diff --git a/config/base/webhook.yaml b/config/base/webhook.yaml index a4f0eda916..a08e1bcecf 100644 --- a/config/base/webhook.yaml +++ b/config/base/webhook.yaml @@ -19,32 +19,4 @@ metadata: labels: version: "devel" operator.tekton.dev/release: "devel" -spec: - replicas: 1 - selector: - matchLabels: - name: tekton-operator-webhook - template: - metadata: - labels: - name: tekton-operator-webhook - app: tekton-operator - spec: - serviceAccountName: tekton-operator - containers: - - name: webhook - image: "ko://github.com/tektoncd/operator/cmd/kubernetes/webhook" - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: WEBHOOK_SERVICE_NAME - value: tekton-operator-webhook - - name: WEBHOOK_SECRET_NAME - value: tekton-operator-webhook-certs - ports: - - name: https-webhook - containerPort: 8443 +spec: {} diff --git a/config/kubernetes/kustomization.yaml b/config/kubernetes/kustomization.yaml index ec221b37a9..5642a650cd 100644 --- a/config/kubernetes/kustomization.yaml +++ b/config/kubernetes/kustomization.yaml @@ -18,6 +18,10 @@ patches: target: kind: Deployment name: tekton-operator +- path: webhook.yaml + target: + kind: Deployment + name: tekton-operator-webhook configMapGenerator: - name: tekton-config-defaults diff --git a/config/kubernetes/webhook.yaml b/config/kubernetes/webhook.yaml new file mode 100644 index 0000000000..256918af29 --- /dev/null +++ b/config/kubernetes/webhook.yaml @@ -0,0 +1,50 @@ +# Copyright 2021 The Tekton Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tekton-operator-webhook + labels: + version: "devel" + operator.tekton.dev/release: "devel" +spec: + replicas: 1 + selector: + matchLabels: + name: tekton-operator-webhook + template: + metadata: + labels: + name: tekton-operator-webhook + app: tekton-operator + spec: + serviceAccountName: tekton-operator + containers: + - name: tekton-operator-webhook + image: ko://github.com/tektoncd/operator/cmd/kubernetes/webhook + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: WEBHOOK_SERVICE_NAME + value: tekton-operator-webhook + - name: WEBHOOK_SECRET_NAME + value: tekton-operator-webhook-certs + ports: + - name: https-webhook + containerPort: 8443 \ No newline at end of file diff --git a/config/openshift/kustomization.yaml b/config/openshift/kustomization.yaml index 71c9401d76..11ca1a4e51 100644 --- a/config/openshift/kustomization.yaml +++ b/config/openshift/kustomization.yaml @@ -25,6 +25,10 @@ patches: target: kind: Deployment name: tekton-operator +- path: webhook.yaml + target: + kind: Deployment + name: tekton-operator-webhook - path: role.yaml target: kind: ClusterRole @@ -38,8 +42,6 @@ patches: kind: Deployment name: tekton-operator-webhook -patchesStrategicMerge: - - 500-webhooks.yaml resources: - ../base/ - ../base/300-operator_v1alpha1_addon_crd.yaml diff --git a/config/openshift/operator.yaml b/config/openshift/operator.yaml index 3e90a634b9..562a26193c 100644 --- a/config/openshift/operator.yaml +++ b/config/openshift/operator.yaml @@ -44,7 +44,7 @@ spec: - name: OPERATOR_NAME value: redhat-openshift-pipelines-operator - name: IMAGE_PIPELINES_PROXY - value: ko://github.com/tektoncd/operator/cmd/openshift/proxy-webhook + value: ko://github.com/tektoncd/operator/cmd/openshift/proxy-webhook - name: IMAGE_JOB_PRUNER_TKN value: gcr.io/tekton-releases/dogfooding/tkn@sha256:f69a02ef099d8915e9e4ea1b74e43b7a9309fc97cf23cb457ebf191e73491677 # - name: IMAGE_ADDONS_PARAM_TKN_IMAGE diff --git a/config/openshift/webhook.yaml b/config/openshift/webhook.yaml index 054222e3af..baed413519 100644 --- a/config/openshift/webhook.yaml +++ b/config/openshift/webhook.yaml @@ -16,9 +16,35 @@ apiVersion: apps/v1 kind: Deployment metadata: name: tekton-operator-webhook + labels: + version: "devel" + operator.tekton.dev/release: "devel" spec: + replicas: 1 + selector: + matchLabels: + name: tekton-operator-webhook template: + metadata: + labels: + name: tekton-operator-webhook + app: tekton-operator spec: + serviceAccountName: tekton-operator containers: - - name: webhook - image: ko://github.com/tektoncd/operator/cmd/openshift/webhook + - name: tekton-operator-webhook + image: ko://github.com/tektoncd/operator/cmd/openshift/webhook + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: WEBHOOK_SERVICE_NAME + value: tekton-operator-webhook + - name: WEBHOOK_SECRET_NAME + value: tekton-operator-webhook-certs + ports: + - name: https-webhook + containerPort: 8443 diff --git a/operatorhub/kubernetes/config.yaml b/operatorhub/kubernetes/config.yaml index 727e0e90ee..e413d8e9e3 100644 --- a/operatorhub/kubernetes/config.yaml +++ b/operatorhub/kubernetes/config.yaml @@ -20,6 +20,11 @@ image-substitutions: containerName: tekton-operator envKeys: - IMAGE_JOB_PRUNER_TKN +- image: ko://github.com/tektoncd/operator/cmd/kubernetes/webhook + replaceLocations: + containerTargets: + - deploymentName: tekton-operator-webhook + containerName: tekton-operator-webhook # add thrid party images which are not replaced by operator # but pulled directly by tasks here diff --git a/operatorhub/openshift/config.yaml b/operatorhub/openshift/config.yaml index 5d24aed065..3ae1d3dc2c 100644 --- a/operatorhub/openshift/config.yaml +++ b/operatorhub/openshift/config.yaml @@ -141,7 +141,11 @@ image-substitutions: envKeys: - IMAGE_JOB_PRUNER_TKN - IMAGE_ADDONS_PARAM_TKN_IMAGE - +- image: ko://github.com/tektoncd/operator/cmd/openshift/webhook + replaceLocations: + containerTargets: + - deploymentName: tekton-operator-webhook + containerName: tekton-operator-webhook # add thrid party images which are not replaced by operator # but pulled directly by tasks here diff --git a/operatorhub/openshift/release-artifacts/bundle/manifests/openshift-pipelines-operator-rh.clusterserviceversion.yaml b/operatorhub/openshift/release-artifacts/bundle/manifests/openshift-pipelines-operator-rh.clusterserviceversion.yaml index 551cb084c9..7c02f10c20 100644 --- a/operatorhub/openshift/release-artifacts/bundle/manifests/openshift-pipelines-operator-rh.clusterserviceversion.yaml +++ b/operatorhub/openshift/release-artifacts/bundle/manifests/openshift-pipelines-operator-rh.clusterserviceversion.yaml @@ -665,6 +665,57 @@ spec: name: openshift-pipelines-operator resources: {} serviceAccountName: openshift-pipelines-operator + - name: tekton-operator-webhook + spec: + replicas: 1 + selector: + matchLabels: + name: tekton-operator-webhook + strategy: {} + template: + metadata: + labels: + app: tekton-operator + name: tekton-operator-webhook + spec: + containers: + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: WEBHOOK_SERVICE_NAME + value: tekton-operator-webhook + - name: WEBHOOK_SECRET_NAME + value: tekton-operator-webhook-certs + image: ko://github.com/tektoncd/operator/cmd/openshift/webhook123 + name: tekton-operator-webhook + ports: + - containerPort: 8443 + name: https-webhook + resources: {} + - env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: redhat-openshift-pipelines-operator + - name: IMAGE_PIPELINES_PROXY + value: ko://github.com/tektoncd/operator/cmd/openshift/proxy-webhook + - name: IMAGE_JOB_PRUNER_TKN + value: gcr.io/tekton-releases/dogfooding/tkn@sha256:f69a02ef099d8915e9e4ea1b74e43b7a9309fc97cf23cb457ebf191e73491677 + image: ko://github.com/tektoncd/operator/cmd/openshift/operator + imagePullPolicy: Always + name: openshift-pipelines-operator + resources: {} + serviceAccountName: tekton-operator strategy: deployment installModes: - supported: false @@ -736,5 +787,38 @@ spec: name: IMAGE_JOB_PRUNER_TKN - image: registry.redhat.io/openshift-pipelines/pipelines-cli-tkn-rhel8@ name: IMAGE_ADDONS_PARAM_TKN_IMAGE + - image: ko://github.com/tektoncd/operator/cmd/openshift/webhook123 + name: TEKTON_OPERATOR_WEBHOOK replaces: 1.5.0 version: 1.6.0 + webhookdefinitions: + - admissionReviewVersions: + - v1beta1 + - v1 + containerPort: 443 + deploymentName: tekton-operator-webhook + failurePolicy: Fail + generateName: config.webhook.operator.tekton.dev + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + - admissionReviewVersions: + - v1beta1 + - v1 + containerPort: 443 + deploymentName: tekton-operator-webhook + failurePolicy: Fail + generateName: validation.webhook.operator.tekton.dev + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + - admissionReviewVersions: + - v1beta1 + - v1 + containerPort: 443 + deploymentName: tekton-operator-webhook + failurePolicy: Fail + generateName: webhook.operator.tekton.dev + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook diff --git a/operatorhub/openshift/release-artifacts/bundle/manifests/operator.tekton.dev_tektonconfigs.yaml b/operatorhub/openshift/release-artifacts/bundle/manifests/operator.tekton.dev_tektonconfigs.yaml index 2af70d36ed..511156426a 100644 --- a/operatorhub/openshift/release-artifacts/bundle/manifests/operator.tekton.dev_tektonconfigs.yaml +++ b/operatorhub/openshift/release-artifacts/bundle/manifests/operator.tekton.dev_tektonconfigs.yaml @@ -67,7 +67,6 @@ spec: description: this enables to prune pipelinerun/taskrun properties: keep: - default: 1 description: number of resources to keep type: integer resources: diff --git a/operatorhub/openshift/release-artifacts/bundle/manifests/tekton-operator-webhook-certs_v1_secret.yaml b/operatorhub/openshift/release-artifacts/bundle/manifests/tekton-operator-webhook-certs_v1_secret.yaml new file mode 100644 index 0000000000..47978f368e --- /dev/null +++ b/operatorhub/openshift/release-artifacts/bundle/manifests/tekton-operator-webhook-certs_v1_secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app: tekton-operator + name: tekton-operator-webhook + name: tekton-operator-webhook-certs diff --git a/operatorhub/openshift/release-artifacts/bundle/manifests/tekton-operator-webhook_v1_service.yaml b/operatorhub/openshift/release-artifacts/bundle/manifests/tekton-operator-webhook_v1_service.yaml new file mode 100644 index 0000000000..1189dadb70 --- /dev/null +++ b/operatorhub/openshift/release-artifacts/bundle/manifests/tekton-operator-webhook_v1_service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app: tekton-operator + name: tekton-operator-webhook + operator.tekton.dev/release: devel + version: devel + name: tekton-operator-webhook +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + app: tekton-operator + name: tekton-operator-webhook +status: + loadBalancer: {}