songtianlun/manifests
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2bb098c6e3
manifests/tekton/values.yaml
songtianlun 2bb098c6e3 first commit
2025-04-12 13:11:34 +08:00

348 lines
16 KiB
YAML
Raw Blame History

namespace:
name: tekton-pipelines
create: true
labels:
pod-security.kubernetes.io/enforce: restricted
app.kubernetes.io/part-of: tekton-pipelines
auth:
git:
username: "admin"
password: ""
url: https://github.com
docker:
# if specified use the docker config.json style secret like this:
# https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#configuring-docker-authentication-for-docker
configJson: ""
serviceaccount:
enabled: true
annotations: {}
# Values for tekton-pipelines-controller
controller:
deployment:
image: ghcr.io/tektoncd/pipeline/controller-10a3e32792f33651396d02b6855a6e36:v0.69.1@sha256:3f42d35f8c1231a1c4366c57140bcfe115edd106b5af79555757e56e9224c6b7
labels: {}
pod:
labels: {}
annotations: {}
# specifies the name of an optional kubernetes secret to mount environment variables from for things like HTTP proxy
envFromSecret: "tekton-env"
# Add node affinity tolerations for tekton-pipeline-controller. Add additional matchExpressions below. Default is set.
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: NotIn
values:
- windows
tolerations: []
nodeSelector: {}
resources: {}
# Values for tekton-pipelines-webhook
webhook:
deployment:
labels: {}
pod:
labels: {}
# specifies the name of an optional kubernetes secret to mount environment variables from for things like HTTP proxy
envFromSecret: "tekton-env"
# Add node affinity tolerations for tekton-pipelines-webhook. Add additional matchExpressions below. Default is set.
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: NotIn
values:
- windows
tolerations: []
nodeSelector: {}
# Values to amend tekton-pipelines-remote-resolvers
remoteresolver:
affinity: {}
tolerations: []
nodeSelector: {}
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 1000m
memory: 4Gi
# configuration to put in the config-defaults ConfigMap
configDefaults:
_example: |
################################
# #
# EXAMPLE CONFIGURATION #
# #
################################
# This block is not actually functional configuration,
# but serves to illustrate the available configuration
# options and document them in a way that is accessible
# to users that `kubectl edit` this config map.
#
# These sample configuration options may be copied out of
# this example block and unindented to be in the data block
# to actually change the configuration.
# default-timeout-minutes contains the default number of
# minutes to use for TaskRun and PipelineRun, if none is specified.
default-timeout-minutes: "60" # 60 minutes
# default-service-account contains the default service account name
# to use for TaskRun and PipelineRun, if none is specified.
default-service-account: "default"
# default-managed-by-label-value contains the default value given to the
# "app.kubernetes.io/managed-by" label applied to all Pods created for
# TaskRuns. If a user's requested TaskRun specifies another value for this
# label, the user's request supercedes.
default-managed-by-label-value: "tekton-pipelines"
# default-pod-template contains the default pod template to use for
# TaskRun and PipelineRun. If a pod template is specified on the
# PipelineRun, the default-pod-template is merged with that one.
# default-pod-template:
# default-affinity-assistant-pod-template contains the default pod template
# to use for affinity assistant pods. If a pod template is specified on the
# PipelineRun, the default-affinity-assistant-pod-template is merged with
# that one.
# default-affinity-assistant-pod-template:
# default-cloud-events-sink contains the default CloudEvents sink to be
# used for TaskRun and PipelineRun, when no sink is specified.
# Note that right now it is still not possible to set a PipelineRun or
# TaskRun specific sink, so the default is the only option available.
# If no sink is specified, no CloudEvent is generated
# default-cloud-events-sink:
# default-task-run-workspace-binding contains the default workspace
# configuration provided for any Workspaces that a Task declares
# but that a TaskRun does not explicitly provide.
# default-task-run-workspace-binding: |
# emptyDir: {}
# default-max-matrix-combinations-count contains the default maximum number
# of combinations from a Matrix, if none is specified.
default-max-matrix-combinations-count: "256"
# default-forbidden-env contains comma seperated environment variables that cannot be
# overridden by podTemplate.
default-forbidden-env:
# default-resolver-type contains the default resolver type to be used in the cluster,
# no default-resolver-type is specified by default
default-resolver-type:
# default-imagepullbackoff-timeout contains the default duration to wait
# before requeuing the TaskRun to retry, specifying 0 here is equivalent to fail fast
# possible values could be 1m, 5m, 10s, 1h, etc
# default-imagepullbackoff-timeout: "5m"
# default-maximum-resolution-timeout specifies the default duration used by the
# resolution controller before timing out when exceeded.
# Possible values include "1m", "5m", "10s", "1h", etc.
# Example: default-maximum-resolution-timeout: "1m"
# default-container-resource-requirements allow users to update default resource requirements
# to a init-containers and containers of a pods create by the controller
# Onet: All the resource requirements are applied to init-containers and containers
# only if the existing resource requirements are empty.
# default-container-resource-requirements: |
# place-scripts: # updates resource requirements of a 'place-scripts' container
# requests:
# memory: "64Mi"
# cpu: "250m"
# limits:
# memory: "128Mi"
# cpu: "500m"
#
# prepare: # updates resource requirements of a 'prepare' container
# requests:
# memory: "64Mi"
# cpu: "250m"
# limits:
# memory: "256Mi"
# cpu: "500m"
#
# working-dir-initializer: # updates resource requirements of a 'working-dir-initializer' container
# requests:
# memory: "64Mi"
# cpu: "250m"
# limits:
# memory: "512Mi"
# cpu: "500m"
#
# prefix-scripts: # updates resource requirements of containers which starts with 'scripts-'
# requests:
# memory: "64Mi"
# cpu: "250m"
# limits:
# memory: "128Mi"
# cpu: "500m"
#
# prefix-sidecar-scripts: # updates resource requirements of containers which starts with 'sidecar-scripts-'
# requests:
# memory: "64Mi"
# cpu: "250m"
# limits:
# memory: "128Mi"
# cpu: "500m"
#
# default: # updates resource requirements of init-containers and containers which has empty resource resource requirements
# requests:
# memory: "64Mi"
# cpu: "250m"
# limits:
# memory: "256Mi"
# cpu: "500m"
gitResolverConfig:
# The maximum amount of time a single anonymous cloning resolution may take.
fetch-timeout: "1m"
# The git url to fetch the remote resource from when using anonymous cloning.
default-url: "https://github.com/tektoncd/catalog.git"
# The git revision to fetch the remote resource from with either anonymous cloning or the authenticated API.
default-revision: "main"
# The SCM type to use with the authenticated API. Can be github, gitlab, gitea, bitbucketserver, bitbucketcloud
scm-type: "github"
# The SCM server URL to use with the authenticated API. Not needed when using github.com, gitlab.com, or BitBucket Cloud
server-url: ""
# The Kubernetes secret containing the API token for the SCM provider. Required when using the authenticated API.
api-token-secret-name: ""
# The key in the API token secret containing the actual token. Required when using the authenticated API.
api-token-secret-key: ""
# The namespace containing the API token secret. Defaults to "default".
api-token-secret-namespace: "default"
# The default organization to look for repositories under when using the authenticated API,
# if not specified in the resolver parameters. Optional.
default-org: ""
# feature flags to put in feature-flags ConfigMap
featureFlags:
# Setting this flag to "true" will prevent Tekton to create an
# Affinity Assistant for every TaskRun sharing a PVC workspace
#
# The default behaviour is for Tekton to create Affinity Assistants
#
# See more in the Affinity Assistant documentation
# https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md
# or https://github.com/tektoncd/pipeline/pull/2630 for more info.
#
# Note: This feature flag is deprecated and will be removed in release v0.60. Consider using `coschedule` feature flag to configure Affinity Assistant behavior.
disable-affinity-assistant: "false"
# Setting this flag will determine how PipelineRun Pods are scheduled with Affinity Assistant.
# Acceptable values are "workspaces" (default), "pipelineruns", "isolate-pipelinerun", or "disabled".
#
# Setting it to "workspaces" will schedule all the taskruns sharing the same PVC-based workspace in a pipelinerun to the same node.
# Setting it to "pipelineruns" will schedule all the taskruns in a pipelinerun to the same node.
# Setting it to "isolate-pipelinerun" will schedule all the taskruns in a pipelinerun to the same node,
# and only allows one pipelinerun to run on a node at a time.
# Setting it to "disabled" will not apply any coschedule policy.
#
# See more in the Affinity Assistant documentation
# https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md
coschedule: "workspaces"
# Setting this flag to "true" will prevent Tekton scanning attached
# service accounts and injecting any credentials it finds into your
# Steps.
#
# The default behaviour currently is for Tekton to search service
# accounts for secrets matching a specified format and automatically
# mount those into your Steps.
#
# Note: setting this to "true" will prevent PipelineResources from
# working.
#
# See https://github.com/tektoncd/pipeline/issues/2791 for more
# info.
disable-creds-init: "false"
# Setting this flag to "false" will stop Tekton from waiting for a
# TaskRun's sidecar containers to be running before starting the first
# step. This will allow Tasks to be run in environments that don't
# support the DownwardAPI volume type, but may lead to unintended
# behaviour if sidecars are used.
#
# See https://github.com/tektoncd/pipeline/issues/4937 for more info.
await-sidecar-readiness: "true"
# This option should be set to false when Pipelines is running in a
# cluster that does not use injected sidecars such as Istio. Setting
# it to false should decrease the time it takes for a TaskRun to start
# running. For clusters that use injected sidecars, setting this
# option to false can lead to unexpected behavior.
#
# See https://github.com/tektoncd/pipeline/issues/2080 for more info.
running-in-environment-with-injected-sidecars: "true"
# Setting this flag to "true" will require that any Git SSH Secret
# offered to Tekton must have known_hosts included.
#
# See https://github.com/tektoncd/pipeline/issues/2981 for more
# info.
require-git-ssh-secret-known-hosts: "false"
# Setting this flag to "true" enables the use of Tekton OCI bundle.
# This is an experimental feature and thus should still be considered
# an alpha feature.
enable-tekton-oci-bundles: "false"
# Setting this flag will determine which gated features are enabled.
# Acceptable values are "stable", "beta", or "alpha".
enable-api-fields: "beta"
# Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a
# CloudEvents sink is configured in the config-defaults config map
send-cloudevents-for-runs: "false"
# This flag affects the behavior of taskruns and pipelineruns in cases where no VerificationPolicies match them.
# If it is set to "fail", TaskRuns and PipelineRuns will fail verification if no matching policies are found.
# If it is set to "warn", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and an error will be logged.
# If it is set to "ignore", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and no error will be logged.
trusted-resources-verification-no-match-policy: "ignore"
# Setting this flag to "true" enables populating the "provenance" field in TaskRun
# and PipelineRun status. This field contains metadata about resources used
# in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline
# definition was fetched.
enable-provenance-in-status: "true"
# Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance.
# If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance.
# If set to "none", then Tekton will not have non-falsifiable provenance.
# This is an experimental feature and thus should still be considered an alpha feature.
enforce-nonfalsifiability: "none"
# Setting this flag will determine how Tekton pipelines will handle extracting results from the task.
# Acceptable values are "termination-message" or "sidecar-logs".
# "sidecar-logs" is now a beta feature.
results-from: "termination-message"
# Setting this flag will determine the upper limit of each task result
# This flag is optional and only associated with the previous flag, results-from
# When results-from is set to "sidecar-logs", this flag can be used to configure the upper limit of a task result
# max-result-size: "4096"
# Setting this flag to "true" will limit privileges for containers injected by Tekton into TaskRuns.
# This allows TaskRuns to run in namespaces with "restricted" pod security standards.
# Not all Kubernetes implementations support this option.
set-security-context: "false"
# Setting this flag to "true" will set readOnlyRootFilesystem in securityContext for all containers used in TaskRuns and AffinityAssistant.
set-security-context-read-only-root-filesystem: "false"
# Setting this flag to "true" will keep pod on cancellation
# allowing examination of the logs on the pods from cancelled taskruns
keep-pod-on-cancel: "false"
# Setting this flag to "true" will enable the CEL evaluation in WhenExpression
enable-cel-in-whenexpression: "false"
# Setting this flag to "true" will enable the use of StepActions in Steps
# This feature is in preview mode and not implemented yet. Please check #7259 for updates.
enable-step-actions: "false"
# Setting this flag to "true" will enable the use of Artifacts in Steps
# This feature is in preview mode and not implemented yet. Please check #7693 for updates.
enable-artifacts: "false"
# Setting this flag to "true" will enable the built-in param input validation via param enum.
enable-param-enum: "false"
# Setting this flag to "pipeline,pipelinerun,taskrun" will prevent users from creating
# embedded spec Taskruns or Pipelineruns for Pipeline, Pipelinerun and taskrun
# respectively. We can specify "pipeline" to disable for Pipeline resource only.
# "pipelinerun" for Pipelinerun and "taskrun" for Taskrun. Or a combination of
# these.
disable-inline-spec: ""
# Setting this flag to "true" will enable the use of concise resolver syntax
enable-concise-resolver-syntax: "false"
# Setthing this flag to "true" will enable native Kubernetes Sidecar support
enable-kubernetes-sidecar: "false"
Reference in New Issue View Git Blame Copy Permalink