diff --git a/head b/head index 22773c629..ad5835dae 100644 --- a/head +++ b/head @@ -1 +1 @@ -1b02a97fcd9908f2dab006417375e2dc1fe1d58d +229dca3f57e177ede377bc5657bc800db730cbc6 diff --git a/upstream/components.yaml b/upstream/components.yaml index 5b4d9a08e..e4589f5e4 100644 --- a/upstream/components.yaml +++ b/upstream/components.yaml @@ -1,6 +1,6 @@ chains: github: tektoncd/chains - version: v0.22.1 + version: v0.22.2 dashboard: github: tektoncd/dashboard version: v0.50.0 @@ -12,13 +12,13 @@ manual-approval-gate: version: v0.3.0 pipeline: github: tektoncd/pipeline - version: v0.63.0 + version: v0.64.0 pipelines-as-code: github: openshift-pipelines/pipelines-as-code version: v0.28.0 results: github: tektoncd/results - version: v0.12.0 + version: v0.12.1 triggers: github: tektoncd/triggers version: v0.29.1 diff --git a/upstream/docs/TektonConfig.md b/upstream/docs/TektonConfig.md index 0cd25d5f2..5f6c98035 100644 --- a/upstream/docs/TektonConfig.md +++ b/upstream/docs/TektonConfig.md @@ -61,7 +61,6 @@ The TektonConfig CR provides the following features enable-param-enum: false enable-provenance-in-status: true enable-step-actions: false - enable-tekton-oci-bundles: false enforce-nonfalsifiability: none keep-pod-on-cancel: false max-result-size: 4096 @@ -218,7 +217,6 @@ pipeline: disable-working-directory-overwrite: true enable-api-fields: stable enable-custom-tasks: false - enable-tekton-oci-bundles: false metrics.pipelinerun.duration-type: histogram metrics.pipelinerun.level: pipelinerun metrics.taskrun.duration-type: histogram diff --git a/upstream/docs/TektonPipeline.md b/upstream/docs/TektonPipeline.md index 14795c8e3..979b11e89 100644 --- a/upstream/docs/TektonPipeline.md +++ b/upstream/docs/TektonPipeline.md @@ -35,7 +35,6 @@ spec: enable-param-enum: false enable-provenance-in-status: true enable-step-actions: false - enable-tekton-oci-bundles: false enforce-nonfalsifiability: none keep-pod-on-cancel: false max-result-size: 4096 @@ -113,12 +112,6 @@ injected sidecars, setting this option to false can lead to unexpected behavior. See more info [here](https://github.com/tektoncd/pipeline/issues/2981). -- `enable-tekton-oci-bundles` (Default: `false`) - - Setting this flag to "true" enables the use of Tekton OCI bundle. This is an experimental feature and thus should -still be considered an alpha feature. - - - `enable-custom-tasks` (Default: `false`) Setting this flag to "true" enables the use of custom tasks from within pipelines. This is an experimental feature diff --git a/upstream/docs/TektonResult.md b/upstream/docs/TektonResult.md index 108737075..33934ea68 100644 --- a/upstream/docs/TektonResult.md +++ b/upstream/docs/TektonResult.md @@ -228,19 +228,11 @@ LOGGING_PLUGIN_NAMESPACE_KEY LOGGING_PLUGIN_STATIC_LABELS LOGGING_PLUGIN_TLS_VERIFICATION_DISABLE LOGGING_PLUGIN_FORWARDER_DELAY_DURATION +LOGGING_PLUGIN_QUERY_PARAMS +LOGGING_PLUGIN_QUERY_LIMIT ``` -- `LOGGING_PLUGIN_PROXY_PATH`: The path to the proxy used for logging. These reverse proxyies like NGinx is used for authentication. - -- `LOGGING_PLUGIN_API_URL`: The Base URL for quering Loki. - -- `LOGGING_PLUGIN_TOKEN_PATH`: The path to the token used for authentication with the logging service. `/var/run/secrets/kubernetes.io/serviceaccount/token` can be used if results api service account token can be used as Authorization jwt token for quering Loki. - -- `LOGGING_PLUGIN_NAMESPACE_KEY`: The key used to identify the namespace in log queries. - -- `LOGGING_PLUGIN_STATIC_LABELS`: Any static labels to be added to all log queries. It's necessary to have some fields to filter out tekton logs. - -- `LOGGING_PLUGIN_TLS_VERIFICATION_DISABLE`: A boolean flag to disable TLS verification. This should be set to "false" in production environments to ensure secure connections. +Please consult the docs [here](https://github.com/tektoncd/results/blob/main/docs/logging-support.md) for information on these fields. These fields allow you to configure how Tekton Results interacts with your Loki backend. diff --git a/upstream/operatorhub/openshift/manifests/bases/openshift-pipelines-operator-rh.clusterserviceversion.template.yaml b/upstream/operatorhub/openshift/manifests/bases/openshift-pipelines-operator-rh.clusterserviceversion.template.yaml index 735b2a51d..75233294e 100644 --- a/upstream/operatorhub/openshift/manifests/bases/openshift-pipelines-operator-rh.clusterserviceversion.template.yaml +++ b/upstream/operatorhub/openshift/manifests/bases/openshift-pipelines-operator-rh.clusterserviceversion.template.yaml @@ -306,12 +306,12 @@ spec: ### Components - - Tekton Pipelines: v0.63.0 + - Tekton Pipelines: v0.64.0 - Tekton Triggers: v0.29.1 - Pipelines as Code: v0.28.0 - - Tekton Chains: v0.22.1 + - Tekton Chains: v0.22.2 - Tekton Hub (tech-preview): v1.18.0 - - Tekton Results (tech-preview): v0.12.0 + - Tekton Results (tech-preview): v0.12.1 - Manual Approval Gate (tech-preview): v0.3.0 ## Getting Started diff --git a/upstream/pkg/apis/operator/v1alpha1/tektonconfig_default_test.go b/upstream/pkg/apis/operator/v1alpha1/tektonconfig_default_test.go index 80846cdb3..7756a14e1 100644 --- a/upstream/pkg/apis/operator/v1alpha1/tektonconfig_default_test.go +++ b/upstream/pkg/apis/operator/v1alpha1/tektonconfig_default_test.go @@ -69,8 +69,7 @@ func Test_SetDefaults_Pipeline_Properties(t *testing.T) { } tc.SetDefaults(context.TODO()) - if *tc.Spec.Pipeline.SendCloudEventsForRuns != true || - *tc.Spec.Pipeline.EnableTektonOciBundles != false { + if *tc.Spec.Pipeline.SendCloudEventsForRuns != true { t.Error("Setting default failed for TektonConfig (spec.pipeline.pipelineProperties)") } } diff --git a/upstream/pkg/apis/operator/v1alpha1/tektonpipeline_defaults.go b/upstream/pkg/apis/operator/v1alpha1/tektonpipeline_defaults.go index ddaf21ee4..142e6f415 100644 --- a/upstream/pkg/apis/operator/v1alpha1/tektonpipeline_defaults.go +++ b/upstream/pkg/apis/operator/v1alpha1/tektonpipeline_defaults.go @@ -48,9 +48,12 @@ func (p *Pipeline) setDefaults() { if p.RequireGitSshSecretKnownHosts == nil { p.RequireGitSshSecretKnownHosts = ptr.Bool(config.DefaultRequireGitSSHSecretKnownHosts) } - if p.EnableTektonOciBundles == nil { - p.EnableTektonOciBundles = ptr.Bool(config.DefaultEnableTektonOciBundles) - } + + // not in use, see: https://github.com/tektoncd/pipeline/pull/7789 + // this field is removed from pipeline component + // keeping here to maintain the API compatibility + p.EnableTektonOciBundles = nil + if p.EnableCustomTasks == nil { // EnableCustomTask is always enable p.EnableCustomTasks = ptr.Bool(true) diff --git a/upstream/pkg/apis/operator/v1alpha1/tektonpipeline_defaults_test.go b/upstream/pkg/apis/operator/v1alpha1/tektonpipeline_defaults_test.go index 3c7b6f7c6..f98eba940 100644 --- a/upstream/pkg/apis/operator/v1alpha1/tektonpipeline_defaults_test.go +++ b/upstream/pkg/apis/operator/v1alpha1/tektonpipeline_defaults_test.go @@ -21,6 +21,7 @@ import ( "testing" "github.com/google/go-cmp/cmp" + "github.com/stretchr/testify/assert" "github.com/tektoncd/pipeline/pkg/apis/config" "github.com/tektoncd/pipeline/test/diff" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -45,7 +46,6 @@ func Test_SetDefaults_PipelineProperties(t *testing.T) { AwaitSidecarReadiness: ptr.Bool(true), RunningInEnvironmentWithInjectedSidecars: ptr.Bool(true), RequireGitSshSecretKnownHosts: ptr.Bool(false), - EnableTektonOciBundles: ptr.Bool(false), EnableCustomTasks: ptr.Bool(true), EnableApiFields: "beta", EmbeddedStatus: "", @@ -84,3 +84,37 @@ func Test_SetDefaults_PipelineProperties(t *testing.T) { t.Errorf("failed to update deployment %s", diff.PrintWantGot(d)) } } + +// not in use, see: https://github.com/tektoncd/pipeline/pull/7789 +// this field is removed from pipeline component +// keeping in types to maintain the API compatibility +// this test verifies that, "EnableTektonOciBundles" always keeps nil on defaults +func TestEnableTektonOciBundlesIgnored(t *testing.T) { + tp := &TektonPipeline{ + Spec: TektonPipelineSpec{ + Pipeline: Pipeline{ + PipelineProperties: PipelineProperties{ + EnableTektonOciBundles: ptr.Bool(true), + }, + }, + }, + } + ctx := context.TODO() + + tests := []struct { + name string + enableTektonOciBundles *bool + }{ + {name: "with-true", enableTektonOciBundles: ptr.Bool(true)}, + {name: "with-false", enableTektonOciBundles: ptr.Bool(false)}, + {name: "with-nil", enableTektonOciBundles: nil}, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + tp.Spec.Pipeline.EnableTektonOciBundles = test.enableTektonOciBundles + tp.SetDefaults(ctx) + assert.Nil(t, tp.Spec.Pipeline.EnableTektonOciBundles, "EnableTektonOciBundles removed from pipeline and should be nil on defaulting") + }) + } +} diff --git a/upstream/pkg/apis/operator/v1alpha1/tektonpipeline_types.go b/upstream/pkg/apis/operator/v1alpha1/tektonpipeline_types.go index d95efc2c9..4a9c1156b 100644 --- a/upstream/pkg/apis/operator/v1alpha1/tektonpipeline_types.go +++ b/upstream/pkg/apis/operator/v1alpha1/tektonpipeline_types.go @@ -93,7 +93,6 @@ type PipelineProperties struct { AwaitSidecarReadiness *bool `json:"await-sidecar-readiness,omitempty"` RunningInEnvironmentWithInjectedSidecars *bool `json:"running-in-environment-with-injected-sidecars,omitempty"` RequireGitSshSecretKnownHosts *bool `json:"require-git-ssh-secret-known-hosts,omitempty"` - EnableTektonOciBundles *bool `json:"enable-tekton-oci-bundles,omitempty"` EnableCustomTasks *bool `json:"enable-custom-tasks,omitempty"` EnableApiFields string `json:"enable-api-fields,omitempty"` EmbeddedStatus string `json:"embedded-status,omitempty"` @@ -102,6 +101,12 @@ type PipelineProperties struct { // This field will be removed, see https://github.com/tektoncd/operator/issues/1497 // originally this field was removed in https://github.com/tektoncd/operator/pull/1481 // there is no use with this field, just adding back to unblock the upgrade + + // not in use, see: https://github.com/tektoncd/pipeline/pull/7789 + // this field is removed from pipeline component + // keeping here to maintain the API compatibility + EnableTektonOciBundles *bool `json:"enable-tekton-oci-bundles,omitempty"` + VerificationMode string `json:"verification-mode,omitempty"` VerificationNoMatchPolicy string `json:"trusted-resources-verification-no-match-policy,omitempty"` EnableProvenanceInStatus *bool `json:"enable-provenance-in-status,omitempty"` diff --git a/upstream/pkg/apis/operator/v1alpha1/tektonresult_types.go b/upstream/pkg/apis/operator/v1alpha1/tektonresult_types.go index 91af17734..53906378f 100644 --- a/upstream/pkg/apis/operator/v1alpha1/tektonresult_types.go +++ b/upstream/pkg/apis/operator/v1alpha1/tektonresult_types.go @@ -97,6 +97,8 @@ type ResultsAPIProperties struct { LoggingPluginStaticLabels string `json:"logging_plugin_static_labels,omitempty"` LoggingPluginCACert string `json:"logging_plugin_ca_cert,omitempty"` LoggingPluginForwarderDelayDuration *uint `json:"logging_plugin_forwarder_delay_duration,omitempty"` + LoggingPluginQueryLimit *uint `json:"logging_plugin_query_limit,omitempty"` + LoggingPluginQueryParams string `json:"logging_plugin_query_params,omitempty"` // Options holds additions fields and these fields will be updated on the manifests Options AdditionalOptions `json:"options"` } diff --git a/upstream/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go b/upstream/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go index adfa4b7eb..c28286fe0 100644 --- a/upstream/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go +++ b/upstream/pkg/apis/operator/v1alpha1/zz_generated.deepcopy.go @@ -943,11 +943,6 @@ func (in *PipelineProperties) DeepCopyInto(out *PipelineProperties) { *out = new(bool) **out = **in } - if in.EnableTektonOciBundles != nil { - in, out := &in.EnableTektonOciBundles, &out.EnableTektonOciBundles - *out = new(bool) - **out = **in - } if in.EnableCustomTasks != nil { in, out := &in.EnableCustomTasks, &out.EnableCustomTasks *out = new(bool) @@ -958,6 +953,11 @@ func (in *PipelineProperties) DeepCopyInto(out *PipelineProperties) { *out = new(bool) **out = **in } + if in.EnableTektonOciBundles != nil { + in, out := &in.EnableTektonOciBundles, &out.EnableTektonOciBundles + *out = new(bool) + **out = **in + } if in.EnableProvenanceInStatus != nil { in, out := &in.EnableProvenanceInStatus, &out.EnableProvenanceInStatus *out = new(bool) @@ -1219,6 +1219,11 @@ func (in *ResultsAPIProperties) DeepCopyInto(out *ResultsAPIProperties) { *out = new(uint) **out = **in } + if in.LoggingPluginQueryLimit != nil { + in, out := &in.LoggingPluginQueryLimit, &out.LoggingPluginQueryLimit + *out = new(uint) + **out = **in + } in.Options.DeepCopyInto(&out.Options) return } diff --git a/upstream/pkg/reconciler/common/transformers_test.go b/upstream/pkg/reconciler/common/transformers_test.go index 6861b59ab..9f407a50a 100644 --- a/upstream/pkg/reconciler/common/transformers_test.go +++ b/upstream/pkg/reconciler/common/transformers_test.go @@ -515,8 +515,7 @@ func TestAddConfigMapValues_PipelineProperties(t *testing.T) { assertNoEror(t, err) prop := v1alpha1.PipelineProperties{ - EnableTektonOciBundles: ptr.Bool(true), - EnableApiFields: "stable", + EnableApiFields: "stable", } manifest, err = manifest.Transform(AddConfigMapValues("test1", prop)) @@ -527,7 +526,6 @@ func TestAddConfigMapValues_PipelineProperties(t *testing.T) { assertNoEror(t, err) assert.Equal(t, cm.Data["foo"], "bar") - assert.Equal(t, cm.Data["enable-tekton-oci-bundles"], "true") assert.Equal(t, cm.Data["enable-api-fields"], "stable") } diff --git a/upstream/pkg/reconciler/kubernetes/tektonpipeline/testdata/tektonpipeline-feature-flags-base.yaml b/upstream/pkg/reconciler/kubernetes/tektonpipeline/testdata/tektonpipeline-feature-flags-base.yaml new file mode 100644 index 000000000..2c3a36c07 --- /dev/null +++ b/upstream/pkg/reconciler/kubernetes/tektonpipeline/testdata/tektonpipeline-feature-flags-base.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: feature-flags + namespace: tekton-pipelines + labels: + app.kubernetes.io/instance: default + app.kubernetes.io/part-of: tekton-pipelines +data: + disable-affinity-assistant: "false" + coschedule: "workspaces" + disable-creds-init: "false" + await-sidecar-readiness: "true" + running-in-environment-with-injected-sidecars: "true" + require-git-ssh-secret-known-hosts: "false" + enable-tekton-oci-bundles: "false" + enable-api-fields: "beta" + send-cloudevents-for-runs: "false" + trusted-resources-verification-no-match-policy: "ignore" + enable-provenance-in-status: "true" + enforce-nonfalsifiability: "none" + results-from: "termination-message" + set-security-context: "false" + keep-pod-on-cancel: "false" + enable-cel-in-whenexpression: "false" + enable-step-actions: "false" + enable-artifacts: "false" + enable-param-enum: "false" + disable-inline-spec: "" + enable-concise-resolver-syntax: "false" + enable-kubernetes-sidecar: "false" diff --git a/upstream/pkg/reconciler/kubernetes/tektonpipeline/transform.go b/upstream/pkg/reconciler/kubernetes/tektonpipeline/transform.go index 4ea12f0f1..634f44761 100644 --- a/upstream/pkg/reconciler/kubernetes/tektonpipeline/transform.go +++ b/upstream/pkg/reconciler/kubernetes/tektonpipeline/transform.go @@ -56,6 +56,11 @@ func filterAndTransform(extension common.Extension) client.FilterAndTransform { return func(ctx context.Context, manifest *mf.Manifest, comp v1alpha1.TektonComponent) (*mf.Manifest, error) { pipeline := comp.(*v1alpha1.TektonPipeline) + // not in use, see: https://github.com/tektoncd/pipeline/pull/7789 + // this field is removed from pipeline component + // still keeping types to maintain the API compatibility + pipeline.Spec.Pipeline.EnableTektonOciBundles = nil + images := common.ToLowerCaseKeys(common.ImagesFromEnv(common.PipelinesImagePrefix)) instance := comp.(*v1alpha1.TektonPipeline) // adding extension's transformers first to run them before `extra` transformers diff --git a/upstream/pkg/reconciler/kubernetes/tektonpipeline/transform_test.go b/upstream/pkg/reconciler/kubernetes/tektonpipeline/transform_test.go index 60b6c5dd0..7df57dcfd 100644 --- a/upstream/pkg/reconciler/kubernetes/tektonpipeline/transform_test.go +++ b/upstream/pkg/reconciler/kubernetes/tektonpipeline/transform_test.go @@ -17,6 +17,7 @@ limitations under the License. package tektonpipeline import ( + "context" "encoding/json" "fmt" "reflect" @@ -24,6 +25,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/tektoncd/operator/pkg/apis/operator/v1alpha1" + "github.com/tektoncd/operator/pkg/reconciler/common" "github.com/tektoncd/pipeline/test/diff" "gotest.tools/v3/assert" appsv1 "k8s.io/api/apps/v1" @@ -365,3 +367,55 @@ func TestUpdateResolverConfigEnvironmentsInDeployment(t *testing.T) { }) } } + +// not in use, see: https://github.com/tektoncd/pipeline/pull/7789 +// this field is removed from pipeline component +// keeping in types to maintain the API compatibility +// this test verifies that, "EnableTektonOciBundles" always not present in the feature flags config map +func TestEnableTektonOciBundlesFeatureFlag(t *testing.T) { + tp := &v1alpha1.TektonPipeline{ + Spec: v1alpha1.TektonPipelineSpec{ + Pipeline: v1alpha1.Pipeline{ + PipelineProperties: v1alpha1.PipelineProperties{ + EnableTektonOciBundles: ptr.Bool(true), + }, + }, + }, + } + ctx := context.TODO() + + tests := []struct { + name string + enableTektonOciBundles *bool + expectedValue string + }{ + {name: "with-true", enableTektonOciBundles: ptr.Bool(true), expectedValue: "false"}, + {name: "with-false", enableTektonOciBundles: ptr.Bool(false), expectedValue: "false"}, + {name: "with-nil", enableTektonOciBundles: nil, expectedValue: "false"}, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + tp.Spec.Pipeline.EnableTektonOciBundles = test.enableTektonOciBundles + + // get manifests + manifest, err := common.Fetch("./testdata/tektonpipeline-feature-flags-base.yaml") + assert.NilError(t, err, "error on fetching testdata") + + transformers := filterAndTransform(common.NoExtension(ctx)) + _, err = transformers(ctx, &manifest, tp) + assert.NilError(t, err) + + resources := manifest.Resources() + assert.Assert(t, len(resources) > 0) + + featureFlagsMap := corev1.ConfigMap{} + err = apimachineryRuntime.DefaultUnstructuredConverter.FromUnstructured(resources[0].Object, &featureFlagsMap) + assert.NilError(t, err) + + flagValue, found := featureFlagsMap.Data["enable-tekton-oci-bundles"] + assert.Assert(t, found == true, "'enable-tekton-oci-bundles' not found") + assert.Assert(t, flagValue == test.expectedValue, "'enable-tekton-oci-bundles' is not '%s'", test.expectedValue) + }) + } +} diff --git a/upstream/pkg/reconciler/kubernetes/tektonresult/tektonresult.go b/upstream/pkg/reconciler/kubernetes/tektonresult/tektonresult.go index fdcbe18ac..759b1535c 100644 --- a/upstream/pkg/reconciler/kubernetes/tektonresult/tektonresult.go +++ b/upstream/pkg/reconciler/kubernetes/tektonresult/tektonresult.go @@ -146,6 +146,8 @@ func (r *Reconciler) ReconcileKind(ctx context.Context, tr *v1alpha1.TektonResul } // check if the secrets are created + // TODO: Create secret automatically if they don't exist + // TODO: And remove this check in future release. if err := r.validateSecretsAreCreated(ctx, tr); err != nil { return err } @@ -324,15 +326,5 @@ func (r *Reconciler) validateSecretsAreCreated(ctx context.Context, tr *v1alpha1 logger.Error(err) return err } - _, err = r.kubeClientSet.CoreV1().Secrets(tr.Spec.TargetNamespace).Get(ctx, TlsSecretName, metav1.GetOptions{}) - if err != nil { - if apierrors.IsNotFound(err) { - logger.Error(err) - tr.Status.MarkDependencyMissing(fmt.Sprintf("%s secret is missing", TlsSecretName)) - return err - } - logger.Error(err) - return err - } return nil } diff --git a/upstream/pkg/reconciler/kubernetes/tektonresult/testdata/api-config.yaml b/upstream/pkg/reconciler/kubernetes/tektonresult/testdata/api-config.yaml index 76ac13f03..4af343ad7 100644 --- a/upstream/pkg/reconciler/kubernetes/tektonresult/testdata/api-config.yaml +++ b/upstream/pkg/reconciler/kubernetes/tektonresult/testdata/api-config.yaml @@ -24,6 +24,8 @@ data: LOGS_TYPE=File LOGS_BUFFER_SIZE=32768 LOGS_PATH=/logs + LOGGING_PLUGIN_QUERY_LIMIT=7777 + LOGGING_PLUGIN_QUERY_PARAMS=direction=desc&skip=100 STORAGE_EMULATOR_HOST= kind: ConfigMap metadata: diff --git a/upstream/pkg/reconciler/kubernetes/tektonresult/transform_test.go b/upstream/pkg/reconciler/kubernetes/tektonresult/transform_test.go index a4ca6aa0f..29b0eee7f 100644 --- a/upstream/pkg/reconciler/kubernetes/tektonresult/transform_test.go +++ b/upstream/pkg/reconciler/kubernetes/tektonresult/transform_test.go @@ -65,6 +65,7 @@ func Test_updateApiConfig(t *testing.T) { boolVal := true intVal := int64(12345) + limit := uint(100) cm := &corev1.ConfigMap{} err = runtime.DefaultUnstructuredConverter.FromUnstructured(manifest.Resources()[0].Object, cm) assert.NilError(t, err) @@ -90,6 +91,8 @@ func Test_updateApiConfig(t *testing.T) { LogsBufferSize: &intVal, StorageEmulatorHost: "http://localhost:9004", LoggingPluginForwarderDelayDuration: &bufferDuration, + LoggingPluginQueryLimit: &limit, + LoggingPluginQueryParams: "direction=asc&skip=0", }, } @@ -122,6 +125,8 @@ LOGS_API=true LOGS_TYPE=s3 LOGS_BUFFER_SIZE=12345 LOGS_PATH=/logs/test +LOGGING_PLUGIN_QUERY_LIMIT=100 +LOGGING_PLUGIN_QUERY_PARAMS=direction=asc&skip=0 STORAGE_EMULATOR_HOST=http://localhost:9004`) } diff --git a/upstream/pkg/reconciler/openshift/tektonresult/extension.go b/upstream/pkg/reconciler/openshift/tektonresult/extension.go index be0128f94..e1ea295eb 100644 --- a/upstream/pkg/reconciler/openshift/tektonresult/extension.go +++ b/upstream/pkg/reconciler/openshift/tektonresult/extension.go @@ -41,6 +41,8 @@ const ( internalDBYamlDirectory = "static/tekton-results/internal-db" logsRBACYamlDirectory = "static/tekton-results/logs-rbac" deploymentAPI = "tekton-results-api" + serviceAPI = "tekton-results-api-service" + secretAPITLS = "tekton-results-tls" apiContainerName = "api" boundSAVolume = "bound-sa-token" boundSAPath = "/var/run/secrets/openshift/serviceaccount" @@ -96,6 +98,7 @@ func (oe openshiftExtension) Transformers(comp v1alpha1.TektonComponent) []mf.Tr occommon.ApplyCABundles, injectBoundSAToken(instance.Spec.ResultsAPIProperties), injectLokiStackTLSCACert(instance.Spec.LokiStackProperties), + injectResultsAPIServiceCACert(instance.Spec.ResultsAPIProperties), } } @@ -178,6 +181,34 @@ func filterAndTransform() client.FilterAndTransform { } } +func injectResultsAPIServiceCACert(props v1alpha1.ResultsAPIProperties) mf.Transformer { + return func(u *unstructured.Unstructured) error { + if u.GetKind() != "Service" || u.GetName() != serviceAPI { + return nil + } + + s := &corev1.Service{} + err := k8sruntime.DefaultUnstructuredConverter.FromUnstructured(u.Object, s) + if err != nil { + return err + } + + annotations := s.Annotations + if annotations == nil { + annotations = make(map[string]string) + } + annotations["service.beta.openshift.io/serving-cert-secret-name"] = secretAPITLS + s.SetAnnotations(annotations) + + uObj, err := k8sruntime.DefaultUnstructuredConverter.ToUnstructured(s) + if err != nil { + return err + } + u.SetUnstructuredContent(uObj) + return nil + } +} + // injectBoundSAToken adds a sa token projected volume to the Results Deployment func injectBoundSAToken(props v1alpha1.ResultsAPIProperties) mf.Transformer { return func(u *unstructured.Unstructured) error { diff --git a/upstream/pkg/reconciler/openshift/tektonresult/extension_test.go b/upstream/pkg/reconciler/openshift/tektonresult/extension_test.go index 668055c72..060dd43a8 100644 --- a/upstream/pkg/reconciler/openshift/tektonresult/extension_test.go +++ b/upstream/pkg/reconciler/openshift/tektonresult/extension_test.go @@ -149,3 +149,22 @@ func Test_injectLokiStackTLSCACert(t *testing.T) { assert.Equal(t, deployment.Spec.Template.Spec.Containers[0].Env[5].ValueFrom.ConfigMapKeyRef.Key, "service-ca.crt") } + +func Test_injectResultsAPIServiceCACert(t *testing.T) { + testData := path.Join("testdata", "api-service.yaml") + manifest, err := mf.ManifestFrom(mf.Recursive(testData)) + assert.NilError(t, err) + + service := &corev1.Service{} + err = runtime.DefaultUnstructuredConverter.FromUnstructured(manifest.Resources()[0].Object, service) + assert.NilError(t, err) + + props := v1alpha1.ResultsAPIProperties{} + manifest, err = manifest.Transform(injectResultsAPIServiceCACert(props)) + assert.NilError(t, err) + + err = runtime.DefaultUnstructuredConverter.FromUnstructured(manifest.Resources()[0].Object, service) + assert.NilError(t, err) + + assert.Equal(t, service.Annotations["service.beta.openshift.io/serving-cert-secret-name"], "tekton-results-tls") +} diff --git a/upstream/pkg/reconciler/openshift/tektonresult/testdata/api-service.yaml b/upstream/pkg/reconciler/openshift/tektonresult/testdata/api-service.yaml new file mode 100644 index 000000000..680c93928 --- /dev/null +++ b/upstream/pkg/reconciler/openshift/tektonresult/testdata/api-service.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: tekton-results-api + app.kubernetes.io/part-of: tekton-results + app.kubernetes.io/version: devel + name: tekton-results-api-service + namespace: tekton-pipelines +spec: + ports: + - name: server + nodePort: 30080 + port: 8080 + - name: prometheus + port: 9090 + protocol: TCP + targetPort: 9090 + - name: profiling + port: 6060 + protocol: TCP + targetPort: 6060 + selector: + app.kubernetes.io/name: tekton-results-api + type: NodePort diff --git a/upstream/tekton/build-publish-images-manifests.yaml b/upstream/tekton/build-publish-images-manifests.yaml index 480341dcb..5913f1810 100644 --- a/upstream/tekton/build-publish-images-manifests.yaml +++ b/upstream/tekton/build-publish-images-manifests.yaml @@ -65,7 +65,7 @@ spec: steps: - name: container-registy-auth - image: gcr.io/go-containerregistry/crane:debug + image: gcr.io/go-containerregistry/crane:debug@sha256:ff0e08eeae8097d28b2381c7f7123bf542757abc68d11bff58fb882b72843785 script: | #!/busybox/sh set -ex @@ -84,7 +84,7 @@ spec: cp ${DOCKER_CONFIG} /workspace/docker-config.json - name: run-kustomize-ko - image: gcr.io/tekton-releases/dogfooding/ko-gcloud:latest + image: gcr.io/tekton-releases/dogfooding/ko-gcloud:v20240920-6c2a999d36@sha256:1756ca55a09b360028695792e638a7cc366292d7aef44c926a8cb765085664c8 env: - name: KO_DOCKER_REPO value: $(params.imageRegistry)/$(params.imageRegistryPath) @@ -134,7 +134,7 @@ spec: kustomize build ${PROJECT_ROOT}/config/${KUBE_DISTRO}/overlays/default | ko resolve --platform=$(params.platforms) --preserve-import-paths -f - > $OUTPUT_RELEASE_DIR/${FILENAME_PREFIX}release.notags.yaml - name: koparse - image: gcr.io/tekton-releases/dogfooding/koparse:latest + image: gcr.io/tekton-releases/dogfooding/koparse:v20240910-ec3cf3c749@sha256:5e8a522fc1e587fc00b69a6d73e0bfdf7a29ca143537a5542eb224680d2dbf2f script: | set -ex @@ -151,7 +151,7 @@ spec: --base ${IMAGES_PATH} --images ${IMAGES} > /workspace/built_images - name: tag-images - image: gcr.io/go-containerregistry/crane:debug + image: gcr.io/go-containerregistry/crane:debug@sha256:ff0e08eeae8097d28b2381c7f7123bf542757abc68d11bff58fb882b72843785 script: | #!/busybox/sh set -ex diff --git a/upstream/tekton/operator-release-pipeline.yaml b/upstream/tekton/operator-release-pipeline.yaml index 101287e90..f594a0c27 100644 --- a/upstream/tekton/operator-release-pipeline.yaml +++ b/upstream/tekton/operator-release-pipeline.yaml @@ -259,7 +259,7 @@ spec: description: The full URL of the release file (no tag, platform - OpenShift) in the bucket steps: - name: create-results - image: alpine + image: docker.io/library/alpine:3.20.3@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d script: | BASE_URL=$(echo "$(params.releaseBucket)/previous/$(params.versionTag)") # If the bucket is in the gs:// return the corresponding public https URL diff --git a/upstream/tekton/task-fetch-components.yaml b/upstream/tekton/task-fetch-components.yaml index eb2ffe7a9..dae0b6447 100644 --- a/upstream/tekton/task-fetch-components.yaml +++ b/upstream/tekton/task-fetch-components.yaml @@ -14,7 +14,7 @@ spec: description: Target platform for for which the payload is going to be used default: "kubernetes openshift" steps: - - image: docker.io/library/golang:1.22 + - image: docker.io/library/golang:1.22@sha256:4594271250150c1a322ed749abfd218e1a8c6eb1ade90872e325a664412e2037 name: fetch-components workingDir: /go/src/github.com/tektoncd/operator script: |