--- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- apiVersion: v1 kind: Namespace metadata: name: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code --- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: pipelines-as-code-info namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code rules: # All system:authenticated users needs to have access # of the pipelines-as-code-info ConfigMap even if they don't # have access to the other resources present in the # installed namespace. - apiGroups: [""] resources: ["configmaps"] resourceNames: ["pipelines-as-code-info"] verbs: ["get"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: pipelines-as-code-info namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code subjects: - kind: Group name: system:authenticated apiGroup: rbac.authorization.k8s.io roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: pipelines-as-code-info --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: pipelines-as-code-aggregate labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: - apiGroups: - pipelinesascode.tekton.dev resources: - repositories verbs: - create - delete - deletecollection - get - list - patch - update - watch --- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: name: pipelines-as-code-controller namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pipelines-as-code-controller-role namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: pipelines-as-code-controller-binding namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code subjects: - kind: ServiceAccount name: pipelines-as-code-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: pipelines-as-code-controller-role --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pipeline-as-code-controller-clusterrole namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code rules: - apiGroups: [""] resources: ["namespaces", "pods", "pods/log"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "create", "delete"] - apiGroups: ["pipelinesascode.tekton.dev"] resources: ["repositories"] verbs: ["create", "get", "list", "update"] - apiGroups: ["tekton.dev"] resources: ["pipelineruns"] verbs: ["get", "delete", "list", "create", "watch", "update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: pipelines-as-code-controller-clusterbinding namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code subjects: - kind: ServiceAccount name: pipelines-as-code-controller namespace: pipelines-as-code roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: pipeline-as-code-controller-clusterrole --- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: name: pipelines-as-code-watcher namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pipelines-as-code-watcher-role namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "watch"] - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: pipelines-as-code-watcher-binding namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code subjects: - kind: ServiceAccount name: pipelines-as-code-watcher roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: pipelines-as-code-watcher-role --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pipeline-as-code-watcher-clusterrole namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code rules: - apiGroups: [""] resources: ["secrets"] verbs: ["get", "delete"] - apiGroups: ["pipelinesascode.tekton.dev"] resources: ["repositories"] verbs: ["get", "update", "list"] - apiGroups: ["tekton.dev"] resources: ["pipelineruns"] verbs: ["get", "delete", "list", "create", "watch", "update", "patch"] - apiGroups: [""] resources: ["events"] verbs: ["create", "update", "patch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: pipelines-as-code-watcher-clusterbinding namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code subjects: - kind: ServiceAccount name: pipelines-as-code-watcher namespace: pipelines-as-code roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: pipeline-as-code-watcher-clusterrole --- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: name: pipelines-as-code-webhook namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pipelines-as-code-webhook-role namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["secrets"] verbs: ["list", "watch"] - apiGroups: [""] resources: ["secrets"] verbs: ["get", "update"] resourceNames: ["pipelines-as-code-webhook-certs"] # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever # the secret changes it updates the webhook configurations with the certificates # stored in the secret. - apiGroups: ["coordination.k8s.io"] resources: ["leases"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] # webhook uses leases for leader election --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: pipelines-as-code-webhook-binding namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code subjects: - kind: ServiceAccount name: pipelines-as-code-webhook roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: pipelines-as-code-webhook-role --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: pipeline-as-code-webhook-clusterrole namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code rules: - apiGroups: ["pipelinesascode.tekton.dev"] resources: ["repositories"] verbs: ["get", "list", "watch"] # The webhook performs a reconciliation on this resource and continuously # updates configuration. - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations"] verbs: ["list", "watch"] # When there are changes to the configs or secrets, knative updates the validating webhook config # with the updated certificates or the refreshed set of rules. - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations"] verbs: ["get", "update", "delete"] resourceNames: ["validation.pipelinesascode.tekton.dev"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: pipelines-as-code-webhook-clusterbinding namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code subjects: - kind: ServiceAccount name: pipelines-as-code-webhook namespace: pipelines-as-code roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: pipeline-as-code-webhook-clusterrole --- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: repositories.pipelinesascode.tekton.dev labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code spec: group: pipelinesascode.tekton.dev versions: - name: v1alpha1 subresources: status: {} additionalPrinterColumns: - jsonPath: .spec.url name: URL type: string - name: Succeeded type: string jsonPath: '.pipelinerun_status[-1].conditions[?(@.type=="Succeeded")].status' - name: Reason type: string jsonPath: '.pipelinerun_status[-1].conditions[?(@.type=="Succeeded")].reason' - name: StartTime type: date jsonPath: ".pipelinerun_status[-1].startTime" - name: CompletionTime type: date jsonPath: ".pipelinerun_status[-1].completionTime" served: true storage: true schema: openAPIV3Schema: x-kubernetes-preserve-unknown-fields: true description: Schema for the repository API properties: apiVersion: description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/ api-conventions.md#resources" type: string kind: description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds" type: string metadata: type: object spec: description: Spec defines the desired state of Repository properties: concurrency_limit: description: Number of maximum pipelinerun running at any moment type: integer url: description: Repository URL type: string type: description: Git repository provider type: string enum: - github - gitea - bitbucket - gitlab - bitbucket-enteprise incoming: type: array items: type: object properties: type: description: Type of webhook type: string enum: - webhook-url targets: description: List of target branches or ref to trigger webhooks on type: array items: description: Branch name type: string secret: description: Secret to use for the webhook type: object properties: key: description: Key of the secret type: string default: "secret" name: description: Name of the secret type: string git_provider: type: object properties: url: description: The Git provider api url type: string user: description: The Git provider api user type: string type: description: The Git provider type type: string secret: type: object properties: key: type: string description: "Key inside the secret" default: "provider.token" name: type: string description: "The secret name" webhook_secret: type: object properties: key: type: string description: "Key inside the secret" default: "webhook.secret" name: type: string description: "The secret name" type: object type: object scope: Namespaced names: plural: repositories singular: repository kind: Repository shortNames: - repo --- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 data: # The number of days kept for pipelinerun inside pipelines-as-code namespace max-keep-days: "5" # The application name, you can customize this label application-name: "Pipelines as Code CI" # Whether to automatically create a secret with the token to be use by git-clone secret-auto-create: "true" # Tekton HUB API urls hub-url: "https://api.hub.tekton.dev/v1" # Whether to allow fetching remote tasks remote-tasks: "true" # Since public bitbucket doesn't have the concept of Secret, we need to be # able to secure the request by querying https://ip-ranges.atlassian.com/, # this only happen for public bitbucket (ie: when provider.url is not set in # repository spec). If you want to override this, you need to bear in mind # this could be a security issue, a malicious user can send a PR to your repo # with a modification to your PipelineRun that would grab secrets, tunnel or # others and then send a malicious webhook payload to the controller which # look like a authorized owner has send the PR to run it.. bitbucket-cloud-check-source-ip: "true" # Add extra IPS (ie: 127.0.0.1) or networks (127.0.0.0/16) separated by commas. bitbucket-cloud-additional-source-ip: "" kind: ConfigMap metadata: name: pipelines-as-code namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/part-of: pipelines-as-code --- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # This configmap is filled by bootstrap command # GitHub App is added as provider and later this is checked # before configuring a new GitHub App so that we don't # configure more than one App apiVersion: v1 data: # pipelines as code controller version version: "devel" # controller url to be used for configuring webhook using cli controller-url: "" # display the configured provider on the platform # only one provider type to be configured at a time # eg. if GitHub App is configured, then webhooks should not be configured provider: "" kind: ConfigMap metadata: name: pipelines-as-code-info namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/part-of: pipelines-as-code --- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: Secret metadata: name: pipelines-as-code-webhook-certs namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/part-of: pipelines-as-code # The data is populated at install time --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: validation.pipelinesascode.tekton.dev labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/part-of: pipelines-as-code webhooks: - admissionReviewVersions: ["v1"] clientConfig: service: name: pipelines-as-code-webhook namespace: pipelines-as-code failurePolicy: Fail sideEffects: None name: validation.pipelinesascode.tekton.dev --- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- apiVersion: apps/v1 kind: Deployment metadata: name: pipelines-as-code-controller namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/part-of: pipelines-as-code spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code template: metadata: labels: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code app.kubernetes.io/version: "v0.11.1" spec: serviceAccountName: pipelines-as-code-controller containers: - name: pac-controller image: "ghcr.io/openshift-pipelines/pipelines-as-code-controller:v0.11.x" imagePullPolicy: Always ports: - name: api containerPort: 8080 readinessProbe: failureThreshold: 3 httpGet: path: /live port: api scheme: HTTP periodSeconds: 15 successThreshold: 1 timeoutSeconds: 1 livenessProbe: failureThreshold: 3 httpGet: path: /live port: api scheme: HTTP periodSeconds: 15 successThreshold: 1 timeoutSeconds: 1 env: - name: TLS_KEY value: "key" - name: TLS_CERT value: "cert" - name: TLS_SECRET_NAME value: "pipelines-as-code-tls-secret" - name: SYSTEM_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: K_METRICS_CONFIG value: '{"Domain":"pipelinesascode.tekton.dev/controller","Component":"controller","PrometheusPort":0,"PrometheusHost":"","ConfigMap":{}}' - name: K_TRACING_CONFIG value: '{"backend":"","debug":"false","sample-rate":"0"}' - name: K_SINK_TIMEOUT value: "30" volumeMounts: - mountPath: "/etc/pipelines-as-code/tls" readOnly: true name: tls volumes: - name: tls secret: secretName: pipelines-as-code-tls-secret optional: true --- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- apiVersion: v1 kind: Service metadata: name: pipelines-as-code-controller namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/part-of: pipelines-as-code spec: ports: - name: http-listener port: 8080 protocol: TCP targetPort: 8080 selector: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code --- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- apiVersion: apps/v1 kind: Deployment metadata: name: pipelines-as-code-watcher namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/part-of: pipelines-as-code spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: watcher app.kubernetes.io/component: watcher app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code template: metadata: labels: app.kubernetes.io/name: watcher app.kubernetes.io/component: watcher app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code app.kubernetes.io/version: "v0.11.1" spec: serviceAccountName: pipelines-as-code-watcher containers: - name: pac-watcher image: "ghcr.io/openshift-pipelines/pipelines-as-code-watcher:v0.11.x" imagePullPolicy: Always env: - name: SYSTEM_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: METRICS_DOMAIN value: tekton.dev/pipelinesascode ports: - name: probes containerPort: 8080 readinessProbe: httpGet: path: /live port: probes scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 livenessProbe: httpGet: path: /live port: probes scheme: HTTP initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 --- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- apiVersion: apps/v1 kind: Deployment metadata: name: pipelines-as-code-webhook namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/part-of: pipelines-as-code spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code template: metadata: labels: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code app.kubernetes.io/version: "v0.11.1" spec: serviceAccountName: pipelines-as-code-webhook containers: - name: pac-webhook image: "ghcr.io/openshift-pipelines/pipelines-as-code-webhook:v0.11.x" env: - name: SYSTEM_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: WEBHOOK_SERVICE_NAME value: pipelines-as-code-webhook - name: WEBHOOK_SECRET_NAME value: pipelines-as-code-webhook-certs - name: METRICS_DOMAIN value: tekton.dev/pipelinesascode ports: - name: https-webhook containerPort: 8443 --- # Copyright 2022 Red Hat # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- apiVersion: v1 kind: Service metadata: name: pipelines-as-code-webhook namespace: pipelines-as-code labels: app.kubernetes.io/version: "v0.11.1" app.kubernetes.io/part-of: pipelines-as-code spec: ports: - name: https-webhook port: 443 targetPort: 8443 selector: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: pipelines-as-code