apiVersion: v1 kind: Namespace metadata: labels: control-plane: controller-manager name: release-service --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: release-service/serving-cert controller-gen.kubebuilder.io/version: v0.18.0 name: internalrequests.appstudio.redhat.com spec: group: appstudio.redhat.com names: kind: InternalRequest listKind: InternalRequestList plural: internalrequests singular: internalrequest scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .status.conditions[?(@.type=="Succeeded")].status name: Succeeded type: string - jsonPath: .status.conditions[?(@.type=="Succeeded")].reason name: Reason type: string name: v1alpha1 schema: openAPIV3Schema: description: InternalRequest is the Schema for the internalrequests API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: InternalRequestSpec defines the desired state of InternalRequest. properties: params: additionalProperties: type: string description: |- Params is the list of optional parameters to pass to the Tekton pipeline kubebuilder:pruning:PreserveUnknownFields type: object pipeline: description: Pipeline contains the details of the pipeline to execute for the InternalRequest properties: params: description: Params is a slice of parameters for a given resolver items: description: Param defines the parameters for a given resolver in PipelineRef properties: name: description: Name is the name of the parameter type: string value: description: Value is the value of the parameter type: string required: - name - value type: object type: array pipelineRef: description: PipelineRef is the reference to the Pipeline properties: params: description: Params is a slice of parameters for a given resolver items: description: Param defines the parameters for a given resolver in PipelineRef properties: name: description: Name is the name of the parameter type: string value: description: Value is the value of the parameter type: string required: - name - value type: object type: array resolver: description: Resolver is the name of a Tekton resolver to be used (e.g. git) type: string required: - params - resolver type: object serviceAccountName: description: ServiceAccountName is the ServiceAccount to use during the execution of the Pipeline pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string timeouts: description: Timeouts defines the different Timeouts to use in the PipelineRun execution properties: finally: description: Finally sets the maximum allowed duration of this pipeline's finally type: string pipeline: description: Pipeline sets the maximum allowed duration for execution of the entire pipeline. The sum of individual timeouts for tasks and finally must not exceed this value. type: string tasks: description: Tasks sets the maximum allowed duration of this pipeline's tasks type: string type: object required: - pipelineRef type: object serviceAccount: description: |- ServiceAccount defines the serviceAccount to use in the InternalRequest PipelineRun execution. If none is passed, the default Tekton ServiceAccount will be used pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string timeouts: description: Timeouts defines the different Timeouts to use in the InternalRequest PipelineRun execution properties: finally: description: Finally sets the maximum allowed duration of this pipeline's finally type: string pipeline: description: Pipeline sets the maximum allowed duration for execution of the entire pipeline. The sum of individual timeouts for tasks and finally must not exceed this value. type: string tasks: description: Tasks sets the maximum allowed duration of this pipeline's tasks type: string type: object required: - pipeline type: object status: description: InternalRequestStatus defines the observed state of InternalRequest. properties: completionTime: description: CompletionTime is the time the InternalRequest PipelineRun completed format: date-time type: string conditions: description: Conditions represent the latest available observations for the internalrequest items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array pipelineRun: description: PipelineRun contains the namespaced name of the PipelineRun executed for this InternalRequest pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string results: additionalProperties: type: string description: |- Results is the list of optional results as seen in the Tekton PipelineRun kubebuilder:pruning:PreserveUnknownFields type: object startTime: description: StartTime is the time when the InternalRequest PipelineRun was created and set to run format: date-time type: string type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: release-service/serving-cert controller-gen.kubebuilder.io/version: v0.18.0 name: internalservicesconfigs.appstudio.redhat.com spec: group: appstudio.redhat.com names: kind: InternalServicesConfig listKind: InternalServicesConfigList plural: internalservicesconfigs singular: internalservicesconfig scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: InternalServicesConfig is the Schema for the internalservicesconfigs API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: InternalServicesConfigSpec defines the desired state of InternalServicesConfig. properties: allowList: description: AllowList is the list of remote namespaces that are allowed to execute InternalRequests items: type: string type: array debug: description: Debug sets the operator to run in debug mode. In this mode, PipelineRuns and PVCs will not be removed type: boolean volumeClaim: default: name: workspace size: 1Gi description: VolumeClaim holds information about the volume to request for Pipelines requiring a workspace properties: name: default: workspace description: Name is the workspace name pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string size: default: 1Gi description: Size is the size that will be requested when a workspace is required by a Pipeline pattern: ^[1-9][0-9]*(K|M|G)i$ type: string type: object type: object status: description: InternalServicesConfigStatus defines the observed state of InternalServicesConfig. type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: release-service/serving-cert controller-gen.kubebuilder.io/version: v0.18.0 name: releaseplanadmissions.appstudio.redhat.com spec: group: appstudio.redhat.com names: kind: ReleasePlanAdmission listKind: ReleasePlanAdmissionList plural: releaseplanadmissions shortNames: - rpa singular: releaseplanadmission scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .spec.environment name: Environment type: string - jsonPath: .spec.origin name: Origin type: string name: v1alpha1 schema: openAPIV3Schema: description: ReleasePlanAdmission is the Schema for the ReleasePlanAdmissions API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ReleasePlanAdmissionSpec defines the desired state of ReleasePlanAdmission. properties: applications: description: |- Applications is a list of references to applications to be released in the managed namespace. Either applications or componentGroups must be specified, but not both. items: type: string minItems: 1 type: array collectors: description: Collectors contains all the information of the collectors to be executed as part of the release workflow properties: items: description: Items is the list of Collectors to be executed as part of the release workflow items: description: |- CollectorItem represents all the information about an specific collector which will be executed in the CollectorsPipeline. properties: name: description: Name of the collector pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string params: description: Params is a slice of parameters for a given collector items: description: Param represents a parameter for a collector properties: name: description: Name is the name of the parameter type: string value: description: Value is the value of the parameter type: string required: - name - value type: object type: array timeout: description: Timeout in seconds for the collector to execute type: integer type: description: Type is the type of collector to be used pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name - params - type type: object type: array secrets: description: Secrets is the list of secrets to be used in the Collector's Pipeline items: type: string type: array serviceAccountName: description: ServiceAccountName is the ServiceAccount to use during the execution of the Collectors Pipeline pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - items type: object componentGroups: description: |- ComponentGroups is a list of references to component groups to be released in the managed namespace. Either applications or componentGroups must be specified, but not both. items: type: string minItems: 1 type: array data: description: Data is an unstructured key used for providing data for the managed Release Pipeline type: object x-kubernetes-preserve-unknown-fields: true environment: description: Environment defines which Environment will be used to release the Application pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string origin: description: Origin references where the release requests should come from pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string pipeline: description: Pipeline contains all the information about the managed Pipeline properties: maxRetries: description: |- MaxRetries sets the retry limit for the pipeline overriding the value in ReleaseServiceConfig when specified. When unset the ReleaseServiceConfig value is used and 0 disables retries for the pipeline. minimum: 0 type: integer pipelineRef: description: PipelineRef is the reference to the Pipeline properties: ociStorage: description: |- OciStorage specifies the OCI repository where the Trusted Artifacts are stored. This value is passed to the Pipeline as the "ociStorage" parameter. If not set, the default value from the Pipeline definition will be used. This field is intended for use in ReleasePlanAdmissions. type: string params: description: Params is a slice of parameters for a given resolver items: description: Param defines the parameters for a given resolver in PipelineRef properties: name: description: Name is the name of the parameter type: string value: description: Value is the value of the parameter type: string required: - name - value type: object type: array resolver: description: Resolver is the name of a Tekton resolver to be used (e.g. git) type: string useEmptyDir: description: |- UseEmptyDir specifies whether to use an empty dir volume for the workspace. When true, the PipelineRun will use an empty dir volume. Otherwise, it will use a volume claim template by default. type: boolean required: - params - resolver type: object serviceAccountName: description: ServiceAccountName is the ServiceAccount to use during the execution of the Pipeline pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string taskRunSpecs: description: TaskRunSpecs is the PipelineTaskRunSpec to be used in the PipelineRun execution items: description: |- PipelineTaskRunSpec can be used to configure specific specs for a concrete Task properties: computeResources: description: Compute resources to use for this TaskRun properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object metadata: description: PipelineTaskMetadata contains the labels or annotations for an EmbeddedTask properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object pipelineTaskName: type: string podTemplate: description: PodTemplate holds pod specific configuration properties: affinity: description: |- If specified, the pod's scheduling constraints. See Pod.spec.affinity (API version: v1) x-kubernetes-preserve-unknown-fields: true automountServiceAccountToken: description: |- AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. type: boolean dnsConfig: description: |- Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. properties: nameservers: description: |- A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. items: type: string type: array x-kubernetes-list-type: atomic options: description: |- A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. items: description: PodDNSConfigOption defines DNS resolver options of a pod. properties: name: description: |- Name is this DNS resolver option's name. Required. type: string value: description: Value is this DNS resolver option's value. type: string type: object type: array x-kubernetes-list-type: atomic searches: description: |- A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. items: type: string type: array x-kubernetes-list-type: atomic type: object dnsPolicy: description: |- Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. type: string enableServiceLinks: description: |- EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true. type: boolean env: description: List of environment variables that can be provided to the containers belonging to the pod. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: |- Name of the environment variable. May consist of any printable ASCII characters except '='. type: string value: description: |- Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". type: string valueFrom: description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: |- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic fileKeyRef: description: |- FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled. properties: key: description: |- The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. type: string optional: default: false description: |- Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. type: boolean path: description: |- The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. type: string volumeName: description: The name of the volume mount containing the env file. type: string required: - key - path - volumeName type: object x-kubernetes-map-type: atomic resourceFieldRef: description: |- Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array x-kubernetes-list-type: atomic hostAliases: description: |- HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. items: description: |- HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. properties: hostnames: description: Hostnames for the above IP address. items: type: string type: array x-kubernetes-list-type: atomic ip: description: IP address of the host file entry. type: string required: - ip type: object type: array x-kubernetes-list-type: atomic hostNetwork: description: HostNetwork specifies whether the pod may use the node network namespace type: boolean hostUsers: description: |- HostUsers indicates whether the pod will use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new user namespace is created for the pod. Setting false is useful to mitigating container breakout vulnerabilities such as allowing containers to run as root without their user having root privileges on the host. This field depends on the kubernetes feature gate UserNamespacesSupport being enabled. type: boolean imagePullSecrets: description: ImagePullSecrets gives the name of the secret used by the pod to pull the image if specified items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic nodeSelector: additionalProperties: type: string description: |- NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object priorityClassName: description: |- If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. type: string runtimeClassName: description: |- RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14. type: string schedulerName: description: SchedulerName specifies the scheduler to be used to dispatch the Pod type: string securityContext: description: |- SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field. See Pod.spec.securityContext (API version: v1) x-kubernetes-preserve-unknown-fields: true tolerations: description: If specified, the pod's tolerations. items: description: |- The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: effect: description: |- Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: |- Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: description: |- Operator represents a key's relationship to the value. Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: description: |- Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array x-kubernetes-list-type: atomic topologySpreadConstraints: description: |- TopologySpreadConstraints controls how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains. items: description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. properties: labelSelector: description: |- LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic maxSkew: description: |- MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. format: int32 type: integer minDomains: description: |- MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. format: int32 type: integer nodeAffinityPolicy: description: |- NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. type: string nodeTaintsPolicy: description: |- NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. type: string topologyKey: description: |- TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. type: string whenUnsatisfiable: description: |- WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. type: string required: - maxSkew - topologyKey - whenUnsatisfiable type: object type: array x-kubernetes-list-type: atomic volumes: description: |- List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes See Pod.spec.volumes (API version: v1) x-kubernetes-preserve-unknown-fields: true type: object serviceAccountName: type: string sidecarSpecs: items: description: TaskRunSidecarSpec is used to override the values of a Sidecar in the corresponding Task. properties: computeResources: description: The resource requirements to apply to the Sidecar. properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object name: description: The name of the Sidecar to override. type: string required: - computeResources - name type: object type: array x-kubernetes-list-type: atomic stepSpecs: items: description: TaskRunStepSpec is used to override the values of a Step in the corresponding Task. properties: computeResources: description: The resource requirements to apply to the Step. properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object name: description: The name of the Step to override. type: string required: - computeResources - name type: object type: array x-kubernetes-list-type: atomic timeout: description: |- Duration after which the TaskRun times out. Overrides the timeout specified on the Task's spec if specified. Takes lower precedence to PipelineRun's `spec.timeouts.tasks` Refer Go's ParseDuration documentation for expected format: https://golang.org/pkg/time/#ParseDuration type: string type: object type: array timeouts: description: Timeouts defines the different Timeouts to use in the PipelineRun execution properties: finally: description: Finally sets the maximum allowed duration of this pipeline's finally type: string pipeline: description: Pipeline sets the maximum allowed duration for execution of the entire pipeline. The sum of individual timeouts for tasks and finally must not exceed this value. type: string tasks: description: Tasks sets the maximum allowed duration of this pipeline's tasks type: string type: object required: - pipelineRef type: object policy: description: Policy to validate before releasing an artifact pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - origin - policy type: object x-kubernetes-validations: - message: exactly one of applications or componentGroups must be specified rule: has(self.applications) != has(self.componentGroups) status: description: ReleasePlanAdmissionStatus defines the observed state of ReleasePlanAdmission. properties: conditions: description: Conditions represent the latest available observations for the releasePlanAdmission items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array releasePlans: description: ReleasePlan is a list of releasePlans matched to the ReleasePlanAdmission items: description: MatchedReleasePlan defines the relevant information for a matched ReleasePlan. properties: active: description: Active indicates whether the ReleasePlan is set to auto-release or not type: boolean name: description: Name contains the namespaced name of the ReleasePlan pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: array type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: release-service/serving-cert controller-gen.kubebuilder.io/version: v0.18.0 name: releaseplans.appstudio.redhat.com spec: group: appstudio.redhat.com names: kind: ReleasePlan listKind: ReleasePlanList plural: releaseplans shortNames: - rp singular: releaseplan scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .spec.application name: Application type: string - jsonPath: .spec.componentGroup name: ComponentGroup type: string - jsonPath: .spec.target name: Target type: string name: v1alpha1 schema: openAPIV3Schema: description: ReleasePlan is the Schema for the ReleasePlans API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ReleasePlanSpec defines the desired state of ReleasePlan. properties: application: description: |- Application is a reference to the application to be released in the managed namespace. Either application or componentGroup must be specified, but not both. maxLength: 63 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string collectors: description: Collectors contains all the information of the collectors to be executed as part of the release workflow properties: items: description: Items is the list of Collectors to be executed as part of the release workflow items: description: |- CollectorItem represents all the information about an specific collector which will be executed in the CollectorsPipeline. properties: name: description: Name of the collector pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string params: description: Params is a slice of parameters for a given collector items: description: Param represents a parameter for a collector properties: name: description: Name is the name of the parameter type: string value: description: Value is the value of the parameter type: string required: - name - value type: object type: array timeout: description: Timeout in seconds for the collector to execute type: integer type: description: Type is the type of collector to be used pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name - params - type type: object type: array secrets: description: Secrets is the list of secrets to be used in the Collector's Pipeline items: type: string type: array serviceAccountName: description: ServiceAccountName is the ServiceAccount to use during the execution of the Collectors Pipeline pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - items type: object componentGroup: description: |- ComponentGroup is a reference to the component group to be released in the managed namespace. Either application or componentGroup must be specified, but not both. maxLength: 63 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string data: description: Data is an unstructured key used for providing data for the managed Release Pipeline type: object x-kubernetes-preserve-unknown-fields: true finalPipeline: description: FinalPipeline contains all the information about the final Pipeline properties: maxRetries: description: |- MaxRetries sets the retry limit for the pipeline overriding the value in ReleaseServiceConfig when specified. When unset the ReleaseServiceConfig value is used and 0 disables retries for the pipeline. minimum: 0 type: integer params: description: Params is a slice of parameters to be passed to the Pipeline items: description: Param defines the parameters for a given resolver in PipelineRef properties: name: description: Name is the name of the parameter type: string value: description: Value is the value of the parameter type: string required: - name - value type: object type: array pipelineRef: description: PipelineRef is the reference to the Pipeline properties: ociStorage: description: |- OciStorage specifies the OCI repository where the Trusted Artifacts are stored. This value is passed to the Pipeline as the "ociStorage" parameter. If not set, the default value from the Pipeline definition will be used. This field is intended for use in ReleasePlanAdmissions. type: string params: description: Params is a slice of parameters for a given resolver items: description: Param defines the parameters for a given resolver in PipelineRef properties: name: description: Name is the name of the parameter type: string value: description: Value is the value of the parameter type: string required: - name - value type: object type: array resolver: description: Resolver is the name of a Tekton resolver to be used (e.g. git) type: string useEmptyDir: description: |- UseEmptyDir specifies whether to use an empty dir volume for the workspace. When true, the PipelineRun will use an empty dir volume. Otherwise, it will use a volume claim template by default. type: boolean required: - params - resolver type: object serviceAccountName: description: ServiceAccountName is the ServiceAccount to use during the execution of the Pipeline pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string taskRunSpecs: description: TaskRunSpecs is the PipelineTaskRunSpec to be used in the PipelineRun execution items: description: |- PipelineTaskRunSpec can be used to configure specific specs for a concrete Task properties: computeResources: description: Compute resources to use for this TaskRun properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object metadata: description: PipelineTaskMetadata contains the labels or annotations for an EmbeddedTask properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object pipelineTaskName: type: string podTemplate: description: PodTemplate holds pod specific configuration properties: affinity: description: |- If specified, the pod's scheduling constraints. See Pod.spec.affinity (API version: v1) x-kubernetes-preserve-unknown-fields: true automountServiceAccountToken: description: |- AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. type: boolean dnsConfig: description: |- Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. properties: nameservers: description: |- A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. items: type: string type: array x-kubernetes-list-type: atomic options: description: |- A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. items: description: PodDNSConfigOption defines DNS resolver options of a pod. properties: name: description: |- Name is this DNS resolver option's name. Required. type: string value: description: Value is this DNS resolver option's value. type: string type: object type: array x-kubernetes-list-type: atomic searches: description: |- A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. items: type: string type: array x-kubernetes-list-type: atomic type: object dnsPolicy: description: |- Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. type: string enableServiceLinks: description: |- EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true. type: boolean env: description: List of environment variables that can be provided to the containers belonging to the pod. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: |- Name of the environment variable. May consist of any printable ASCII characters except '='. type: string value: description: |- Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". type: string valueFrom: description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: |- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic fileKeyRef: description: |- FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled. properties: key: description: |- The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. type: string optional: default: false description: |- Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. type: boolean path: description: |- The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. type: string volumeName: description: The name of the volume mount containing the env file. type: string required: - key - path - volumeName type: object x-kubernetes-map-type: atomic resourceFieldRef: description: |- Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array x-kubernetes-list-type: atomic hostAliases: description: |- HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. items: description: |- HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. properties: hostnames: description: Hostnames for the above IP address. items: type: string type: array x-kubernetes-list-type: atomic ip: description: IP address of the host file entry. type: string required: - ip type: object type: array x-kubernetes-list-type: atomic hostNetwork: description: HostNetwork specifies whether the pod may use the node network namespace type: boolean hostUsers: description: |- HostUsers indicates whether the pod will use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new user namespace is created for the pod. Setting false is useful to mitigating container breakout vulnerabilities such as allowing containers to run as root without their user having root privileges on the host. This field depends on the kubernetes feature gate UserNamespacesSupport being enabled. type: boolean imagePullSecrets: description: ImagePullSecrets gives the name of the secret used by the pod to pull the image if specified items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic nodeSelector: additionalProperties: type: string description: |- NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object priorityClassName: description: |- If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. type: string runtimeClassName: description: |- RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14. type: string schedulerName: description: SchedulerName specifies the scheduler to be used to dispatch the Pod type: string securityContext: description: |- SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field. See Pod.spec.securityContext (API version: v1) x-kubernetes-preserve-unknown-fields: true tolerations: description: If specified, the pod's tolerations. items: description: |- The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: effect: description: |- Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: |- Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: description: |- Operator represents a key's relationship to the value. Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: description: |- Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array x-kubernetes-list-type: atomic topologySpreadConstraints: description: |- TopologySpreadConstraints controls how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains. items: description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. properties: labelSelector: description: |- LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic maxSkew: description: |- MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. format: int32 type: integer minDomains: description: |- MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. format: int32 type: integer nodeAffinityPolicy: description: |- NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. type: string nodeTaintsPolicy: description: |- NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. type: string topologyKey: description: |- TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. type: string whenUnsatisfiable: description: |- WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. type: string required: - maxSkew - topologyKey - whenUnsatisfiable type: object type: array x-kubernetes-list-type: atomic volumes: description: |- List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes See Pod.spec.volumes (API version: v1) x-kubernetes-preserve-unknown-fields: true type: object serviceAccountName: type: string sidecarSpecs: items: description: TaskRunSidecarSpec is used to override the values of a Sidecar in the corresponding Task. properties: computeResources: description: The resource requirements to apply to the Sidecar. properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object name: description: The name of the Sidecar to override. type: string required: - computeResources - name type: object type: array x-kubernetes-list-type: atomic stepSpecs: items: description: TaskRunStepSpec is used to override the values of a Step in the corresponding Task. properties: computeResources: description: The resource requirements to apply to the Step. properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object name: description: The name of the Step to override. type: string required: - computeResources - name type: object type: array x-kubernetes-list-type: atomic timeout: description: |- Duration after which the TaskRun times out. Overrides the timeout specified on the Task's spec if specified. Takes lower precedence to PipelineRun's `spec.timeouts.tasks` Refer Go's ParseDuration documentation for expected format: https://golang.org/pkg/time/#ParseDuration type: string type: object type: array timeouts: description: Timeouts defines the different Timeouts to use in the PipelineRun execution properties: finally: description: Finally sets the maximum allowed duration of this pipeline's finally type: string pipeline: description: Pipeline sets the maximum allowed duration for execution of the entire pipeline. The sum of individual timeouts for tasks and finally must not exceed this value. type: string tasks: description: Tasks sets the maximum allowed duration of this pipeline's tasks type: string type: object required: - pipelineRef type: object releaseGracePeriodDays: default: 7 description: |- ReleaseGracePeriodDays is the number of days a Release should be kept This value is used to define the Release ExpirationTime type: integer target: description: Target references where to send the release requests pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string tenantPipeline: description: TenantPipeline contains all the information about the tenant Pipeline properties: maxRetries: description: |- MaxRetries sets the retry limit for the pipeline overriding the value in ReleaseServiceConfig when specified. When unset the ReleaseServiceConfig value is used and 0 disables retries for the pipeline. minimum: 0 type: integer params: description: Params is a slice of parameters to be passed to the Pipeline items: description: Param defines the parameters for a given resolver in PipelineRef properties: name: description: Name is the name of the parameter type: string value: description: Value is the value of the parameter type: string required: - name - value type: object type: array pipelineRef: description: PipelineRef is the reference to the Pipeline properties: ociStorage: description: |- OciStorage specifies the OCI repository where the Trusted Artifacts are stored. This value is passed to the Pipeline as the "ociStorage" parameter. If not set, the default value from the Pipeline definition will be used. This field is intended for use in ReleasePlanAdmissions. type: string params: description: Params is a slice of parameters for a given resolver items: description: Param defines the parameters for a given resolver in PipelineRef properties: name: description: Name is the name of the parameter type: string value: description: Value is the value of the parameter type: string required: - name - value type: object type: array resolver: description: Resolver is the name of a Tekton resolver to be used (e.g. git) type: string useEmptyDir: description: |- UseEmptyDir specifies whether to use an empty dir volume for the workspace. When true, the PipelineRun will use an empty dir volume. Otherwise, it will use a volume claim template by default. type: boolean required: - params - resolver type: object serviceAccountName: description: ServiceAccountName is the ServiceAccount to use during the execution of the Pipeline pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string taskRunSpecs: description: TaskRunSpecs is the PipelineTaskRunSpec to be used in the PipelineRun execution items: description: |- PipelineTaskRunSpec can be used to configure specific specs for a concrete Task properties: computeResources: description: Compute resources to use for this TaskRun properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object metadata: description: PipelineTaskMetadata contains the labels or annotations for an EmbeddedTask properties: annotations: additionalProperties: type: string type: object labels: additionalProperties: type: string type: object type: object pipelineTaskName: type: string podTemplate: description: PodTemplate holds pod specific configuration properties: affinity: description: |- If specified, the pod's scheduling constraints. See Pod.spec.affinity (API version: v1) x-kubernetes-preserve-unknown-fields: true automountServiceAccountToken: description: |- AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. type: boolean dnsConfig: description: |- Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. properties: nameservers: description: |- A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. items: type: string type: array x-kubernetes-list-type: atomic options: description: |- A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. items: description: PodDNSConfigOption defines DNS resolver options of a pod. properties: name: description: |- Name is this DNS resolver option's name. Required. type: string value: description: Value is this DNS resolver option's value. type: string type: object type: array x-kubernetes-list-type: atomic searches: description: |- A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. items: type: string type: array x-kubernetes-list-type: atomic type: object dnsPolicy: description: |- Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. type: string enableServiceLinks: description: |- EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true. type: boolean env: description: List of environment variables that can be provided to the containers belonging to the pod. items: description: EnvVar represents an environment variable present in a Container. properties: name: description: |- Name of the environment variable. May consist of any printable ASCII characters except '='. type: string value: description: |- Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "". type: string valueFrom: description: Source for the environment variable's value. Cannot be used if value is not empty. properties: configMapKeyRef: description: Selects a key of a ConfigMap. properties: key: description: The key to select. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the ConfigMap or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic fieldRef: description: |- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath is written in terms of, defaults to "v1". type: string fieldPath: description: Path of the field to select in the specified API version. type: string required: - fieldPath type: object x-kubernetes-map-type: atomic fileKeyRef: description: |- FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled. properties: key: description: |- The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. type: string optional: default: false description: |- Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers. If optional is set to false and the specified key does not exist, an error will be returned during Pod creation. type: boolean path: description: |- The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'. type: string volumeName: description: The name of the volume mount containing the env file. type: string required: - key - path - volumeName type: object x-kubernetes-map-type: atomic resourceFieldRef: description: |- Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string description: Specifies the output format of the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string required: - resource type: object x-kubernetes-map-type: atomic secretKeyRef: description: Selects a key of a secret in the pod's namespace properties: key: description: The key of the secret to select from. Must be a valid secret key. type: string name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string optional: description: Specify whether the Secret or its key must be defined type: boolean required: - key type: object x-kubernetes-map-type: atomic type: object required: - name type: object type: array x-kubernetes-list-type: atomic hostAliases: description: |- HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. items: description: |- HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. properties: hostnames: description: Hostnames for the above IP address. items: type: string type: array x-kubernetes-list-type: atomic ip: description: IP address of the host file entry. type: string required: - ip type: object type: array x-kubernetes-list-type: atomic hostNetwork: description: HostNetwork specifies whether the pod may use the node network namespace type: boolean hostUsers: description: |- HostUsers indicates whether the pod will use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new user namespace is created for the pod. Setting false is useful to mitigating container breakout vulnerabilities such as allowing containers to run as root without their user having root privileges on the host. This field depends on the kubernetes feature gate UserNamespacesSupport being enabled. type: boolean imagePullSecrets: description: ImagePullSecrets gives the name of the secret used by the pod to pull the image if specified items: description: |- LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. properties: name: default: "" description: |- Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string type: object x-kubernetes-map-type: atomic type: array x-kubernetes-list-type: atomic nodeSelector: additionalProperties: type: string description: |- NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object priorityClassName: description: |- If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. type: string runtimeClassName: description: |- RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14. type: string schedulerName: description: SchedulerName specifies the scheduler to be used to dispatch the Pod type: string securityContext: description: |- SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field. See Pod.spec.securityContext (API version: v1) x-kubernetes-preserve-unknown-fields: true tolerations: description: If specified, the pod's tolerations. items: description: |- The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . properties: effect: description: |- Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: |- Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: description: |- Operator represents a key's relationship to the value. Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: description: |- Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array x-kubernetes-list-type: atomic topologySpreadConstraints: description: |- TopologySpreadConstraints controls how Pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains. items: description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. properties: labelSelector: description: |- LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: description: |- A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: description: |- operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: description: |- values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array x-kubernetes-list-type: atomic required: - key - operator type: object type: array x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic matchLabelKeys: description: |- MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). items: type: string type: array x-kubernetes-list-type: atomic maxSkew: description: |- MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed. format: int32 type: integer minDomains: description: |- MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. format: int32 type: integer nodeAffinityPolicy: description: |- NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. type: string nodeTaintsPolicy: description: |- NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. type: string topologyKey: description: |- TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. type: string whenUnsatisfiable: description: |- WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field. type: string required: - maxSkew - topologyKey - whenUnsatisfiable type: object type: array x-kubernetes-list-type: atomic volumes: description: |- List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes See Pod.spec.volumes (API version: v1) x-kubernetes-preserve-unknown-fields: true type: object serviceAccountName: type: string sidecarSpecs: items: description: TaskRunSidecarSpec is used to override the values of a Sidecar in the corresponding Task. properties: computeResources: description: The resource requirements to apply to the Sidecar. properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object name: description: The name of the Sidecar to override. type: string required: - computeResources - name type: object type: array x-kubernetes-list-type: atomic stepSpecs: items: description: TaskRunStepSpec is used to override the values of a Step in the corresponding Task. properties: computeResources: description: The resource requirements to apply to the Step. properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object name: description: The name of the Step to override. type: string required: - computeResources - name type: object type: array x-kubernetes-list-type: atomic timeout: description: |- Duration after which the TaskRun times out. Overrides the timeout specified on the Task's spec if specified. Takes lower precedence to PipelineRun's `spec.timeouts.tasks` Refer Go's ParseDuration documentation for expected format: https://golang.org/pkg/time/#ParseDuration type: string type: object type: array timeouts: description: Timeouts defines the different Timeouts to use in the PipelineRun execution properties: finally: description: Finally sets the maximum allowed duration of this pipeline's finally type: string pipeline: description: Pipeline sets the maximum allowed duration for execution of the entire pipeline. The sum of individual timeouts for tasks and finally must not exceed this value. type: string tasks: description: Tasks sets the maximum allowed duration of this pipeline's tasks type: string type: object required: - pipelineRef type: object type: object x-kubernetes-validations: - message: exactly one of application or componentGroup must be specified rule: has(self.application) != has(self.componentGroup) status: description: ReleasePlanStatus defines the observed state of ReleasePlan. properties: conditions: description: Conditions represent the latest available observations for the releasePlan items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array releasePlanAdmission: description: |- ReleasePlanAdmission contains the information of the releasePlanAdmission this ReleasePlan is matched to properties: active: description: Active indicates whether the ReleasePlanAdmission is set to auto-release or not type: boolean name: description: Name contains the namespaced name of the releasePlanAdmission type: string type: object type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: release-service/serving-cert controller-gen.kubebuilder.io/version: v0.18.0 name: releases.appstudio.redhat.com spec: group: appstudio.redhat.com names: kind: Release listKind: ReleaseList plural: releases shortNames: - rel singular: release scope: Namespaced versions: - additionalPrinterColumns: - jsonPath: .spec.snapshot name: Snapshot type: string - jsonPath: .spec.releasePlan name: ReleasePlan type: string - jsonPath: .status.conditions[?(@.type=="Released")].reason name: Release status type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1alpha1 schema: openAPIV3Schema: description: Release is the Schema for the releases API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ReleaseSpec defines the desired state of Release. properties: data: description: Data is an unstructured key used for providing data for the managed Release Pipeline type: object x-kubernetes-preserve-unknown-fields: true gracePeriodDays: description: |- GracePeriodDays is the number of days a Release should be kept This value is used to define the Release ExpirationTime type: integer releasePlan: description: ReleasePlan to use for this particular Release pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string snapshot: description: Snapshot to be released pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - releasePlan - snapshot type: object status: description: ReleaseStatus defines the observed state of Release. properties: artifacts: description: Artifacts is an unstructured key used for storing all the artifacts generated by the managed Release Pipeline type: object x-kubernetes-preserve-unknown-fields: true attribution: description: Attribution contains information about the entity authorizing the release properties: author: description: Author is the username that the release is attributed to type: string standingAuthorization: description: StandingAuthorization indicates whether the release is attributed through a ReleasePlan type: boolean type: object automated: description: Automated indicates whether the Release was created as part of an automated process or manually by an end-user type: boolean collectors: description: Collectors is an unstructured key used for storing all the collectors results generated by the Collectors Pipeline type: object x-kubernetes-preserve-unknown-fields: true collectorsProcessing: description: CollectorsProcessing contains information about the release collectors processing properties: managedCollectorsProcessing: description: ManagedCollectorsProcessing contains information about the release managed collectors processing properties: completionTime: description: CompletionTime is the time when the Release processing was completed format: date-time type: string pipelineRun: description: PipelineRun contains the namespaced name of the managed Release PipelineRun executed as part of this release pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string roleBindings: description: |- RoleBindings defines the roleBindings for accessing resources during the Release PipelineRun executed as part of this release. properties: managedRoleBinding: description: ManagedRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the managed namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string secretRoleBinding: description: SecretRoleBinding contains the namespaced name of the roleBinding created for accessing secrets within the namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string tenantRoleBinding: description: TenantRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the tenant namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object startTime: description: StartTime is the time when the Release processing started format: date-time type: string type: object tenantCollectorsProcessing: description: TenantCollectorsProcessing contains information about the release tenant collectors processing properties: completionTime: description: CompletionTime is the time when the Release processing was completed format: date-time type: string pipelineRun: description: PipelineRun contains the namespaced name of the managed Release PipelineRun executed as part of this release pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string roleBindings: description: |- RoleBindings defines the roleBindings for accessing resources during the Release PipelineRun executed as part of this release. properties: managedRoleBinding: description: ManagedRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the managed namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string secretRoleBinding: description: SecretRoleBinding contains the namespaced name of the roleBinding created for accessing secrets within the namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string tenantRoleBinding: description: TenantRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the tenant namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object startTime: description: StartTime is the time when the Release processing started format: date-time type: string type: object type: object completionTime: description: CompletionTime is the time when a Release was completed format: date-time type: string conditions: description: Conditions represent the latest available observations for the release items: description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- message is a human readable message indicating details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: description: |- observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: description: |- reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: description: status of the condition, one of True, False, Unknown. enum: - "True" - "False" - Unknown type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string required: - lastTransitionTime - message - reason - status - type type: object type: array expirationTime: description: ExpirationTime is the time when a Release can be purged format: date-time type: string finalProcessing: description: FinalProcessing contains information about the release final processing properties: completionTime: description: CompletionTime is the time when the Release processing was completed format: date-time type: string pipelineRun: description: PipelineRun contains the namespaced name of the managed Release PipelineRun executed as part of this release pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string roleBindings: description: |- RoleBindings defines the roleBindings for accessing resources during the Release PipelineRun executed as part of this release. properties: managedRoleBinding: description: ManagedRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the managed namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string secretRoleBinding: description: SecretRoleBinding contains the namespaced name of the roleBinding created for accessing secrets within the namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string tenantRoleBinding: description: TenantRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the tenant namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object startTime: description: StartTime is the time when the Release processing started format: date-time type: string type: object managedPipelineAttempts: description: ManagedPipelineAttempts contains information about each attempt of the release managed pipeline processing items: description: ManagedPipelineAttempt defines the observed state of a managed pipeline processing attempt properties: completionTime: description: CompletionTime is the time when the managed pipeline attempt completed format: date-time type: string failureReason: description: FailureReason is the failure type when the PipelineRun fails type: string lastStep: description: LastStep is the name of the last step that executed or failed within the last task type: string lastTask: description: LastTask is the name of the last task that executed or failed type: string pipelineRun: description: PipelineRun contains the namespaced name of the managed Release PipelineRun executed as part of this attempt pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string roleBindings: description: RoleBindings defines the roleBindings for accessing resources during the managed pipeline attempt properties: managedRoleBinding: description: ManagedRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the managed namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string secretRoleBinding: description: SecretRoleBinding contains the namespaced name of the roleBinding created for accessing secrets within the namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string tenantRoleBinding: description: TenantRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the tenant namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object startTime: description: StartTime is the time when the managed pipeline attempt started format: date-time type: string status: description: Status is the outcome of the managed pipeline attempt type: string successfulTasks: description: SuccessfulTasks is the number of tasks that completed successfully type: integer type: object type: array managedProcessing: description: |- ManagedProcessing contains information about the release managed processing Deprecated: kept for backward compatibility, use ManagedPipelineAttempts instead properties: completionTime: description: CompletionTime is the time when the Release processing was completed format: date-time type: string pipelineRun: description: PipelineRun contains the namespaced name of the managed Release PipelineRun executed as part of this release pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string roleBindings: description: |- RoleBindings defines the roleBindings for accessing resources during the Release PipelineRun executed as part of this release. properties: managedRoleBinding: description: ManagedRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the managed namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string secretRoleBinding: description: SecretRoleBinding contains the namespaced name of the roleBinding created for accessing secrets within the namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string tenantRoleBinding: description: TenantRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the tenant namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object startTime: description: StartTime is the time when the Release processing started format: date-time type: string type: object startTime: description: StartTime is the time when a Release started format: date-time type: string target: description: Target references where this release is intended to be released to pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string tenantProcessing: description: TenantProcessing contains information about the release tenant processing properties: completionTime: description: CompletionTime is the time when the Release processing was completed format: date-time type: string pipelineRun: description: PipelineRun contains the namespaced name of the managed Release PipelineRun executed as part of this release pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string roleBindings: description: |- RoleBindings defines the roleBindings for accessing resources during the Release PipelineRun executed as part of this release. properties: managedRoleBinding: description: ManagedRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the managed namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string secretRoleBinding: description: SecretRoleBinding contains the namespaced name of the roleBinding created for accessing secrets within the namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string tenantRoleBinding: description: TenantRoleBinding contains the namespaced name of the roleBinding created for accessing resources within the tenant namespace. pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?\/[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object startTime: description: StartTime is the time when the Release processing started format: date-time type: string type: object validation: description: Validation contains information about the release validation properties: failedPostValidation: description: FailedPostValidation indicates whether the Release was marked as invalid after being initially marked as valid type: boolean time: description: Time is the time when the Release was validated or when the validation state changed format: date-time type: string type: object type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: release-service/serving-cert controller-gen.kubebuilder.io/version: v0.18.0 name: releaseserviceconfigs.appstudio.redhat.com spec: group: appstudio.redhat.com names: kind: ReleaseServiceConfig listKind: ReleaseServiceConfigList plural: releaseserviceconfigs shortNames: - rsc singular: releaseserviceconfig scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: ReleaseServiceConfig is the Schema for the releaseserviceconfigs API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ReleaseServiceConfigSpec defines the desired state of ReleaseServiceConfig. properties: EmptyDirOverrides: description: VolumeOverrides is a map containing the volume type for specific Pipeline git refs items: description: EmptyDirOverrides defines the values usually set in a PipelineRef using a git resolver. properties: pathInRepo: description: PathInRepo is the path within the git repository where the Pipeline definition can be found type: string revision: description: Revision is the git revision where the Pipeline definition can be found type: string url: description: Url is the url to the git repo type: string required: - pathInRepo - revision - url type: object type: array debug: description: |- Debug is the boolean that specifies whether or not the Release Service should run in debug mode type: boolean defaultTimeouts: description: |- DefaultTimeouts contain the default Tekton timeouts to be used in case they are not specified in the ReleasePlanAdmission resource. properties: finally: description: Finally sets the maximum allowed duration of this pipeline's finally type: string pipeline: description: Pipeline sets the maximum allowed duration for execution of the entire pipeline. The sum of individual timeouts for tasks and finally must not exceed this value. type: string tasks: description: Tasks sets the maximum allowed duration of this pipeline's tasks type: string type: object retryablePipelines: description: RetryablePipelines is a list of pipelines that are safe to automatically retry on failure. items: description: RetryablePipeline is a pipeline that is safe to automatically retry on failure. properties: pathInRepo: description: |- PathInRepo is the path within the git repository where the Pipeline definition can be found. type: string retryPolicy: description: RetryPolicy defines how and when the pipeline is retried after a failure. properties: disableOn: description: DisableOn defines conditions that disable automatic retries. properties: tags: description: |- Tags is a list of values which disable retries when present in the ReleasePlanAdmission mapping data. items: type: string type: array type: object maxRetries: description: MaxRetries is the maximum number of retries allowed for a pipeline. minimum: 0 type: integer mitigations: description: Mitigations defines adjustment strategies to apply on retry based on failure type properties: oomKill: description: OOMKill defines adjustment for out-of-memory failures properties: maxComputeResources: description: MaxComputeResources sets a upper limit on resources across retries. properties: claims: description: |- Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This field depends on the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. properties: name: description: |- Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container. type: string request: description: |- Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request. type: string required: - name type: object type: array x-kubernetes-list-map-keys: - name x-kubernetes-list-type: map limits: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object requests: additionalProperties: anyOf: - type: integer - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true description: |- Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object type: object multiplier: description: Multiplier is a factor used to multiply memory limits on each retry pattern: ^[0-9]+(\.[0-9]+)?$ type: string required: - multiplier type: object timeout: description: Timeout defines adjustment for timeout failures. properties: pipeline: description: Pipeline defines the timeout adjustment for PipelineRun timeouts. properties: increment: description: Increment is the duration to add to the timeout on each retry. type: string maxTimeout: description: MaxTimeout is the maximum time allowed across retries. type: string required: - increment type: object task: description: Task defines the timeout adjustment for TaskRun timeouts. properties: increment: description: Increment is the duration to add to the timeout on each retry. type: string maxTimeout: description: MaxTimeout is the maximum time allowed across retries. type: string required: - increment type: object type: object type: object required: - maxRetries type: object revision: description: Revision is the git revision where the Pipeline definition can be found. type: string url: description: Url is the url to the git repo. type: string required: - pathInRepo - retryPolicy - revision - url type: object type: array type: object status: description: ReleaseServiceConfigStatus defines the observed state of ReleaseServiceConfig. type: object type: object served: true storage: true subresources: status: {} --- apiVersion: v1 kind: ServiceAccount metadata: name: release-service-controller-manager namespace: release-service --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: release-service-leader-election-role namespace: release-service rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: release-pipeline-resource-role rules: - apiGroups: - appstudio.redhat.com resources: - releases - releaseplans - releaseplanadmissions - snapshots verbs: - get - list - watch - apiGroups: - appstudio.redhat.com resources: - internalrequests verbs: - create - delete - get - list - watch - apiGroups: - appstudio.redhat.com resources: - releases/status verbs: - get - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-view: "true" name: release-service-application-role rules: - apiGroups: - appstudio.redhat.com resources: - applications verbs: - get - list - watch - apiGroups: - appstudio.redhat.com resources: - applications/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-view: "true" name: release-service-component-role rules: - apiGroups: - appstudio.redhat.com resources: - components verbs: - get - list - watch - apiGroups: - appstudio.redhat.com resources: - components/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: release-service-environment-viewer-role rules: - apiGroups: - appstudio.redhat.com resources: - environments verbs: - get - list - watch - apiGroups: - appstudio.redhat.com resources: - environments/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: release-service-manager-role rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - apiGroups: - "" resources: - secrets verbs: - get - apiGroups: - appstudio.redhat.com resources: - applications/finalizers - releaseplans/finalizers - releases/finalizers verbs: - update - apiGroups: - appstudio.redhat.com resources: - enterprisecontractpolicies - releaseplanadmissions - releaseserviceconfigs verbs: - get - list - watch - apiGroups: - appstudio.redhat.com resources: - enterprisecontractpolicies/status verbs: - get - apiGroups: - appstudio.redhat.com resources: - internalrequests verbs: - create - delete - get - list - watch - apiGroups: - appstudio.redhat.com resources: - releaseplanadmissions/status - releaseplans/status - releases/status verbs: - get - patch - update - apiGroups: - appstudio.redhat.com resources: - releaseplans - releaseplansadmissions - releases verbs: - create - delete - get - list - patch - update - watch - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings - roles verbs: - create - delete - get - list - patch - update - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: release-service-metrics-auth-role rules: - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: release-service-release-editor-role rules: - apiGroups: - appstudio.redhat.com resources: - releases verbs: - create - delete - get - list - patch - update - watch - apiGroups: - appstudio.redhat.com resources: - releases/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-view: "true" name: release-service-release-viewer-role rules: - apiGroups: - appstudio.redhat.com resources: - releases verbs: - get - list - watch - apiGroups: - appstudio.redhat.com resources: - releases/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: release-service-releaseplan-editor-role rules: - apiGroups: - appstudio.redhat.com resources: - releaseplans verbs: - create - delete - get - list - patch - update - watch - apiGroups: - appstudio.redhat.com resources: - releaseplans/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-view: "true" name: release-service-releaseplan-viewer-role rules: - apiGroups: - appstudio.redhat.com resources: - releaseplans verbs: - get - list - watch - apiGroups: - appstudio.redhat.com resources: - releaseplans/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: release-service-releaseplanadmission-editor-role rules: - apiGroups: - appstudio.redhat.com resources: - releaseplanadmissions verbs: - create - delete - get - list - patch - update - watch - apiGroups: - appstudio.redhat.com resources: - releaseplanadmissions/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-view: "true" name: release-service-releaseplanadmission-viewer-role rules: - apiGroups: - appstudio.redhat.com resources: - releaseplanadmissions verbs: - get - list - watch - apiGroups: - appstudio.redhat.com resources: - releaseplanadmissions/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: release-service-snapshot-editor-role rules: - apiGroups: - appstudio.redhat.com resources: - snapshots verbs: - create - delete - get - list - patch - update - watch - apiGroups: - appstudio.redhat.com resources: - snapshots/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: release-service-snapshot-viewer-role rules: - apiGroups: - appstudio.redhat.com resources: - snapshots verbs: - get - list - watch - apiGroups: - appstudio.redhat.com resources: - snapshots/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: release-service-snapshotenvironmentbinding-editor-role rules: - apiGroups: - appstudio.redhat.com resources: - snapshotenvironmentbindings verbs: - create - delete - get - list - patch - update - watch - apiGroups: - appstudio.redhat.com resources: - snapshotenvironmentbindings/status verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: release-service-tekton-role rules: - apiGroups: - "" resources: - pods/log verbs: - get - apiGroups: - tekton.dev resources: - pipelineruns - taskruns verbs: - create - delete - deletecollection - get - list - patch - update - watch - apiGroups: - triggers.tekton.dev resources: - eventlisteners - triggers - triggertemplates verbs: - create - update - patch - delete - watch - list - apiGroups: - "" resources: - persistentvolumeclaims - persistentvolumeclaims/status verbs: - get - list - create - watch - apiGroups: - route.openshift.io resources: - routes verbs: - get - list - create - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: releaseserviceconfig-role rules: - apiGroups: - appstudio.redhat.com resources: - releaseserviceconfigs verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: release-service-leader-election-rolebinding namespace: release-service roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: release-service-leader-election-role subjects: - kind: ServiceAccount name: release-service-controller-manager namespace: release-service --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: releaseserviceconfigs-rolebinding namespace: release-service roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: releaseserviceconfig-role subjects: - apiGroup: rbac.authorization.k8s.io kind: Group name: system:serviceaccounts --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: release-service-application-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: release-service-application-role subjects: - kind: ServiceAccount name: release-service-controller-manager namespace: release-service --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: release-service-component-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: release-service-component-role subjects: - kind: ServiceAccount name: release-service-controller-manager namespace: release-service --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: release-service-environment-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: release-service-environment-viewer-role subjects: - kind: ServiceAccount name: release-service-controller-manager namespace: release-service --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: release-service-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: release-service-manager-role subjects: - kind: ServiceAccount name: release-service-controller-manager namespace: release-service --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: release-service-metrics-auth-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: release-service-metrics-auth-role subjects: - kind: ServiceAccount name: release-service-controller-manager namespace: release-service --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: release-service-release-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: release-service-release-viewer-role subjects: - kind: ServiceAccount name: release-service-controller-manager namespace: release-service --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: release-service-releaseplan-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: release-service-releaseplan-viewer-role subjects: - kind: ServiceAccount name: release-service-controller-manager namespace: release-service --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: release-service-releaseplanadmission-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: release-service-releaseplanadmission-viewer-role subjects: - kind: ServiceAccount name: release-service-controller-manager namespace: release-service --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: release-service-snapshot-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: release-service-snapshot-editor-role subjects: - kind: ServiceAccount name: release-service-controller-manager namespace: release-service --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: release-service-snapshotenvironmentbinding-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: release-service-snapshotenvironmentbinding-editor-role subjects: - kind: ServiceAccount name: release-service-controller-manager namespace: release-service --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: release-service-tekton-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: release-service-tekton-role subjects: - kind: ServiceAccount name: release-service-controller-manager namespace: release-service --- apiVersion: v1 data: controller_manager_config.yaml: | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 kind: ControllerManagerConfig health: healthProbeBindAddress: :8081 metrics: bindAddress: 127.0.0.1:8080 webhook: port: 9443 leaderElection: leaderElect: true resourceName: f3d4c01a.redhat.com kind: ConfigMap metadata: name: release-service-manager-config namespace: release-service --- apiVersion: v1 data: DEFAULT_RELEASE_PVC: "" DEFAULT_RELEASE_WORKSPACE_NAME: "" DEFAULT_RELEASE_WORKSPACE_SIZE: "" kind: ConfigMap metadata: name: release-service-manager-properties namespace: release-service --- apiVersion: v1 kind: Service metadata: labels: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: test control-plane: controller-manager name: release-service-controller-manager-metrics-service namespace: release-service spec: ports: - name: http port: 8080 protocol: TCP targetPort: 8080 selector: control-plane: controller-manager --- apiVersion: v1 kind: Service metadata: name: release-service-webhook-service namespace: release-service spec: ports: - port: 443 protocol: TCP targetPort: 9443 selector: control-plane: controller-manager --- apiVersion: apps/v1 kind: Deployment metadata: annotations: ignore-check.kube-linter.io/liveness-port: Keeping upstream configs ignore-check.kube-linter.io/readiness-port: Keeping upstream configs labels: control-plane: controller-manager name: release-service-controller-manager namespace: release-service spec: progressDeadlineSeconds: 2147483647 replicas: 1 selector: matchLabels: control-plane: controller-manager template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: control-plane: controller-manager spec: containers: - args: - --metrics-bind-address=:8080 - --leader-elect=false command: - /manager env: - name: DEFAULT_RELEASE_PVC valueFrom: configMapKeyRef: key: DEFAULT_RELEASE_PVC name: release-service-manager-properties optional: true - name: DEFAULT_RELEASE_WORKSPACE_NAME valueFrom: configMapKeyRef: key: DEFAULT_RELEASE_WORKSPACE_NAME name: release-service-manager-properties optional: true - name: DEFAULT_RELEASE_WORKSPACE_SIZE valueFrom: configMapKeyRef: key: DEFAULT_RELEASE_WORKSPACE_SIZE name: release-service-manager-properties optional: true - name: MAX_CONCURRENT_RECONCILES value: "10" - name: SERVICE_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: quay.io/konflux-ci/release-service:c4c00b7ccb406f9618d3b21cfb00d0949edc0abd livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: manager ports: - containerPort: 9443 name: webhook-server protocol: TCP readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true securityContext: runAsNonRoot: true serviceAccountName: release-service-controller-manager terminationGracePeriodSeconds: 10 volumes: - name: cert secret: defaultMode: 420 secretName: webhook-server-cert --- apiVersion: appstudio.redhat.com/v1alpha1 kind: ReleaseServiceConfig metadata: name: release-service-config namespace: release-service spec: debug: false --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: labels: app.kubernetes.io/component: certificate app.kubernetes.io/instance: serving-cert app.kubernetes.io/name: certificate name: serving-cert namespace: release-service spec: dnsNames: - release-service-webhook-service.release-service.svc - release-service-webhook-service.release-service.svc.cluster.local issuerRef: kind: Issuer name: selfsigned-issuer secretName: webhook-server-cert --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: labels: app.kubernetes.io/component: certificate app.kubernetes.io/instance: serving-cert app.kubernetes.io/name: certificate name: selfsigned-issuer namespace: release-service spec: selfSigned: {} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: release-service/serving-cert name: release-service-mutating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: release-service-webhook-service namespace: release-service path: /mutate-appstudio-redhat-com-v1alpha1-author failurePolicy: Fail name: mauthor.kb.io rules: - apiGroups: - appstudio.redhat.com apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - releases - releaseplans sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: release-service-webhook-service namespace: release-service path: /mutate-appstudio-redhat-com-v1alpha1-release failurePolicy: Fail name: mrelease.kb.io rules: - apiGroups: - appstudio.redhat.com apiVersions: - v1alpha1 operations: - CREATE resources: - releases sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: release-service-webhook-service namespace: release-service path: /mutate-appstudio-redhat-com-v1alpha1-releaseplan failurePolicy: Fail name: mreleaseplan.kb.io rules: - apiGroups: - appstudio.redhat.com apiVersions: - v1alpha1 operations: - CREATE resources: - releaseplans sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: release-service-webhook-service namespace: release-service path: /mutate-appstudio-redhat-com-v1alpha1-releaseplanadmission failurePolicy: Fail name: mreleaseplanadmission.kb.io rules: - apiGroups: - appstudio.redhat.com apiVersions: - v1alpha1 operations: - CREATE resources: - releaseplanadmissions sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: release-service/serving-cert name: release-service-validating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: release-service-webhook-service namespace: release-service path: /validate-appstudio-redhat-com-v1alpha1-release failurePolicy: Fail name: vrelease.kb.io rules: - apiGroups: - appstudio.redhat.com apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - releases sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: release-service-webhook-service namespace: release-service path: /validate-appstudio-redhat-com-v1alpha1-releaseplan failurePolicy: Fail name: vreleaseplan.kb.io rules: - apiGroups: - appstudio.redhat.com apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - releaseplans sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: release-service-webhook-service namespace: release-service path: /validate-appstudio-redhat-com-v1alpha1-releaseplanadmission failurePolicy: Fail name: vreleaseplanadmission.kb.io rules: - apiGroups: - appstudio.redhat.com apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - releaseplanadmissions sideEffects: None