diff --git a/config/300-crds/300-pipelinerun.yaml b/config/300-crds/300-pipelinerun.yaml index 29df069109a..afeb527672b 100644 --- a/config/300-crds/300-pipelinerun.yaml +++ b/config/300-crds/300-pipelinerun.yaml @@ -25,68 +25,5240 @@ spec: group: tekton.dev preserveUnknownFields: false versions: - - name: v1beta1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime - - name: CompletionTime - type: date - jsonPath: .status.completionTime - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime - - name: CompletionTime - type: date - jsonPath: .status.completionTime - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} + - name: v1beta1 + served: true + storage: false + schema: + openAPIV3Schema: + description: |- + PipelineRun represents a single execution of a Pipeline. PipelineRuns are how + the graph of Tasks declared in a Pipeline are executed; they specify inputs + to Pipelines such as parameter values and capture operational aspects of the + Tasks execution such as service account and tolerations. Creating a + PipelineRun creates TaskRuns for Tasks in the referenced Pipeline. + + Deprecated: Please use v1.PipelineRun instead. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PipelineRunSpec defines the desired state of PipelineRun + type: object + properties: + params: + description: Params is a list of parameter names and values. + type: array + items: + description: Param declares an ParamValues to use for the parameter called name. + type: object + required: + - name + - value + properties: + name: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + pipelineRef: + description: PipelineRef can be used to refer to a specific instance of a Pipeline. + type: object + properties: + apiVersion: + description: API version of the referent + type: string + bundle: + description: |- + Bundle url reference to a Tekton Bundle. + + Deprecated: Please use ResolverRef with the bundles resolver instead. + The field is staying there for go client backward compatibility, but is not used/allowed anymore. + type: string + name: + description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + params: + description: |- + Params contains the parameters used to identify the + referenced Tekton resource. Example entries might include + "repo" or "path" but the set of params ultimately depends on + the chosen resolver. + type: array + items: + description: Param declares an ParamValues to use for the parameter called name. + type: object + required: + - name + - value + properties: + name: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + resolver: + description: |- + Resolver is the name of the resolver that should perform + resolution of the referenced Tekton resource, such as "git". + type: string + pipelineSpec: + description: |- + Specifying PipelineSpec can be disabled by setting + `disable-inline-spec` feature flag. + See Pipeline.spec (API version: tekton.dev/v1beta1) + x-kubernetes-preserve-unknown-fields: true + podTemplate: + description: PodTemplate holds pod specific configuration + type: object + properties: + affinity: + description: |- + If specified, the pod's scheduling constraints. + See Pod.spec.affinity (API version: v1) + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: |- + AutomountServiceAccountToken indicates whether pods running as this + service account should have an API token automatically mounted. + type: boolean + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + type: object + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + type: array + items: + type: string + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + type: array + items: + description: PodDNSConfigOption defines DNS resolver options of a pod. + type: object + properties: + name: + description: |- + Name is this DNS resolver option's name. + Required. + type: string + value: + description: Value is this DNS resolver option's value. + type: string + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + type: array + items: + type: string + x-kubernetes-list-type: atomic + dnsPolicy: + description: |- + Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are + 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig + will be merged with the policy selected with DNSPolicy. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + env: + description: List of environment variables that can be provided to the containers belonging to the pod. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + type: array + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + type: object + required: + - ip + properties: + hostnames: + description: Hostnames for the above IP address. + type: array + items: + type: string + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + x-kubernetes-list-type: atomic + hostNetwork: + description: HostNetwork specifies whether the pod may use the node network namespace + type: boolean + imagePullSecrets: + description: ImagePullSecrets gives the name of the secret used by the pod to pull the image if specified + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + nodeSelector: + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + additionalProperties: + type: string + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io + group, which should be used to run this pod. If no RuntimeClass resource + matches the named class, the pod will not be run. If unset or empty, the + "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is a beta feature as of Kubernetes v1.14. + type: string + schedulerName: + description: SchedulerName specifies the scheduler to be used to dispatch the Pod + type: string + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + See Pod.spec.securityContext (API version: v1) + x-kubernetes-preserve-unknown-fields: true + tolerations: + description: If specified, the pod's tolerations. + type: array + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + type: object + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + TopologySpreadConstraints controls how Pods are spread across your cluster among + failure-domains such as regions, zones, nodes, and other user-defined topology domains. + type: array + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + type: object + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + matchLabels: + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + type: array + items: + type: string + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + type: integer + format: int32 + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + type: integer + format: int32 + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + x-kubernetes-list-type: atomic + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + See Pod.spec.volumes (API version: v1) + x-kubernetes-preserve-unknown-fields: true + resources: + description: |- + Resources is a list of bindings specifying which actual instances of + PipelineResources to use for the resources the Pipeline has declared + it needs. + + Deprecated: Unused, preserved only for backwards compatibility + type: array + items: + description: |- + PipelineResourceBinding connects a reference to an instance of a PipelineResource + with a PipelineResource dependency that the Pipeline has declared + + Deprecated: Unused, preserved only for backwards compatibility + type: object + properties: + name: + description: Name is the name of the PipelineResource in the Pipeline's declaration + type: string + resourceRef: + description: |- + ResourceRef is a reference to the instance of the actual PipelineResource + that should be used + type: object + properties: + apiVersion: + description: API version of the referent + type: string + name: + description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + resourceSpec: + description: |- + ResourceSpec is specification of a resource that should be created and + consumed by the task + type: object + required: + - params + - type + properties: + description: + description: |- + Description is a user-facing description of the resource that may be + used to populate a UI. + type: string + params: + type: array + items: + description: |- + ResourceParam declares a string value to use for the parameter called Name, and is used in + the specific context of PipelineResources. + + Deprecated: Unused, preserved only for backwards compatibility + type: object + required: + - name + - value + properties: + name: + type: string + value: + type: string + x-kubernetes-list-type: atomic + secrets: + description: Secrets to fetch to populate some of resource fields + type: array + items: + description: |- + SecretParam indicates which secret can be used to populate a field of the resource + + Deprecated: Unused, preserved only for backwards compatibility + type: object + required: + - fieldName + - secretKey + - secretName + properties: + fieldName: + type: string + secretKey: + type: string + secretName: + type: string + x-kubernetes-list-type: atomic + type: + description: |- + PipelineResourceType represents the type of endpoint the pipelineResource is, so that the + controller will know this pipelineResource shouldx be fetched and optionally what + additional metatdata should be provided for it. + + Deprecated: Unused, preserved only for backwards compatibility + type: string + x-kubernetes-list-type: atomic + serviceAccountName: + type: string + status: + description: Used for cancelling a pipelinerun (and maybe more later on) + type: string + taskRunSpecs: + description: TaskRunSpecs holds a set of runtime specs + type: array + items: + description: |- + PipelineTaskRunSpec can be used to configure specific + specs for a concrete Task + type: object + properties: + computeResources: + description: Compute resources to use for this TaskRun + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + metadata: + description: PipelineTaskMetadata contains the labels or annotations for an EmbeddedTask + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + labels: + type: object + additionalProperties: + type: string + pipelineTaskName: + type: string + sidecarOverrides: + type: array + items: + description: TaskRunSidecarOverride is used to override the values of a Sidecar in the corresponding Task. + type: object + required: + - name + - resources + properties: + name: + description: The name of the Sidecar to override. + type: string + resources: + description: The resource requirements to apply to the Sidecar. + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + x-kubernetes-list-type: atomic + stepOverrides: + type: array + items: + description: TaskRunStepOverride is used to override the values of a Step in the corresponding Task. + type: object + required: + - name + - resources + properties: + name: + description: The name of the Step to override. + type: string + resources: + description: The resource requirements to apply to the Step. + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + x-kubernetes-list-type: atomic + taskPodTemplate: + description: PodTemplate holds pod specific configuration + type: object + properties: + affinity: + description: |- + If specified, the pod's scheduling constraints. + See Pod.spec.affinity (API version: v1) + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: |- + AutomountServiceAccountToken indicates whether pods running as this + service account should have an API token automatically mounted. + type: boolean + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + type: object + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + type: array + items: + type: string + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + type: array + items: + description: PodDNSConfigOption defines DNS resolver options of a pod. + type: object + properties: + name: + description: |- + Name is this DNS resolver option's name. + Required. + type: string + value: + description: Value is this DNS resolver option's value. + type: string + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + type: array + items: + type: string + x-kubernetes-list-type: atomic + dnsPolicy: + description: |- + Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are + 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig + will be merged with the policy selected with DNSPolicy. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + env: + description: List of environment variables that can be provided to the containers belonging to the pod. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + type: array + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + type: object + required: + - ip + properties: + hostnames: + description: Hostnames for the above IP address. + type: array + items: + type: string + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + x-kubernetes-list-type: atomic + hostNetwork: + description: HostNetwork specifies whether the pod may use the node network namespace + type: boolean + imagePullSecrets: + description: ImagePullSecrets gives the name of the secret used by the pod to pull the image if specified + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + nodeSelector: + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + additionalProperties: + type: string + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io + group, which should be used to run this pod. If no RuntimeClass resource + matches the named class, the pod will not be run. If unset or empty, the + "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is a beta feature as of Kubernetes v1.14. + type: string + schedulerName: + description: SchedulerName specifies the scheduler to be used to dispatch the Pod + type: string + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + See Pod.spec.securityContext (API version: v1) + x-kubernetes-preserve-unknown-fields: true + tolerations: + description: If specified, the pod's tolerations. + type: array + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + type: object + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + TopologySpreadConstraints controls how Pods are spread across your cluster among + failure-domains such as regions, zones, nodes, and other user-defined topology domains. + type: array + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + type: object + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + matchLabels: + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + type: array + items: + type: string + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + type: integer + format: int32 + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + type: integer + format: int32 + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + x-kubernetes-list-type: atomic + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + See Pod.spec.volumes (API version: v1) + x-kubernetes-preserve-unknown-fields: true + taskServiceAccountName: + type: string + x-kubernetes-list-type: atomic + timeout: + description: |- + Timeout is the Time after which the Pipeline times out. + Defaults to never. + Refer to Go's ParseDuration documentation for expected format: https://golang.org/pkg/time/#ParseDuration + + Deprecated: use pipelineRunSpec.Timeouts.Pipeline instead + type: string + timeouts: + description: |- + Time after which the Pipeline times out. + Currently three keys are accepted in the map + pipeline, tasks and finally + with Timeouts.pipeline >= Timeouts.tasks + Timeouts.finally + type: object + properties: + finally: + description: Finally sets the maximum allowed duration of this pipeline's finally + type: string + pipeline: + description: Pipeline sets the maximum allowed duration for execution of the entire pipeline. The sum of individual timeouts for tasks and finally must not exceed this value. + type: string + tasks: + description: Tasks sets the maximum allowed duration of this pipeline's tasks + type: string + workspaces: + description: |- + Workspaces holds a set of workspace bindings that must match names + with those declared in the pipeline. + type: array + items: + description: WorkspaceBinding maps a Task's declared workspace to a Volume. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this workspace. + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. + type: object + required: + - driver + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + additionalProperties: + type: string + emptyDir: + description: |- + EmptyDir represents a temporary directory that shares a Task's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + Either this OR PersistentVolumeClaim can be used. + type: object + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + description: Name is the name of the workspace populated by the volume. + type: string + persistentVolumeClaim: + description: |- + PersistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. Either this OR EmptyDir can be used. + type: object + required: + - claimName + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + projected: + description: Projected represents a projected volume that should populate this workspace. + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + type: object + required: + - path + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + matchLabels: + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: Secret represents a secret that should populate this workspace. + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + subPath: + description: |- + SubPath is optionally a directory on the volume which should be used + for this binding (i.e. the volume will be mounted at this sub directory). + type: string + volumeClaimTemplate: + description: |- + VolumeClaimTemplate is a template for a claim that will be created in the same namespace. + The PipelineRun controller is responsible for creating a unique claim for each instance of PipelineRun. + See PersistentVolumeClaim (API version: v1) + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + status: + description: PipelineRunStatus defines the observed state of PipelineRun + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + childReferences: + description: list of TaskRun and Run names, PipelineTask names, and API versions/kinds for children of this PipelineRun. + type: array + items: + description: ChildStatusReference is used to point to the statuses of individual TaskRuns and Runs within this PipelineRun. + type: object + properties: + apiVersion: + type: string + displayName: + description: |- + DisplayName is a user-facing name of the pipelineTask that may be + used to populate a UI. + type: string + kind: + type: string + name: + description: Name is the name of the TaskRun or Run this is referencing. + type: string + pipelineTaskName: + description: PipelineTaskName is the name of the PipelineTask this is referencing. + type: string + whenExpressions: + description: WhenExpressions is the list of checks guarding the execution of the PipelineTask + type: array + items: + description: |- + WhenExpression allows a PipelineTask to declare expressions to be evaluated before the Task is run + to determine whether the Task should be executed or skipped + type: object + properties: + cel: + description: |- + CEL is a string of Common Language Expression, which can be used to conditionally execute + the task based on the result of the expression evaluation + More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md + type: string + input: + description: Input is the string for guard checking which can be a static input or an output from a parent Task + type: string + operator: + description: Operator that represents an Input's relationship to the values + type: string + values: + description: |- + Values is an array of strings, which is compared against the input, for guard checking + It must be non-empty + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + completionTime: + description: CompletionTime is the time the PipelineRun completed. + type: string + format: date-time + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + finallyStartTime: + description: FinallyStartTime is when all non-finally tasks have been completed and only finally tasks are being executed. + type: string + format: date-time + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + pipelineResults: + description: PipelineResults are the list of results written out by the pipeline task's containers + type: array + items: + description: PipelineRunResult used to describe the results of a pipeline + type: object + required: + - name + - value + properties: + name: + description: Name is the result's name as declared by the Pipeline + type: string + value: + description: Value is the result returned from the execution of this PipelineRun + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + pipelineSpec: + description: |- + PipelineSpec contains the exact spec used to instantiate the run. + See Pipeline.spec (API version: tekton.dev/v1beta1) + x-kubernetes-preserve-unknown-fields: true + provenance: + description: Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). + type: object + properties: + configSource: + description: 'Deprecated: Use RefSource instead' + type: object + properties: + digest: + description: |- + Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + type: object + additionalProperties: + type: string + entryPoint: + description: |- + EntryPoint identifies the entry point into the build. This is often a path to a + build definition file and/or a target label within that file. + Example: "task/git-clone/0.10/git-clone.yaml" + type: string + uri: + description: |- + URI indicates the identity of the source of the build definition. + Example: "https://github.com/tektoncd/catalog" + type: string + featureFlags: + description: FeatureFlags identifies the feature flags that were used during the task/pipeline run + type: object + properties: + awaitSidecarReadiness: + type: boolean + coschedule: + type: string + disableCredsInit: + type: boolean + disableInlineSpec: + type: string + enableAPIFields: + type: string + enableArtifacts: + type: boolean + enableCELInWhenExpression: + type: boolean + enableConciseResolverSyntax: + type: boolean + enableKeepPodOnCancel: + type: boolean + enableKubernetesSidecar: + type: boolean + enableParamEnum: + type: boolean + enableProvenanceInStatus: + type: boolean + enableStepActions: + description: EnableStepActions is a no-op flag since StepActions are stable + type: boolean + enforceNonfalsifiability: + type: string + maxResultSize: + type: integer + requireGitSSHSecretKnownHosts: + type: boolean + resultExtractionMethod: + type: string + runningInEnvWithInjectedSidecars: + type: boolean + sendCloudEventsForRuns: + type: boolean + setSecurityContext: + type: boolean + setSecurityContextReadOnlyRootFilesystem: + type: boolean + verificationNoMatchPolicy: + description: |- + VerificationNoMatchPolicy is the feature flag for "trusted-resources-verification-no-match-policy" + VerificationNoMatchPolicy can be set to "ignore", "warn" and "fail" values. + ignore: skip trusted resources verification when no matching verification policies found + warn: skip trusted resources verification when no matching verification policies found and log a warning + fail: fail the taskrun or pipelines run if no matching verification policies found + type: string + refSource: + description: RefSource identifies the source where a remote task/pipeline came from. + type: object + properties: + digest: + description: |- + Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + type: object + additionalProperties: + type: string + entryPoint: + description: |- + EntryPoint identifies the entry point into the build. This is often a path to a + build definition file and/or a target label within that file. + Example: "task/git-clone/0.10/git-clone.yaml" + type: string + uri: + description: |- + URI indicates the identity of the source of the build definition. + Example: "https://github.com/tektoncd/catalog" + type: string + runs: + description: |- + Runs is a map of PipelineRunRunStatus with the run name as the key + + Deprecated: use ChildReferences instead. As of v0.45.0, this field is no + longer populated and is only included for backwards compatibility with + older server versions. + type: object + additionalProperties: + description: PipelineRunRunStatus contains the name of the PipelineTask for this CustomRun or Run and the CustomRun or Run's Status + type: object + properties: + pipelineTaskName: + description: PipelineTaskName is the name of the PipelineTask. + type: string + status: + description: Status is the CustomRunStatus for the corresponding CustomRun or Run + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + completionTime: + description: CompletionTime is the time the build completed. + type: string + format: date-time + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + extraFields: + description: |- + ExtraFields holds arbitrary fields provided by the custom task + controller. + x-kubernetes-preserve-unknown-fields: true + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + results: + description: |- + Results reports any output result values to be consumed by later + tasks in a pipeline. + type: array + items: + description: CustomRunResult used to describe the results of a task + type: object + required: + - name + - value + properties: + name: + description: Name the given name + type: string + value: + description: Value the given value of the result + type: string + retriesStatus: + description: |- + RetriesStatus contains the history of CustomRunStatus, in case of a retry. + See CustomRun.status (API version: tekton.dev/v1beta1) + x-kubernetes-preserve-unknown-fields: true + startTime: + description: StartTime is the time the build is actually started. + type: string + format: date-time + whenExpressions: + description: WhenExpressions is the list of checks guarding the execution of the PipelineTask + type: array + items: + description: |- + WhenExpression allows a PipelineTask to declare expressions to be evaluated before the Task is run + to determine whether the Task should be executed or skipped + type: object + properties: + cel: + description: |- + CEL is a string of Common Language Expression, which can be used to conditionally execute + the task based on the result of the expression evaluation + More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md + type: string + input: + description: Input is the string for guard checking which can be a static input or an output from a parent Task + type: string + operator: + description: Operator that represents an Input's relationship to the values + type: string + values: + description: |- + Values is an array of strings, which is compared against the input, for guard checking + It must be non-empty + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + skippedTasks: + description: list of tasks that were skipped due to when expressions evaluating to false + type: array + items: + description: |- + SkippedTask is used to describe the Tasks that were skipped due to their When Expressions + evaluating to False. This is a struct because we are looking into including more details + about the When Expressions that caused this Task to be skipped. + type: object + required: + - name + - reason + properties: + name: + description: Name is the Pipeline Task name + type: string + reason: + description: Reason is the cause of the PipelineTask being skipped. + type: string + whenExpressions: + description: WhenExpressions is the list of checks guarding the execution of the PipelineTask + type: array + items: + description: |- + WhenExpression allows a PipelineTask to declare expressions to be evaluated before the Task is run + to determine whether the Task should be executed or skipped + type: object + properties: + cel: + description: |- + CEL is a string of Common Language Expression, which can be used to conditionally execute + the task based on the result of the expression evaluation + More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md + type: string + input: + description: Input is the string for guard checking which can be a static input or an output from a parent Task + type: string + operator: + description: Operator that represents an Input's relationship to the values + type: string + values: + description: |- + Values is an array of strings, which is compared against the input, for guard checking + It must be non-empty + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + spanContext: + description: SpanContext contains tracing span context fields + type: object + additionalProperties: + type: string + startTime: + description: StartTime is the time the PipelineRun is actually started. + type: string + format: date-time + taskRuns: + description: |- + TaskRuns is a map of PipelineRunTaskRunStatus with the taskRun name as the key. + + Deprecated: use ChildReferences instead. As of v0.45.0, this field is no + longer populated and is only included for backwards compatibility with + older server versions. + type: object + additionalProperties: + description: PipelineRunTaskRunStatus contains the name of the PipelineTask for this TaskRun and the TaskRun's Status + type: object + properties: + pipelineTaskName: + description: PipelineTaskName is the name of the PipelineTask. + type: string + status: + description: Status is the TaskRunStatus for the corresponding TaskRun + type: object + required: + - podName + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + cloudEvents: + description: |- + CloudEvents describe the state of each cloud event requested via a + CloudEventResource. + + Deprecated: Removed in v0.44.0. + type: array + items: + description: |- + CloudEventDelivery is the target of a cloud event along with the state of + delivery. + type: object + properties: + status: + description: CloudEventDeliveryState reports the state of a cloud event to be sent. + type: object + required: + - message + - retryCount + properties: + condition: + description: Current status + type: string + message: + description: Error is the text of error (if any) + type: string + retryCount: + description: RetryCount is the number of attempts of sending the cloud event + type: integer + format: int32 + sentAt: + description: SentAt is the time at which the last attempt to send the event was made + type: string + format: date-time + target: + description: Target points to an addressable + type: string + x-kubernetes-list-type: atomic + completionTime: + description: CompletionTime is the time the build completed. + type: string + format: date-time + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + podName: + description: PodName is the name of the pod responsible for executing this task's steps. + type: string + provenance: + description: Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). + type: object + properties: + configSource: + description: 'Deprecated: Use RefSource instead' + type: object + properties: + digest: + description: |- + Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + type: object + additionalProperties: + type: string + entryPoint: + description: |- + EntryPoint identifies the entry point into the build. This is often a path to a + build definition file and/or a target label within that file. + Example: "task/git-clone/0.10/git-clone.yaml" + type: string + uri: + description: |- + URI indicates the identity of the source of the build definition. + Example: "https://github.com/tektoncd/catalog" + type: string + featureFlags: + description: FeatureFlags identifies the feature flags that were used during the task/pipeline run + type: object + properties: + awaitSidecarReadiness: + type: boolean + coschedule: + type: string + disableCredsInit: + type: boolean + disableInlineSpec: + type: string + enableAPIFields: + type: string + enableArtifacts: + type: boolean + enableCELInWhenExpression: + type: boolean + enableConciseResolverSyntax: + type: boolean + enableKeepPodOnCancel: + type: boolean + enableKubernetesSidecar: + type: boolean + enableParamEnum: + type: boolean + enableProvenanceInStatus: + type: boolean + enableStepActions: + description: EnableStepActions is a no-op flag since StepActions are stable + type: boolean + enforceNonfalsifiability: + type: string + maxResultSize: + type: integer + requireGitSSHSecretKnownHosts: + type: boolean + resultExtractionMethod: + type: string + runningInEnvWithInjectedSidecars: + type: boolean + sendCloudEventsForRuns: + type: boolean + setSecurityContext: + type: boolean + setSecurityContextReadOnlyRootFilesystem: + type: boolean + verificationNoMatchPolicy: + description: |- + VerificationNoMatchPolicy is the feature flag for "trusted-resources-verification-no-match-policy" + VerificationNoMatchPolicy can be set to "ignore", "warn" and "fail" values. + ignore: skip trusted resources verification when no matching verification policies found + warn: skip trusted resources verification when no matching verification policies found and log a warning + fail: fail the taskrun or pipelines run if no matching verification policies found + type: string + refSource: + description: RefSource identifies the source where a remote task/pipeline came from. + type: object + properties: + digest: + description: |- + Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + type: object + additionalProperties: + type: string + entryPoint: + description: |- + EntryPoint identifies the entry point into the build. This is often a path to a + build definition file and/or a target label within that file. + Example: "task/git-clone/0.10/git-clone.yaml" + type: string + uri: + description: |- + URI indicates the identity of the source of the build definition. + Example: "https://github.com/tektoncd/catalog" + type: string + resourcesResult: + description: |- + Results from Resources built during the TaskRun. + This is tomb-stoned along with the removal of pipelineResources + Deprecated: this field is not populated and is preserved only for backwards compatibility + type: array + items: + description: |- + RunResult is used to write key/value pairs to TaskRun pod termination messages. + The key/value pairs may come from the entrypoint binary, or represent a TaskRunResult. + If they represent a TaskRunResult, the key is the name of the result and the value is the + JSON-serialized value of the result. + type: object + required: + - key + - value + properties: + key: + type: string + resourceName: + description: |- + ResourceName may be used in tests, but it is not populated in termination messages. + It is preserved here for backwards compatibility and will not be ported to v1. + type: string + type: + description: |- + ResultType used to find out whether a RunResult is from a task result or not + Note that ResultsType is another type which is used to define the data type + (e.g. string, array, etc) we used for Results + type: integer + value: + type: string + x-kubernetes-list-type: atomic + retriesStatus: + description: |- + RetriesStatus contains the history of TaskRunStatus in case of a retry in order to keep record of failures. + All TaskRunStatus stored in RetriesStatus will have no date within the RetriesStatus as is redundant. + See TaskRun.status (API version: tekton.dev/v1beta1) + x-kubernetes-preserve-unknown-fields: true + sidecars: + description: |- + The list has one entry per sidecar in the manifest. Each entry is + represents the imageid of the corresponding sidecar. + type: array + items: + description: SidecarState reports the results of running a sidecar in a Task. + type: object + properties: + container: + type: string + imageID: + type: string + name: + type: string + running: + description: Details about a running container + type: object + properties: + startedAt: + description: Time at which the container was last (re-)started + type: string + format: date-time + terminated: + description: Details about a terminated container + type: object + required: + - exitCode + properties: + containerID: + description: Container's ID in the format '://' + type: string + exitCode: + description: Exit status from the last termination of the container + type: integer + format: int32 + finishedAt: + description: Time at which the container last terminated + type: string + format: date-time + message: + description: Message regarding the last termination of the container + type: string + reason: + description: (brief) reason from the last termination of the container + type: string + signal: + description: Signal from the last termination of the container + type: integer + format: int32 + startedAt: + description: Time at which previous execution of the container started + type: string + format: date-time + waiting: + description: Details about a waiting container + type: object + properties: + message: + description: Message regarding why the container is not yet running. + type: string + reason: + description: (brief) reason the container is not yet running. + type: string + x-kubernetes-list-type: atomic + spanContext: + description: SpanContext contains tracing span context fields + type: object + additionalProperties: + type: string + startTime: + description: StartTime is the time the build is actually started. + type: string + format: date-time + steps: + description: Steps describes the state of each build step container. + type: array + items: + description: StepState reports the results of running a step in a Task. + type: object + properties: + container: + type: string + imageID: + type: string + inputs: + type: array + items: + description: |- + Artifact represents an artifact within a system, potentially containing multiple values + associated with it. + type: object + properties: + buildOutput: + description: Indicate if the artifact is a build output or a by-product + type: boolean + name: + description: The artifact's identifying category name + type: string + values: + description: A collection of values related to the artifact + type: array + items: + description: ArtifactValue represents a specific value or data element within an Artifact. + type: object + properties: + digest: + type: object + additionalProperties: + type: string + uri: + type: string + name: + type: string + outputs: + type: array + items: + description: |- + Artifact represents an artifact within a system, potentially containing multiple values + associated with it. + type: object + properties: + buildOutput: + description: Indicate if the artifact is a build output or a by-product + type: boolean + name: + description: The artifact's identifying category name + type: string + values: + description: A collection of values related to the artifact + type: array + items: + description: ArtifactValue represents a specific value or data element within an Artifact. + type: object + properties: + digest: + type: object + additionalProperties: + type: string + uri: + type: string + provenance: + description: |- + Provenance contains metadata about resources used in the TaskRun/PipelineRun + such as the source from where a remote build definition was fetched. + This field aims to carry minimum amoumt of metadata in *Run status so that + Tekton Chains can capture them in the provenance. + type: object + properties: + configSource: + description: 'Deprecated: Use RefSource instead' + type: object + properties: + digest: + description: |- + Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + type: object + additionalProperties: + type: string + entryPoint: + description: |- + EntryPoint identifies the entry point into the build. This is often a path to a + build definition file and/or a target label within that file. + Example: "task/git-clone/0.10/git-clone.yaml" + type: string + uri: + description: |- + URI indicates the identity of the source of the build definition. + Example: "https://github.com/tektoncd/catalog" + type: string + featureFlags: + description: FeatureFlags identifies the feature flags that were used during the task/pipeline run + type: object + properties: + awaitSidecarReadiness: + type: boolean + coschedule: + type: string + disableCredsInit: + type: boolean + disableInlineSpec: + type: string + enableAPIFields: + type: string + enableArtifacts: + type: boolean + enableCELInWhenExpression: + type: boolean + enableConciseResolverSyntax: + type: boolean + enableKeepPodOnCancel: + type: boolean + enableKubernetesSidecar: + type: boolean + enableParamEnum: + type: boolean + enableProvenanceInStatus: + type: boolean + enableStepActions: + description: EnableStepActions is a no-op flag since StepActions are stable + type: boolean + enforceNonfalsifiability: + type: string + maxResultSize: + type: integer + requireGitSSHSecretKnownHosts: + type: boolean + resultExtractionMethod: + type: string + runningInEnvWithInjectedSidecars: + type: boolean + sendCloudEventsForRuns: + type: boolean + setSecurityContext: + type: boolean + setSecurityContextReadOnlyRootFilesystem: + type: boolean + verificationNoMatchPolicy: + description: |- + VerificationNoMatchPolicy is the feature flag for "trusted-resources-verification-no-match-policy" + VerificationNoMatchPolicy can be set to "ignore", "warn" and "fail" values. + ignore: skip trusted resources verification when no matching verification policies found + warn: skip trusted resources verification when no matching verification policies found and log a warning + fail: fail the taskrun or pipelines run if no matching verification policies found + type: string + refSource: + description: RefSource identifies the source where a remote task/pipeline came from. + type: object + properties: + digest: + description: |- + Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + type: object + additionalProperties: + type: string + entryPoint: + description: |- + EntryPoint identifies the entry point into the build. This is often a path to a + build definition file and/or a target label within that file. + Example: "task/git-clone/0.10/git-clone.yaml" + type: string + uri: + description: |- + URI indicates the identity of the source of the build definition. + Example: "https://github.com/tektoncd/catalog" + type: string + results: + type: array + items: + description: TaskRunResult used to describe the results of a task + type: object + required: + - name + - value + properties: + name: + description: Name the given name + type: string + type: + description: |- + Type is the user-specified type of the result. The possible type + is currently "string" and will support "array" in following work. + type: string + value: + description: Value the given value of the result + x-kubernetes-preserve-unknown-fields: true + running: + description: Details about a running container + type: object + properties: + startedAt: + description: Time at which the container was last (re-)started + type: string + format: date-time + terminated: + description: Details about a terminated container + type: object + required: + - exitCode + properties: + containerID: + description: Container's ID in the format '://' + type: string + exitCode: + description: Exit status from the last termination of the container + type: integer + format: int32 + finishedAt: + description: Time at which the container last terminated + type: string + format: date-time + message: + description: Message regarding the last termination of the container + type: string + reason: + description: (brief) reason from the last termination of the container + type: string + signal: + description: Signal from the last termination of the container + type: integer + format: int32 + startedAt: + description: Time at which previous execution of the container started + type: string + format: date-time + waiting: + description: Details about a waiting container + type: object + properties: + message: + description: Message regarding why the container is not yet running. + type: string + reason: + description: (brief) reason the container is not yet running. + type: string + x-kubernetes-list-type: atomic + taskResults: + description: TaskRunResults are the list of results written out by the task's containers + type: array + items: + description: TaskRunResult used to describe the results of a task + type: object + required: + - name + - value + properties: + name: + description: Name the given name + type: string + type: + description: |- + Type is the user-specified type of the result. The possible type + is currently "string" and will support "array" in following work. + type: string + value: + description: Value the given value of the result + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + taskSpec: + description: |- + TaskSpec contains the Spec from the dereferenced Task definition used to instantiate this TaskRun. + See Task.spec (API version tekton.dev/v1beta1) + x-kubernetes-preserve-unknown-fields: true + whenExpressions: + description: WhenExpressions is the list of checks guarding the execution of the PipelineTask + type: array + items: + description: |- + WhenExpression allows a PipelineTask to declare expressions to be evaluated before the Task is run + to determine whether the Task should be executed or skipped + type: object + properties: + cel: + description: |- + CEL is a string of Common Language Expression, which can be used to conditionally execute + the task based on the result of the expression evaluation + More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md + type: string + input: + description: Input is the string for guard checking which can be a static input or an output from a parent Task + type: string + operator: + description: Operator that represents an Input's relationship to the values + type: string + values: + description: |- + Values is an array of strings, which is compared against the input, for guard checking + It must be non-empty + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: |- + PipelineRun represents a single execution of a Pipeline. PipelineRuns are how + the graph of Tasks declared in a Pipeline are executed; they specify inputs + to Pipelines such as parameter values and capture operational aspects of the + Tasks execution such as service account and tolerations. Creating a + PipelineRun creates TaskRuns for Tasks in the referenced Pipeline. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PipelineRunSpec defines the desired state of PipelineRun + type: object + properties: + params: + description: Params is a list of parameter names and values. + type: array + items: + description: Param declares an ParamValues to use for the parameter called name. + type: object + required: + - name + - value + properties: + name: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + pipelineRef: + description: PipelineRef can be used to refer to a specific instance of a Pipeline. + type: object + properties: + apiVersion: + description: API version of the referent + type: string + name: + description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + params: + description: |- + Params contains the parameters used to identify the + referenced Tekton resource. Example entries might include + "repo" or "path" but the set of params ultimately depends on + the chosen resolver. + type: array + items: + description: Param declares an ParamValues to use for the parameter called name. + type: object + required: + - name + - value + properties: + name: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + resolver: + description: |- + Resolver is the name of the resolver that should perform + resolution of the referenced Tekton resource, such as "git". + type: string + pipelineSpec: + description: |- + Specifying PipelineSpec can be disabled by setting + `disable-inline-spec` feature flag. + See Pipeline.spec (API version: tekton.dev/v1) + x-kubernetes-preserve-unknown-fields: true + status: + description: Used for cancelling a pipelinerun (and maybe more later on) + type: string + taskRunSpecs: + description: TaskRunSpecs holds a set of runtime specs + type: array + items: + description: |- + PipelineTaskRunSpec can be used to configure specific + specs for a concrete Task + type: object + properties: + computeResources: + description: Compute resources to use for this TaskRun + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + metadata: + description: PipelineTaskMetadata contains the labels or annotations for an EmbeddedTask + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + labels: + type: object + additionalProperties: + type: string + pipelineTaskName: + type: string + podTemplate: + description: PodTemplate holds pod specific configuration + type: object + properties: + affinity: + description: |- + If specified, the pod's scheduling constraints. + See Pod.spec.affinity (API version: v1) + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: |- + AutomountServiceAccountToken indicates whether pods running as this + service account should have an API token automatically mounted. + type: boolean + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + type: object + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + type: array + items: + type: string + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + type: array + items: + description: PodDNSConfigOption defines DNS resolver options of a pod. + type: object + properties: + name: + description: |- + Name is this DNS resolver option's name. + Required. + type: string + value: + description: Value is this DNS resolver option's value. + type: string + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + type: array + items: + type: string + x-kubernetes-list-type: atomic + dnsPolicy: + description: |- + Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are + 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig + will be merged with the policy selected with DNSPolicy. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + env: + description: List of environment variables that can be provided to the containers belonging to the pod. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + type: array + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + type: object + required: + - ip + properties: + hostnames: + description: Hostnames for the above IP address. + type: array + items: + type: string + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + x-kubernetes-list-type: atomic + hostNetwork: + description: HostNetwork specifies whether the pod may use the node network namespace + type: boolean + imagePullSecrets: + description: ImagePullSecrets gives the name of the secret used by the pod to pull the image if specified + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + nodeSelector: + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + additionalProperties: + type: string + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io + group, which should be used to run this pod. If no RuntimeClass resource + matches the named class, the pod will not be run. If unset or empty, the + "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is a beta feature as of Kubernetes v1.14. + type: string + schedulerName: + description: SchedulerName specifies the scheduler to be used to dispatch the Pod + type: string + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + See Pod.spec.securityContext (API version: v1) + x-kubernetes-preserve-unknown-fields: true + tolerations: + description: If specified, the pod's tolerations. + type: array + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + type: object + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + TopologySpreadConstraints controls how Pods are spread across your cluster among + failure-domains such as regions, zones, nodes, and other user-defined topology domains. + type: array + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + type: object + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + matchLabels: + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + type: array + items: + type: string + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + type: integer + format: int32 + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + type: integer + format: int32 + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + x-kubernetes-list-type: atomic + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + See Pod.spec.volumes (API version: v1) + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + type: string + sidecarSpecs: + type: array + items: + description: TaskRunSidecarSpec is used to override the values of a Sidecar in the corresponding Task. + type: object + required: + - computeResources + - name + properties: + computeResources: + description: The resource requirements to apply to the Sidecar. + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + description: The name of the Sidecar to override. + type: string + x-kubernetes-list-type: atomic + stepSpecs: + type: array + items: + description: TaskRunStepSpec is used to override the values of a Step in the corresponding Task. + type: object + required: + - computeResources + - name + properties: + computeResources: + description: The resource requirements to apply to the Step. + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + description: The name of the Step to override. + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + taskRunTemplate: + description: TaskRunTemplate represent template of taskrun + type: object + properties: + podTemplate: + description: PodTemplate holds pod specific configuration + type: object + properties: + affinity: + description: |- + If specified, the pod's scheduling constraints. + See Pod.spec.affinity (API version: v1) + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: |- + AutomountServiceAccountToken indicates whether pods running as this + service account should have an API token automatically mounted. + type: boolean + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + type: object + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + type: array + items: + type: string + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + type: array + items: + description: PodDNSConfigOption defines DNS resolver options of a pod. + type: object + properties: + name: + description: |- + Name is this DNS resolver option's name. + Required. + type: string + value: + description: Value is this DNS resolver option's value. + type: string + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + type: array + items: + type: string + x-kubernetes-list-type: atomic + dnsPolicy: + description: |- + Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are + 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig + will be merged with the policy selected with DNSPolicy. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + env: + description: List of environment variables that can be provided to the containers belonging to the pod. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + type: array + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + type: object + required: + - ip + properties: + hostnames: + description: Hostnames for the above IP address. + type: array + items: + type: string + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + x-kubernetes-list-type: atomic + hostNetwork: + description: HostNetwork specifies whether the pod may use the node network namespace + type: boolean + imagePullSecrets: + description: ImagePullSecrets gives the name of the secret used by the pod to pull the image if specified + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + nodeSelector: + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + additionalProperties: + type: string + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io + group, which should be used to run this pod. If no RuntimeClass resource + matches the named class, the pod will not be run. If unset or empty, the + "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is a beta feature as of Kubernetes v1.14. + type: string + schedulerName: + description: SchedulerName specifies the scheduler to be used to dispatch the Pod + type: string + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + See Pod.spec.securityContext (API version: v1) + x-kubernetes-preserve-unknown-fields: true + tolerations: + description: If specified, the pod's tolerations. + type: array + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + type: object + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + TopologySpreadConstraints controls how Pods are spread across your cluster among + failure-domains such as regions, zones, nodes, and other user-defined topology domains. + type: array + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + type: object + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + matchLabels: + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + type: array + items: + type: string + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + type: integer + format: int32 + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + type: integer + format: int32 + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + x-kubernetes-list-type: atomic + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + See Pod.spec.volumes (API version: v1) + x-kubernetes-preserve-unknown-fields: true + serviceAccountName: + type: string + timeouts: + description: |- + Time after which the Pipeline times out. + Currently three keys are accepted in the map + pipeline, tasks and finally + with Timeouts.pipeline >= Timeouts.tasks + Timeouts.finally + type: object + properties: + finally: + description: Finally sets the maximum allowed duration of this pipeline's finally + type: string + pipeline: + description: Pipeline sets the maximum allowed duration for execution of the entire pipeline. The sum of individual timeouts for tasks and finally must not exceed this value. + type: string + tasks: + description: Tasks sets the maximum allowed duration of this pipeline's tasks + type: string + workspaces: + description: |- + Workspaces holds a set of workspace bindings that must match names + with those declared in the pipeline. + type: array + items: + description: WorkspaceBinding maps a Task's declared workspace to a Volume. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this workspace. + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. + type: object + required: + - driver + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + additionalProperties: + type: string + emptyDir: + description: |- + EmptyDir represents a temporary directory that shares a Task's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + Either this OR PersistentVolumeClaim can be used. + type: object + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + description: Name is the name of the workspace populated by the volume. + type: string + persistentVolumeClaim: + description: |- + PersistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. Either this OR EmptyDir can be used. + type: object + required: + - claimName + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + projected: + description: Projected represents a projected volume that should populate this workspace. + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + type: object + required: + - path + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + matchLabels: + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: Secret represents a secret that should populate this workspace. + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + subPath: + description: |- + SubPath is optionally a directory on the volume which should be used + for this binding (i.e. the volume will be mounted at this sub directory). + type: string + volumeClaimTemplate: + description: |- + VolumeClaimTemplate is a template for a claim that will be created in the same namespace. + The PipelineRun controller is responsible for creating a unique claim for each instance of PipelineRun. + See PersistentVolumeClaim (API version: v1) + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + status: + description: PipelineRunStatus defines the observed state of PipelineRun + type: object + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + childReferences: + description: list of TaskRun and Run names, PipelineTask names, and API versions/kinds for children of this PipelineRun. + type: array + items: + description: ChildStatusReference is used to point to the statuses of individual TaskRuns and Runs within this PipelineRun. + type: object + properties: + apiVersion: + type: string + displayName: + description: |- + DisplayName is a user-facing name of the pipelineTask that may be + used to populate a UI. + type: string + kind: + type: string + name: + description: Name is the name of the TaskRun or Run this is referencing. + type: string + pipelineTaskName: + description: PipelineTaskName is the name of the PipelineTask this is referencing. + type: string + whenExpressions: + description: WhenExpressions is the list of checks guarding the execution of the PipelineTask + type: array + items: + description: |- + WhenExpression allows a PipelineTask to declare expressions to be evaluated before the Task is run + to determine whether the Task should be executed or skipped + type: object + properties: + cel: + description: |- + CEL is a string of Common Language Expression, which can be used to conditionally execute + the task based on the result of the expression evaluation + More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md + type: string + input: + description: Input is the string for guard checking which can be a static input or an output from a parent Task + type: string + operator: + description: Operator that represents an Input's relationship to the values + type: string + values: + description: |- + Values is an array of strings, which is compared against the input, for guard checking + It must be non-empty + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + completionTime: + description: CompletionTime is the time the PipelineRun completed. + type: string + format: date-time + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + finallyStartTime: + description: FinallyStartTime is when all non-finally tasks have been completed and only finally tasks are being executed. + type: string + format: date-time + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + pipelineSpec: + description: |- + PipelineSpec contains the exact spec used to instantiate the run. + See Pipeline.spec (API version: tekton.dev/v1) + x-kubernetes-preserve-unknown-fields: true + provenance: + description: Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). + type: object + properties: + featureFlags: + description: FeatureFlags identifies the feature flags that were used during the task/pipeline run + type: object + properties: + awaitSidecarReadiness: + type: boolean + coschedule: + type: string + disableCredsInit: + type: boolean + disableInlineSpec: + type: string + enableAPIFields: + type: string + enableArtifacts: + type: boolean + enableCELInWhenExpression: + type: boolean + enableConciseResolverSyntax: + type: boolean + enableKeepPodOnCancel: + type: boolean + enableKubernetesSidecar: + type: boolean + enableParamEnum: + type: boolean + enableProvenanceInStatus: + type: boolean + enableStepActions: + description: EnableStepActions is a no-op flag since StepActions are stable + type: boolean + enforceNonfalsifiability: + type: string + maxResultSize: + type: integer + requireGitSSHSecretKnownHosts: + type: boolean + resultExtractionMethod: + type: string + runningInEnvWithInjectedSidecars: + type: boolean + sendCloudEventsForRuns: + type: boolean + setSecurityContext: + type: boolean + setSecurityContextReadOnlyRootFilesystem: + type: boolean + verificationNoMatchPolicy: + description: |- + VerificationNoMatchPolicy is the feature flag for "trusted-resources-verification-no-match-policy" + VerificationNoMatchPolicy can be set to "ignore", "warn" and "fail" values. + ignore: skip trusted resources verification when no matching verification policies found + warn: skip trusted resources verification when no matching verification policies found and log a warning + fail: fail the taskrun or pipelines run if no matching verification policies found + type: string + refSource: + description: RefSource identifies the source where a remote task/pipeline came from. + type: object + properties: + digest: + description: |- + Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + type: object + additionalProperties: + type: string + entryPoint: + description: |- + EntryPoint identifies the entry point into the build. This is often a path to a + build definition file and/or a target label within that file. + Example: "task/git-clone/0.10/git-clone.yaml" + type: string + uri: + description: |- + URI indicates the identity of the source of the build definition. + Example: "https://github.com/tektoncd/catalog" + type: string + results: + description: Results are the list of results written out by the pipeline task's containers + type: array + items: + description: PipelineRunResult used to describe the results of a pipeline + type: object + required: + - name + - value + properties: + name: + description: Name is the result's name as declared by the Pipeline + type: string + value: + description: Value is the result returned from the execution of this PipelineRun + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + skippedTasks: + description: list of tasks that were skipped due to when expressions evaluating to false + type: array + items: + description: |- + SkippedTask is used to describe the Tasks that were skipped due to their When Expressions + evaluating to False. This is a struct because we are looking into including more details + about the When Expressions that caused this Task to be skipped. + type: object + required: + - name + - reason + properties: + name: + description: Name is the Pipeline Task name + type: string + reason: + description: Reason is the cause of the PipelineTask being skipped. + type: string + whenExpressions: + description: WhenExpressions is the list of checks guarding the execution of the PipelineTask + type: array + items: + description: |- + WhenExpression allows a PipelineTask to declare expressions to be evaluated before the Task is run + to determine whether the Task should be executed or skipped + type: object + properties: + cel: + description: |- + CEL is a string of Common Language Expression, which can be used to conditionally execute + the task based on the result of the expression evaluation + More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md + type: string + input: + description: Input is the string for guard checking which can be a static input or an output from a parent Task + type: string + operator: + description: Operator that represents an Input's relationship to the values + type: string + values: + description: |- + Values is an array of strings, which is compared against the input, for guard checking + It must be non-empty + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + spanContext: + description: SpanContext contains tracing span context fields + type: object + additionalProperties: + type: string + startTime: + description: StartTime is the time the PipelineRun is actually started. + type: string + format: date-time + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} names: kind: PipelineRun plural: pipelineruns diff --git a/config/300-crds/300-taskrun.yaml b/config/300-crds/300-taskrun.yaml index 13080c1dc73..e45825be84c 100644 --- a/config/300-crds/300-taskrun.yaml +++ b/config/300-crds/300-taskrun.yaml @@ -25,68 +25,6917 @@ spec: group: tekton.dev preserveUnknownFields: false versions: - - name: v1beta1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime - - name: CompletionTime - type: date - jsonPath: .status.completionTime - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Succeeded - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - jsonPath: .status.startTime - - name: CompletionTime - type: date - jsonPath: .status.completionTime - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} + - name: v1beta1 + served: true + storage: false + schema: + openAPIV3Schema: + description: |- + TaskRun represents a single execution of a Task. TaskRuns are how the steps + specified in a Task are executed; they specify the parameters and resources + used to run the steps in a Task. + + Deprecated: Please use v1.TaskRun instead. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TaskRunSpec defines the desired state of TaskRun + type: object + properties: + computeResources: + description: Compute resources to use for this TaskRun + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + debug: + description: TaskRunDebug defines the breakpoint config for a particular TaskRun + type: object + properties: + breakpoints: + description: TaskBreakpoints defines the breakpoint config for a particular Task + type: object + properties: + beforeSteps: + type: array + items: + type: string + x-kubernetes-list-type: atomic + onFailure: + description: |- + if enabled, pause TaskRun on failure of a step + failed step will not exit + type: string + params: + description: Params is a list of Param + type: array + items: + description: Param declares an ParamValues to use for the parameter called name. + type: object + required: + - name + - value + properties: + name: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + podTemplate: + description: PodTemplate holds pod specific configuration + type: object + properties: + affinity: + description: |- + If specified, the pod's scheduling constraints. + See Pod.spec.affinity (API version: v1) + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: |- + AutomountServiceAccountToken indicates whether pods running as this + service account should have an API token automatically mounted. + type: boolean + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + type: object + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + type: array + items: + type: string + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + type: array + items: + description: PodDNSConfigOption defines DNS resolver options of a pod. + type: object + properties: + name: + description: |- + Name is this DNS resolver option's name. + Required. + type: string + value: + description: Value is this DNS resolver option's value. + type: string + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + type: array + items: + type: string + x-kubernetes-list-type: atomic + dnsPolicy: + description: |- + Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are + 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig + will be merged with the policy selected with DNSPolicy. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + env: + description: List of environment variables that can be provided to the containers belonging to the pod. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + type: array + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + type: object + required: + - ip + properties: + hostnames: + description: Hostnames for the above IP address. + type: array + items: + type: string + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + x-kubernetes-list-type: atomic + hostNetwork: + description: HostNetwork specifies whether the pod may use the node network namespace + type: boolean + imagePullSecrets: + description: ImagePullSecrets gives the name of the secret used by the pod to pull the image if specified + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + nodeSelector: + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + additionalProperties: + type: string + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io + group, which should be used to run this pod. If no RuntimeClass resource + matches the named class, the pod will not be run. If unset or empty, the + "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is a beta feature as of Kubernetes v1.14. + type: string + schedulerName: + description: SchedulerName specifies the scheduler to be used to dispatch the Pod + type: string + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + See Pod.spec.securityContext (API version: v1) + x-kubernetes-preserve-unknown-fields: true + tolerations: + description: If specified, the pod's tolerations. + type: array + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + type: object + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + TopologySpreadConstraints controls how Pods are spread across your cluster among + failure-domains such as regions, zones, nodes, and other user-defined topology domains. + type: array + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + type: object + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + matchLabels: + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + type: array + items: + type: string + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + type: integer + format: int32 + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + type: integer + format: int32 + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + x-kubernetes-list-type: atomic + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + See Pod.spec.volumes (API version: v1) + x-kubernetes-preserve-unknown-fields: true + resources: + description: 'Deprecated: Unused, preserved only for backwards compatibility' + type: object + properties: + inputs: + description: Inputs holds the inputs resources this task was invoked with + type: array + items: + description: |- + TaskResourceBinding points to the PipelineResource that + will be used for the Task input or output called Name. + + Deprecated: Unused, preserved only for backwards compatibility + type: object + properties: + name: + description: Name is the name of the PipelineResource in the Pipeline's declaration + type: string + paths: + description: |- + Paths will probably be removed in #1284, and then PipelineResourceBinding can be used instead. + The optional Path field corresponds to a path on disk at which the Resource can be found + (used when providing the resource via mounted volume, overriding the default logic to fetch the Resource). + type: array + items: + type: string + x-kubernetes-list-type: atomic + resourceRef: + description: |- + ResourceRef is a reference to the instance of the actual PipelineResource + that should be used + type: object + properties: + apiVersion: + description: API version of the referent + type: string + name: + description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + resourceSpec: + description: |- + ResourceSpec is specification of a resource that should be created and + consumed by the task + type: object + required: + - params + - type + properties: + description: + description: |- + Description is a user-facing description of the resource that may be + used to populate a UI. + type: string + params: + type: array + items: + description: |- + ResourceParam declares a string value to use for the parameter called Name, and is used in + the specific context of PipelineResources. + + Deprecated: Unused, preserved only for backwards compatibility + type: object + required: + - name + - value + properties: + name: + type: string + value: + type: string + x-kubernetes-list-type: atomic + secrets: + description: Secrets to fetch to populate some of resource fields + type: array + items: + description: |- + SecretParam indicates which secret can be used to populate a field of the resource + + Deprecated: Unused, preserved only for backwards compatibility + type: object + required: + - fieldName + - secretKey + - secretName + properties: + fieldName: + type: string + secretKey: + type: string + secretName: + type: string + x-kubernetes-list-type: atomic + type: + description: |- + PipelineResourceType represents the type of endpoint the pipelineResource is, so that the + controller will know this pipelineResource shouldx be fetched and optionally what + additional metatdata should be provided for it. + + Deprecated: Unused, preserved only for backwards compatibility + type: string + x-kubernetes-list-type: atomic + outputs: + description: Outputs holds the inputs resources this task was invoked with + type: array + items: + description: |- + TaskResourceBinding points to the PipelineResource that + will be used for the Task input or output called Name. + + Deprecated: Unused, preserved only for backwards compatibility + type: object + properties: + name: + description: Name is the name of the PipelineResource in the Pipeline's declaration + type: string + paths: + description: |- + Paths will probably be removed in #1284, and then PipelineResourceBinding can be used instead. + The optional Path field corresponds to a path on disk at which the Resource can be found + (used when providing the resource via mounted volume, overriding the default logic to fetch the Resource). + type: array + items: + type: string + x-kubernetes-list-type: atomic + resourceRef: + description: |- + ResourceRef is a reference to the instance of the actual PipelineResource + that should be used + type: object + properties: + apiVersion: + description: API version of the referent + type: string + name: + description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + resourceSpec: + description: |- + ResourceSpec is specification of a resource that should be created and + consumed by the task + type: object + required: + - params + - type + properties: + description: + description: |- + Description is a user-facing description of the resource that may be + used to populate a UI. + type: string + params: + type: array + items: + description: |- + ResourceParam declares a string value to use for the parameter called Name, and is used in + the specific context of PipelineResources. + + Deprecated: Unused, preserved only for backwards compatibility + type: object + required: + - name + - value + properties: + name: + type: string + value: + type: string + x-kubernetes-list-type: atomic + secrets: + description: Secrets to fetch to populate some of resource fields + type: array + items: + description: |- + SecretParam indicates which secret can be used to populate a field of the resource + + Deprecated: Unused, preserved only for backwards compatibility + type: object + required: + - fieldName + - secretKey + - secretName + properties: + fieldName: + type: string + secretKey: + type: string + secretName: + type: string + x-kubernetes-list-type: atomic + type: + description: |- + PipelineResourceType represents the type of endpoint the pipelineResource is, so that the + controller will know this pipelineResource shouldx be fetched and optionally what + additional metatdata should be provided for it. + + Deprecated: Unused, preserved only for backwards compatibility + type: string + x-kubernetes-list-type: atomic + retries: + description: Retries represents how many times this TaskRun should be retried in the event of Task failure. + type: integer + serviceAccountName: + type: string + sidecarOverrides: + description: |- + Overrides to apply to Sidecars in this TaskRun. + If a field is specified in both a Sidecar and a SidecarOverride, + the value from the SidecarOverride will be used. + This field is only supported when the alpha feature gate is enabled. + type: array + items: + description: TaskRunSidecarOverride is used to override the values of a Sidecar in the corresponding Task. + type: object + required: + - name + - resources + properties: + name: + description: The name of the Sidecar to override. + type: string + resources: + description: The resource requirements to apply to the Sidecar. + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + x-kubernetes-list-type: atomic + status: + description: Used for cancelling a TaskRun (and maybe more later on) + type: string + statusMessage: + description: Status message for cancellation. + type: string + stepOverrides: + description: |- + Overrides to apply to Steps in this TaskRun. + If a field is specified in both a Step and a StepOverride, + the value from the StepOverride will be used. + This field is only supported when the alpha feature gate is enabled. + type: array + items: + description: TaskRunStepOverride is used to override the values of a Step in the corresponding Task. + type: object + required: + - name + - resources + properties: + name: + description: The name of the Step to override. + type: string + resources: + description: The resource requirements to apply to the Step. + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + x-kubernetes-list-type: atomic + taskRef: + description: no more than one of the TaskRef and TaskSpec may be specified. + type: object + properties: + apiVersion: + description: |- + API version of the referent + Note: A Task with non-empty APIVersion and Kind is considered a Custom Task + type: string + bundle: + description: |- + Bundle url reference to a Tekton Bundle. + + Deprecated: Please use ResolverRef with the bundles resolver instead. + The field is staying there for go client backward compatibility, but is not used/allowed anymore. + type: string + kind: + description: |- + TaskKind indicates the Kind of the Task: + 1. Namespaced Task when Kind is set to "Task". If Kind is "", it defaults to "Task". + 2. Custom Task when Kind is non-empty and APIVersion is non-empty + type: string + name: + description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + params: + description: |- + Params contains the parameters used to identify the + referenced Tekton resource. Example entries might include + "repo" or "path" but the set of params ultimately depends on + the chosen resolver. + type: array + items: + description: Param declares an ParamValues to use for the parameter called name. + type: object + required: + - name + - value + properties: + name: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + resolver: + description: |- + Resolver is the name of the resolver that should perform + resolution of the referenced Tekton resource, such as "git". + type: string + taskSpec: + description: |- + Specifying TaskSpec can be disabled by setting + `disable-inline-spec` feature flag. + See Task.spec (API version: tekton.dev/v1beta1) + x-kubernetes-preserve-unknown-fields: true + timeout: + description: |- + Time after which one retry attempt times out. Defaults to 1 hour. + Refer Go's ParseDuration documentation for expected format: https://golang.org/pkg/time/#ParseDuration + type: string + workspaces: + description: Workspaces is a list of WorkspaceBindings from volumes to workspaces. + type: array + items: + description: WorkspaceBinding maps a Task's declared workspace to a Volume. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this workspace. + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. + type: object + required: + - driver + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + additionalProperties: + type: string + emptyDir: + description: |- + EmptyDir represents a temporary directory that shares a Task's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + Either this OR PersistentVolumeClaim can be used. + type: object + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + description: Name is the name of the workspace populated by the volume. + type: string + persistentVolumeClaim: + description: |- + PersistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. Either this OR EmptyDir can be used. + type: object + required: + - claimName + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + projected: + description: Projected represents a projected volume that should populate this workspace. + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + type: object + required: + - path + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + matchLabels: + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: Secret represents a secret that should populate this workspace. + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + subPath: + description: |- + SubPath is optionally a directory on the volume which should be used + for this binding (i.e. the volume will be mounted at this sub directory). + type: string + volumeClaimTemplate: + description: |- + VolumeClaimTemplate is a template for a claim that will be created in the same namespace. + The PipelineRun controller is responsible for creating a unique claim for each instance of PipelineRun. + See PersistentVolumeClaim (API version: v1) + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + status: + description: TaskRunStatus defines the observed state of TaskRun + type: object + required: + - podName + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + cloudEvents: + description: |- + CloudEvents describe the state of each cloud event requested via a + CloudEventResource. + + Deprecated: Removed in v0.44.0. + type: array + items: + description: |- + CloudEventDelivery is the target of a cloud event along with the state of + delivery. + type: object + properties: + status: + description: CloudEventDeliveryState reports the state of a cloud event to be sent. + type: object + required: + - message + - retryCount + properties: + condition: + description: Current status + type: string + message: + description: Error is the text of error (if any) + type: string + retryCount: + description: RetryCount is the number of attempts of sending the cloud event + type: integer + format: int32 + sentAt: + description: SentAt is the time at which the last attempt to send the event was made + type: string + format: date-time + target: + description: Target points to an addressable + type: string + x-kubernetes-list-type: atomic + completionTime: + description: CompletionTime is the time the build completed. + type: string + format: date-time + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + podName: + description: PodName is the name of the pod responsible for executing this task's steps. + type: string + provenance: + description: Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). + type: object + properties: + configSource: + description: 'Deprecated: Use RefSource instead' + type: object + properties: + digest: + description: |- + Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + type: object + additionalProperties: + type: string + entryPoint: + description: |- + EntryPoint identifies the entry point into the build. This is often a path to a + build definition file and/or a target label within that file. + Example: "task/git-clone/0.10/git-clone.yaml" + type: string + uri: + description: |- + URI indicates the identity of the source of the build definition. + Example: "https://github.com/tektoncd/catalog" + type: string + featureFlags: + description: FeatureFlags identifies the feature flags that were used during the task/pipeline run + type: object + properties: + awaitSidecarReadiness: + type: boolean + coschedule: + type: string + disableCredsInit: + type: boolean + disableInlineSpec: + type: string + enableAPIFields: + type: string + enableArtifacts: + type: boolean + enableCELInWhenExpression: + type: boolean + enableConciseResolverSyntax: + type: boolean + enableKeepPodOnCancel: + type: boolean + enableKubernetesSidecar: + type: boolean + enableParamEnum: + type: boolean + enableProvenanceInStatus: + type: boolean + enableStepActions: + description: EnableStepActions is a no-op flag since StepActions are stable + type: boolean + enforceNonfalsifiability: + type: string + maxResultSize: + type: integer + requireGitSSHSecretKnownHosts: + type: boolean + resultExtractionMethod: + type: string + runningInEnvWithInjectedSidecars: + type: boolean + sendCloudEventsForRuns: + type: boolean + setSecurityContext: + type: boolean + setSecurityContextReadOnlyRootFilesystem: + type: boolean + verificationNoMatchPolicy: + description: |- + VerificationNoMatchPolicy is the feature flag for "trusted-resources-verification-no-match-policy" + VerificationNoMatchPolicy can be set to "ignore", "warn" and "fail" values. + ignore: skip trusted resources verification when no matching verification policies found + warn: skip trusted resources verification when no matching verification policies found and log a warning + fail: fail the taskrun or pipelines run if no matching verification policies found + type: string + refSource: + description: RefSource identifies the source where a remote task/pipeline came from. + type: object + properties: + digest: + description: |- + Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + type: object + additionalProperties: + type: string + entryPoint: + description: |- + EntryPoint identifies the entry point into the build. This is often a path to a + build definition file and/or a target label within that file. + Example: "task/git-clone/0.10/git-clone.yaml" + type: string + uri: + description: |- + URI indicates the identity of the source of the build definition. + Example: "https://github.com/tektoncd/catalog" + type: string + resourcesResult: + description: |- + Results from Resources built during the TaskRun. + This is tomb-stoned along with the removal of pipelineResources + Deprecated: this field is not populated and is preserved only for backwards compatibility + type: array + items: + description: |- + RunResult is used to write key/value pairs to TaskRun pod termination messages. + The key/value pairs may come from the entrypoint binary, or represent a TaskRunResult. + If they represent a TaskRunResult, the key is the name of the result and the value is the + JSON-serialized value of the result. + type: object + required: + - key + - value + properties: + key: + type: string + resourceName: + description: |- + ResourceName may be used in tests, but it is not populated in termination messages. + It is preserved here for backwards compatibility and will not be ported to v1. + type: string + type: + description: |- + ResultType used to find out whether a RunResult is from a task result or not + Note that ResultsType is another type which is used to define the data type + (e.g. string, array, etc) we used for Results + type: integer + value: + type: string + x-kubernetes-list-type: atomic + retriesStatus: + description: |- + RetriesStatus contains the history of TaskRunStatus in case of a retry in order to keep record of failures. + All TaskRunStatus stored in RetriesStatus will have no date within the RetriesStatus as is redundant. + See TaskRun.status (API version: tekton.dev/v1beta1) + x-kubernetes-preserve-unknown-fields: true + sidecars: + description: |- + The list has one entry per sidecar in the manifest. Each entry is + represents the imageid of the corresponding sidecar. + type: array + items: + description: SidecarState reports the results of running a sidecar in a Task. + type: object + properties: + container: + type: string + imageID: + type: string + name: + type: string + running: + description: Details about a running container + type: object + properties: + startedAt: + description: Time at which the container was last (re-)started + type: string + format: date-time + terminated: + description: Details about a terminated container + type: object + required: + - exitCode + properties: + containerID: + description: Container's ID in the format '://' + type: string + exitCode: + description: Exit status from the last termination of the container + type: integer + format: int32 + finishedAt: + description: Time at which the container last terminated + type: string + format: date-time + message: + description: Message regarding the last termination of the container + type: string + reason: + description: (brief) reason from the last termination of the container + type: string + signal: + description: Signal from the last termination of the container + type: integer + format: int32 + startedAt: + description: Time at which previous execution of the container started + type: string + format: date-time + waiting: + description: Details about a waiting container + type: object + properties: + message: + description: Message regarding why the container is not yet running. + type: string + reason: + description: (brief) reason the container is not yet running. + type: string + x-kubernetes-list-type: atomic + spanContext: + description: SpanContext contains tracing span context fields + type: object + additionalProperties: + type: string + startTime: + description: StartTime is the time the build is actually started. + type: string + format: date-time + steps: + description: Steps describes the state of each build step container. + type: array + items: + description: StepState reports the results of running a step in a Task. + type: object + properties: + container: + type: string + imageID: + type: string + inputs: + type: array + items: + description: |- + Artifact represents an artifact within a system, potentially containing multiple values + associated with it. + type: object + properties: + buildOutput: + description: Indicate if the artifact is a build output or a by-product + type: boolean + name: + description: The artifact's identifying category name + type: string + values: + description: A collection of values related to the artifact + type: array + items: + description: ArtifactValue represents a specific value or data element within an Artifact. + type: object + properties: + digest: + type: object + additionalProperties: + type: string + uri: + type: string + name: + type: string + outputs: + type: array + items: + description: |- + Artifact represents an artifact within a system, potentially containing multiple values + associated with it. + type: object + properties: + buildOutput: + description: Indicate if the artifact is a build output or a by-product + type: boolean + name: + description: The artifact's identifying category name + type: string + values: + description: A collection of values related to the artifact + type: array + items: + description: ArtifactValue represents a specific value or data element within an Artifact. + type: object + properties: + digest: + type: object + additionalProperties: + type: string + uri: + type: string + provenance: + description: |- + Provenance contains metadata about resources used in the TaskRun/PipelineRun + such as the source from where a remote build definition was fetched. + This field aims to carry minimum amoumt of metadata in *Run status so that + Tekton Chains can capture them in the provenance. + type: object + properties: + configSource: + description: 'Deprecated: Use RefSource instead' + type: object + properties: + digest: + description: |- + Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + type: object + additionalProperties: + type: string + entryPoint: + description: |- + EntryPoint identifies the entry point into the build. This is often a path to a + build definition file and/or a target label within that file. + Example: "task/git-clone/0.10/git-clone.yaml" + type: string + uri: + description: |- + URI indicates the identity of the source of the build definition. + Example: "https://github.com/tektoncd/catalog" + type: string + featureFlags: + description: FeatureFlags identifies the feature flags that were used during the task/pipeline run + type: object + properties: + awaitSidecarReadiness: + type: boolean + coschedule: + type: string + disableCredsInit: + type: boolean + disableInlineSpec: + type: string + enableAPIFields: + type: string + enableArtifacts: + type: boolean + enableCELInWhenExpression: + type: boolean + enableConciseResolverSyntax: + type: boolean + enableKeepPodOnCancel: + type: boolean + enableKubernetesSidecar: + type: boolean + enableParamEnum: + type: boolean + enableProvenanceInStatus: + type: boolean + enableStepActions: + description: EnableStepActions is a no-op flag since StepActions are stable + type: boolean + enforceNonfalsifiability: + type: string + maxResultSize: + type: integer + requireGitSSHSecretKnownHosts: + type: boolean + resultExtractionMethod: + type: string + runningInEnvWithInjectedSidecars: + type: boolean + sendCloudEventsForRuns: + type: boolean + setSecurityContext: + type: boolean + setSecurityContextReadOnlyRootFilesystem: + type: boolean + verificationNoMatchPolicy: + description: |- + VerificationNoMatchPolicy is the feature flag for "trusted-resources-verification-no-match-policy" + VerificationNoMatchPolicy can be set to "ignore", "warn" and "fail" values. + ignore: skip trusted resources verification when no matching verification policies found + warn: skip trusted resources verification when no matching verification policies found and log a warning + fail: fail the taskrun or pipelines run if no matching verification policies found + type: string + refSource: + description: RefSource identifies the source where a remote task/pipeline came from. + type: object + properties: + digest: + description: |- + Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + type: object + additionalProperties: + type: string + entryPoint: + description: |- + EntryPoint identifies the entry point into the build. This is often a path to a + build definition file and/or a target label within that file. + Example: "task/git-clone/0.10/git-clone.yaml" + type: string + uri: + description: |- + URI indicates the identity of the source of the build definition. + Example: "https://github.com/tektoncd/catalog" + type: string + results: + type: array + items: + description: TaskRunResult used to describe the results of a task + type: object + required: + - name + - value + properties: + name: + description: Name the given name + type: string + type: + description: |- + Type is the user-specified type of the result. The possible type + is currently "string" and will support "array" in following work. + type: string + value: + description: Value the given value of the result + x-kubernetes-preserve-unknown-fields: true + running: + description: Details about a running container + type: object + properties: + startedAt: + description: Time at which the container was last (re-)started + type: string + format: date-time + terminated: + description: Details about a terminated container + type: object + required: + - exitCode + properties: + containerID: + description: Container's ID in the format '://' + type: string + exitCode: + description: Exit status from the last termination of the container + type: integer + format: int32 + finishedAt: + description: Time at which the container last terminated + type: string + format: date-time + message: + description: Message regarding the last termination of the container + type: string + reason: + description: (brief) reason from the last termination of the container + type: string + signal: + description: Signal from the last termination of the container + type: integer + format: int32 + startedAt: + description: Time at which previous execution of the container started + type: string + format: date-time + waiting: + description: Details about a waiting container + type: object + properties: + message: + description: Message regarding why the container is not yet running. + type: string + reason: + description: (brief) reason the container is not yet running. + type: string + x-kubernetes-list-type: atomic + taskResults: + description: TaskRunResults are the list of results written out by the task's containers + type: array + items: + description: TaskRunResult used to describe the results of a task + type: object + required: + - name + - value + properties: + name: + description: Name the given name + type: string + type: + description: |- + Type is the user-specified type of the result. The possible type + is currently "string" and will support "array" in following work. + type: string + value: + description: Value the given value of the result + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + taskSpec: + description: |- + TaskSpec contains the Spec from the dereferenced Task definition used to instantiate this TaskRun. + See Task.spec (API version tekton.dev/v1beta1) + x-kubernetes-preserve-unknown-fields: true + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: |- + TaskRun represents a single execution of a Task. TaskRuns are how the steps + specified in a Task are executed; they specify the parameters and resources + used to run the steps in a Task. + type: object + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: TaskRunSpec defines the desired state of TaskRun + type: object + properties: + computeResources: + description: Compute resources to use for this TaskRun + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + debug: + description: TaskRunDebug defines the breakpoint config for a particular TaskRun + type: object + properties: + breakpoints: + description: TaskBreakpoints defines the breakpoint config for a particular Task + type: object + properties: + beforeSteps: + type: array + items: + type: string + x-kubernetes-list-type: atomic + onFailure: + description: |- + if enabled, pause TaskRun on failure of a step + failed step will not exit + type: string + params: + description: Params is a list of Param + type: array + items: + description: Param declares an ParamValues to use for the parameter called name. + type: object + required: + - name + - value + properties: + name: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + podTemplate: + description: PodTemplate holds pod specific configuration + type: object + properties: + affinity: + description: |- + If specified, the pod's scheduling constraints. + See Pod.spec.affinity (API version: v1) + x-kubernetes-preserve-unknown-fields: true + automountServiceAccountToken: + description: |- + AutomountServiceAccountToken indicates whether pods running as this + service account should have an API token automatically mounted. + type: boolean + dnsConfig: + description: |- + Specifies the DNS parameters of a pod. + Parameters specified here will be merged to the generated DNS + configuration based on DNSPolicy. + type: object + properties: + nameservers: + description: |- + A list of DNS name server IP addresses. + This will be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. + type: array + items: + type: string + x-kubernetes-list-type: atomic + options: + description: |- + A list of DNS resolver options. + This will be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. + type: array + items: + description: PodDNSConfigOption defines DNS resolver options of a pod. + type: object + properties: + name: + description: |- + Name is this DNS resolver option's name. + Required. + type: string + value: + description: Value is this DNS resolver option's value. + type: string + x-kubernetes-list-type: atomic + searches: + description: |- + A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from DNSPolicy. + Duplicated search paths will be removed. + type: array + items: + type: string + x-kubernetes-list-type: atomic + dnsPolicy: + description: |- + Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are + 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig + will be merged with the policy selected with DNSPolicy. + type: string + enableServiceLinks: + description: |- + EnableServiceLinks indicates whether information about services should be injected into pod's + environment variables, matching the syntax of Docker links. + Optional: Defaults to true. + type: boolean + env: + description: List of environment variables that can be provided to the containers belonging to the pod. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + hostAliases: + description: |- + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts + file if specified. This is only valid for non-hostNetwork pods. + type: array + items: + description: |- + HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the + pod's hosts file. + type: object + required: + - ip + properties: + hostnames: + description: Hostnames for the above IP address. + type: array + items: + type: string + x-kubernetes-list-type: atomic + ip: + description: IP address of the host file entry. + type: string + x-kubernetes-list-type: atomic + hostNetwork: + description: HostNetwork specifies whether the pod may use the node network namespace + type: boolean + imagePullSecrets: + description: ImagePullSecrets gives the name of the secret used by the pod to pull the image if specified + type: array + items: + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + nodeSelector: + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + type: object + additionalProperties: + type: string + priorityClassName: + description: |- + If specified, indicates the pod's priority. "system-node-critical" and + "system-cluster-critical" are two special keywords which indicate the + highest priorities with the former being the highest priority. Any other + name must be defined by creating a PriorityClass object with that name. + If not specified, the pod priority will be default or zero if there is no + default. + type: string + runtimeClassName: + description: |- + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io + group, which should be used to run this pod. If no RuntimeClass resource + matches the named class, the pod will not be run. If unset or empty, the + "legacy" RuntimeClass will be used, which is an implicit class with an + empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is a beta feature as of Kubernetes v1.14. + type: string + schedulerName: + description: SchedulerName specifies the scheduler to be used to dispatch the Pod + type: string + securityContext: + description: |- + SecurityContext holds pod-level security attributes and common container settings. + Optional: Defaults to empty. See type description for default values of each field. + See Pod.spec.securityContext (API version: v1) + x-kubernetes-preserve-unknown-fields: true + tolerations: + description: If specified, the pod's tolerations. + type: array + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + type: object + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + type: integer + format: int64 + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + x-kubernetes-list-type: atomic + topologySpreadConstraints: + description: |- + TopologySpreadConstraints controls how Pods are spread across your cluster among + failure-domains such as regions, zones, nodes, and other user-defined topology domains. + type: array + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + type: object + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + properties: + labelSelector: + description: |- + LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine the number of pods + in their corresponding topology domain. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + matchLabels: + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select the pods over which + spreading will be calculated. The keys are used to lookup values from the + incoming pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading will be calculated + for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. + MatchLabelKeys cannot be set when LabelSelector isn't set. + Keys that don't exist in the incoming pod labels will + be ignored. A null or empty list means only match against labelSelector. + + This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). + type: array + items: + type: string + x-kubernetes-list-type: atomic + maxSkew: + description: |- + MaxSkew describes the degree to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference + between the number of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods in an eligible domain + or zero if the number of eligible domains is less than MinDomains. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 2/2/1: + In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | + | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; + scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any zone. + When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence + to topologies that satisfy it. + It's a required field. Default value is 1 and 0 is not allowed. + type: integer + format: int32 + minDomains: + description: |- + MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less than minDomains, + Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. + As a result, when the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains is equal to 1. + Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: + | zone1 | zone2 | zone3 | + | P P | P P | P P | + The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. + In this situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, + it will violate MaxSkew. + type: integer + format: int32 + nodeAffinityPolicy: + description: |- + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + nodeTaintsPolicy: + description: |- + NodeTaintsPolicy indicates how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. + type: string + topologyKey: + description: |- + TopologyKey is the key of node labels. Nodes that have a label with this key + and identical values are considered to be in the same topology. + We consider each as a "bucket", and try to put balanced number + of pods into each bucket. + We define a domain as a particular instance of a topology. + Also, we define an eligible domain as a domain whose nodes meet the requirements of + nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. + And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: |- + WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy + the spread constraint. + - DoNotSchedule (default) tells the scheduler not to schedule it. + - ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. + A constraint is considered "Unsatisfiable" for an incoming pod + if and only if every possible node assignment for that pod would violate + "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same + labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | + | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler + won't make it *more* imbalanced. + It's a required field. + type: string + x-kubernetes-list-type: atomic + volumes: + description: |- + List of volumes that can be mounted by containers belonging to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes + See Pod.spec.volumes (API version: v1) + x-kubernetes-preserve-unknown-fields: true + retries: + description: Retries represents how many times this TaskRun should be retried in the event of task failure. + type: integer + serviceAccountName: + type: string + sidecarSpecs: + description: |- + Specs to apply to Sidecars in this TaskRun. + If a field is specified in both a Sidecar and a SidecarSpec, + the value from the SidecarSpec will be used. + This field is only supported when the alpha feature gate is enabled. + type: array + items: + description: TaskRunSidecarSpec is used to override the values of a Sidecar in the corresponding Task. + type: object + required: + - computeResources + - name + properties: + computeResources: + description: The resource requirements to apply to the Sidecar. + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + description: The name of the Sidecar to override. + type: string + x-kubernetes-list-type: atomic + status: + description: Used for cancelling a TaskRun (and maybe more later on) + type: string + statusMessage: + description: Status message for cancellation. + type: string + stepSpecs: + description: |- + Specs to apply to Steps in this TaskRun. + If a field is specified in both a Step and a StepSpec, + the value from the StepSpec will be used. + This field is only supported when the alpha feature gate is enabled. + type: array + items: + description: TaskRunStepSpec is used to override the values of a Step in the corresponding Task. + type: object + required: + - computeResources + - name + properties: + computeResources: + description: The resource requirements to apply to the Step. + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + description: The name of the Step to override. + type: string + x-kubernetes-list-type: atomic + taskRef: + description: no more than one of the TaskRef and TaskSpec may be specified. + type: object + properties: + apiVersion: + description: |- + API version of the referent + Note: A Task with non-empty APIVersion and Kind is considered a Custom Task + type: string + kind: + description: |- + TaskKind indicates the Kind of the Task: + 1. Namespaced Task when Kind is set to "Task". If Kind is "", it defaults to "Task". + 2. Custom Task when Kind is non-empty and APIVersion is non-empty + type: string + name: + description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + params: + description: |- + Params contains the parameters used to identify the + referenced Tekton resource. Example entries might include + "repo" or "path" but the set of params ultimately depends on + the chosen resolver. + type: array + items: + description: Param declares an ParamValues to use for the parameter called name. + type: object + required: + - name + - value + properties: + name: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + resolver: + description: |- + Resolver is the name of the resolver that should perform + resolution of the referenced Tekton resource, such as "git". + type: string + taskSpec: + description: |- + Specifying TaskSpec can be disabled by setting + `disable-inline-spec` feature flag. + See Task.spec (API version: tekton.dev/v1) + x-kubernetes-preserve-unknown-fields: true + timeout: + description: |- + Time after which one retry attempt times out. Defaults to 1 hour. + Refer Go's ParseDuration documentation for expected format: https://golang.org/pkg/time/#ParseDuration + type: string + workspaces: + description: Workspaces is a list of WorkspaceBindings from volumes to workspaces. + type: array + items: + description: WorkspaceBinding maps a Task's declared workspace to a Volume. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this workspace. + type: object + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + csi: + description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers. + type: object + required: + - driver + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + additionalProperties: + type: string + emptyDir: + description: |- + EmptyDir represents a temporary directory that shares a Task's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + Either this OR PersistentVolumeClaim can be used. + type: object + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + name: + description: Name is the name of the workspace populated by the volume. + type: string + persistentVolumeClaim: + description: |- + PersistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. Either this OR EmptyDir can be used. + type: object + required: + - claimName + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + projected: + description: Projected represents a projected volume that should populate this workspace. + type: object + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: |- + sources is the list of volume projections. Each entry in this list + handles one source. + type: array + items: + description: |- + Projection that may be projected along with other supported volume types. + Exactly one of these fields must be set. + type: object + properties: + clusterTrustBundle: + description: |- + ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field + of ClusterTrustBundle objects in an auto-updating file. + + Alpha, gated by the ClusterTrustBundleProjection feature gate. + + ClusterTrustBundle objects can either be selected by name, or by the + combination of signer name and a label selector. + + Kubelet performs aggressive normalization of the PEM contents written + into the pod filesystem. Esoteric PEM features such as inter-block + comments and block headers are stripped. Certificates are deduplicated. + The ordering of certificates within the file is arbitrary, and Kubelet + may change the order over time. + type: object + required: + - path + properties: + labelSelector: + description: |- + Select all ClusterTrustBundles that match this label selector. Only has + effect if signerName is set. Mutually-exclusive with name. If unset, + interpreted as "match nothing". If set but empty, interpreted as "match + everything". + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + type: array + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + type: array + items: + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + matchLabels: + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + additionalProperties: + type: string + x-kubernetes-map-type: atomic + name: + description: |- + Select a single ClusterTrustBundle by object name. Mutually-exclusive + with signerName and labelSelector. + type: string + optional: + description: |- + If true, don't block pod startup if the referenced ClusterTrustBundle(s) + aren't available. If using name, then the named ClusterTrustBundle is + allowed not to exist. If using signerName, then the combination of + signerName and labelSelector is allowed to match zero + ClusterTrustBundles. + type: boolean + path: + description: Relative path from the volume root to write the bundle. + type: string + signerName: + description: |- + Select all ClusterTrustBundles that match this signer name. + Mutually-exclusive with name. The contents of all selected + ClusterTrustBundles will be unified and deduplicated. + type: string + configMap: + description: configMap information about the configMap data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional specify whether the ConfigMap or its keys must be defined + type: boolean + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI data to project + type: object + properties: + items: + description: Items is a list of DownwardAPIVolume file + type: array + items: + description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: object + required: + - path + properties: + fieldRef: + description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.' + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + secret: + description: secret information about the secret data to project + type: object + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: optional field specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + type: integer + format: int64 + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + x-kubernetes-list-type: atomic + secret: + description: Secret represents a secret that should populate this workspace. + type: object + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + x-kubernetes-list-type: atomic + optional: + description: optional field specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + subPath: + description: |- + SubPath is optionally a directory on the volume which should be used + for this binding (i.e. the volume will be mounted at this sub directory). + type: string + volumeClaimTemplate: + description: |- + VolumeClaimTemplate is a template for a claim that will be created in the same namespace. + The PipelineRun controller is responsible for creating a unique claim for each instance of PipelineRun. + See PersistentVolumeClaim (API version: v1) + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + status: + description: TaskRunStatus defines the observed state of TaskRun + type: object + required: + - podName + properties: + annotations: + description: |- + Annotations is additional Status fields for the Resource to save some + additional State as well as convey more information to the user. This is + roughly akin to Annotations on any k8s resource, just the reconciler conveying + richer information outwards. + type: object + additionalProperties: + type: string + artifacts: + description: Artifacts are the list of artifacts written out by the task's containers + type: object + properties: + inputs: + type: array + items: + description: |- + Artifact represents an artifact within a system, potentially containing multiple values + associated with it. + type: object + properties: + buildOutput: + description: Indicate if the artifact is a build output or a by-product + type: boolean + name: + description: The artifact's identifying category name + type: string + values: + description: A collection of values related to the artifact + type: array + items: + description: ArtifactValue represents a specific value or data element within an Artifact. + type: object + properties: + digest: + type: object + additionalProperties: + type: string + uri: + type: string + x-kubernetes-list-type: atomic + outputs: + type: array + items: + description: |- + Artifact represents an artifact within a system, potentially containing multiple values + associated with it. + type: object + properties: + buildOutput: + description: Indicate if the artifact is a build output or a by-product + type: boolean + name: + description: The artifact's identifying category name + type: string + values: + description: A collection of values related to the artifact + type: array + items: + description: ArtifactValue represents a specific value or data element within an Artifact. + type: object + properties: + digest: + type: object + additionalProperties: + type: string + uri: + type: string + x-kubernetes-list-type: atomic + completionTime: + description: CompletionTime is the time the build completed. + type: string + format: date-time + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: |- + ObservedGeneration is the 'Generation' of the Service that + was last processed by the controller. + type: integer + format: int64 + podName: + description: PodName is the name of the pod responsible for executing this task's steps. + type: string + provenance: + description: Provenance contains some key authenticated metadata about how a software artifact was built (what sources, what inputs/outputs, etc.). + type: object + properties: + featureFlags: + description: FeatureFlags identifies the feature flags that were used during the task/pipeline run + type: object + properties: + awaitSidecarReadiness: + type: boolean + coschedule: + type: string + disableCredsInit: + type: boolean + disableInlineSpec: + type: string + enableAPIFields: + type: string + enableArtifacts: + type: boolean + enableCELInWhenExpression: + type: boolean + enableConciseResolverSyntax: + type: boolean + enableKeepPodOnCancel: + type: boolean + enableKubernetesSidecar: + type: boolean + enableParamEnum: + type: boolean + enableProvenanceInStatus: + type: boolean + enableStepActions: + description: EnableStepActions is a no-op flag since StepActions are stable + type: boolean + enforceNonfalsifiability: + type: string + maxResultSize: + type: integer + requireGitSSHSecretKnownHosts: + type: boolean + resultExtractionMethod: + type: string + runningInEnvWithInjectedSidecars: + type: boolean + sendCloudEventsForRuns: + type: boolean + setSecurityContext: + type: boolean + setSecurityContextReadOnlyRootFilesystem: + type: boolean + verificationNoMatchPolicy: + description: |- + VerificationNoMatchPolicy is the feature flag for "trusted-resources-verification-no-match-policy" + VerificationNoMatchPolicy can be set to "ignore", "warn" and "fail" values. + ignore: skip trusted resources verification when no matching verification policies found + warn: skip trusted resources verification when no matching verification policies found and log a warning + fail: fail the taskrun or pipelines run if no matching verification policies found + type: string + refSource: + description: RefSource identifies the source where a remote task/pipeline came from. + type: object + properties: + digest: + description: |- + Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + type: object + additionalProperties: + type: string + entryPoint: + description: |- + EntryPoint identifies the entry point into the build. This is often a path to a + build definition file and/or a target label within that file. + Example: "task/git-clone/0.10/git-clone.yaml" + type: string + uri: + description: |- + URI indicates the identity of the source of the build definition. + Example: "https://github.com/tektoncd/catalog" + type: string + results: + description: Results are the list of results written out by the task's containers + type: array + items: + description: TaskRunResult used to describe the results of a task + type: object + required: + - name + - value + properties: + name: + description: Name the given name + type: string + type: + description: |- + Type is the user-specified type of the result. The possible type + is currently "string" and will support "array" in following work. + type: string + value: + description: Value the given value of the result + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + retriesStatus: + description: |- + RetriesStatus contains the history of TaskRunStatus in case of a retry in order to keep record of failures. + All TaskRunStatus stored in RetriesStatus will have no date within the RetriesStatus as is redundant. + x-kubernetes-preserve-unknown-fields: true + sidecars: + description: |- + The list has one entry per sidecar in the manifest. Each entry is + represents the imageid of the corresponding sidecar. + type: array + items: + description: SidecarState reports the results of running a sidecar in a Task. + type: object + properties: + container: + type: string + imageID: + type: string + name: + type: string + running: + description: Details about a running container + type: object + properties: + startedAt: + description: Time at which the container was last (re-)started + type: string + format: date-time + terminated: + description: Details about a terminated container + type: object + required: + - exitCode + properties: + containerID: + description: Container's ID in the format '://' + type: string + exitCode: + description: Exit status from the last termination of the container + type: integer + format: int32 + finishedAt: + description: Time at which the container last terminated + type: string + format: date-time + message: + description: Message regarding the last termination of the container + type: string + reason: + description: (brief) reason from the last termination of the container + type: string + signal: + description: Signal from the last termination of the container + type: integer + format: int32 + startedAt: + description: Time at which previous execution of the container started + type: string + format: date-time + waiting: + description: Details about a waiting container + type: object + properties: + message: + description: Message regarding why the container is not yet running. + type: string + reason: + description: (brief) reason the container is not yet running. + type: string + x-kubernetes-list-type: atomic + spanContext: + description: SpanContext contains tracing span context fields + type: object + additionalProperties: + type: string + startTime: + description: StartTime is the time the build is actually started. + type: string + format: date-time + steps: + description: Steps describes the state of each build step container. + type: array + items: + description: StepState reports the results of running a step in a Task. + type: object + properties: + container: + type: string + imageID: + type: string + inputs: + type: array + items: + description: |- + Artifact represents an artifact within a system, potentially containing multiple values + associated with it. + type: object + properties: + buildOutput: + description: Indicate if the artifact is a build output or a by-product + type: boolean + name: + description: The artifact's identifying category name + type: string + values: + description: A collection of values related to the artifact + type: array + items: + description: ArtifactValue represents a specific value or data element within an Artifact. + type: object + properties: + digest: + type: object + additionalProperties: + type: string + uri: + type: string + name: + type: string + outputs: + type: array + items: + description: |- + Artifact represents an artifact within a system, potentially containing multiple values + associated with it. + type: object + properties: + buildOutput: + description: Indicate if the artifact is a build output or a by-product + type: boolean + name: + description: The artifact's identifying category name + type: string + values: + description: A collection of values related to the artifact + type: array + items: + description: ArtifactValue represents a specific value or data element within an Artifact. + type: object + properties: + digest: + type: object + additionalProperties: + type: string + uri: + type: string + provenance: + description: |- + Provenance contains metadata about resources used in the TaskRun/PipelineRun + such as the source from where a remote build definition was fetched. + This field aims to carry minimum amoumt of metadata in *Run status so that + Tekton Chains can capture them in the provenance. + type: object + properties: + featureFlags: + description: FeatureFlags identifies the feature flags that were used during the task/pipeline run + type: object + properties: + awaitSidecarReadiness: + type: boolean + coschedule: + type: string + disableCredsInit: + type: boolean + disableInlineSpec: + type: string + enableAPIFields: + type: string + enableArtifacts: + type: boolean + enableCELInWhenExpression: + type: boolean + enableConciseResolverSyntax: + type: boolean + enableKeepPodOnCancel: + type: boolean + enableKubernetesSidecar: + type: boolean + enableParamEnum: + type: boolean + enableProvenanceInStatus: + type: boolean + enableStepActions: + description: EnableStepActions is a no-op flag since StepActions are stable + type: boolean + enforceNonfalsifiability: + type: string + maxResultSize: + type: integer + requireGitSSHSecretKnownHosts: + type: boolean + resultExtractionMethod: + type: string + runningInEnvWithInjectedSidecars: + type: boolean + sendCloudEventsForRuns: + type: boolean + setSecurityContext: + type: boolean + setSecurityContextReadOnlyRootFilesystem: + type: boolean + verificationNoMatchPolicy: + description: |- + VerificationNoMatchPolicy is the feature flag for "trusted-resources-verification-no-match-policy" + VerificationNoMatchPolicy can be set to "ignore", "warn" and "fail" values. + ignore: skip trusted resources verification when no matching verification policies found + warn: skip trusted resources verification when no matching verification policies found and log a warning + fail: fail the taskrun or pipelines run if no matching verification policies found + type: string + refSource: + description: RefSource identifies the source where a remote task/pipeline came from. + type: object + properties: + digest: + description: |- + Digest is a collection of cryptographic digests for the contents of the artifact specified by URI. + Example: {"sha1": "f99d13e554ffcb696dee719fa85b695cb5b0f428"} + type: object + additionalProperties: + type: string + entryPoint: + description: |- + EntryPoint identifies the entry point into the build. This is often a path to a + build definition file and/or a target label within that file. + Example: "task/git-clone/0.10/git-clone.yaml" + type: string + uri: + description: |- + URI indicates the identity of the source of the build definition. + Example: "https://github.com/tektoncd/catalog" + type: string + results: + type: array + items: + description: TaskRunResult used to describe the results of a task + type: object + required: + - name + - value + properties: + name: + description: Name the given name + type: string + type: + description: |- + Type is the user-specified type of the result. The possible type + is currently "string" and will support "array" in following work. + type: string + value: + description: Value the given value of the result + x-kubernetes-preserve-unknown-fields: true + running: + description: Details about a running container + type: object + properties: + startedAt: + description: Time at which the container was last (re-)started + type: string + format: date-time + terminated: + description: Details about a terminated container + type: object + required: + - exitCode + properties: + containerID: + description: Container's ID in the format '://' + type: string + exitCode: + description: Exit status from the last termination of the container + type: integer + format: int32 + finishedAt: + description: Time at which the container last terminated + type: string + format: date-time + message: + description: Message regarding the last termination of the container + type: string + reason: + description: (brief) reason from the last termination of the container + type: string + signal: + description: Signal from the last termination of the container + type: integer + format: int32 + startedAt: + description: Time at which previous execution of the container started + type: string + format: date-time + terminationReason: + type: string + waiting: + description: Details about a waiting container + type: object + properties: + message: + description: Message regarding why the container is not yet running. + type: string + reason: + description: (brief) reason the container is not yet running. + type: string + x-kubernetes-list-type: atomic + taskSpec: + description: TaskSpec contains the Spec from the dereferenced Task definition used to instantiate this TaskRun. + type: object + properties: + description: + description: |- + Description is a user-facing description of the task that may be + used to populate a UI. + type: string + displayName: + description: |- + DisplayName is a user-facing name of the task that may be + used to populate a UI. + type: string + params: + description: |- + Params is a list of input parameters required to run the task. Params + must be supplied as inputs in TaskRuns unless they declare a default + value. + type: array + items: + description: |- + ParamSpec defines arbitrary parameters needed beyond typed inputs (such as + resources). Parameter values are provided by users as inputs on a TaskRun + or PipelineRun. + type: object + required: + - name + properties: + default: + description: |- + Default is the value a parameter takes if no input value is supplied. If + default is set, a Task may be executed without a supplied value for the + parameter. + x-kubernetes-preserve-unknown-fields: true + description: + description: |- + Description is a user-facing description of the parameter that may be + used to populate a UI. + type: string + enum: + description: |- + Enum declares a set of allowed param input values for tasks/pipelines that can be validated. + If Enum is not set, no input validation is performed for the param. + type: array + items: + type: string + name: + description: Name declares the name by which a parameter is referenced. + type: string + properties: + description: Properties is the JSON Schema properties to support key-value pairs parameter. + type: object + additionalProperties: + description: PropertySpec defines the struct for object keys + type: object + properties: + type: + description: |- + ParamType indicates the type of an input parameter; + Used to distinguish between a single string and an array of strings. + type: string + type: + description: |- + Type is the user-specified type of the parameter. The possible types + are currently "string", "array" and "object", and "string" is the default. + type: string + x-kubernetes-list-type: atomic + results: + description: Results are values that this Task can output + type: array + items: + description: TaskResult used to describe the results of a task + type: object + required: + - name + properties: + description: + description: Description is a human-readable description of the result + type: string + name: + description: Name the given name + type: string + properties: + description: Properties is the JSON Schema properties to support key-value pairs results. + type: object + additionalProperties: + description: PropertySpec defines the struct for object keys + type: object + properties: + type: + description: |- + ParamType indicates the type of an input parameter; + Used to distinguish between a single string and an array of strings. + type: string + type: + description: |- + Type is the user-specified type of the result. The possible type + is currently "string" and will support "array" in following work. + type: string + value: + description: Value the expression used to retrieve the value of the result from an underlying Step. + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + sidecars: + description: |- + Sidecars are run alongside the Task's step containers. They begin before + the steps start and end after the steps complete. + type: array + items: + description: Sidecar has nearly the same data structure as Step but does not have the ability to timeout. + type: object + required: + - name + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the Sidecar's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the Sidecar's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + computeResources: + description: |- + ComputeResources required by this Sidecar. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + env: + description: |- + List of environment variables to set in the Sidecar. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + envFrom: + description: |- + List of sources to populate environment variables in the Sidecar. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Image reference name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + lifecycle: + description: |- + Actions that the management system should take in response to Sidecar lifecycle events. + Cannot be updated. + type: object + properties: + postStart: + description: |- + PostStart is called immediately after a container is created. If the handler fails, + the container is terminated and restarted according to its restart policy. + Other management of the container blocks until the hook completes. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + required: + - port + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + sleep: + description: Sleep represents a duration that the container should sleep. + type: object + required: + - seconds + properties: + seconds: + description: Seconds is the number of seconds to sleep. + type: integer + format: int64 + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + preStop: + description: |- + PreStop is called immediately before a container is terminated due to an + API request or management event such as liveness/startup probe failure, + preemption, resource contention, etc. The handler is not called if the + container crashes or exits. The Pod's termination grace period countdown begins before the + PreStop hook is executed. Regardless of the outcome of the handler, the + container will eventually terminate within the Pod's termination grace + period (unless delayed by finalizers). Other management of the container blocks until the hook completes + or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + required: + - port + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + sleep: + description: Sleep represents a duration that the container should sleep. + type: object + required: + - seconds + properties: + seconds: + description: Seconds is the number of seconds to sleep. + type: integer + format: int64 + tcpSocket: + description: |- + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept + for backward compatibility. There is no validation of this field and + lifecycle hooks will fail at runtime when it is specified. + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + livenessProbe: + description: |- + Periodic probe of Sidecar liveness. + Container will be restarted if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + required: + - port + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + type: integer + format: int64 + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + name: + description: |- + Name of the Sidecar specified as a DNS_LABEL. + Each Sidecar in a Task must have a unique name (DNS_LABEL). + Cannot be updated. + type: string + ports: + description: |- + List of ports to expose from the Sidecar. Exposing a port here gives + the system additional information about the network connections a + container uses, but is primarily informational. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port which is + listening on the default "0.0.0.0" address inside a container will be + accessible from the network. + Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: |- + Number of port to expose on the pod's IP address. + This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + hostIP: + description: What host IP to bind the external port to. + type: string + hostPort: + description: |- + Number of port to expose on the host. + If specified, this must be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must match ContainerPort. + Most containers do not need this. + type: integer + format: int32 + name: + description: |- + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each + named port in a pod must have a unique name. Name for the port that can be + referred to by services. + type: string + protocol: + description: |- + Protocol for port. Must be UDP, TCP, or SCTP. + Defaults to "TCP". + type: string + default: TCP + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: |- + Periodic probe of Sidecar service readiness. + Container will be removed from service endpoints if the probe fails. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + required: + - port + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + type: integer + format: int64 + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + restartPolicy: + description: |- + RestartPolicy refers to kubernetes RestartPolicy. It can only be set for an + initContainer and must have it's policy set to "Always". It is currently + left optional to help support Kubernetes versions prior to 1.29 when this feature + was introduced. + type: string + script: + description: |- + Script is the contents of an executable file to execute. + + If Script is not empty, the Step cannot have an Command or Args. + type: string + securityContext: + description: |- + SecurityContext defines the security options the Sidecar should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: Added capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + type: object + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + startupProbe: + description: |- + StartupProbe indicates that the Pod the Sidecar is running in has successfully initialized. + If specified, no other probes are executed until this completes successfully. + If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. + This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, + when it might take a long time to load data or warm a cache, than during steady-state operation. + This cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: object + properties: + exec: + description: Exec specifies a command to execute in the container. + type: object + properties: + command: + description: |- + Command is the command line to execute inside the container, the working directory for the + command is root ('/') in the container's filesystem. The command is simply exec'd, it is + not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use + a shell, you need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + x-kubernetes-list-type: atomic + failureThreshold: + description: |- + Minimum consecutive failures for the probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + type: integer + format: int32 + grpc: + description: GRPC specifies a GRPC HealthCheckRequest. + type: object + required: + - port + properties: + port: + description: Port number of the gRPC service. Number must be in the range 1 to 65535. + type: integer + format: int32 + service: + description: |- + Service is the name of the service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + If this is not specified, the default behavior is defined by gRPC. + type: string + default: "" + httpGet: + description: HTTPGet specifies an HTTP GET request to perform. + type: object + required: + - port + properties: + host: + description: |- + Host name to connect to, defaults to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: |- + The header field name. + This will be canonicalized upon output, so case-variant names will be understood as the same header. + type: string + value: + description: The header field value + type: string + x-kubernetes-list-type: atomic + path: + description: Path to access on the HTTP server. + type: string + port: + description: |- + Name or number of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + description: |- + Scheme to use for connecting to the host. + Defaults to HTTP. + type: string + initialDelaySeconds: + description: |- + Number of seconds after the container has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + periodSeconds: + description: |- + How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. + type: integer + format: int32 + successThreshold: + description: |- + Minimum consecutive successes for the probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: TCPSocket specifies a connection to a TCP port. + type: object + required: + - port + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + port: + description: |- + Number or name of the port to access on the container. + Number must be in the range 1 to 65535. + Name must be an IANA_SVC_NAME. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + terminationGracePeriodSeconds: + description: |- + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after the processes running in the pod are sent + a termination signal and the time when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this + value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately via + the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. + type: integer + format: int64 + timeoutSeconds: + description: |- + Number of seconds after which the probe times out. + Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + type: integer + format: int32 + stdin: + description: |- + Whether this Sidecar should allocate a buffer for stdin in the container runtime. If this + is not set, reads from stdin in the Sidecar will always result in EOF. + Default is false. + type: boolean + stdinOnce: + description: |- + Whether the container runtime should close the stdin channel after it has been opened by + a single attach. When stdin is true the stdin stream will remain open across multiple attach + sessions. If stdinOnce is set to true, stdin is opened on Sidecar start, is empty until the + first client attaches to stdin, and then remains open and accepts data until the client disconnects, + at which time stdin is closed and remains closed until the Sidecar is restarted. If this + flag is false, a container processes that reads from stdin will never receive an EOF. + Default is false + type: boolean + terminationMessagePath: + description: |- + Optional: Path at which the file to which the Sidecar's termination message + will be written is mounted into the Sidecar's filesystem. + Message written is intended to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. The total message length across + all containers will be limited to 12kb. + Defaults to /dev/termination-log. + Cannot be updated. + type: string + terminationMessagePolicy: + description: |- + Indicate how the termination message should be populated. File will use the contents of + terminationMessagePath to populate the Sidecar status message on both success and failure. + FallbackToLogsOnError will use the last chunk of Sidecar log output if the termination + message file is empty and the Sidecar exited with an error. + The log output is limited to 2048 bytes or 80 lines, whichever is smaller. + Defaults to File. + Cannot be updated. + type: string + tty: + description: |- + Whether this Sidecar should allocate a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices to be used by the Sidecar. + type: array + items: + description: volumeDevice describes a mapping of a raw block device within a container. + type: object + required: + - devicePath + - name + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + x-kubernetes-list-type: atomic + volumeMounts: + description: |- + Volumes to mount into the Sidecar's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + x-kubernetes-list-type: atomic + workingDir: + description: |- + Sidecar's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + workspaces: + description: |- + This is an alpha field. You must set the "enable-api-fields" feature flag to "alpha" + for this field to be supported. + + Workspaces is a list of workspaces from the Task that this Sidecar wants + exclusive access to. Adding a workspace to this list means that any + other Step or Sidecar that does not also request this Workspace will + not have access to it. + type: array + items: + description: |- + WorkspaceUsage is used by a Step or Sidecar to declare that it wants isolated access + to a Workspace defined in a Task. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + MountPath is the path that the workspace should be mounted to inside the Step or Sidecar, + overriding any MountPath specified in the Task's WorkspaceDeclaration. + type: string + name: + description: Name is the name of the workspace this Step or Sidecar wants access to. + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + stepTemplate: + description: |- + StepTemplate can be used as the basis for all step containers within the + Task, so that the steps inherit settings on the base container. + type: object + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the Step's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the Step's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + computeResources: + description: |- + ComputeResources required by this Step. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + env: + description: |- + List of environment variables to set in the Step. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + envFrom: + description: |- + List of sources to populate environment variables in the Step. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the Step is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Image reference name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + securityContext: + description: |- + SecurityContext defines the security options the Step should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: Added capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + type: object + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + volumeDevices: + description: volumeDevices is the list of block devices to be used by the Step. + type: array + items: + description: volumeDevice describes a mapping of a raw block device within a container. + type: object + required: + - devicePath + - name + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + x-kubernetes-list-type: atomic + volumeMounts: + description: |- + Volumes to mount into the Step's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + x-kubernetes-list-type: atomic + workingDir: + description: |- + Step's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + steps: + description: |- + Steps are the steps of the build; each step is run sequentially with the + source mounted into /workspace. + type: array + items: + description: Step runs a subcomponent of a Task + type: object + required: + - name + properties: + args: + description: |- + Arguments to the entrypoint. + The image's CMD is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + command: + description: |- + Entrypoint array. Not executed within a shell. + The image's ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container's environment. If a variable + cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell + type: array + items: + type: string + x-kubernetes-list-type: atomic + computeResources: + description: |- + ComputeResources required by this Step. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + This field is immutable. It can only be set for containers. + type: array + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + type: object + required: + - name + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + env: + description: |- + List of environment variables to set in the Step. + Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + type: object + required: + - fieldPath + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + type: object + required: + - resource + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + envFrom: + description: |- + List of sources to populate environment variables in the Step. + The keys defined within a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the Step is starting. When a key exists in multiple + sources, the value associated with the last source will take precedence. + Values defined by an Env with a duplicate key will take precedence. + Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + x-kubernetes-map-type: atomic + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + default: "" + optional: + description: Specify whether the Secret must be defined + type: boolean + x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic + image: + description: |- + Docker image name. + More info: https://kubernetes.io/docs/concepts/containers/images + type: string + imagePullPolicy: + description: |- + Image pull policy. + One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. + Cannot be updated. + More info: https://kubernetes.io/docs/concepts/containers/images#updating-images + type: string + name: + description: |- + Name of the Step specified as a DNS_LABEL. + Each Step in a Task must have a unique name. + type: string + onError: + description: |- + OnError defines the exiting behavior of a container on error + can be set to [ continue | stopAndFail ] + type: string + params: + description: Params declares parameters passed to this step action. + type: array + items: + description: Param declares an ParamValues to use for the parameter called name. + type: object + required: + - name + - value + properties: + name: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + ref: + description: Contains the reference to an existing StepAction. + type: object + properties: + name: + description: Name of the referenced step + type: string + params: + description: |- + Params contains the parameters used to identify the + referenced Tekton resource. Example entries might include + "repo" or "path" but the set of params ultimately depends on + the chosen resolver. + type: array + items: + description: Param declares an ParamValues to use for the parameter called name. + type: object + required: + - name + - value + properties: + name: + type: string + value: + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-type: atomic + resolver: + description: |- + Resolver is the name of the resolver that should perform + resolution of the referenced Tekton resource, such as "git". + type: string + results: + description: |- + Results declares StepResults produced by the Step. + + It can be used in an inlined Step when used to store Results to $(step.results.resultName.path). + It cannot be used when referencing StepActions using [v1.Step.Ref]. + The Results declared by the StepActions will be stored here instead. + type: array + items: + description: StepResult used to describe the Results of a Step. + type: object + required: + - name + properties: + description: + description: Description is a human-readable description of the result + type: string + name: + description: Name the given name + type: string + properties: + description: Properties is the JSON Schema properties to support key-value pairs results. + type: object + additionalProperties: + description: PropertySpec defines the struct for object keys + type: object + properties: + type: + description: |- + ParamType indicates the type of an input parameter; + Used to distinguish between a single string and an array of strings. + type: string + type: + description: The possible types are 'string', 'array', and 'object', with 'string' as the default. + type: string + x-kubernetes-list-type: atomic + script: + description: |- + Script is the contents of an executable file to execute. + + If Script is not empty, the Step cannot have an Command and the Args will be passed to the Script. + type: string + securityContext: + description: |- + SecurityContext defines the security options the Step should be run with. + If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + type: object + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + appArmorProfile: + description: |- + appArmorProfile is the AppArmor options to use by this container. If set, this profile + overrides the pod's appArmorProfile. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile loaded on the node that should be used. + The profile must be preconfigured on the node to work. + Must match the loaded name of the profile. + Must be set if and only if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of AppArmor profile will be applied. + Valid options are: + Localhost - a profile pre-loaded on the node. + RuntimeDefault - the container runtime's default profile. + Unconfined - no AppArmor enforcement. + type: string + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + add: + description: Added capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-list-type: atomic + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default value is Default which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: integer + format: int64 + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + type: object + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + type: object + required: + - type + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must be set if type is "Localhost". Must NOT be set for any other type. + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + type: object + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + All of a Pod's containers must have the same effective HostProcess value + (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). + In addition, if HostProcess is true then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + stderrConfig: + description: Stores configuration for the stderr stream of the step. + type: object + properties: + path: + description: Path to duplicate stdout stream to on container's local filesystem. + type: string + stdoutConfig: + description: Stores configuration for the stdout stream of the step. + type: object + properties: + path: + description: Path to duplicate stdout stream to on container's local filesystem. + type: string + timeout: + description: |- + Timeout is the time after which the step times out. Defaults to never. + Refer to Go's ParseDuration documentation for expected format: https://golang.org/pkg/time/#ParseDuration + type: string + volumeDevices: + description: volumeDevices is the list of block devices to be used by the Step. + type: array + items: + description: volumeDevice describes a mapping of a raw block device within a container. + type: object + required: + - devicePath + - name + properties: + devicePath: + description: devicePath is the path inside of the container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim in the pod + type: string + x-kubernetes-list-type: atomic + volumeMounts: + description: |- + Volumes to mount into the Step's filesystem. + Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + Path within the container at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: |- + mountPropagation determines how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is used. + This field is beta in 1.10. + When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified + (which defaults to None). + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: |- + Mounted read-only if true, read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + recursiveReadOnly: + description: |- + RecursiveReadOnly specifies whether read-only mounts should be handled + recursively. + + If ReadOnly is false, this field has no meaning and must be unspecified. + + If ReadOnly is true, and this field is set to Disabled, the mount is not made + recursively read-only. If this field is set to IfPossible, the mount is made + recursively read-only, if it is supported by the container runtime. If this + field is set to Enabled, the mount is made recursively read-only if it is + supported by the container runtime, otherwise the pod will not be started and + an error will be generated to indicate the reason. + + If this field is set to IfPossible or Enabled, MountPropagation must be set to + None (or be unspecified, which defaults to None). + + If this field is not specified, it is treated as an equivalent of Disabled. + type: string + subPath: + description: |- + Path within the volume from which the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: |- + Expanded path within the volume from which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). + SubPathExpr and SubPath are mutually exclusive. + type: string + x-kubernetes-list-type: atomic + when: + description: When is a list of when expressions that need to be true for the task to run + type: array + items: + description: |- + WhenExpression allows a PipelineTask to declare expressions to be evaluated before the Task is run + to determine whether the Task should be executed or skipped + type: object + properties: + cel: + description: |- + CEL is a string of Common Language Expression, which can be used to conditionally execute + the task based on the result of the expression evaluation + More info about CEL syntax: https://github.com/google/cel-spec/blob/master/doc/langdef.md + type: string + input: + description: Input is the string for guard checking which can be a static input or an output from a parent Task + type: string + operator: + description: Operator that represents an Input's relationship to the values + type: string + values: + description: |- + Values is an array of strings, which is compared against the input, for guard checking + It must be non-empty + type: array + items: + type: string + x-kubernetes-list-type: atomic + workingDir: + description: |- + Step's working directory. + If not specified, the container runtime's default will be used, which + might be configured in the container image. + Cannot be updated. + type: string + workspaces: + description: |- + This is an alpha field. You must set the "enable-api-fields" feature flag to "alpha" + for this field to be supported. + + Workspaces is a list of workspaces from the Task that this Step wants + exclusive access to. Adding a workspace to this list means that any + other Step or Sidecar that does not also request this Workspace will + not have access to it. + type: array + items: + description: |- + WorkspaceUsage is used by a Step or Sidecar to declare that it wants isolated access + to a Workspace defined in a Task. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: |- + MountPath is the path that the workspace should be mounted to inside the Step or Sidecar, + overriding any MountPath specified in the Task's WorkspaceDeclaration. + type: string + name: + description: Name is the name of the workspace this Step or Sidecar wants access to. + type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic + volumes: + description: |- + Volumes is a collection of volumes that are available to mount into the + steps of the build. + See Pod.spec.volumes (API version: v1) + x-kubernetes-preserve-unknown-fields: true + workspaces: + description: Workspaces are the volumes that this Task requires. + type: array + items: + description: WorkspaceDeclaration is a declaration of a volume that a Task requires. + type: object + required: + - name + properties: + description: + description: Description is an optional human readable description of this volume. + type: string + mountPath: + description: MountPath overrides the directory that the volume will be made available at. + type: string + name: + description: Name is the name by which you can bind the volume at runtime. + type: string + optional: + description: |- + Optional marks a Workspace as not being required in TaskRuns. By default + this field is false and so declared workspaces are required. + type: boolean + readOnly: + description: |- + ReadOnly dictates whether a mounted volume is writable. By default this + field is false and so mounted volumes are writable. + type: boolean + x-kubernetes-list-type: atomic + additionalPrinterColumns: + - name: Succeeded + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" + - name: StartTime + type: date + jsonPath: .status.startTime + - name: CompletionTime + type: date + jsonPath: .status.completionTime + # Opt into the status subresource so metadata.generation + # starts to increment + subresources: + status: {} names: kind: TaskRun plural: taskruns diff --git a/config/config-defaults.yaml b/config/config-defaults.yaml index fa34c191729..2a0044f90ef 100644 --- a/config/config-defaults.yaml +++ b/config/config-defaults.yaml @@ -144,3 +144,11 @@ data: # limits: # memory: "256Mi" # cpu: "500m" + + # default-sidecar-log-polling-interval specifies the polling interval for the Tekton sidecar log results container. + # This controls how frequently the sidecar checks for step completion files written by steps in a TaskRun. + # Lower values (e.g., "10ms") make the sidecar more responsive but may increase CPU usage; higher values (e.g., "1s") + # reduce resource usage but may delay result collection. + # This value is used by the sidecar-tekton-log-results container and can be tuned for performance or test scenarios. + # Example values: "100ms", "500ms", "1s" + default-sidecar-log-polling-interval: "100ms" diff --git a/docs/additional-configs.md b/docs/additional-configs.md index 6b307bbd151..30a466a20eb 100644 --- a/docs/additional-configs.md +++ b/docs/additional-configs.md @@ -243,6 +243,7 @@ The example below customizes the following: - the default maximum combinations of `Parameters` in a `Matrix` that can be used to fan out a `PipelineTask`. For more information, see [`Matrix`](matrix.md). - the default resolver type to `git`. +- the default polling interval for the sidecar log results container via `default-sidecar-log-polling-interval`. ```yaml apiVersion: v1 @@ -260,8 +261,26 @@ data: emptyDir: {} default-max-matrix-combinations-count: "1024" default-resolver-type: "git" + default-sidecar-log-polling-interval: "100ms" ``` +### `default-sidecar-log-polling-interval` + +The `default-sidecar-log-polling-interval` key in the `config-defaults` ConfigMap specifies how frequently the Tekton +sidecar log results container polls for step completion files written by steps in a TaskRun. Lower values (e.g., `10ms`) +make the sidecar more responsive but may increase CPU usage; higher values (e.g., `1s`) reduce resource usage but may +delay result collection. This value is used by the `sidecar-tekton-log-results` container and can be tuned for performance +or test scenarios. + +**Example values:** +- `100ms` (default) +- `500ms` +- `1s` +- `10ms` (for fast polling in tests) + +**Note:** The `default-sidecar-log-polling-interval` setting is only applicable when results are created using the +[sidecar approach](#enabling-larger-results-using-sidecar-logs). + **Note:** The `_example` key in the provided [config-defaults.yaml](./../config/config-defaults.yaml) file lists the keys you can customize along with their default values. diff --git a/examples/v1/pipelineruns/beta/git-resolver.yaml b/examples/v1/pipelineruns/beta/git-resolver.yaml index e81b5cbadc3..1ab2af1a960 100644 --- a/examples/v1/pipelineruns/beta/git-resolver.yaml +++ b/examples/v1/pipelineruns/beta/git-resolver.yaml @@ -25,7 +25,7 @@ spec: - name: url value: https://github.com/tektoncd/catalog.git - name: pathInRepo - value: /task/git-clone/0.7/git-clone.yaml + value: /task/git-clone/0.10/git-clone.yaml - name: revision value: main params: diff --git a/examples/v1/pipelineruns/beta/http-resolver-credentials.yaml b/examples/v1/pipelineruns/beta/http-resolver-credentials.yaml index 632fe528f83..afc0329b8a8 100644 --- a/examples/v1/pipelineruns/beta/http-resolver-credentials.yaml +++ b/examples/v1/pipelineruns/beta/http-resolver-credentials.yaml @@ -16,14 +16,19 @@ kind: PipelineRun metadata: generateName: http-resolver- spec: + workspaces: + - name: output + emptyDir: {} pipelineSpec: + workspaces: + - name: output tasks: - name: http-resolver taskRef: resolver: http params: - name: url - value: https://api.hub.tekton.dev/v1/resource/tekton/task/tkn/0.4/raw + value: https://api.hub.tekton.dev/v1/resource/tekton/task/git-clone/0.10/raw - name: http-username value: git - name: http-password-secret @@ -31,5 +36,8 @@ spec: - name: http-password-secret-key value: token params: - - name: ARGS - value: ["version"] + - name: url + value: "https://github.com/kelseyhightower/nocode" + workspaces: + - name: output + workspace: output diff --git a/examples/v1/pipelineruns/beta/http-resolver.yaml b/examples/v1/pipelineruns/beta/http-resolver.yaml index b81d11c7e0d..430e1c68c02 100644 --- a/examples/v1/pipelineruns/beta/http-resolver.yaml +++ b/examples/v1/pipelineruns/beta/http-resolver.yaml @@ -4,14 +4,22 @@ kind: PipelineRun metadata: generateName: http-resolver- spec: + workspaces: + - name: output + emptyDir: {} pipelineSpec: + workspaces: + - name: output tasks: - name: http-resolver taskRef: resolver: http params: - name: url - value: https://api.hub.tekton.dev/v1/resource/tekton/task/tkn/0.4/raw + value: https://api.hub.tekton.dev/v1/resource/tekton/task/git-clone/0.10/raw params: - - name: ARGS - value: ["version"] + - name: url + value: "https://github.com/kelseyhightower/nocode" + workspaces: + - name: output + workspace: output diff --git a/examples/v1/pipelineruns/no-ci/git-resolver-custom-apiurl.yaml b/examples/v1/pipelineruns/no-ci/git-resolver-custom-apiurl.yaml index 912858b35a9..ea041d6974f 100644 --- a/examples/v1/pipelineruns/no-ci/git-resolver-custom-apiurl.yaml +++ b/examples/v1/pipelineruns/no-ci/git-resolver-custom-apiurl.yaml @@ -25,7 +25,7 @@ spec: - name: url value: https://github.com/tektoncd/catalog.git - name: pathInRepo - value: /task/git-clone/0.7/git-clone.yaml + value: /task/git-clone/0.10/git-clone.yaml - name: revision value: main # my-secret-token should be created in the namespace where the diff --git a/examples/v1/pipelineruns/no-ci/git-resolver-custom-secret.yaml b/examples/v1/pipelineruns/no-ci/git-resolver-custom-secret.yaml index bbebdbf33ab..dd5d6e3a79f 100644 --- a/examples/v1/pipelineruns/no-ci/git-resolver-custom-secret.yaml +++ b/examples/v1/pipelineruns/no-ci/git-resolver-custom-secret.yaml @@ -25,7 +25,7 @@ spec: - name: url value: https://github.com/tektoncd/catalog.git - name: pathInRepo - value: /task/git-clone/0.7/git-clone.yaml + value: /task/git-clone/0.10/git-clone.yaml - name: revision value: main # my-secret-token should be created in the namespace where the diff --git a/examples/v1/pipelineruns/pipelinerun-with-final-tasks.yaml b/examples/v1/pipelineruns/pipelinerun-with-final-tasks.yaml index c89852f0fb5..aed8ceb8e09 100644 --- a/examples/v1/pipelineruns/pipelinerun-with-final-tasks.yaml +++ b/examples/v1/pipelineruns/pipelinerun-with-final-tasks.yaml @@ -57,7 +57,7 @@ spec: description: The precise commit SHA that was fetched by this Task steps: - name: clone - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest + image: ghcr.io/tektoncd-catalog/git-clone:v1.1.0 securityContext: runAsUser: 0 # This needs root, and git-init is nonroot by default script: | @@ -200,4 +200,4 @@ spec: resources: requests: storage: 1Gi ---- \ No newline at end of file +--- diff --git a/examples/v1/pipelineruns/pipelinerun.yaml b/examples/v1/pipelineruns/pipelinerun.yaml index fb7c43fcd33..918b2e0843f 100644 --- a/examples/v1/pipelineruns/pipelinerun.yaml +++ b/examples/v1/pipelineruns/pipelinerun.yaml @@ -58,7 +58,7 @@ spec: description: The precise commit SHA that was fetched by this Task steps: - name: clone - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:latest + image: ghcr.io/tektoncd-catalog/git-clone:v1.1.0 securityContext: runAsUser: 0 # This needs root, and git-init is nonroot by default script: | @@ -223,4 +223,4 @@ spec: - ReadWriteOnce resources: requests: - storage: 1Gi \ No newline at end of file + storage: 1Gi diff --git a/examples/v1/taskruns/authenticating-git-commands.yaml b/examples/v1/taskruns/authenticating-git-commands.yaml index c8d01221a33..b1d94b4e917 100644 --- a/examples/v1/taskruns/authenticating-git-commands.yaml +++ b/examples/v1/taskruns/authenticating-git-commands.yaml @@ -166,7 +166,7 @@ spec: git commit -m "Test commit!" git push origin master - name: git-clone-and-check - image: gcr.io/tekton-releases/dogfooding/alpine-git-nonroot:latest + image: ghcr.io/tektoncd/plumbing/alpine-git-nonroot:latest # Because this Step runs with a non-root security context, the creds-init # credentials will fail to copy into /tekton/home. This happens because # our previous step _already_ wrote to /tekton/home and ran as a root diff --git a/examples/v1/taskruns/beta/authenticating-git-commands.yaml b/examples/v1/taskruns/beta/authenticating-git-commands.yaml index 6e732b0bec9..9940f1be8e9 100644 --- a/examples/v1/taskruns/beta/authenticating-git-commands.yaml +++ b/examples/v1/taskruns/beta/authenticating-git-commands.yaml @@ -161,7 +161,7 @@ spec: git commit -m "Test commit!" git push origin master - name: git-clone-and-check - image: gcr.io/tekton-releases/dogfooding/alpine-git-nonroot:latest + image: ghcr.io/tektoncd/plumbing/alpine-git-nonroot:latest # Because this Step runs with a non-root security context, the creds-init # credentials will fail to copy into /tekton/home. This happens because # our previous step _already_ wrote to /tekton/home and ran as a root diff --git a/examples/v1/taskruns/beta/bundles-resolver.yaml b/examples/v1/taskruns/beta/bundles-resolver.yaml index 8ab5b7b38bd..cb5f716bd28 100644 --- a/examples/v1/taskruns/beta/bundles-resolver.yaml +++ b/examples/v1/taskruns/beta/bundles-resolver.yaml @@ -13,7 +13,7 @@ spec: resolver: bundles params: - name: bundle - value: gcr.io/tekton-releases/catalog/upstream/git-clone@sha256:8e2c3fb0f719d6463e950f3e44965aa314e69b800833e29e68ba2616bb82deeb + value: ghcr.io/tektoncd/catalog/upstream/tasks/git-clone@sha256:65e61544c5870c8828233406689d812391735fd4100cb444bbd81531cb958bb3 # 0.10 bundle - name: name value: git-clone - name: kind diff --git a/examples/v1/taskruns/beta/git-resolver.yaml b/examples/v1/taskruns/beta/git-resolver.yaml index baea795a454..09eacb4e80f 100644 --- a/examples/v1/taskruns/beta/git-resolver.yaml +++ b/examples/v1/taskruns/beta/git-resolver.yaml @@ -22,4 +22,4 @@ spec: - name: revision value: main - name: pathInRepo - value: task/git-clone/0.8/git-clone.yaml + value: task/git-clone/0.10/git-clone.yaml diff --git a/examples/v1/taskruns/beta/hub-resolver.yaml b/examples/v1/taskruns/beta/hub-resolver.yaml index aa7d6312546..a7dd6038955 100644 --- a/examples/v1/taskruns/beta/hub-resolver.yaml +++ b/examples/v1/taskruns/beta/hub-resolver.yaml @@ -24,7 +24,7 @@ spec: - name: name value: git-clone - name: version - value: "0.6" + value: "0.10" --- apiVersion: tekton.dev/v1 kind: TaskRun @@ -48,4 +48,4 @@ spec: - name: name value: git-clone - name: version - value: "0.6.0" \ No newline at end of file + value: "0.10" diff --git a/examples/v1/taskruns/entrypoint-resolution.yaml b/examples/v1/taskruns/entrypoint-resolution.yaml index 022a6505d9c..6f6679582e1 100644 --- a/examples/v1/taskruns/entrypoint-resolution.yaml +++ b/examples/v1/taskruns/entrypoint-resolution.yaml @@ -8,7 +8,7 @@ spec: # Multi-arch image with no command defined. We should look up the command # for each platform-specific image and pass it to the Pod, which selects # the right command at runtime based on the node's runtime platform. - - image: gcr.io/tekton-nightly/github.com/tektoncd/pipeline/cmd/nop + - image: ghcr.io/tektoncd/pipeline/nop-8eac7c133edad5df719dc37b36b62482:latest # Multi-arch image with no command defined, but with args. We'll look # up the commands and pass it to the entrypoint binary via env var, then diff --git a/examples/v1/taskruns/no-ci/docker-creds.yaml b/examples/v1/taskruns/no-ci/docker-creds.yaml index 2240544dfc1..f05e2f6a346 100644 --- a/examples/v1/taskruns/no-ci/docker-creds.yaml +++ b/examples/v1/taskruns/no-ci/docker-creds.yaml @@ -37,6 +37,6 @@ spec: taskSpec: steps: - name: test - image: gcr.io/tekton-releases/dogfooding/skopeo:latest + image: ghcr.io/tektoncd/catalog/upstream/tasks/skopeo-copy:latest # Test pulling a private builder container. script: skopeo copy docker://gcr.io/build-crd-testing/secret-sauce dir:///tmp/ diff --git a/examples/v1/taskruns/no-ci/pull-private-image.yaml b/examples/v1/taskruns/no-ci/pull-private-image.yaml index c9353da6fb4..04da7bc414f 100644 --- a/examples/v1/taskruns/no-ci/pull-private-image.yaml +++ b/examples/v1/taskruns/no-ci/pull-private-image.yaml @@ -47,5 +47,5 @@ spec: steps: - name: pull # Private image is just Ubuntu - image: gcr.io/tekton-releases/dogfooding/skopeo:latest + image: ghcr.io/tektoncd/catalog/upstream/tasks/skopeo-copy:latest script: skopeo copy docker://gcr.io/build-crd-testing/secret-sauce dir:///tmp/ diff --git a/internal/sidecarlogresults/sidecarlogresults.go b/internal/sidecarlogresults/sidecarlogresults.go index 823fe448075..37e947ced8e 100644 --- a/internal/sidecarlogresults/sidecarlogresults.go +++ b/internal/sidecarlogresults/sidecarlogresults.go @@ -26,6 +26,7 @@ import ( "os" "path/filepath" "strings" + "time" "github.com/tektoncd/pipeline/pkg/apis/config" "github.com/tektoncd/pipeline/pkg/apis/pipeline" @@ -74,7 +75,7 @@ func encode(w io.Writer, v any) error { return json.NewEncoder(w).Encode(v) } -func waitForStepsToFinish(runDir string) error { +func waitForStepsToFinish(runDir string, sleepInterval time.Duration) error { steps := make(map[string]bool) files, err := os.ReadDir(runDir) if err != nil { @@ -103,6 +104,9 @@ func waitForStepsToFinish(runDir string) error { return err } } + if sleepInterval > 0 { + time.Sleep(sleepInterval) + } } return nil } @@ -143,7 +147,11 @@ func readResults(resultsDir, resultFile, stepName string, resultType SidecarLogR // in their results path and prints them in a structured way to its // stdout so that the reconciler can parse those logs. func LookForResults(w io.Writer, runDir string, resultsDir string, resultNames []string, stepResultsDir string, stepResults map[string][]string) error { - if err := waitForStepsToFinish(runDir); err != nil { + interval, err := getSidecarLogPollingInterval() + if err != nil { + return fmt.Errorf("error getting polling interval: %w", err) + } + if err := waitForStepsToFinish(runDir, interval); err != nil { return fmt.Errorf("error while waiting for the steps to finish %w", err) } results := make(chan SidecarLogResult) @@ -205,7 +213,11 @@ func LookForResults(w io.Writer, runDir string, resultsDir string, resultNames [ // If the provenance file exists, the function extracts artifact information, formats it into a // JSON string, and encodes it for output alongside relevant metadata (step name, artifact type). func LookForArtifacts(w io.Writer, names []string, runDir string) error { - if err := waitForStepsToFinish(runDir); err != nil { + interval, err := getSidecarLogPollingInterval() + if err != nil { + return fmt.Errorf("error getting polling interval: %w", err) + } + if err := waitForStepsToFinish(runDir, interval); err != nil { return err } @@ -314,3 +326,18 @@ func extractArtifactsFromFile(filename string) (v1.Artifacts, error) { } return parseArtifacts(b) } + +// getSidecarLogPollingInterval reads the SIDECAR_LOG_POLLING_INTERVAL environment variable, +// parses it as a time.Duration, and returns the result. If the variable is not set or is invalid, +// it defaults to 100ms. +func getSidecarLogPollingInterval() (time.Duration, error) { + intervalStr := os.Getenv("SIDECAR_LOG_POLLING_INTERVAL") + if intervalStr == "" { + intervalStr = "100ms" + } + interval, err := time.ParseDuration(intervalStr) + if err != nil { + return 100 * time.Millisecond, err + } + return interval, nil +} diff --git a/internal/sidecarlogresults/sidecarlogresults_test.go b/internal/sidecarlogresults/sidecarlogresults_test.go index ed3d7ba1dbf..d5e138c17c8 100644 --- a/internal/sidecarlogresults/sidecarlogresults_test.go +++ b/internal/sidecarlogresults/sidecarlogresults_test.go @@ -24,9 +24,11 @@ import ( "fmt" "os" "path/filepath" + "runtime/pprof" "sort" "strings" "testing" + "time" "github.com/google/go-cmp/cmp" v1 "github.com/tektoncd/pipeline/pkg/apis/pipeline/v1" @@ -609,6 +611,66 @@ func TestExtractStepAndResultFromSidecarResultName_Error(t *testing.T) { } } +// TestWaitForStepsToFinish_Profile ensures that waitForStepsToFinish correctly waits for all step output files to appear before returning +// The test creates a file called cpu.prof and starts Go's CPU profiler +// A temporary directory is created to simulate the Tekton step run directory. +// The test creates a large number of subdirectories e.g. step0, step1, ..., each representing a step in a TaskRun +// A goroutine is started that, one by one, writes an out file in each step directory, with a small delay between each +// The test calls the function and waits for it to complete and the profile is saved for later analysis +// This is helpful to compare the impact of code changes, provides a reproducible way to profile and optimize the function waitForStepsToFinish +func TestWaitForStepsToFinish_Profile(t *testing.T) { + f, err := os.Create("cpu.prof") + if err != nil { + t.Fatalf("could not create CPU profile: %v", err) + } + defer func(f *os.File) { + err := f.Close() + if err != nil { + return + } + }(f) + err = pprof.StartCPUProfile(f) + if err != nil { + return + } + defer pprof.StopCPUProfile() + + // Setup: create a temp runDir with many fake step files + runDir := t.TempDir() + stepCount := 100 + for i := range stepCount { + dir := filepath.Join(runDir, fmt.Sprintf("step%d", i)) + err := os.MkdirAll(dir, 0755) + if err != nil { + return + } + } + + // Simulate steps finishing one by one with a delay + go func() { + for i := range stepCount { + file := filepath.Join(runDir, fmt.Sprintf("step%d", i), "out") + err := os.WriteFile(file, []byte("done"), 0644) + if err != nil { + return + } + time.Sleep(10 * time.Millisecond) + } + }() + + intervalStr := os.Getenv("SIDECAR_LOG_POLLING_INTERVAL") + if intervalStr == "" { + intervalStr = "100ms" + } + interval, err := time.ParseDuration(intervalStr) + if err != nil { + interval = 100 * time.Millisecond + } + if err := waitForStepsToFinish(runDir, interval); err != nil { + t.Fatalf("waitForStepsToFinish failed: %v", err) + } +} + func TestLookForArtifacts(t *testing.T) { base := basicArtifacts() modified := base.DeepCopy() @@ -810,3 +872,32 @@ func mustJSON(data any) string { } return string(marshal) } + +func TestGetSidecarLogPollingInterval(t *testing.T) { + tests := []struct { + name string + setEnv string + expect time.Duration + wantError bool + }{ + {"empty env", "", 100 * time.Millisecond, false}, + {"valid duration", "250ms", 250 * time.Millisecond, false}, + {"invalid duration", "notaduration", 100 * time.Millisecond, true}, + {"custom value", "1s", 1 * time.Second, false}, + } + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + t.Setenv("SIDECAR_LOG_POLLING_INTERVAL", tc.setEnv) + got, err := getSidecarLogPollingInterval() + if tc.wantError && err == nil { + t.Errorf("expected error, got nil") + } + if !tc.wantError && err != nil { + t.Errorf("unexpected error: %v", err) + } + if got != tc.expect { + t.Errorf("got %v, want %v", got, tc.expect) + } + }) + } +} diff --git a/pkg/apis/config/default.go b/pkg/apis/config/default.go index c52da0ba27f..1077f9ac2eb 100644 --- a/pkg/apis/config/default.go +++ b/pkg/apis/config/default.go @@ -51,6 +51,11 @@ const ( DefaultImagePullBackOffTimeout = 0 * time.Minute + // Default maximum resolution timeout used by the resolution controller before timing out when exceeded + DefaultMaximumResolutionTimeout = 1 * time.Minute + + DefaultSidecarLogPollingInterval = 100 * time.Millisecond + defaultTimeoutMinutesKey = "default-timeout-minutes" defaultServiceAccountKey = "default-service-account" defaultManagedByLabelValueKey = "default-managed-by-label-value" @@ -63,6 +68,8 @@ const ( defaultResolverTypeKey = "default-resolver-type" defaultContainerResourceRequirementsKey = "default-container-resource-requirements" defaultImagePullBackOffTimeout = "default-imagepullbackoff-timeout" + defaultMaximumResolutionTimeout = "default-maximum-resolution-timeout" + defaultSidecarLogPollingIntervalKey = "default-sidecar-log-polling-interval" ) // DefaultConfig holds all the default configurations for the config. @@ -83,6 +90,11 @@ type Defaults struct { DefaultResolverType string DefaultContainerResourceRequirements map[string]corev1.ResourceRequirements DefaultImagePullBackOffTimeout time.Duration + DefaultMaximumResolutionTimeout time.Duration + // DefaultSidecarLogPollingInterval specifies how frequently (as a time.Duration) the Tekton sidecar log results container polls for step completion files. + // This value is loaded from the 'sidecar-log-polling-interval' key in the config-defaults ConfigMap. + // It is used to control the responsiveness and resource usage of the sidecar in both production and test environments. + DefaultSidecarLogPollingInterval time.Duration } // GetDefaultsConfigName returns the name of the configmap containing all @@ -114,6 +126,8 @@ func (cfg *Defaults) Equals(other *Defaults) bool { other.DefaultMaxMatrixCombinationsCount == cfg.DefaultMaxMatrixCombinationsCount && other.DefaultResolverType == cfg.DefaultResolverType && other.DefaultImagePullBackOffTimeout == cfg.DefaultImagePullBackOffTimeout && + other.DefaultMaximumResolutionTimeout == cfg.DefaultMaximumResolutionTimeout && + other.DefaultSidecarLogPollingInterval == cfg.DefaultSidecarLogPollingInterval && reflect.DeepEqual(other.DefaultForbiddenEnv, cfg.DefaultForbiddenEnv) } @@ -127,6 +141,8 @@ func NewDefaultsFromMap(cfgMap map[string]string) (*Defaults, error) { DefaultMaxMatrixCombinationsCount: DefaultMaxMatrixCombinationsCount, DefaultResolverType: DefaultResolverTypeValue, DefaultImagePullBackOffTimeout: DefaultImagePullBackOffTimeout, + DefaultMaximumResolutionTimeout: DefaultMaximumResolutionTimeout, + DefaultSidecarLogPollingInterval: DefaultSidecarLogPollingInterval, } if defaultTimeoutMin, ok := cfgMap[defaultTimeoutMinutesKey]; ok { @@ -205,6 +221,22 @@ func NewDefaultsFromMap(cfgMap map[string]string) (*Defaults, error) { tc.DefaultImagePullBackOffTimeout = timeout } + if defaultMaximumResolutionTimeout, ok := cfgMap[defaultMaximumResolutionTimeout]; ok { + timeout, err := time.ParseDuration(defaultMaximumResolutionTimeout) + if err != nil { + return nil, fmt.Errorf("failed parsing default config %q", defaultMaximumResolutionTimeout) + } + tc.DefaultMaximumResolutionTimeout = timeout + } + + if defaultSidecarPollingInterval, ok := cfgMap[defaultSidecarLogPollingIntervalKey]; ok { + interval, err := time.ParseDuration(defaultSidecarPollingInterval) + if err != nil { + return nil, fmt.Errorf("failed parsing default config %q", defaultSidecarPollingInterval) + } + tc.DefaultSidecarLogPollingInterval = interval + } + return &tc, nil } diff --git a/pkg/apis/config/default_test.go b/pkg/apis/config/default_test.go index de873f2f103..8d438f8c39c 100644 --- a/pkg/apis/config/default_test.go +++ b/pkg/apis/config/default_test.go @@ -45,6 +45,8 @@ func TestNewDefaultsFromConfigMap(t *testing.T) { DefaultMaxMatrixCombinationsCount: 256, DefaultResolverType: "git", DefaultImagePullBackOffTimeout: time.Duration(5) * time.Second, + DefaultMaximumResolutionTimeout: 1 * time.Minute, + DefaultSidecarLogPollingInterval: 100 * time.Millisecond, }, fileName: config.GetDefaultsConfigName(), }, @@ -65,6 +67,8 @@ func TestNewDefaultsFromConfigMap(t *testing.T) { }, DefaultMaxMatrixCombinationsCount: 256, DefaultImagePullBackOffTimeout: 0, + DefaultMaximumResolutionTimeout: 1 * time.Minute, + DefaultSidecarLogPollingInterval: 100 * time.Millisecond, }, fileName: "config-defaults-with-pod-template", }, @@ -88,6 +92,8 @@ func TestNewDefaultsFromConfigMap(t *testing.T) { DefaultPodTemplate: &pod.Template{}, DefaultMaxMatrixCombinationsCount: 256, DefaultImagePullBackOffTimeout: 0, + DefaultMaximumResolutionTimeout: 1 * time.Minute, + DefaultSidecarLogPollingInterval: 100 * time.Millisecond, }, }, { @@ -100,6 +106,8 @@ func TestNewDefaultsFromConfigMap(t *testing.T) { DefaultAAPodTemplate: &pod.AffinityAssistantTemplate{}, DefaultMaxMatrixCombinationsCount: 256, DefaultImagePullBackOffTimeout: 0, + DefaultMaximumResolutionTimeout: 1 * time.Minute, + DefaultSidecarLogPollingInterval: 100 * time.Millisecond, }, }, { @@ -115,6 +123,8 @@ func TestNewDefaultsFromConfigMap(t *testing.T) { DefaultServiceAccount: "default", DefaultManagedByLabelValue: config.DefaultManagedByLabelValue, DefaultImagePullBackOffTimeout: 0, + DefaultMaximumResolutionTimeout: 1 * time.Minute, + DefaultSidecarLogPollingInterval: 100 * time.Millisecond, }, }, { @@ -127,6 +137,8 @@ func TestNewDefaultsFromConfigMap(t *testing.T) { DefaultManagedByLabelValue: "tekton-pipelines", DefaultForbiddenEnv: []string{"TEKTON_POWER_MODE", "TEST_ENV", "TEST_TEKTON"}, DefaultImagePullBackOffTimeout: time.Duration(15) * time.Second, + DefaultMaximumResolutionTimeout: 1 * time.Minute, + DefaultSidecarLogPollingInterval: 100 * time.Millisecond, }, }, { @@ -139,6 +151,8 @@ func TestNewDefaultsFromConfigMap(t *testing.T) { DefaultMaxMatrixCombinationsCount: 256, DefaultContainerResourceRequirements: map[string]corev1.ResourceRequirements{}, DefaultImagePullBackOffTimeout: 0, + DefaultMaximumResolutionTimeout: 1 * time.Minute, + DefaultSidecarLogPollingInterval: 100 * time.Millisecond, }, }, { @@ -154,6 +168,8 @@ func TestNewDefaultsFromConfigMap(t *testing.T) { DefaultManagedByLabelValue: "tekton-pipelines", DefaultMaxMatrixCombinationsCount: 256, DefaultImagePullBackOffTimeout: 0, + DefaultMaximumResolutionTimeout: 1 * time.Minute, + DefaultSidecarLogPollingInterval: 100 * time.Millisecond, DefaultContainerResourceRequirements: map[string]corev1.ResourceRequirements{ config.ResourceRequirementDefaultContainerKey: { Requests: corev1.ResourceList{ @@ -210,6 +226,8 @@ func TestNewDefaultsFromEmptyConfigMap(t *testing.T) { DefaultServiceAccount: "default", DefaultMaxMatrixCombinationsCount: 256, DefaultImagePullBackOffTimeout: 0, + DefaultMaximumResolutionTimeout: 1 * time.Minute, + DefaultSidecarLogPollingInterval: 100 * time.Millisecond, } verifyConfigFileWithExpectedConfig(t, DefaultsConfigEmptyName, expectedConfig) } @@ -389,6 +407,51 @@ func TestEquals(t *testing.T) { } } +func TestSidecarLogPollingIntervalParsing(t *testing.T) { + cases := []struct { + name string + data map[string]string + expected time.Duration + wantErr bool + }{ + { + name: "valid interval", + data: map[string]string{"default-sidecar-log-polling-interval": "42ms"}, + expected: 42 * time.Millisecond, + wantErr: false, + }, + { + name: "invalid interval", + data: map[string]string{"default-sidecar-log-polling-interval": "notaduration"}, + expected: 0, + wantErr: true, + }, + { + name: "not set (default)", + data: map[string]string{}, + expected: 100 * time.Millisecond, + wantErr: false, + }, + } + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + cfg, err := config.NewDefaultsFromMap(tc.data) + if tc.wantErr { + if err == nil { + t.Errorf("expected error, got nil") + } + return + } + if err != nil { + t.Fatalf("unexpected error: %v", err) + } + if cfg.DefaultSidecarLogPollingInterval != tc.expected { + t.Errorf("got %v, want %v", cfg.DefaultSidecarLogPollingInterval, tc.expected) + } + }) + } +} + func verifyConfigFileWithExpectedConfig(t *testing.T, fileName string, expectedConfig *config.Defaults) { t.Helper() cm := test.ConfigMapFromTestFile(t, fileName) diff --git a/pkg/apis/pipeline/v1/openapi_generated.go b/pkg/apis/pipeline/v1/openapi_generated.go index d05c2178e31..cc1a64a8a5f 100644 --- a/pkg/apis/pipeline/v1/openapi_generated.go +++ b/pkg/apis/pipeline/v1/openapi_generated.go @@ -2392,7 +2392,7 @@ func schema_pkg_apis_pipeline_v1_RefSource(ref common.ReferenceCallback) common. }, "entryPoint": { SchemaProps: spec.SchemaProps{ - Description: "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", + Description: "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.10/git-clone.yaml\"", Type: []string{"string"}, Format: "", }, diff --git a/pkg/apis/pipeline/v1/provenance.go b/pkg/apis/pipeline/v1/provenance.go index de9f2a5c5d8..ea1234335d2 100644 --- a/pkg/apis/pipeline/v1/provenance.go +++ b/pkg/apis/pipeline/v1/provenance.go @@ -41,6 +41,6 @@ type RefSource struct { // EntryPoint identifies the entry point into the build. This is often a path to a // build definition file and/or a target label within that file. - // Example: "task/git-clone/0.8/git-clone.yaml" + // Example: "task/git-clone/0.10/git-clone.yaml" EntryPoint string `json:"entryPoint,omitempty"` } diff --git a/pkg/apis/pipeline/v1/swagger.json b/pkg/apis/pipeline/v1/swagger.json index 73544e75d84..6b9534dbbc3 100644 --- a/pkg/apis/pipeline/v1/swagger.json +++ b/pkg/apis/pipeline/v1/swagger.json @@ -1192,7 +1192,7 @@ } }, "entryPoint": { - "description": "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", + "description": "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.10/git-clone.yaml\"", "type": "string" }, "uri": { diff --git a/pkg/apis/pipeline/v1beta1/openapi_generated.go b/pkg/apis/pipeline/v1beta1/openapi_generated.go index 145e72b083a..4a83e563723 100644 --- a/pkg/apis/pipeline/v1beta1/openapi_generated.go +++ b/pkg/apis/pipeline/v1beta1/openapi_generated.go @@ -808,7 +808,7 @@ func schema_pkg_apis_pipeline_v1beta1_ConfigSource(ref common.ReferenceCallback) }, "entryPoint": { SchemaProps: spec.SchemaProps{ - Description: "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", + Description: "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.10/git-clone.yaml\"", Type: []string{"string"}, Format: "", }, @@ -3263,7 +3263,7 @@ func schema_pkg_apis_pipeline_v1beta1_RefSource(ref common.ReferenceCallback) co }, "entryPoint": { SchemaProps: spec.SchemaProps{ - Description: "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", + Description: "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.10/git-clone.yaml\"", Type: []string{"string"}, Format: "", }, diff --git a/pkg/apis/pipeline/v1beta1/provenance.go b/pkg/apis/pipeline/v1beta1/provenance.go index 3ae27eb55d7..7fadd2c9e06 100644 --- a/pkg/apis/pipeline/v1beta1/provenance.go +++ b/pkg/apis/pipeline/v1beta1/provenance.go @@ -44,7 +44,7 @@ type RefSource struct { // EntryPoint identifies the entry point into the build. This is often a path to a // build definition file and/or a target label within that file. - // Example: "task/git-clone/0.8/git-clone.yaml" + // Example: "task/git-clone/0.10/git-clone.yaml" EntryPoint string `json:"entryPoint,omitempty"` } @@ -62,6 +62,6 @@ type ConfigSource struct { // EntryPoint identifies the entry point into the build. This is often a path to a // build definition file and/or a target label within that file. - // Example: "task/git-clone/0.8/git-clone.yaml" + // Example: "task/git-clone/0.10/git-clone.yaml" EntryPoint string `json:"entryPoint,omitempty"` } diff --git a/pkg/apis/pipeline/v1beta1/swagger.json b/pkg/apis/pipeline/v1beta1/swagger.json index 7e2d8d9d95c..5013d846f57 100644 --- a/pkg/apis/pipeline/v1beta1/swagger.json +++ b/pkg/apis/pipeline/v1beta1/swagger.json @@ -358,7 +358,7 @@ } }, "entryPoint": { - "description": "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", + "description": "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.10/git-clone.yaml\"", "type": "string" }, "uri": { @@ -1653,7 +1653,7 @@ } }, "entryPoint": { - "description": "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.8/git-clone.yaml\"", + "description": "EntryPoint identifies the entry point into the build. This is often a path to a build definition file and/or a target label within that file. Example: \"task/git-clone/0.10/git-clone.yaml\"", "type": "string" }, "uri": { diff --git a/pkg/pod/pod.go b/pkg/pod/pod.go index 61c40ef92ae..5343f185a67 100644 --- a/pkg/pod/pod.go +++ b/pkg/pod/pod.go @@ -25,6 +25,7 @@ import ( "path/filepath" "strconv" "strings" + "time" "github.com/tektoncd/pipeline/internal/artifactref" "github.com/tektoncd/pipeline/pkg/apis/config" @@ -213,10 +214,11 @@ func (b *Builder) Build(ctx context.Context, taskRun *v1.TaskRun, taskSpec v1.Ta tasklevel.ApplyTaskLevelComputeResources(steps, taskRun.Spec.ComputeResources) } windows := usesWindows(taskRun) + pollingInterval := config.FromContextOrDefaults(ctx).Defaults.DefaultSidecarLogPollingInterval if sidecarLogsResultsEnabled { if taskSpec.Results != nil || artifactsPathReferenced(steps) { // create a results sidecar - resultsSidecar, err := createResultsSidecar(taskSpec, b.Images.SidecarLogResultsImage, setSecurityContext, windows) + resultsSidecar, err := createResultsSidecar(taskSpec, b.Images.SidecarLogResultsImage, setSecurityContext, windows, pollingInterval) if err != nil { return nil, err } @@ -636,7 +638,7 @@ func entrypointInitContainer(image string, steps []v1.Step, setSecurityContext, // whether it will run on a windows node, and whether the sidecar should include a security context // that will allow it to run in namespaces with "restricted" pod security admission. // It will also provide arguments to the binary that allow it to surface the step results. -func createResultsSidecar(taskSpec v1.TaskSpec, image string, setSecurityContext, windows bool) (v1.Sidecar, error) { +func createResultsSidecar(taskSpec v1.TaskSpec, image string, setSecurityContext, windows bool, pollingInterval time.Duration) (v1.Sidecar, error) { names := make([]string, 0, len(taskSpec.Results)) for _, r := range taskSpec.Results { names = append(names, r.Name) @@ -678,6 +680,12 @@ func createResultsSidecar(taskSpec v1.TaskSpec, image string, setSecurityContext Name: pipeline.ReservedResultsSidecarName, Image: image, Command: command, + Env: []corev1.EnvVar{ + { + Name: "SIDECAR_LOG_POLLING_INTERVAL", + Value: pollingInterval.String(), + }, + }, } securityContext := LinuxSecurityContext if windows { diff --git a/pkg/pod/pod_test.go b/pkg/pod/pod_test.go index 4b5fc667cc0..4c15ea02364 100644 --- a/pkg/pod/pod_test.go +++ b/pkg/pod/pod_test.go @@ -2006,6 +2006,7 @@ _EOF_ {Name: "tekton-internal-bin", ReadOnly: true, MountPath: "/tekton/bin"}, {Name: "tekton-internal-run-0", ReadOnly: true, MountPath: "/tekton/run/0"}, }, implicitVolumeMounts...), + Env: []corev1.EnvVar{{Name: "SIDECAR_LOG_POLLING_INTERVAL", Value: "100ms"}}, }}, Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", @@ -2087,6 +2088,7 @@ _EOF_ {Name: "tekton-internal-bin", ReadOnly: true, MountPath: "/tekton/bin"}, {Name: "tekton-internal-run-0", ReadOnly: true, MountPath: "/tekton/run/0"}, }, implicitVolumeMounts...), + Env: []corev1.EnvVar{{Name: "SIDECAR_LOG_POLLING_INTERVAL", Value: "100ms"}}, }}, Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", @@ -2163,6 +2165,7 @@ _EOF_ {Name: "tekton-internal-run-0", ReadOnly: true, MountPath: "/tekton/run/0"}, }, implicitVolumeMounts...), SecurityContext: LinuxSecurityContext, + Env: []corev1.EnvVar{{Name: "SIDECAR_LOG_POLLING_INTERVAL", Value: "100ms"}}, }}, Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", @@ -2241,6 +2244,7 @@ _EOF_ {Name: "tekton-internal-bin", ReadOnly: true, MountPath: "/tekton/bin"}, {Name: "tekton-internal-run-0", ReadOnly: true, MountPath: "/tekton/run/0"}, }, implicitVolumeMounts...), + Env: []corev1.EnvVar{{Name: "SIDECAR_LOG_POLLING_INTERVAL", Value: "100ms"}}, }}, Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", @@ -2325,6 +2329,7 @@ _EOF_ {Name: "tekton-internal-bin", ReadOnly: true, MountPath: "/tekton/bin"}, {Name: "tekton-internal-run-0", ReadOnly: true, MountPath: "/tekton/run/0"}, }, implicitVolumeMounts...), + Env: []corev1.EnvVar{{Name: "SIDECAR_LOG_POLLING_INTERVAL", Value: "100ms"}}, }}, Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", @@ -2404,6 +2409,7 @@ _EOF_ {Name: "tekton-internal-run-0", ReadOnly: true, MountPath: "/tekton/run/0"}, }, implicitVolumeMounts...), SecurityContext: LinuxSecurityContext, + Env: []corev1.EnvVar{{Name: "SIDECAR_LOG_POLLING_INTERVAL", Value: "100ms"}}, }}, Volumes: append(implicitVolumes, binVolume, runVolume(0), downwardVolume, corev1.Volume{ Name: "tekton-creds-init-home-0", diff --git a/tekton/release-pipeline.yaml b/tekton/release-pipeline.yaml index e1db44e2bc3..1ad8edc1d2b 100644 --- a/tekton/release-pipeline.yaml +++ b/tekton/release-pipeline.yaml @@ -74,7 +74,7 @@ spec: - name: name value: git-clone - name: version - value: "0.7" + value: "0.10" workspaces: - name: output workspace: workarea diff --git a/test/e2e-tests.sh b/test/e2e-tests.sh index 9d78515fdb5..abcadd355c4 100755 --- a/test/e2e-tests.sh +++ b/test/e2e-tests.sh @@ -156,6 +156,13 @@ function set_enable_kubernetes_sidecar() { kubectl patch configmap feature-flags -n tekton-pipelines -p "$jsonpatch" } +function set_default_sidecar_log_polling_interval() { + # Sets the default-sidecar-log-polling-interval in the config-defaults ConfigMap to 0ms for e2e tests + echo "Patching config-defaults ConfigMap: setting default-sidecar-log-polling-interval to 0ms" + jsonpatch='{"data": {"default-sidecar-log-polling-interval": "0ms"}}' + kubectl patch configmap config-defaults -n tekton-pipelines -p "$jsonpatch" +} + function run_e2e() { # Run the integration tests header "Running Go e2e tests" @@ -185,6 +192,7 @@ set_enable_param_enum "$ENABLE_PARAM_ENUM" set_enable_artifacts "$ENABLE_ARTIFACTS" set_enable_concise_resolver_syntax "$ENABLE_CONCISE_RESOLVER_SYNTAX" set_enable_kubernetes_sidecar "$ENABLE_KUBERNETES_SIDECAR" +set_default_sidecar_log_polling_interval run_e2e (( failed )) && fail_test diff --git a/test/resolvers_test.go b/test/resolvers_test.go index 813e6b34d47..024d064d91f 100644 --- a/test/resolvers_test.go +++ b/test/resolvers_test.go @@ -118,7 +118,7 @@ spec: - name: name value: git-clone - name: version - value: "0.7" + value: "0.10" params: - name: url value: https://github.com/tektoncd/pipeline @@ -238,7 +238,7 @@ spec: - name: url value: https://github.com/tektoncd/catalog.git - name: pathInRepo - value: /task/git-clone/0.7/git-clone.yaml + value: /task/git-clone/0.10/git-clone.yaml - name: revision value: main params: @@ -261,7 +261,7 @@ spec: func TestGitResolver_Clone_Failure(t *testing.T) { defaultURL := "https://github.com/tektoncd/catalog.git" - defaultPathInRepo := "/task/git-clone/0.7/git-clone.yaml" + defaultPathInRepo := "/task/git-clone/0.10/git-clone.yaml" defaultCommit := "783b4fe7d21148f3b1a93bfa49b0024d8c6c2955" testCases := []struct { diff --git a/test/tektonbundles_test.go b/test/tektonbundles_test.go index 39f80f3972f..44b833951cd 100644 --- a/test/tektonbundles_test.go +++ b/test/tektonbundles_test.go @@ -260,7 +260,7 @@ func publishImg(ctx context.Context, t *testing.T, c *clients, namespace string, }}, Containers: []corev1.Container{{ Name: "skopeo", - Image: "gcr.io/tekton-releases/dogfooding/skopeo:latest", + Image: "ghcr.io/tektoncd/catalog/upstream/tasks/skopeo-copy:latest", WorkingDir: "/var", Command: []string{"/bin/sh", "-c"}, Args: []string{"skopeo copy --dest-tls-verify=false oci:image docker://" + ref.String()},