fce5db..6304c03a798 100644 --- a/pkg/apis/pipeline/v1beta1/types_test.go +++ b/pkg/apis/pipeline/v1beta1/types_test.go @@ -25,7 +25,6 @@ import ( func TestTypes(t *testing.T) { // Assert that types satisfy webhook interface. - // var _ resourcesemantics.GenericCRD = (*v1beta1.ClusterTask)(nil) var _ resourcesemantics.GenericCRD = (*v1beta1.TaskRun)(nil) var _ resourcesemantics.GenericCRD = (*v1beta1.Task)(nil) var _ resourcesemantics.GenericCRD = (*v1beta1.Pipeline)(nil) diff --git a/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go b/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go index 8c2afe35a6f..837040d7846 100644 --- a/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go +++ b/pkg/apis/pipeline/v1beta1/zz_generated.deepcopy.go @@ -170,66 +170,6 @@ func (in *CloudEventDeliveryState) DeepCopy() *CloudEventDeliveryState { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterTask) DeepCopyInto(out *ClusterTask) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterTask. -func (in *ClusterTask) DeepCopy() *ClusterTask { - if in == nil { - return nil - } - out := new(ClusterTask) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterTask) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterTaskList) DeepCopyInto(out *ClusterTaskList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]ClusterTask, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterTaskList. -func (in *ClusterTaskList) DeepCopy() *ClusterTaskList { - if in == nil { - return nil - } - out := new(ClusterTaskList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *ClusterTaskList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in Combination) DeepCopyInto(out *Combination) { { diff --git a/pkg/client/clientset/versioned/typed/pipeline/v1beta1/clustertask.go b/pkg/client/clientset/versioned/typed/pipeline/v1beta1/clustertask.go deleted file mode 100644 index 7fe66809358..00000000000 --- a/pkg/client/clientset/versioned/typed/pipeline/v1beta1/clustertask.go +++ /dev/null @@ -1,67 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - - v1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" - scheme "github.com/tektoncd/pipeline/pkg/client/clientset/versioned/scheme" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - gentype "k8s.io/client-go/gentype" -) - -// ClusterTasksGetter has a method to return a ClusterTaskInterface. -// A group's client should implement this interface. -type ClusterTasksGetter interface { - ClusterTasks() ClusterTaskInterface -} - -// ClusterTaskInterface has methods to work with ClusterTask resources. -type ClusterTaskInterface interface { - Create(ctx context.Context, clusterTask *v1beta1.ClusterTask, opts v1.CreateOptions) (*v1beta1.ClusterTask, error) - Update(ctx context.Context, clusterTask *v1beta1.ClusterTask, opts v1.UpdateOptions) (*v1beta1.ClusterTask, error) - Delete(ctx context.Context, name string, opts v1.DeleteOptions) error - DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error - Get(ctx context.Context, name string, opts v1.GetOptions) (*v1beta1.ClusterTask, error) - List(ctx context.Context, opts v1.ListOptions) (*v1beta1.ClusterTaskList, error) - Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) - Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ClusterTask, err error) - ClusterTaskExpansion -} - -// clusterTasks implements ClusterTaskInterface -type clusterTasks struct { - *gentype.ClientWithList[*v1beta1.ClusterTask, *v1beta1.ClusterTaskList] -} - -// newClusterTasks returns a ClusterTasks -func newClusterTasks(c *TektonV1beta1Client) *clusterTasks { - return &clusterTasks{ - gentype.NewClientWithList[*v1beta1.ClusterTask, *v1beta1.ClusterTaskList]( - "clustertasks", - c.RESTClient(), - scheme.ParameterCodec, - "", - func() *v1beta1.ClusterTask { return &v1beta1.ClusterTask{} }, - func() *v1beta1.ClusterTaskList { return &v1beta1.ClusterTaskList{} }), - } -} diff --git a/pkg/client/clientset/versioned/typed/pipeline/v1beta1/fake/fake_clustertask.go b/pkg/client/clientset/versioned/typed/pipeline/v1beta1/fake/fake_clustertask.go deleted file mode 100644 index 2fcf6a04080..00000000000 --- a/pkg/client/clientset/versioned/typed/pipeline/v1beta1/fake/fake_clustertask.go +++ /dev/null @@ -1,126 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by client-gen. DO NOT EDIT. - -package fake - -import ( - "context" - - v1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - testing "k8s.io/client-go/testing" -) - -// FakeClusterTasks implements ClusterTaskInterface -type FakeClusterTasks struct { - Fake *FakeTektonV1beta1 -} - -var clustertasksResource = v1beta1.SchemeGroupVersion.WithResource("clustertasks") - -var clustertasksKind = v1beta1.SchemeGroupVersion.WithKind("ClusterTask") - -// Get takes name of the clusterTask, and returns the corresponding clusterTask object, and an error if there is any. -func (c *FakeClusterTasks) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1beta1.ClusterTask, err error) { - emptyResult := &v1beta1.ClusterTask{} - obj, err := c.Fake. - Invokes(testing.NewRootGetActionWithOptions(clustertasksResource, name, options), emptyResult) - if obj == nil { - return emptyResult, err - } - return obj.(*v1beta1.ClusterTask), err -} - -// List takes label and field selectors, and returns the list of ClusterTasks that match those selectors. -func (c *FakeClusterTasks) List(ctx context.Context, opts v1.ListOptions) (result *v1beta1.ClusterTaskList, err error) { - emptyResult := &v1beta1.ClusterTaskList{} - obj, err := c.Fake. - Invokes(testing.NewRootListActionWithOptions(clustertasksResource, clustertasksKind, opts), emptyResult) - if obj == nil { - return emptyResult, err - } - - label, _, _ := testing.ExtractFromListOptions(opts) - if label == nil { - label = labels.Everything() - } - list := &v1beta1.ClusterTaskList{ListMeta: obj.(*v1beta1.ClusterTaskList).ListMeta} - for _, item := range obj.(*v1beta1.ClusterTaskList).Items { - if label.Matches(labels.Set(item.Labels)) { - list.Items = append(list.Items, item) - } - } - return list, err -} - -// Watch returns a watch.Interface that watches the requested clusterTasks. -func (c *FakeClusterTasks) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { - return c.Fake. - InvokesWatch(testing.NewRootWatchActionWithOptions(clustertasksResource, opts)) -} - -// Create takes the representation of a clusterTask and creates it. Returns the server's representation of the clusterTask, and an error, if there is any. -func (c *FakeClusterTasks) Create(ctx context.Context, clusterTask *v1beta1.ClusterTask, opts v1.CreateOptions) (result *v1beta1.ClusterTask, err error) { - emptyResult := &v1beta1.ClusterTask{} - obj, err := c.Fake. - Invokes(testing.NewRootCreateActionWithOptions(clustertasksResource, clusterTask, opts), emptyResult) - if obj == nil { - return emptyResult, err - } - return obj.(*v1beta1.ClusterTask), err -} - -// Update takes the representation of a clusterTask and updates it. Returns the server's representation of the clusterTask, and an error, if there is any. -func (c *FakeClusterTasks) Update(ctx context.Context, clusterTask *v1beta1.ClusterTask, opts v1.UpdateOptions) (result *v1beta1.ClusterTask, err error) { - emptyResult := &v1beta1.ClusterTask{} - obj, err := c.Fake. - Invokes(testing.NewRootUpdateActionWithOptions(clustertasksResource, clusterTask, opts), emptyResult) - if obj == nil { - return emptyResult, err - } - return obj.(*v1beta1.ClusterTask), err -} - -// Delete takes name of the clusterTask and deletes it. Returns an error if one occurs. -func (c *FakeClusterTasks) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { - _, err := c.Fake. - Invokes(testing.NewRootDeleteActionWithOptions(clustertasksResource, name, opts), &v1beta1.ClusterTask{}) - return err -} - -// DeleteCollection deletes a collection of objects. -func (c *FakeClusterTasks) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { - action := testing.NewRootDeleteCollectionActionWithOptions(clustertasksResource, opts, listOpts) - - _, err := c.Fake.Invokes(action, &v1beta1.ClusterTaskList{}) - return err -} - -// Patch applies the patch and returns the patched clusterTask. -func (c *FakeClusterTasks) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1beta1.ClusterTask, err error) { - emptyResult := &v1beta1.ClusterTask{} - obj, err := c.Fake. - Invokes(testing.NewRootPatchSubresourceActionWithOptions(clustertasksResource, name, pt, data, opts, subresources...), emptyResult) - if obj == nil { - return emptyResult, err - } - return obj.(*v1beta1.ClusterTask), err -} diff --git a/pkg/client/clientset/versioned/typed/pipeline/v1beta1/fake/fake_pipeline_client.go b/pkg/client/clientset/versioned/typed/pipeline/v1beta1/fake/fake_pipeline_client.go index 326e2fbb252..b4bc7d28b24 100644 --- a/pkg/client/clientset/versioned/typed/pipeline/v1beta1/fake/fake_pipeline_client.go +++ b/pkg/client/clientset/versioned/typed/pipeline/v1beta1/fake/fake_pipeline_client.go @@ -28,10 +28,6 @@ type FakeTektonV1beta1 struct { *testing.Fake } -func (c *FakeTektonV1beta1) ClusterTasks() v1beta1.ClusterTaskInterface { - return &FakeClusterTasks{c} -} - func (c *FakeTektonV1beta1) CustomRuns(namespace string) v1beta1.CustomRunInterface { return &FakeCustomRuns{c, namespace} } diff --git a/pkg/client/clientset/versioned/typed/pipeline/v1beta1/generated_expansion.go b/pkg/client/clientset/versioned/typed/pipeline/v1beta1/generated_expansion.go index 87f277c5c7a..14e3f6b8f28 100644 --- a/pkg/client/clientset/versioned/typed/pipeline/v1beta1/generated_expansion.go +++ b/pkg/client/clientset/versioned/typed/pipeline/v1beta1/generated_expansion.go @@ -18,8 +18,6 @@ limitations under the License. package v1beta1 -type ClusterTaskExpansion interface{} - type CustomRunExpansion interface{} type PipelineExpansion interface{} diff --git a/pkg/client/clientset/versioned/typed/pipeline/v1beta1/pipeline_client.go b/pkg/client/clientset/versioned/typed/pipeline/v1beta1/pipeline_client.go index fcd65e7ce35..cf722037731 100644 --- a/pkg/client/clientset/versioned/typed/pipeline/v1beta1/pipeline_client.go +++ b/pkg/client/clientset/versioned/typed/pipeline/v1beta1/pipeline_client.go @@ -28,7 +28,6 @@ import ( type TektonV1beta1Interface interface { RESTClient() rest.Interface - ClusterTasksGetter CustomRunsGetter PipelinesGetter PipelineRunsGetter @@ -42,10 +41,6 @@ type TektonV1beta1Client struct { restClient rest.Interface } -func (c *TektonV1beta1Client) ClusterTasks() ClusterTaskInterface { - return newClusterTasks(c) -} - func (c *TektonV1beta1Client) CustomRuns(namespace string) CustomRunInterface { return newCustomRuns(c, namespace) } diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go index fe44a25ab11..c5327619948 100644 --- a/pkg/client/informers/externalversions/generic.go +++ b/pkg/client/informers/externalversions/generic.go @@ -73,8 +73,6 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Tekton().V1alpha1().VerificationPolicies().Informer()}, nil // Group=tekton.dev, Version=v1beta1 - case v1beta1.SchemeGroupVersion.WithResource("clustertasks"): - return &genericInformer{resource: resource.GroupResource(), informer: f.Tekton().V1beta1().ClusterTasks().Informer()}, nil case v1beta1.SchemeGroupVersion.WithResource("customruns"): return &genericInformer{resource: resource.GroupResource(), informer: f.Tekton().V1beta1().CustomRuns().Informer()}, nil case v1beta1.SchemeGroupVersion.WithResource("pipelines"): diff --git a/pkg/client/informers/externalversions/pipeline/v1beta1/clustertask.go b/pkg/client/informers/externalversions/pipeline/v1beta1/clustertask.go deleted file mode 100644 index 8c006c47df6..00000000000 --- a/pkg/client/informers/externalversions/pipeline/v1beta1/clustertask.go +++ /dev/null @@ -1,89 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by informer-gen. DO NOT EDIT. - -package v1beta1 - -import ( - "context" - time "time" - - pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" - versioned "github.com/tektoncd/pipeline/pkg/client/clientset/versioned" - internalinterfaces "github.com/tektoncd/pipeline/pkg/client/informers/externalversions/internalinterfaces" - v1beta1 "github.com/tektoncd/pipeline/pkg/client/listers/pipeline/v1beta1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" - watch "k8s.io/apimachinery/pkg/watch" - cache "k8s.io/client-go/tools/cache" -) - -// ClusterTaskInformer provides access to a shared informer and lister for -// ClusterTasks. -type ClusterTaskInformer interface { - Informer() cache.SharedIndexInformer - Lister() v1beta1.ClusterTaskLister -} - -type clusterTaskInformer struct { - factory internalinterfaces.SharedInformerFactory - tweakListOptions internalinterfaces.TweakListOptionsFunc -} - -// NewClusterTaskInformer constructs a new informer for ClusterTask type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewClusterTaskInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { - return NewFilteredClusterTaskInformer(client, resyncPeriod, indexers, nil) -} - -// NewFilteredClusterTaskInformer constructs a new informer for ClusterTask type. -// Always prefer using an informer factory to get a shared informer instead of getting an independent -// one. This reduces memory footprint and number of connections to the server. -func NewFilteredClusterTaskInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { - return cache.NewSharedIndexInformer( - &cache.ListWatch{ - ListFunc: func(options v1.ListOptions) (runtime.Object, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.TektonV1beta1().ClusterTasks().List(context.TODO(), options) - }, - WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { - if tweakListOptions != nil { - tweakListOptions(&options) - } - return client.TektonV1beta1().ClusterTasks().Watch(context.TODO(), options) - }, - }, - &pipelinev1beta1.ClusterTask{}, - resyncPeriod, - indexers, - ) -} - -func (f *clusterTaskInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { - return NewFilteredClusterTaskInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) -} - -func (f *clusterTaskInformer) Informer() cache.SharedIndexInformer { - return f.factory.InformerFor(&pipelinev1beta1.ClusterTask{}, f.defaultInformer) -} - -func (f *clusterTaskInformer) Lister() v1beta1.ClusterTaskLister { - return v1beta1.NewClusterTaskLister(f.Informer().GetIndexer()) -} diff --git a/pkg/client/informers/externalversions/pipeline/v1beta1/interface.go b/pkg/client/informers/externalversions/pipeline/v1beta1/interface.go index 2821b942ca9..4256abd2627 100644 --- a/pkg/client/informers/externalversions/pipeline/v1beta1/interface.go +++ b/pkg/client/informers/externalversions/pipeline/v1beta1/interface.go @@ -24,8 +24,6 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { - // ClusterTasks returns a ClusterTaskInformer. - ClusterTasks() ClusterTaskInformer // CustomRuns returns a CustomRunInformer. CustomRuns() CustomRunInformer // Pipelines returns a PipelineInformer. @@ -51,11 +49,6 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } -// ClusterTasks returns a ClusterTaskInformer. -func (v *version) ClusterTasks() ClusterTaskInformer { - return &clusterTaskInformer{factory: v.factory, tweakListOptions: v.tweakListOptions} -} - // CustomRuns returns a CustomRunInformer. func (v *version) CustomRuns() CustomRunInformer { return &customRunInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} diff --git a/pkg/client/injection/informers/pipeline/v1beta1/clustertask/clustertask.go b/pkg/client/injection/informers/pipeline/v1beta1/clustertask/clustertask.go deleted file mode 100644 index 7626993d1db..00000000000 --- a/pkg/client/injection/informers/pipeline/v1beta1/clustertask/clustertask.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by injection-gen. DO NOT EDIT. - -package clustertask - -import ( - context "context" - - v1beta1 "github.com/tektoncd/pipeline/pkg/client/informers/externalversions/pipeline/v1beta1" - factory "github.com/tektoncd/pipeline/pkg/client/injection/informers/factory" - controller "knative.dev/pkg/controller" - injection "knative.dev/pkg/injection" - logging "knative.dev/pkg/logging" -) - -func init() { - injection.Default.RegisterInformer(withInformer) -} - -// Key is used for associating the Informer inside the context.Context. -type Key struct{} - -func withInformer(ctx context.Context) (context.Context, controller.Informer) { - f := factory.Get(ctx) - inf := f.Tekton().V1beta1().ClusterTasks() - return context.WithValue(ctx, Key{}, inf), inf.Informer() -} - -// Get extracts the typed informer from the context. -func Get(ctx context.Context) v1beta1.ClusterTaskInformer { - untyped := ctx.Value(Key{}) - if untyped == nil { - logging.FromContext(ctx).Panic( - "Unable to fetch github.com/tektoncd/pipeline/pkg/client/informers/externalversions/pipeline/v1beta1.ClusterTaskInformer from context.") - } - return untyped.(v1beta1.ClusterTaskInformer) -} diff --git a/pkg/client/injection/informers/pipeline/v1beta1/clustertask/fake/fake.go b/pkg/client/injection/informers/pipeline/v1beta1/clustertask/fake/fake.go deleted file mode 100644 index bdc51ac14f6..00000000000 --- a/pkg/client/injection/informers/pipeline/v1beta1/clustertask/fake/fake.go +++ /dev/null @@ -1,40 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by injection-gen. DO NOT EDIT. - -package fake - -import ( - context "context" - - fake "github.com/tektoncd/pipeline/pkg/client/injection/informers/factory/fake" - clustertask "github.com/tektoncd/pipeline/pkg/client/injection/informers/pipeline/v1beta1/clustertask" - controller "knative.dev/pkg/controller" - injection "knative.dev/pkg/injection" -) - -var Get = clustertask.Get - -func init() { - injection.Fake.RegisterInformer(withInformer) -} - -func withInformer(ctx context.Context) (context.Context, controller.Informer) { - f := fake.Get(ctx) - inf := f.Tekton().V1beta1().ClusterTasks() - return context.WithValue(ctx, clustertask.Key{}, inf), inf.Informer() -} diff --git a/pkg/client/injection/informers/pipeline/v1beta1/clustertask/filtered/clustertask.go b/pkg/client/injection/informers/pipeline/v1beta1/clustertask/filtered/clustertask.go deleted file mode 100644 index 4efdbc7419b..00000000000 --- a/pkg/client/injection/informers/pipeline/v1beta1/clustertask/filtered/clustertask.go +++ /dev/null @@ -1,65 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by injection-gen. DO NOT EDIT. - -package filtered - -import ( - context "context" - - v1beta1 "github.com/tektoncd/pipeline/pkg/client/informers/externalversions/pipeline/v1beta1" - filtered "github.com/tektoncd/pipeline/pkg/client/injection/informers/factory/filtered" - controller "knative.dev/pkg/controller" - injection "knative.dev/pkg/injection" - logging "knative.dev/pkg/logging" -) - -func init() { - injection.Default.RegisterFilteredInformers(withInformer) -} - -// Key is used for associating the Informer inside the context.Context. -type Key struct { - Selector string -} - -func withInformer(ctx context.Context) (context.Context, []controller.Informer) { - untyped := ctx.Value(filtered.LabelKey{}) - if untyped == nil { - logging.FromContext(ctx).Panic( - "Unable to fetch labelkey from context.") - } - labelSelectors := untyped.([]string) - infs := []controller.Informer{} - for _, selector := range labelSelectors { - f := filtered.Get(ctx, selector) - inf := f.Tekton().V1beta1().ClusterTasks() - ctx = context.WithValue(ctx, Key{Selector: selector}, inf) - infs = append(infs, inf.Informer()) - } - return ctx, infs -} - -// Get extracts the typed informer from the context. -func Get(ctx context.Context, selector string) v1beta1.ClusterTaskInformer { - untyped := ctx.Value(Key{Selector: selector}) - if untyped == nil { - logging.FromContext(ctx).Panicf( - "Unable to fetch github.com/tektoncd/pipeline/pkg/client/informers/externalversions/pipeline/v1beta1.ClusterTaskInformer with selector %s from context.", selector) - } - return untyped.(v1beta1.ClusterTaskInformer) -} diff --git a/pkg/client/injection/informers/pipeline/v1beta1/clustertask/filtered/fake/fake.go b/pkg/client/injection/informers/pipeline/v1beta1/clustertask/filtered/fake/fake.go deleted file mode 100644 index 4fc0b864695..00000000000 --- a/pkg/client/injection/informers/pipeline/v1beta1/clustertask/filtered/fake/fake.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by injection-gen. DO NOT EDIT. - -package fake - -import ( - context "context" - - factoryfiltered "github.com/tektoncd/pipeline/pkg/client/injection/informers/factory/filtered" - filtered "github.com/tektoncd/pipeline/pkg/client/injection/informers/pipeline/v1beta1/clustertask/filtered" - controller "knative.dev/pkg/controller" - injection "knative.dev/pkg/injection" - logging "knative.dev/pkg/logging" -) - -var Get = filtered.Get - -func init() { - injection.Fake.RegisterFilteredInformers(withInformer) -} - -func withInformer(ctx context.Context) (context.Context, []controller.Informer) { - untyped := ctx.Value(factoryfiltered.LabelKey{}) - if untyped == nil { - logging.FromContext(ctx).Panic( - "Unable to fetch labelkey from context.") - } - labelSelectors := untyped.([]string) - infs := []controller.Informer{} - for _, selector := range labelSelectors { - f := factoryfiltered.Get(ctx, selector) - inf := f.Tekton().V1beta1().ClusterTasks() - ctx = context.WithValue(ctx, filtered.Key{Selector: selector}, inf) - infs = append(infs, inf.Informer()) - } - return ctx, infs -} diff --git a/pkg/client/injection/reconciler/pipeline/v1beta1/clustertask/controller.go b/pkg/client/injection/reconciler/pipeline/v1beta1/clustertask/controller.go deleted file mode 100644 index 1b138da51c2..00000000000 --- a/pkg/client/injection/reconciler/pipeline/v1beta1/clustertask/controller.go +++ /dev/null @@ -1,167 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by injection-gen. DO NOT EDIT. - -package clustertask - -import ( - context "context" - fmt "fmt" - reflect "reflect" - strings "strings" - - versionedscheme "github.com/tektoncd/pipeline/pkg/client/clientset/versioned/scheme" - client "github.com/tektoncd/pipeline/pkg/client/injection/client" - clustertask "github.com/tektoncd/pipeline/pkg/client/injection/informers/pipeline/v1beta1/clustertask" - zap "go.uber.org/zap" - corev1 "k8s.io/api/core/v1" - labels "k8s.io/apimachinery/pkg/labels" - types "k8s.io/apimachinery/pkg/types" - watch "k8s.io/apimachinery/pkg/watch" - scheme "k8s.io/client-go/kubernetes/scheme" - v1 "k8s.io/client-go/kubernetes/typed/core/v1" - record "k8s.io/client-go/tools/record" - kubeclient "knative.dev/pkg/client/injection/kube/client" - controller "knative.dev/pkg/controller" - logging "knative.dev/pkg/logging" - logkey "knative.dev/pkg/logging/logkey" - reconciler "knative.dev/pkg/reconciler" -) - -const ( - defaultControllerAgentName = "clustertask-controller" - defaultFinalizerName = "clustertasks.tekton.dev" -) - -// NewImpl returns a controller.Impl that handles queuing and feeding work from -// the queue through an implementation of controller.Reconciler, delegating to -// the provided Interface and optional Finalizer methods. OptionsFn is used to return -// controller.ControllerOptions to be used by the internal reconciler. -func NewImpl(ctx context.Context, r Interface, optionsFns ...controller.OptionsFn) *controller.Impl { - logger := logging.FromContext(ctx) - - // Check the options function input. It should be 0 or 1. - if len(optionsFns) > 1 { - logger.Fatal("Up to one options function is supported, found: ", len(optionsFns)) - } - - clustertaskInformer := clustertask.Get(ctx) - - lister := clustertaskInformer.Lister() - - var promoteFilterFunc func(obj interface{}) bool - var promoteFunc = func(bkt reconciler.Bucket) {} - - rec := &reconcilerImpl{ - LeaderAwareFuncs: reconciler.LeaderAwareFuncs{ - PromoteFunc: func(bkt reconciler.Bucket, enq func(reconciler.Bucket, types.NamespacedName)) error { - - // Signal promotion event - promoteFunc(bkt) - - all, err := lister.List(labels.Everything()) - if err != nil { - return err - } - for _, elt := range all { - if promoteFilterFunc != nil { - if ok := promoteFilterFunc(elt); !ok { - continue - } - } - enq(bkt, types.NamespacedName{ - Namespace: elt.GetNamespace(), - Name: elt.GetName(), - }) - } - return nil - }, - }, - Client: client.Get(ctx), - Lister: lister, - reconciler: r, - finalizerName: defaultFinalizerName, - } - - ctrType := reflect.TypeOf(r).Elem() - ctrTypeName := fmt.Sprintf("%s.%s", ctrType.PkgPath(), ctrType.Name()) - ctrTypeName = strings.ReplaceAll(ctrTypeName, "/", ".") - - logger = logger.With( - zap.String(logkey.ControllerType, ctrTypeName), - zap.String(logkey.Kind, "tekton.dev.ClusterTask"), - ) - - impl := controller.NewContext(ctx, rec, controller.ControllerOptions{WorkQueueName: ctrTypeName, Logger: logger}) - agentName := defaultControllerAgentName - - // Pass impl to the options. Save any optional results. - for _, fn := range optionsFns { - opts := fn(impl) - if opts.ConfigStore != nil { - rec.configStore = opts.ConfigStore - } - if opts.FinalizerName != "" { - rec.finalizerName = opts.FinalizerName - } - if opts.AgentName != "" { - agentName = opts.AgentName - } - if opts.DemoteFunc != nil { - rec.DemoteFunc = opts.DemoteFunc - } - if opts.PromoteFilterFunc != nil { - promoteFilterFunc = opts.PromoteFilterFunc - } - if opts.PromoteFunc != nil { - promoteFunc = opts.PromoteFunc - } - } - - rec.Recorder = createRecorder(ctx, agentName) - - return impl -} - -func createRecorder(ctx context.Context, agentName string) record.EventRecorder { - logger := logging.FromContext(ctx) - - recorder := controller.GetEventRecorder(ctx) - if recorder == nil { - // Create event broadcaster - logger.Debug("Creating event broadcaster") - eventBroadcaster := record.NewBroadcaster() - watches := []watch.Interface{ - eventBroadcaster.StartLogging(logger.Named("event-broadcaster").Infof), - eventBroadcaster.StartRecordingToSink( - &v1.EventSinkImpl{Interface: kubeclient.Get(ctx).CoreV1().Events("")}), - } - recorder = eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: agentName}) - go func() { - <-ctx.Done() - for _, w := range watches { - w.Stop() - } - }() - } - - return recorder -} - -func init() { - versionedscheme.AddToScheme(scheme.Scheme) -} diff --git a/pkg/client/injection/reconciler/pipeline/v1beta1/clustertask/reconciler.go b/pkg/client/injection/reconciler/pipeline/v1beta1/clustertask/reconciler.go deleted file mode 100644 index 4a6dc086431..00000000000 --- a/pkg/client/injection/reconciler/pipeline/v1beta1/clustertask/reconciler.go +++ /dev/null @@ -1,365 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by injection-gen. DO NOT EDIT. - -package clustertask - -import ( - context "context" - json "encoding/json" - fmt "fmt" - - v1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" - versioned "github.com/tektoncd/pipeline/pkg/client/clientset/versioned" - pipelinev1beta1 "github.com/tektoncd/pipeline/pkg/client/listers/pipeline/v1beta1" - zap "go.uber.org/zap" - v1 "k8s.io/api/core/v1" - errors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - labels "k8s.io/apimachinery/pkg/labels" - types "k8s.io/apimachinery/pkg/types" - sets "k8s.io/apimachinery/pkg/util/sets" - record "k8s.io/client-go/tools/record" - controller "knative.dev/pkg/controller" - logging "knative.dev/pkg/logging" - reconciler "knative.dev/pkg/reconciler" -) - -// Interface defines the strongly typed interfaces to be implemented by a -// controller reconciling v1beta1.ClusterTask. -type Interface interface { - // ReconcileKind implements custom logic to reconcile v1beta1.ClusterTask. Any changes - // to the objects .Status or .Finalizers will be propagated to the stored - // object. It is recommended that implementors do not call any update calls - // for the Kind inside of ReconcileKind, it is the responsibility of the calling - // controller to propagate those properties. The resource passed to ReconcileKind - // will always have an empty deletion timestamp. - ReconcileKind(ctx context.Context, o *v1beta1.ClusterTask) reconciler.Event -} - -// Finalizer defines the strongly typed interfaces to be implemented by a -// controller finalizing v1beta1.ClusterTask. -type Finalizer interface { - // FinalizeKind implements custom logic to finalize v1beta1.ClusterTask. Any changes - // to the objects .Status or .Finalizers will be ignored. Returning a nil or - // Normal type reconciler.Event will allow the finalizer to be deleted on - // the resource. The resource passed to FinalizeKind will always have a set - // deletion timestamp. - FinalizeKind(ctx context.Context, o *v1beta1.ClusterTask) reconciler.Event -} - -// ReadOnlyInterface defines the strongly typed interfaces to be implemented by a -// controller reconciling v1beta1.ClusterTask if they want to process resources for which -// they are not the leader. -type ReadOnlyInterface interface { - // ObserveKind implements logic to observe v1beta1.ClusterTask. - // This method should not write to the API. - ObserveKind(ctx context.Context, o *v1beta1.ClusterTask) reconciler.Event -} - -type doReconcile func(ctx context.Context, o *v1beta1.ClusterTask) reconciler.Event - -// reconcilerImpl implements controller.Reconciler for v1beta1.ClusterTask resources. -type reconcilerImpl struct { - // LeaderAwareFuncs is inlined to help us implement reconciler.LeaderAware. - reconciler.LeaderAwareFuncs - - // Client is used to write back status updates. - Client versioned.Interface - - // Listers index properties about resources. - Lister pipelinev1beta1.ClusterTaskLister - - // Recorder is an event recorder for recording Event resources to the - // Kubernetes API. - Recorder record.EventRecorder - - // configStore allows for decorating a context with config maps. - // +optional - configStore reconciler.ConfigStore - - // reconciler is the implementation of the business logic of the resource. - reconciler Interface - - // finalizerName is the name of the finalizer to reconcile. - finalizerName string -} - -// Check that our Reconciler implements controller.Reconciler. -var _ controller.Reconciler = (*reconcilerImpl)(nil) - -// Check that our generated Reconciler is always LeaderAware. -var _ reconciler.LeaderAware = (*reconcilerImpl)(nil) - -func NewReconciler(ctx context.Context, logger *zap.SugaredLogger, client versioned.Interface, lister pipelinev1beta1.ClusterTaskLister, recorder record.EventRecorder, r Interface, options ...controller.Options) controller.Reconciler { - // Check the options function input. It should be 0 or 1. - if len(options) > 1 { - logger.Fatal("Up to one options struct is supported, found: ", len(options)) - } - - // Fail fast when users inadvertently implement the other LeaderAware interface. - // For the typed reconcilers, Promote shouldn't take any arguments. - if _, ok := r.(reconciler.LeaderAware); ok { - logger.Fatalf("%T implements the incorrect LeaderAware interface. Promote() should not take an argument as genreconciler handles the enqueuing automatically.", r) - } - - rec := &reconcilerImpl{ - LeaderAwareFuncs: reconciler.LeaderAwareFuncs{ - PromoteFunc: func(bkt reconciler.Bucket, enq func(reconciler.Bucket, types.NamespacedName)) error { - all, err := lister.List(labels.Everything()) - if err != nil { - return err - } - for _, elt := range all { - // TODO: Consider letting users specify a filter in options. - enq(bkt, types.NamespacedName{ - Namespace: elt.GetNamespace(), - Name: elt.GetName(), - }) - } - return nil - }, - }, - Client: client, - Lister: lister, - Recorder: recorder, - reconciler: r, - finalizerName: defaultFinalizerName, - } - - for _, opts := range options { - if opts.ConfigStore != nil { - rec.configStore = opts.ConfigStore - } - if opts.FinalizerName != "" { - rec.finalizerName = opts.FinalizerName - } - if opts.DemoteFunc != nil { - rec.DemoteFunc = opts.DemoteFunc - } - } - - return rec -} - -// Reconcile implements controller.Reconciler -func (r *reconcilerImpl) Reconcile(ctx context.Context, key string) error { - logger := logging.FromContext(ctx) - - // Initialize the reconciler state. This will convert the namespace/name - // string into a distinct namespace and name, determine if this instance of - // the reconciler is the leader, and any additional interfaces implemented - // by the reconciler. Returns an error is the resource key is invalid. - s, err := newState(key, r) - if err != nil { - logger.Error("Invalid resource key: ", key) - return nil - } - - // If we are not the leader, and we don't implement either ReadOnly - // observer interfaces, then take a fast-path out. - if s.isNotLeaderNorObserver() { - return controller.NewSkipKey(key) - } - - // If configStore is set, attach the frozen configuration to the context. - if r.configStore != nil { - ctx = r.configStore.ToContext(ctx) - } - - // Add the recorder to context. - ctx = controller.WithEventRecorder(ctx, r.Recorder) - - // Get the resource with this namespace/name. - - getter := r.Lister - - original, err := getter.Get(s.name) - - if errors.IsNotFound(err) { - // The resource may no longer exist, in which case we stop processing and call - // the ObserveDeletion handler if appropriate. - logger.Debugf("Resource %q no longer exists", key) - if del, ok := r.reconciler.(reconciler.OnDeletionInterface); ok { - return del.ObserveDeletion(ctx, types.NamespacedName{ - Namespace: s.namespace, - Name: s.name, - }) - } - return nil - } else if err != nil { - return err - } - - // Don't modify the informers copy. - resource := original.DeepCopy() - - var reconcileEvent reconciler.Event - - name, do := s.reconcileMethodFor(resource) - // Append the target method to the logger. - logger = logger.With(zap.String("targetMethod", name)) - switch name { - case reconciler.DoReconcileKind: - // Set and update the finalizer on resource if r.reconciler - // implements Finalizer. - if resource, err = r.setFinalizerIfFinalizer(ctx, resource); err != nil { - return fmt.Errorf("failed to set finalizers: %w", err) - } - - // Reconcile this copy of the resource and then write back any status - // updates regardless of whether the reconciliation errored out. - reconcileEvent = do(ctx, resource) - - case reconciler.DoFinalizeKind: - // For finalizing reconcilers, if this resource being marked for deletion - // and reconciled cleanly (nil or normal event), remove the finalizer. - reconcileEvent = do(ctx, resource) - - if resource, err = r.clearFinalizer(ctx, resource, reconcileEvent); err != nil { - return fmt.Errorf("failed to clear finalizers: %w", err) - } - - case reconciler.DoObserveKind: - // Observe any changes to this resource, since we are not the leader. - reconcileEvent = do(ctx, resource) - - } - - // Report the reconciler event, if any. - if reconcileEvent != nil { - var event *reconciler.ReconcilerEvent - if reconciler.EventAs(reconcileEvent, &event) { - logger.Infow("Returned an event", zap.Any("event", reconcileEvent)) - r.Recorder.Event(resource, event.EventType, event.Reason, event.Error()) - - // the event was wrapped inside an error, consider the reconciliation as failed - if _, isEvent := reconcileEvent.(*reconciler.ReconcilerEvent); !isEvent { - return reconcileEvent - } - return nil - } - - if controller.IsSkipKey(reconcileEvent) { - // This is a wrapped error, don't emit an event. - } else if ok, _ := controller.IsRequeueKey(reconcileEvent); ok { - // This is a wrapped error, don't emit an event. - } else { - logger.Errorw("Returned an error", zap.Error(reconcileEvent)) - r.Recorder.Event(resource, v1.EventTypeWarning, "InternalError", reconcileEvent.Error()) - } - return reconcileEvent - } - - return nil -} - -// updateFinalizersFiltered will update the Finalizers of the resource. -// TODO: this method could be generic and sync all finalizers. For now it only -// updates defaultFinalizerName or its override. -func (r *reconcilerImpl) updateFinalizersFiltered(ctx context.Context, resource *v1beta1.ClusterTask, desiredFinalizers sets.Set[string]) (*v1beta1.ClusterTask, error) { - // Don't modify the informers copy. - existing := resource.DeepCopy() - - var finalizers []string - - // If there's nothing to update, just return. - existingFinalizers := sets.New[string](existing.Finalizers...) - - if desiredFinalizers.Has(r.finalizerName) { - if existingFinalizers.Has(r.finalizerName) { - // Nothing to do. - return resource, nil - } - // Add the finalizer. - finalizers = append(existing.Finalizers, r.finalizerName) - } else { - if !existingFinalizers.Has(r.finalizerName) { - // Nothing to do. - return resource, nil - } - // Remove the finalizer. - existingFinalizers.Delete(r.finalizerName) - finalizers = sets.List(existingFinalizers) - } - - mergePatch := map[string]interface{}{ - "metadata": map[string]interface{}{ - "finalizers": finalizers, - "resourceVersion": existing.ResourceVersion, - }, - } - - patch, err := json.Marshal(mergePatch) - if err != nil { - return resource, err - } - - patcher := r.Client.TektonV1beta1().ClusterTasks() - - resourceName := resource.Name - updated, err := patcher.Patch(ctx, resourceName, types.MergePatchType, patch, metav1.PatchOptions{}) - if err != nil { - r.Recorder.Eventf(existing, v1.EventTypeWarning, "FinalizerUpdateFailed", - "Failed to update finalizers for %q: %v", resourceName, err) - } else { - r.Recorder.Eventf(updated, v1.EventTypeNormal, "FinalizerUpdate", - "Updated %q finalizers", resource.GetName()) - } - return updated, err -} - -func (r *reconcilerImpl) setFinalizerIfFinalizer(ctx context.Context, resource *v1beta1.ClusterTask) (*v1beta1.ClusterTask, error) { - if _, ok := r.reconciler.(Finalizer); !ok { - return resource, nil - } - - finalizers := sets.New[string](resource.Finalizers...) - - // If this resource is not being deleted, mark the finalizer. - if resource.GetDeletionTimestamp().IsZero() { - finalizers.Insert(r.finalizerName) - } - - // Synchronize the finalizers filtered by r.finalizerName. - return r.updateFinalizersFiltered(ctx, resource, finalizers) -} - -func (r *reconcilerImpl) clearFinalizer(ctx context.Context, resource *v1beta1.ClusterTask, reconcileEvent reconciler.Event) (*v1beta1.ClusterTask, error) { - if _, ok := r.reconciler.(Finalizer); !ok { - return resource, nil - } - if resource.GetDeletionTimestamp().IsZero() { - return resource, nil - } - - finalizers := sets.New[string](resource.Finalizers...) - - if reconcileEvent != nil { - var event *reconciler.ReconcilerEvent - if reconciler.EventAs(reconcileEvent, &event) { - if event.EventType == v1.EventTypeNormal { - finalizers.Delete(r.finalizerName) - } - } - } else { - finalizers.Delete(r.finalizerName) - } - - // Synchronize the finalizers filtered by r.finalizerName. - return r.updateFinalizersFiltered(ctx, resource, finalizers) -} diff --git a/pkg/client/injection/reconciler/pipeline/v1beta1/clustertask/state.go b/pkg/client/injection/reconciler/pipeline/v1beta1/clustertask/state.go deleted file mode 100644 index 7768f05d646..00000000000 --- a/pkg/client/injection/reconciler/pipeline/v1beta1/clustertask/state.go +++ /dev/null @@ -1,97 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by injection-gen. DO NOT EDIT. - -package clustertask - -import ( - fmt "fmt" - - v1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" - types "k8s.io/apimachinery/pkg/types" - cache "k8s.io/client-go/tools/cache" - reconciler "knative.dev/pkg/reconciler" -) - -// state is used to track the state of a reconciler in a single run. -type state struct { - // key is the original reconciliation key from the queue. - key string - // namespace is the namespace split from the reconciliation key. - namespace string - // name is the name split from the reconciliation key. - name string - // reconciler is the reconciler. - reconciler Interface - // roi is the read only interface cast of the reconciler. - roi ReadOnlyInterface - // isROI (Read Only Interface) the reconciler only observes reconciliation. - isROI bool - // isLeader the instance of the reconciler is the elected leader. - isLeader bool -} - -func newState(key string, r *reconcilerImpl) (*state, error) { - // Convert the namespace/name string into a distinct namespace and name. - namespace, name, err := cache.SplitMetaNamespaceKey(key) - if err != nil { - return nil, fmt.Errorf("invalid resource key: %s", key) - } - - roi, isROI := r.reconciler.(ReadOnlyInterface) - - isLeader := r.IsLeaderFor(types.NamespacedName{ - Namespace: namespace, - Name: name, - }) - - return &state{ - key: key, - namespace: namespace, - name: name, - reconciler: r.reconciler, - roi: roi, - isROI: isROI, - isLeader: isLeader, - }, nil -} - -// isNotLeaderNorObserver checks to see if this reconciler with the current -// state is enabled to do any work or not. -// isNotLeaderNorObserver returns true when there is no work possible for the -// reconciler. -func (s *state) isNotLeaderNorObserver() bool { - if !s.isLeader && !s.isROI { - // If we are not the leader, and we don't implement the ReadOnly - // interface, then take a fast-path out. - return true - } - return false -} - -func (s *state) reconcileMethodFor(o *v1beta1.ClusterTask) (string, doReconcile) { - if o.GetDeletionTimestamp().IsZero() { - if s.isLeader { - return reconciler.DoReconcileKind, s.reconciler.ReconcileKind - } else if s.isROI { - return reconciler.DoObserveKind, s.roi.ObserveKind - } - } else if fin, ok := s.reconciler.(Finalizer); s.isLeader && ok { - return reconciler.DoFinalizeKind, fin.FinalizeKind - } - return "unknown", nil -} diff --git a/pkg/client/listers/pipeline/v1beta1/clustertask.go b/pkg/client/listers/pipeline/v1beta1/clustertask.go deleted file mode 100644 index 734d32656d1..00000000000 --- a/pkg/client/listers/pipeline/v1beta1/clustertask.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2020 The Tekton Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by lister-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1beta1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/client-go/listers" - "k8s.io/client-go/tools/cache" -) - -// ClusterTaskLister helps list ClusterTasks. -// All objects returned here must be treated as read-only. -type ClusterTaskLister interface { - // List lists all ClusterTasks in the indexer. - // Objects returned here must be treated as read-only. - List(selector labels.Selector) (ret []*v1beta1.ClusterTask, err error) - // Get retrieves the ClusterTask from the index for a given name. - // Objects returned here must be treated as read-only. - Get(name string) (*v1beta1.ClusterTask, error) - ClusterTaskListerExpansion -} - -// clusterTaskLister implements the ClusterTaskLister interface. -type clusterTaskLister struct { - listers.ResourceIndexer[*v1beta1.ClusterTask] -} - -// NewClusterTaskLister returns a new ClusterTaskLister. -func NewClusterTaskLister(indexer cache.Indexer) ClusterTaskLister { - return &clusterTaskLister{listers.New[*v1beta1.ClusterTask](indexer, v1beta1.Resource("clustertask"))} -} diff --git a/pkg/client/listers/pipeline/v1beta1/expansion_generated.go b/pkg/client/listers/pipeline/v1beta1/expansion_generated.go index 0fe1994d1d8..a48910c9e76 100644 --- a/pkg/client/listers/pipeline/v1beta1/expansion_generated.go +++ b/pkg/client/listers/pipeline/v1beta1/expansion_generated.go @@ -18,10 +18,6 @@ limitations under the License. package v1beta1 -// ClusterTaskListerExpansion allows custom methods to be added to -// ClusterTaskLister. -type ClusterTaskListerExpansion interface{} - // CustomRunListerExpansion allows custom methods to be added to // CustomRunLister. type CustomRunListerExpansion interface{} diff --git a/pkg/reconciler/apiserver/apiserver_test.go b/pkg/reconciler/apiserver/apiserver_test.go index 06f91abd8c5..45215535816 100644 --- a/pkg/reconciler/apiserver/apiserver_test.go +++ b/pkg/reconciler/apiserver/apiserver_test.go @@ -49,11 +49,6 @@ func TestDryRunCreate_Valid_DifferentGVKs(t *testing.T) { name: "v1beta1 stepaction", obj: &v1beta1.StepAction{}, wantObj: &v1beta1.StepAction{}, - }, { - name: "unsupported gvk", - obj: &v1beta1.ClusterTask{}, - wantErr: true, - wantObj: nil, }} for _, tc := range tcs { t.Run(tc.name, func(t *testing.T) { @@ -98,10 +93,6 @@ func TestDryRunCreate_Invalid_DifferentGVKs(t *testing.T) { name: "v1beta1 stepaction", obj: &v1beta1.StepAction{}, wantErr: apiserver.ErrReferencedObjectValidationFailed, - }, { - name: "unsupported gvk", - obj: &v1beta1.ClusterTask{}, - wantErr: cmpopts.AnyError, }} for _, tc := range tcs { t.Run(tc.name, func(t *testing.T) { diff --git a/pkg/reconciler/pipelinerun/pipelinerun_test.go b/pkg/reconciler/pipelinerun/pipelinerun_test.go index 6f743cb84a9..13f4bd83e15 100644 --- a/pkg/reconciler/pipelinerun/pipelinerun_test.go +++ b/pkg/reconciler/pipelinerun/pipelinerun_test.go @@ -301,7 +301,7 @@ spec: retries: 5 taskRef: name: unit-test-task - - name: unit-test-cluster-task + - name: unit-test-3 params: - name: foo value: somethingfun @@ -312,8 +312,8 @@ spec: - name: contextPipelineParam value: $(context.pipeline.name) taskRef: - kind: ClusterTask - name: unit-test-cluster-task + kind: Task + name: unit-test-task-2 `)} ts := []*v1.Task{ parse.MustParseV1Task(t, ` @@ -332,12 +332,10 @@ spec: type: string - name: contextRetriesParam type: string -`), - } - clusterTasks := []*v1beta1.ClusterTask{ - parse.MustParseClusterTask(t, ` +`), parse.MustParseV1Task(t, ` metadata: - name: unit-test-cluster-task + name: unit-test-task-2 + namespace: foo spec: params: - name: foo @@ -355,7 +353,6 @@ spec: PipelineRuns: prs, Pipelines: ps, Tasks: ts, - ClusterTasks: clusterTasks, ConfigMaps: []*corev1.ConfigMap{newFeatureFlagsConfigMap()}, } prt := newPipelineRunTest(t, d) @@ -412,7 +409,7 @@ spec: checkPipelineRunConditionStatusAndReason(t, reconciledRun, corev1.ConditionUnknown, v1.PipelineRunReasonRunning.String()) tr1Name := "test-pipeline-run-success-unit-test-1" - tr2Name := "test-pipeline-run-success-unit-test-cluster-task" + tr2Name := "test-pipeline-run-success-unit-test-3" verifyTaskRunStatusesCount(t, reconciledRun.Status, 2) verifyTaskRunStatusesNames(t, reconciledRun.Status, tr1Name, tr2Name) @@ -15847,15 +15844,15 @@ spec: value: $(params.bar) taskRef: name: unit-test-task - - name: unit-test-cluster-task + - name: unit-test-2 params: - name: foo value: somethingfun - name: bar value: $(params.bar) taskRef: - kind: ClusterTask - name: unit-test-cluster-task + kind: Task + name: unit-test-task-2 `)} ts := []*v1.Task{ parse.MustParseV1Task(t, ` @@ -15866,12 +15863,10 @@ spec: params: - name: foo - name: bar -`), - } - clusterTasks := []*v1beta1.ClusterTask{ - parse.MustParseClusterTask(t, ` +`), parse.MustParseV1Task(t, ` metadata: - name: unit-test-cluster-task + name: unit-test-task-2 + namespace: foo spec: params: - name: foo @@ -15883,7 +15878,6 @@ spec: PipelineRuns: prs, Pipelines: ps, Tasks: ts, - ClusterTasks: clusterTasks, ConfigMaps: []*corev1.ConfigMap{newFeatureFlagsConfigMap()}, } prt := newPipelineRunTest(t, d) @@ -15925,7 +15919,7 @@ spec: checkPipelineRunConditionStatusAndReason(t, reconciledRun, corev1.ConditionUnknown, v1.PipelineRunReasonRunning.String()) tr1Name := "test-pipeline-run-success-unit-test-1" - tr2Name := "test-pipeline-run-success-unit-test-cluster-task" + tr2Name := "test-pipeline-run-success-unit-test-2" verifyTaskRunStatusesCount(t, reconciledRun.Status, 2) verifyTaskRunStatusesNames(t, reconciledRun.Status, tr1Name, tr2Name) diff --git a/pkg/reconciler/pipelinerun/resources/pipelinerunresolution_test.go b/pkg/reconciler/pipelinerun/resources/pipelinerunresolution_test.go index 48c69ea6551..1cfdf6053f8 100644 --- a/pkg/reconciler/pipelinerun/resources/pipelinerunresolution_test.go +++ b/pkg/reconciler/pipelinerun/resources/pipelinerunresolution_test.go @@ -65,7 +65,7 @@ var pts = []v1.PipelineTask{{ TaskRef: &v1.TaskRef{Name: "task"}, }, { Name: "mytask3", - TaskRef: &v1.TaskRef{Name: "clustertask"}, + TaskRef: &v1.TaskRef{Name: "task"}, }, { Name: "mytask4", TaskRef: &v1.TaskRef{Name: "task"}, diff --git a/pkg/reconciler/taskrun/resources/taskref.go b/pkg/reconciler/taskrun/resources/taskref.go index 2a1e9d8ca9b..b8610874eb3 100644 --- a/pkg/reconciler/taskrun/resources/taskref.go +++ b/pkg/reconciler/taskrun/resources/taskref.go @@ -39,7 +39,7 @@ import ( "knative.dev/pkg/kmeta" ) -// GetTaskKind returns the referenced Task kind (Task, ClusterTask, ...) if the TaskRun is using TaskRef. +// GetTaskKind returns the referenced Task kind (Task, ...) if the TaskRun is using TaskRef. func GetTaskKind(taskrun *v1.TaskRun) v1.TaskKind { kind := v1.NamespacedTaskKind if taskrun.Spec.TaskRef != nil && taskrun.Spec.TaskRef.Kind != "" { @@ -212,7 +212,7 @@ func extendObjectReplacements(objectReplacements map[string]map[string]string, o // A VerificationResult is returned if trusted resources is enabled, VerificationResult contains the result type and err. // or the returned data isn't a valid *v1beta1.Task. func resolveTask(ctx context.Context, resolver remote.Resolver, name, namespace string, kind v1.TaskKind, k8s kubernetes.Interface, tekton clientset.Interface, verificationPolicies []*v1alpha1.VerificationPolicy) (*v1.Task, *v1.RefSource, *trustedresources.VerificationResult, error) { - // Because the resolver will only return references with the same kind (eg ClusterTask), this will ensure we + // Because the resolver will only return references with the same kind, this will ensure we // don't accidentally return a Task with the same name but different kind. obj, refSource, err := resolver.Get(ctx, strings.TrimSuffix(strings.ToLower(string(kind)), "s"), name) if err != nil { @@ -273,7 +273,7 @@ func resolveStepAction(ctx context.Context, resolver remote.Resolver, name, name // readRuntimeObjectAsTask tries to convert a generic runtime.Object // into a *v1.Task type so that its meta and spec fields // can be read. v1beta1 object will be converted to v1 and returned. -// An error is returned if the given object is not a Task nor a ClusterTask +// An error is returned if the given object is not a Task // or if there is an error validating or upgrading an older TaskObject into // its v1beta1 equivalent. // A VerificationResult is returned if trusted resources is enabled, VerificationResult contains the result type and err. @@ -307,25 +307,6 @@ func readRuntimeObjectAsTask(ctx context.Context, namespace string, obj runtime. } return t, &vr, nil } - case *v1beta1.ClusterTask: - obj.SetDefaults(ctx) - // Cleanup object from things we don't care about - // FIXME: extract this in a function - obj.ObjectMeta.OwnerReferences = nil - t, err := convertClusterTaskToTask(ctx, *obj) - if err != nil { - return nil, nil, err - } - // Issue a dry-run request to create the remote Task, so that it can undergo validation from validating admission webhooks - // without actually creating the Task on the cluster - o, err := apiserver.DryRunValidate(ctx, namespace, t, tekton) - if err != nil { - return nil, nil, err - } - if mutatedTask, ok := o.(*v1.Task); ok { - mutatedTask.ObjectMeta = obj.ObjectMeta - return mutatedTask, nil, nil - } case *v1.Task: // This SetDefaults is currently not necessary, but for consistency, it is recommended to add it. // Avoid forgetting to add it in the future when there is a v2 version, causing similar problems. @@ -355,19 +336,10 @@ type LocalTaskRefResolver struct { Tektonclient clientset.Interface } -// GetTask will resolve either a Task or ClusterTask from the local cluster using a versioned Tekton client. It will +// GetTask will resolve a Task from the local cluster using a versioned Tekton client. It will // return an error if it can't find an appropriate Task for any reason. // TODO(#6666): support local task verification func (l *LocalTaskRefResolver) GetTask(ctx context.Context, name string) (*v1.Task, *v1.RefSource, *trustedresources.VerificationResult, error) { - if l.Kind == v1.ClusterTaskRefKind { - task, err := l.Tektonclient.TektonV1beta1().ClusterTasks().Get(ctx, name, metav1.GetOptions{}) - if err != nil { - return nil, nil, nil, err - } - v1task, err := convertClusterTaskToTask(ctx, *task) - return v1task, nil, nil, err - } - // If we are going to resolve this reference locally, we need a namespace scope. if l.Namespace == "" { return nil, nil, nil, fmt.Errorf("must specify namespace to resolve reference to task %s", name) @@ -398,34 +370,3 @@ func (l *LocalStepActionRefResolver) GetStepAction(ctx context.Context, name str } return stepAction, nil, nil } - -// convertClusterTaskToTask converts deprecated v1beta1 ClusterTasks to Tasks for -// the rest of reconciling process since GetTask func and its upstream callers only -// fetches the task spec and stores it in the taskrun status while the kind info -// is not being used. -func convertClusterTaskToTask(ctx context.Context, ct v1beta1.ClusterTask) (*v1.Task, error) { - t := &v1beta1.Task{ - TypeMeta: metav1.TypeMeta{ - Kind: "Task", - APIVersion: "tekton.dev/v1beta1", - }, - // We need to keep ObjectMeta to keep consistent with the existing Task logic. - // TaskRun will inherit the original Annotations and Labels information. - ObjectMeta: ct.ObjectMeta, - } - - t.Spec = ct.Spec - - v1Task := &v1.Task{ - TypeMeta: metav1.TypeMeta{ - Kind: "Task", - APIVersion: "tekton.dev/v1", - }, - } - - if err := t.ConvertTo(ctx, v1Task); err != nil { - return nil, err - } - - return v1Task, nil -} diff --git a/pkg/reconciler/taskrun/resources/taskref_test.go b/pkg/reconciler/taskrun/resources/taskref_test.go index 526e37aa69b..32b8ebbffa8 100644 --- a/pkg/reconciler/taskrun/resources/taskref_test.go +++ b/pkg/reconciler/taskrun/resources/taskref_test.go @@ -82,20 +82,6 @@ var ( }}, }, } - simpleClusterTask = &v1beta1.ClusterTask{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple", - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "tekton.dev/v1beta1", - Kind: "ClusterTask", - }, - Spec: v1beta1.TaskSpec{ - Steps: []v1beta1.Step{{ - Image: "something", - }}, - }, - } sampleRefSource = &v1.RefSource{ URI: "abc.com", Digest: map[string]string{ @@ -224,48 +210,6 @@ func TestLocalTaskRef(t *testing.T) { }, wantErr: nil, }, - { - name: "local-clustertask", - namespace: "default", - tasks: []runtime.Object{ - &v1beta1.ClusterTask{ - ObjectMeta: metav1.ObjectMeta{ - Name: "cluster-task", - Annotations: map[string]string{ - "foo": "bar", - }, - Labels: map[string]string{ - "foo": "bar", - }, - }, - }, - &v1beta1.ClusterTask{ - ObjectMeta: metav1.ObjectMeta{ - Name: "sample-task", - }, - }, - }, - ref: &v1.TaskRef{ - Name: "cluster-task", - Kind: "ClusterTask", - }, - expected: &v1.Task{ - TypeMeta: metav1.TypeMeta{ - APIVersion: "tekton.dev/v1", - Kind: "Task", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "cluster-task", - Annotations: map[string]string{ - "foo": "bar", - }, - Labels: map[string]string{ - "foo": "bar", - }, - }, - }, - wantErr: nil, - }, { name: "task-not-found", namespace: "default", @@ -276,17 +220,6 @@ func TestLocalTaskRef(t *testing.T) { expected: nil, wantErr: errors.New(`tasks.tekton.dev "simple" not found`), }, - { - name: "clustertask-not-found", - namespace: "default", - tasks: []runtime.Object{}, - ref: &v1.TaskRef{ - Name: "cluster-task", - Kind: "ClusterTask", - }, - expected: nil, - wantErr: errors.New(`clustertasks.tekton.dev "cluster-task" not found`), - }, { name: "local-task-missing-namespace", namespace: "", @@ -800,38 +733,6 @@ func TestGetTaskFunc_Local(t *testing.T) { }, expected: simpleNamespacedTask, expectedKind: v1.NamespacedTaskKind, - }, { - name: "local-cluster-task", - localTasks: []runtime.Object{simpleClusterTask}, - remoteTasks: []runtime.Object{ - &v1beta1.ClusterTask{ - TypeMeta: metav1.TypeMeta{APIVersion: "tekton.dev/v1alpha1", Kind: "ClusterTask"}, - ObjectMeta: metav1.ObjectMeta{Name: "simple"}, - }, - &v1beta1.ClusterTask{ - TypeMeta: metav1.TypeMeta{APIVersion: "tekton.dev/v1alpha1", Kind: "ClusterTask"}, - ObjectMeta: metav1.ObjectMeta{Name: "sample"}, - }, - }, - ref: &v1.TaskRef{ - Name: "simple", - Kind: v1.ClusterTaskRefKind, - }, - expected: &v1.Task{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple", - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "tekton.dev/v1", - Kind: "Task", - }, - Spec: v1.TaskSpec{ - Steps: []v1.Step{{ - Image: "something", - }}, - }, - }, - expectedKind: v1.NamespacedTaskKind, }, } @@ -1117,14 +1018,6 @@ func TestGetTaskFunc_RemoteResolution(t *testing.T) { taskYAMLString, }, "\n"), wantTask: parse.MustParseV1TaskAndSetDefaults(t, taskYAMLString), - }, { - name: "v1beta1 cluster task", - taskYAML: strings.Join([]string{ - "kind: ClusterTask", - "apiVersion: tekton.dev/v1beta1", - taskYAMLString, - }, "\n"), - wantTask: parse.MustParseV1TaskAndSetDefaults(t, taskYAMLString), }, { name: "v1 task", taskYAML: strings.Join([]string{ @@ -1194,13 +1087,6 @@ func TestGetTaskFunc_RemoteResolution_ValidationFailure(t *testing.T) { "apiVersion: tekton.dev/v1beta1", taskYAMLString, }, "\n"), - }, { - name: "invalid v1beta1 clustertask", - taskYAML: strings.Join([]string{ - "kind: ClusterTask", - "apiVersion: tekton.dev/v1beta1", - taskYAMLString, - }, "\n"), }, { name: "invalid v1 task", taskYAML: strings.Join([]string{ diff --git a/pkg/reconciler/taskrun/taskrun.go b/pkg/reconciler/taskrun/taskrun.go index 828ddddd993..84c3254fe65 100644 --- a/pkg/reconciler/taskrun/taskrun.go +++ b/pkg/reconciler/taskrun/taskrun.go @@ -1054,11 +1054,7 @@ func storeTaskSpecAndMergeMeta(ctx context.Context, tr *v1.TaskRun, ts *v1.TaskS // Propagate labels from Task to TaskRun. TaskRun labels take precedences over Task. tr.ObjectMeta.Labels = kmap.Union(meta.Labels, tr.ObjectMeta.Labels) if tr.Spec.TaskRef != nil { - if tr.Spec.TaskRef.Kind == v1.ClusterTaskRefKind { - tr.ObjectMeta.Labels[pipeline.ClusterTaskLabelKey] = meta.Name - } else { - tr.ObjectMeta.Labels[pipeline.TaskLabelKey] = meta.Name - } + tr.ObjectMeta.Labels[pipeline.TaskLabelKey] = meta.Name } } diff --git a/pkg/reconciler/taskrun/taskrun_test.go b/pkg/reconciler/taskrun/taskrun_test.go index ac5ec9c8263..1ef191a8ce0 100644 --- a/pkg/reconciler/taskrun/taskrun_test.go +++ b/pkg/reconciler/taskrun/taskrun_test.go @@ -183,16 +183,6 @@ var ( }, } - clustertask = &v1beta1.ClusterTask{ - ObjectMeta: metav1.ObjectMeta{Name: "test-cluster-task"}, - Spec: v1beta1.TaskSpec{ - Steps: []v1beta1.Step{{ - Name: "simple-step", - Image: "foo", - Command: []string{"/mycmd"}, - }}, - }, - } taskSidecar = &v1.Task{ ObjectMeta: objectMeta("test-task-sidecar", "foo"), Spec: v1.TaskSpec{ @@ -479,7 +469,7 @@ spec: }{{ name: "success", taskRun: taskRunSuccess, - wantPod: expectedPod("test-taskrun-run-success-pod", "test-task", "test-taskrun-run-success", "bar", "foo", defaultSAName, false, nil, []stepForExpectedPod{{ + wantPod: expectedPod("test-taskrun-run-success-pod", "test-task", "test-taskrun-run-success", "bar", "foo", defaultSAName, nil, []stepForExpectedPod{{ image: "foo", name: "simple-step", cmd: "/mycmd", @@ -487,7 +477,7 @@ spec: }, { name: "serviceaccount", taskRun: taskRunWithSaSuccess, - wantPod: expectedPod("test-taskrun-with-sa-run-success-pod", "test-with-sa", "test-taskrun-with-sa-run-success", "bar", "foo", "test-sa", false, nil, []stepForExpectedPod{{ + wantPod: expectedPod("test-taskrun-with-sa-run-success-pod", "test-with-sa", "test-taskrun-with-sa-run-success", "bar", "foo", "test-sa", nil, []stepForExpectedPod{{ image: "foo", name: "sa-step", cmd: "/mycmd", @@ -709,17 +699,6 @@ spec: name: mycontainer `) - taskRunWithClusterTask := parse.MustParseV1TaskRun(t, ` -metadata: - name: test-taskrun-with-cluster-task - namespace: foo - uid: bar -spec: - taskRef: - kind: ClusterTask - name: test-cluster-task -`) - taskRunWithLabels := parse.MustParseV1TaskRun(t, ` metadata: labels: @@ -798,15 +777,14 @@ spec: taskruns := []*v1.TaskRun{ taskRunSuccess, taskRunWithSaSuccess, taskRunSubstitution, - taskRunWithTaskSpec, taskRunWithClusterTask, + taskRunWithTaskSpec, taskRunWithLabels, taskRunWithAnnotations, taskRunWithPod, taskRunWithCredentialsVariable, taskRunBundle, } d := test.Data{ - TaskRuns: taskruns, - Tasks: []*v1.Task{simpleTask, saTask, templatedTask}, - ClusterTasks: []*v1beta1.ClusterTask{clustertask}, + TaskRuns: taskruns, + Tasks: []*v1.Task{simpleTask, saTask, templatedTask}, } for _, tc := range []struct { name string @@ -820,7 +798,7 @@ spec: "Normal Started ", "Normal Running Not all Steps", }, - wantPod: expectedPod("test-taskrun-run-success-pod", "test-task", "test-taskrun-run-success", "bar", "foo", config.DefaultServiceAccountValue, false, nil, []stepForExpectedPod{{ + wantPod: expectedPod("test-taskrun-run-success-pod", "test-task", "test-taskrun-run-success", "bar", "foo", config.DefaultServiceAccountValue, nil, []stepForExpectedPod{{ image: "foo", name: "simple-step", cmd: "/mycmd", @@ -832,7 +810,7 @@ spec: "Normal Started ", "Normal Running Not all Steps", }, - wantPod: expectedPod("test-taskrun-with-sa-run-success-pod", "test-with-sa", "test-taskrun-with-sa-run-success", "bar", "foo", "test-sa", false, nil, []stepForExpectedPod{{ + wantPod: expectedPod("test-taskrun-with-sa-run-success-pod", "test-with-sa", "test-taskrun-with-sa-run-success", "bar", "foo", "test-sa", nil, []stepForExpectedPod{{ image: "foo", name: "sa-step", cmd: "/mycmd", @@ -844,7 +822,7 @@ spec: "Normal Started ", "Normal Running Not all Steps", }, - wantPod: expectedPod("test-taskrun-substitution-pod", "test-task-with-substitution", "test-taskrun-substitution", "bar", "foo", config.DefaultServiceAccountValue, false, []corev1.Volume{{ + wantPod: expectedPod("test-taskrun-substitution-pod", "test-task-with-substitution", "test-taskrun-substitution", "bar", "foo", config.DefaultServiceAccountValue, []corev1.Volume{{ Name: "volume-configmap", VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ @@ -880,25 +858,13 @@ spec: "Normal Started ", "Normal Running Not all Steps", }, - wantPod: expectedPod("test-taskrun-with-taskspec-pod", "", "test-taskrun-with-taskspec", "bar", "foo", config.DefaultServiceAccountValue, false, nil, []stepForExpectedPod{ + wantPod: expectedPod("test-taskrun-with-taskspec-pod", "", "test-taskrun-with-taskspec", "bar", "foo", config.DefaultServiceAccountValue, nil, []stepForExpectedPod{ { name: "mycontainer", image: "myimage", cmd: "/mycmd", }, }), - }, { - name: "success-with-cluster-task", - taskRun: taskRunWithClusterTask, - wantEvents: []string{ - "Normal Started ", - "Normal Running Not all Steps", - }, - wantPod: expectedPod("test-taskrun-with-cluster-task-pod", "test-cluster-task", "test-taskrun-with-cluster-task", "bar", "foo", config.DefaultServiceAccountValue, true, nil, []stepForExpectedPod{{ - name: "simple-step", - image: "foo", - cmd: "/mycmd", - }}), }, { name: "taskrun-with-pod", taskRun: taskRunWithPod, @@ -906,7 +872,7 @@ spec: "Normal Started ", "Normal Running Not all Steps", }, - wantPod: expectedPod("test-taskrun-with-pod-pod", "test-task", "test-taskrun-with-pod", "bar", "foo", config.DefaultServiceAccountValue, false, nil, []stepForExpectedPod{{ + wantPod: expectedPod("test-taskrun-with-pod-pod", "test-task", "test-taskrun-with-pod", "bar", "foo", config.DefaultServiceAccountValue, nil, []stepForExpectedPod{{ name: "simple-step", image: "foo", cmd: "/mycmd", @@ -918,7 +884,7 @@ spec: "Normal Started ", "Normal Running Not all Steps", }, - wantPod: expectedPod("test-taskrun-with-credentials-variable-pod", "", "test-taskrun-with-credentials-variable", "bar", "foo", config.DefaultServiceAccountValue, false, nil, []stepForExpectedPod{{ + wantPod: expectedPod("test-taskrun-with-credentials-variable-pod", "", "test-taskrun-with-credentials-variable", "bar", "foo", config.DefaultServiceAccountValue, nil, []stepForExpectedPod{{ name: "mycontainer", image: "myimage", cmd: "/mycmd /tekton/creds", @@ -930,7 +896,7 @@ spec: "Normal Started ", "Normal Running Not all Steps", }, - wantPod: expectedPod("test-taskrun-bundle-pod", "test-task", "test-taskrun-bundle", "bar", "foo", config.DefaultServiceAccountValue, false, nil, []stepForExpectedPod{{ + wantPod: expectedPod("test-taskrun-bundle-pod", "test-task", "test-taskrun-bundle", "bar", "foo", config.DefaultServiceAccountValue, nil, []stepForExpectedPod{{ name: "simple-step", image: "foo", cmd: "/mycmd", @@ -1044,10 +1010,9 @@ spec: }, }} d := test.Data{ - ConfigMaps: cms, - TaskRuns: taskruns, - Tasks: []*v1.Task{simpleTask, saTask, templatedTask}, - ClusterTasks: []*v1beta1.ClusterTask{clustertask}, + ConfigMaps: cms, + TaskRuns: taskruns, + Tasks: []*v1.Task{simpleTask, saTask, templatedTask}, } for _, tc := range []struct { name string @@ -1061,7 +1026,7 @@ spec: "Normal Started ", "Normal Running Not all Steps", }, - wantPod: expectedPod("test-taskrun-with-output-config-pod", "", "test-taskrun-with-output-config", "bar", "foo", config.DefaultServiceAccountValue, false, nil, []stepForExpectedPod{{ + wantPod: expectedPod("test-taskrun-with-output-config-pod", "", "test-taskrun-with-output-config", "bar", "foo", config.DefaultServiceAccountValue, nil, []stepForExpectedPod{{ name: "mycontainer", image: "myimage", stdoutPath: "stdout.txt", @@ -1074,19 +1039,17 @@ spec: "Normal Started ", "Normal Running Not all Steps", }, - wantPod: addVolumeMounts(expectedPod("test-taskrun-with-output-config-ws-pod", "", "test-taskrun-with-output-config-ws", "bar", "foo", config.DefaultServiceAccountValue, false, - []corev1.Volume{{ - Name: "ws-d872e", - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, - }, - }}, - []stepForExpectedPod{{ - name: "mycontainer", - image: "myimage", - stdoutPath: "stdout.txt", - cmd: "/mycmd", - }}), + wantPod: addVolumeMounts(expectedPod("test-taskrun-with-output-config-ws-pod", "", "test-taskrun-with-output-config-ws", "bar", "foo", config.DefaultServiceAccountValue, []corev1.Volume{{ + Name: "ws-d872e", + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + }}, []stepForExpectedPod{{ + name: "mycontainer", + image: "myimage", + stdoutPath: "stdout.txt", + cmd: "/mycmd", + }}), []corev1.VolumeMount{{ Name: "ws-d872e", MountPath: "/workspace/data", @@ -1415,16 +1378,7 @@ spec: taskRef: name: notask `) - withWrongRef := parse.MustParseV1TaskRun(t, ` -metadata: - name: taskrun-with-wrong-ref - namespace: foo -spec: - taskRef: - kind: ClusterTask - name: taskrun-with-wrong-ref -`) - taskRuns := []*v1.TaskRun{noTaskRun, withWrongRef} + taskRuns := []*v1.TaskRun{noTaskRun} tasks := []*v1.Task{simpleTask} d := test.Data{ @@ -1446,15 +1400,6 @@ spec: "Warning Failed", "Warning InternalError", }, - }, { - name: "task run with wrong ref", - taskRun: withWrongRef, - reason: podconvert.ReasonFailedResolution, - wantEvents: []string{ - "Normal Started", - "Warning Failed", - "Warning InternalError", - }, }} for _, tc := range testcases { @@ -1989,9 +1934,8 @@ spec: name: test-task `) d := test.Data{ - TaskRuns: []*v1.TaskRun{tr}, - Tasks: []*v1.Task{simpleTask}, - ClusterTasks: []*v1beta1.ClusterTask{}, + TaskRuns: []*v1.TaskRun{tr}, + Tasks: []*v1.Task{simpleTask}, } for _, v := range []error{ errors.New("etcdserver: leader changed"), @@ -4472,9 +4416,8 @@ spec: name: test-task-with-workspace `) d := test.Data{ - Tasks: []*v1.Task{taskWithWorkspace}, - TaskRuns: []*v1.TaskRun{taskRun}, - ClusterTasks: nil, + Tasks: []*v1.Task{taskWithWorkspace}, + TaskRuns: []*v1.TaskRun{taskRun}, } testAssets, cancel := getTaskRunController(t, d) defer cancel() @@ -4532,9 +4475,8 @@ spec: name: test-task-with-workspace `) d := test.Data{ - Tasks: []*v1.Task{taskWithWorkspace}, - TaskRuns: []*v1.TaskRun{taskRun}, - ClusterTasks: nil, + Tasks: []*v1.Task{taskWithWorkspace}, + TaskRuns: []*v1.TaskRun{taskRun}, } d.ConfigMaps = append(d.ConfigMaps, &corev1.ConfigMap{ @@ -4596,9 +4538,8 @@ spec: name: test-task-with-workspace `) d := test.Data{ - Tasks: []*v1.Task{taskWithWorkspace}, - TaskRuns: []*v1.TaskRun{taskRun}, - ClusterTasks: nil, + Tasks: []*v1.Task{taskWithWorkspace}, + TaskRuns: []*v1.TaskRun{taskRun}, } d.ConfigMaps = append(d.ConfigMaps, &corev1.ConfigMap{ @@ -4762,9 +4703,8 @@ spec: for _, tc := range tcs { d := test.Data{ - Tasks: []*v1.Task{taskWithTwoWorkspaces}, - TaskRuns: []*v1.TaskRun{taskRun}, - ClusterTasks: nil, + Tasks: []*v1.Task{taskWithTwoWorkspaces}, + TaskRuns: []*v1.TaskRun{taskRun}, ConfigMaps: []*corev1.ConfigMap{{ ObjectMeta: metav1.ObjectMeta{Namespace: system.Namespace(), Name: config.GetFeatureFlagsConfigName()}, Data: tc.cfgMap, @@ -4836,9 +4776,8 @@ spec: name: mypvc `) d := test.Data{ - Tasks: []*v1.Task{taskWithWorkspace}, - TaskRuns: []*v1.TaskRun{taskRun}, - ClusterTasks: nil, + Tasks: []*v1.Task{taskWithWorkspace}, + TaskRuns: []*v1.TaskRun{taskRun}, } testAssets, cancel := getTaskRunController(t, d) defer cancel() @@ -5971,7 +5910,6 @@ func podVolumeMounts(idx, totalSteps int) []corev1.VolumeMount { Name: "tekton-internal-artifacts", MountPath: "/tekton/artifacts", }) - return mnts } @@ -6009,7 +5947,7 @@ func podArgs(cmd string, stdoutPath string, stderrPath string, additionalArgs [] return args } -func podObjectMeta(name, taskName, taskRunName, taskRunUID, ns string, isClusterTask bool) metav1.ObjectMeta { +func podObjectMeta(name, taskName, taskRunName, taskRunUID, ns string) metav1.ObjectMeta { trueB := true om := metav1.ObjectMeta{ Name: name, @@ -6033,11 +5971,7 @@ func podObjectMeta(name, taskName, taskRunName, taskRunUID, ns string, isCluster } if taskName != "" { - if isClusterTask { - om.Labels[pipeline.ClusterTaskLabelKey] = taskName - } else { - om.Labels[pipeline.TaskLabelKey] = taskName - } + om.Labels[pipeline.TaskLabelKey] = taskName } return om @@ -6055,13 +5989,13 @@ type stepForExpectedPod struct { stderrPath string } -func expectedPod(podName, taskName, taskRunName, taskRunUID, ns, saName string, isClusterTask bool, extraVolumes []corev1.Volume, steps []stepForExpectedPod) *corev1.Pod { +func expectedPod(podName, taskName, taskRunName, taskRunUID, ns, saName string, extraVolumes []corev1.Volume, steps []stepForExpectedPod) *corev1.Pod { stepNames := make([]string, 0, len(steps)) for _, s := range steps { stepNames = append(stepNames, "step-"+s.name) } p := &corev1.Pod{ - ObjectMeta: podObjectMeta(podName, taskName, taskRunName, taskRunUID, ns, isClusterTask), + ObjectMeta: podObjectMeta(podName, taskName, taskRunName, taskRunUID, ns), Spec: corev1.PodSpec{ Volumes: []corev1.Volume{ workspaceVolume, diff --git a/pkg/remote/oci/resolver_test.go b/pkg/remote/oci/resolver_test.go index 9004b7cfe6d..6785de362b8 100644 --- a/pkg/remote/oci/resolver_test.go +++ b/pkg/remote/oci/resolver_test.go @@ -100,24 +100,7 @@ func TestOCIResolver(t *testing.T) { }, mapper: test.DefaultObjectAnnotationMapper, listExpected: []remote.ResolvedObject{{Kind: "task", APIVersion: "v1beta1", Name: "simple-task"}}, - }, - { - name: "cluster-task", - objs: []runtime.Object{ - &v1beta1.ClusterTask{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-task", - }, - TypeMeta: metav1.TypeMeta{ - APIVersion: "tekton.dev/v1beta1", - Kind: "ClusterTask", - }, - }, - }, - mapper: test.DefaultObjectAnnotationMapper, - listExpected: []remote.ResolvedObject{{Kind: "clustertask", APIVersion: "v1beta1", Name: "simple-task"}}, - }, - { + }, { name: "multiple-tasks", objs: []runtime.Object{ &v1beta1.Task{ diff --git a/pkg/taskrunmetrics/metrics.go b/pkg/taskrunmetrics/metrics.go index 94a5dad73b7..0ff15d63068 100644 --- a/pkg/taskrunmetrics/metrics.go +++ b/pkg/taskrunmetrics/metrics.go @@ -383,11 +383,6 @@ func getTaskTagName(tr *v1.TaskRun) string { if hasPipelineTaskTable && len(pipelineTaskTable) > 0 { taskName = pipelineTaskTable } - case tr.Spec.TaskRef != nil && tr.Spec.TaskRef.Kind == v1.ClusterTaskRefKind: - clusterTaskLabel, hasClusterTaskLabel := tr.Labels[pipeline.ClusterTaskLabelKey] - if hasClusterTaskLabel && len(clusterTaskLabel) > 0 { - taskName = clusterTaskLabel - } default: if len(tr.Labels) > 0 { taskLabel, hasTaskLabel := tr.Labels[pipeline.TaskLabelKey] diff --git a/pkg/taskrunmetrics/metrics_test.go b/pkg/taskrunmetrics/metrics_test.go index daf8342dbce..d5f01d29e4e 100644 --- a/pkg/taskrunmetrics/metrics_test.go +++ b/pkg/taskrunmetrics/metrics_test.go @@ -208,42 +208,6 @@ func TestRecordTaskRunDurationCount(t *testing.T) { expectedCount: 1, beforeCondition: nil, countWithReason: false, - }, { - name: "for succeeded taskrun create by pipelinerun", - taskRun: &v1.TaskRun{ - ObjectMeta: metav1.ObjectMeta{Name: "taskrun-1", Namespace: "ns", Labels: map[string]string{ - pipeline.ClusterTaskLabelKey: "task-1", - }}, - Spec: v1.TaskRunSpec{ - TaskRef: &v1.TaskRef{Kind: v1.ClusterTaskRefKind}, - }, - Status: v1.TaskRunStatus{ - Status: duckv1.Status{ - Conditions: duckv1.Conditions{{ - Type: apis.ConditionSucceeded, - Status: corev1.ConditionTrue, - }}, - }, - TaskRunStatusFields: v1.TaskRunStatusFields{ - StartTime: &startTime, - CompletionTime: &completionTime, - }, - }, - }, - metricName: "taskrun_duration_seconds", - expectedDurationTags: map[string]string{ - "task": "task-1", - "taskrun": "taskrun-1", - "namespace": "ns", - "status": "success", - }, - expectedCountTags: map[string]string{ - "status": "success", - }, - expectedDuration: 60, - expectedCount: 1, - beforeCondition: nil, - countWithReason: false, }, { name: "for succeeded taskrun with before condition", taskRun: &v1.TaskRun{ diff --git a/pkg/trustedresources/verify_test.go b/pkg/trustedresources/verify_test.go index 04fde6cfeaf..2934e30e1ef 100644 --- a/pkg/trustedresources/verify_test.go +++ b/pkg/trustedresources/verify_test.go @@ -544,16 +544,6 @@ func TestVerifyResource_V1Pipeline_Error(t *testing.T) { } } -func TestVerifyResource_TypeNotSupported(t *testing.T) { - resource := v1beta1.ClusterTask{} - refSource := &v1.RefSource{URI: "git+https://github.com/tektoncd/catalog.git"} - _, _, k8sclient, vps := test.SetupVerificationPolicies(t) - vr := VerifyResource(context.Background(), &resource, k8sclient, refSource, vps) - if !errors.Is(vr.Err, ErrResourceNotSupported) { - t.Errorf("want:%v got:%v ", ErrResourceNotSupported, vr.Err) - } -} - func signInterface(signer signature.Signer, i interface{}) ([]byte, error) { if signer == nil { return nil, errors.New("signer is nil") diff --git a/test/clients.go b/test/clients.go index 4e029ef4cfe..efc7d2b6fb6 100644 --- a/test/clients.go +++ b/test/clients.go @@ -59,7 +59,6 @@ type clients struct { ApixClient apixclient.Interface V1beta1PipelineClient v1beta1.PipelineInterface - V1beta1ClusterTaskClient v1beta1.ClusterTaskInterface V1beta1TaskClient v1beta1.TaskInterface V1beta1TaskRunClient v1beta1.TaskRunInterface V1beta1PipelineRunClient v1beta1.PipelineRunInterface @@ -107,7 +106,6 @@ func newClients(t *testing.T, configPath, clusterName, namespace string) *client t.Fatalf("failed to create resolution clientset from config file at %s: %s", configPath, err) } c.V1beta1PipelineClient = cs.TektonV1beta1().Pipelines(namespace) - c.V1beta1ClusterTaskClient = cs.TektonV1beta1().ClusterTasks() c.V1beta1TaskClient = cs.TektonV1beta1().Tasks(namespace) c.V1beta1TaskRunClient = cs.TektonV1beta1().TaskRuns(namespace) c.V1beta1PipelineRunClient = cs.TektonV1beta1().PipelineRuns(namespace) diff --git a/test/controller.go b/test/controller.go index d4cc5506135..80e5ba7061c 100644 --- a/test/controller.go +++ b/test/controller.go @@ -38,7 +38,6 @@ import ( faketaskinformer "github.com/tektoncd/pipeline/pkg/client/injection/informers/pipeline/v1/task/fake" faketaskruninformer "github.com/tektoncd/pipeline/pkg/client/injection/informers/pipeline/v1/taskrun/fake" fakeverificationpolicyinformer "github.com/tektoncd/pipeline/pkg/client/injection/informers/pipeline/v1alpha1/verificationpolicy/fake" - fakeclustertaskinformer "github.com/tektoncd/pipeline/pkg/client/injection/informers/pipeline/v1beta1/clustertask/fake" fakecustomruninformer "github.com/tektoncd/pipeline/pkg/client/injection/informers/pipeline/v1beta1/customrun/fake" fakestepactioninformer "github.com/tektoncd/pipeline/pkg/client/injection/informers/pipeline/v1beta1/stepaction/fake" fakeresolutionclientset "github.com/tektoncd/pipeline/pkg/client/resolution/clientset/versioned/fake" @@ -75,7 +74,6 @@ type Data struct { TaskRuns []*v1.TaskRun Tasks []*v1.Task StepActions []*v1beta1.StepAction - ClusterTasks []*v1beta1.ClusterTask CustomRuns []*v1beta1.CustomRun Pods []*corev1.Pod Namespaces []*corev1.Namespace @@ -105,7 +103,6 @@ type Informers struct { CustomRun informersv1beta1.CustomRunInformer Task informersv1.TaskInformer StepAction informersv1beta1.StepActionInformer - ClusterTask informersv1beta1.ClusterTaskInformer Pod coreinformers.PodInformer ConfigMap coreinformers.ConfigMapInformer ServiceAccount coreinformers.ServiceAccountInformer @@ -192,7 +189,6 @@ func SeedTestData(t *testing.T, ctx context.Context, d Data) (Clients, Informers CustomRun: fakecustomruninformer.Get(ctx), Task: faketaskinformer.Get(ctx), StepAction: fakestepactioninformer.Get(ctx), - ClusterTask: fakeclustertaskinformer.Get(ctx), Pod: fakefilteredpodinformer.Get(ctx, v1.ManagedByLabelKey), ConfigMap: fakeconfigmapinformer.Get(ctx), ServiceAccount: fakeserviceaccountinformer.Get(ctx), @@ -240,13 +236,6 @@ func SeedTestData(t *testing.T, ctx context.Context, d Data) (Clients, Informers t.Fatal(err) } } - c.Pipeline.PrependReactor("*", "clustertasks", AddToInformer(t, i.ClusterTask.Informer().GetIndexer())) - for _, ct := range d.ClusterTasks { - ct := ct.DeepCopy() // Avoid assumptions that the informer's copy is modified. - if _, err := c.Pipeline.TektonV1beta1().ClusterTasks().Create(ctx, ct, metav1.CreateOptions{}); err != nil { - t.Fatal(err) - } - } c.Pipeline.PrependReactor("*", "customruns", AddToInformer(t, i.CustomRun.Informer().GetIndexer())) for _, customRun := range d.CustomRuns { customRun := customRun.DeepCopy() // Avoid assumptions that the informer's copy is modified. diff --git a/test/e2e-common.sh b/test/e2e-common.sh index 679585db9be..b908ed38adb 100755 --- a/test/e2e-common.sh +++ b/test/e2e-common.sh @@ -153,7 +153,7 @@ function uninstall_pipeline_crd_version() { } function delete_tekton_resources() { - for res in tasks clustertasks pipelines taskruns pipelineruns; do + for res in tasks pipelines taskruns pipelineruns; do echo ">> Deleting ${res}" kubectl delete --ignore-not-found=true ${res}.tekton.dev --all done diff --git a/test/examples_test.go b/test/examples_test.go index 3880bc42022..0825f460b41 100644 --- a/test/examples_test.go +++ b/test/examples_test.go @@ -28,7 +28,6 @@ import ( "strings" "testing" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" knativetest "knative.dev/pkg/test" ) @@ -97,17 +96,6 @@ func substituteEnv(input []byte, namespace string) ([]byte, error) { return output, nil } -// deleteClusterTask removes a single clustertask by name using provided -// clientset. Test state is used for logging. deleteClusterTask does not wait -// for the clustertask to be deleted, so it is still possible to have name -// conflicts during test -func deleteClusterTask(ctx context.Context, t *testing.T, c *clients, name string) { - t.Logf("Deleting clustertask %s", name) - if err := c.V1beta1ClusterTaskClient.Delete(ctx, name, metav1.DeleteOptions{}); err != nil { - t.Fatalf("Failed to delete clustertask: %v", err) - } -} - type createFunc func(input []byte, namespace string) ([]byte, error) type waitFunc func(ctx context.Context, t *testing.T, c *clients, name string) @@ -151,16 +139,6 @@ func exampleTest(path string, waitValidateFunc waitFunc, createFunc createFunc, t.Fatalf("Failed to get created Tekton CRD of kind %s: %v", kind, err) } - // NOTE: If an example creates more than one clustertask, they will not all - // be cleaned up - clustertask, err := getCreatedTektonCRD(out, "clustertask") - if clustertask != "" { - knativetest.CleanupOnInterrupt(func() { deleteClusterTask(ctx, t, c, clustertask) }, t.Logf) - defer deleteClusterTask(ctx, t, c, clustertask) - } else if err != nil { - t.Fatalf("Failed to get created clustertask: %v", err) - } - waitValidateFunc(ctx, t, c, name) } } diff --git a/test/parse/yaml.go b/test/parse/yaml.go index 847084b9c26..c5c78b9881f 100644 --- a/test/parse/yaml.go +++ b/test/parse/yaml.go @@ -117,17 +117,6 @@ func MustParseV1TaskAndSetDefaults(t *testing.T, yaml string) *v1.Task { return task } -// MustParseClusterTask takes YAML and parses it into a *v1beta1.ClusterTask -func MustParseClusterTask(t *testing.T, yaml string) *v1beta1.ClusterTask { - t.Helper() - var clusterTask v1beta1.ClusterTask - yaml = `apiVersion: tekton.dev/v1beta1 -kind: ClusterTask -` + yaml - mustParseYAML(t, yaml, &clusterTask) - return &clusterTask -} - // MustParseV1beta1PipelineRun takes YAML and parses it into a *v1beta1.PipelineRun func MustParseV1beta1PipelineRun(t *testing.T, yaml string) *v1beta1.PipelineRun { t.Helper() diff --git a/test/util.go b/test/util.go index e1254e2edb1..316a3d6bc3a 100644 --- a/test/util.go +++ b/test/util.go @@ -201,15 +201,6 @@ func getCRDYaml(ctx context.Context, cs *clients, ns string) ([]byte, error) { output = append(output, bs...) } - v1beta1ClusterTasks, err := cs.V1beta1ClusterTaskClient.List(ctx, metav1.ListOptions{}) - if err != nil { - return nil, fmt.Errorf("could not get v1beta1 clustertasks: %w", err) - } - for _, i := range v1beta1ClusterTasks.Items { - i.SetManagedFields(nil) - printOrAdd(i) - } - v1Tasks, err := cs.V1TaskClient.List(ctx, metav1.ListOptions{}) if err != nil { return nil, fmt.Errorf("could not get v1 tasks: %w", err)