Last active
March 2, 2023 01:38
-
-
Save pivotaljohn/c2a90610729611f33a8902d1a7828f76 to your computer and use it in GitHub Desktop.
Overlaying a configmap that's fully populated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #@ load("@ytt:overlay", "overlay") | |
| #@ load("@ytt:data", "data") | |
| #@ def tekton_pipeline_configmap(): | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: feature-flags | |
| namespace: tekton-pipelines | |
| #@ end | |
| #@ def custom_config(): | |
| #@overlay/match-child-defaults missing_ok=True | |
| data: #@ data.values["tekton-config"] | |
| #@ end | |
| #@overlay/match by=overlay.subset(tekton_pipeline_configmap()) | |
| #@overlay/replace via=lambda upstream, _: overlay.apply(upstream, custom_config()) | |
| --- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #@data/values | |
| --- | |
| tekton-config: | |
| disable-creds-init: "true" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #@data/values-schema | |
| --- | |
| tekton-config: | |
| #@schema/validation one_of=["true", "false"] | |
| disable-affinity-assistant: "false" | |
| #@schema/validation one_of=["true", "false"] | |
| disable-creds-init: "false" | |
| #@schema/validation one_of=["true", "false"] | |
| await-sidecar-readiness: "true" | |
| #@schema/validation one_of=["true", "false"] | |
| running-in-environment-with-injected-sidecars: "true" | |
| #@schema/validation one_of=["true", "false"] | |
| require-git-ssh-secret-known-hosts: "false" | |
| #@schema/validation one_of=["true", "false"] | |
| enable-tekton-oci-bundles: "false" | |
| #@schema/validation one_of=["stable", "beta", "alpha"] | |
| enable-api-fields: "stable" | |
| #@schema/validation one_of=["true", "false"] | |
| send-cloudevents-for-runs: "false" | |
| #@schema/validation one_of=["enforce", "skip", "warn"] | |
| resource-verification-mode: "skip" | |
| #@schema/validation one_of=["true", "false"] | |
| enable-provenance-in-status: "false" | |
| #@schema/validation one_of=["v1alpha1", "v1beta1"] | |
| custom-task-version: "v1beta1" | |
| #@schema/validation one_of=["none", "spire"] | |
| enforce-nonfalsifiablity: "none" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2019 The Tekton Authors | |
| # | |
| # Licensed under the Apache License, Version 2.0 (the "License"); | |
| # you may not use this file except in compliance with the License. | |
| # You may obtain a copy of the License at | |
| # | |
| # https://www.apache.org/licenses/LICENSE-2.0 | |
| # | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: feature-flags | |
| namespace: tekton-pipelines | |
| labels: | |
| app.kubernetes.io/instance: default | |
| app.kubernetes.io/part-of: tekton-pipelines | |
| data: | |
| # Setting this flag to "true" will prevent Tekton to create an | |
| # Affinity Assistant for every TaskRun sharing a PVC workspace | |
| # | |
| # The default behaviour is for Tekton to create Affinity Assistants | |
| # | |
| # See more in the workspace documentation about Affinity Assistant | |
| # https://github.com/tektoncd/pipeline/blob/main/docs/workspaces.md#affinity-assistant-and-specifying-workspace-order-in-a-pipeline | |
| # or https://github.com/tektoncd/pipeline/pull/2630 for more info. | |
| disable-affinity-assistant: "false" | |
| # Setting this flag to "true" will prevent Tekton scanning attached | |
| # service accounts and injecting any credentials it finds into your | |
| # Steps. | |
| # | |
| # The default behaviour currently is for Tekton to search service | |
| # accounts for secrets matching a specified format and automatically | |
| # mount those into your Steps. | |
| # | |
| # Note: setting this to "true" will prevent PipelineResources from | |
| # working. | |
| # | |
| # See https://github.com/tektoncd/pipeline/issues/2791 for more | |
| # info. | |
| disable-creds-init: "false" | |
| # Setting this flag to "false" will stop Tekton from waiting for a | |
| # TaskRun's sidecar containers to be running before starting the first | |
| # step. This will allow Tasks to be run in environments that don't | |
| # support the DownwardAPI volume type, but may lead to unintended | |
| # behaviour if sidecars are used. | |
| # | |
| # See https://github.com/tektoncd/pipeline/issues/4937 for more info. | |
| await-sidecar-readiness: "true" | |
| # This option should be set to false when Pipelines is running in a | |
| # cluster that does not use injected sidecars such as Istio. Setting | |
| # it to false should decrease the time it takes for a TaskRun to start | |
| # running. For clusters that use injected sidecars, setting this | |
| # option to false can lead to unexpected behavior. | |
| # | |
| # See https://github.com/tektoncd/pipeline/issues/2080 for more info. | |
| running-in-environment-with-injected-sidecars: "true" | |
| # Setting this flag to "true" will require that any Git SSH Secret | |
| # offered to Tekton must have known_hosts included. | |
| # | |
| # See https://github.com/tektoncd/pipeline/issues/2981 for more | |
| # info. | |
| require-git-ssh-secret-known-hosts: "false" | |
| # Setting this flag to "true" enables the use of Tekton OCI bundle. | |
| # This is an experimental feature and thus should still be considered | |
| # an alpha feature. | |
| enable-tekton-oci-bundles: "false" | |
| # Setting this flag will determine which gated features are enabled. | |
| # Acceptable values are "stable", "beta", or "alpha". | |
| enable-api-fields: "stable" | |
| # Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a | |
| # CloudEvents sink is configured in the config-defaults config map | |
| send-cloudevents-for-runs: "false" | |
| # Setting this flag to "enforce" will enforce verification of tasks/pipeline. Failing to verify | |
| # will fail the taskrun/pipelinerun. "warn" will only log the err message and "skip" | |
| # will skip the whole verification | |
| resource-verification-mode: "skip" | |
| # Setting this flag to "true" enables populating the "provenance" field in TaskRun | |
| # and PipelineRun status. This field contains metadata about resources used | |
| # in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline | |
| # definition was fetched. | |
| enable-provenance-in-status: "false" | |
| # Setting this flag will determine the version for custom tasks created by PipelineRuns. | |
| # Acceptable values are "v1beta1" and "v1alpha1". | |
| # The default is "v1beta1". | |
| custom-task-version: "v1beta1" | |
| # Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance. | |
| # If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance. | |
| # If set to "none", then Tekton will not have non-falsifiable provenance. | |
| # This is an experimental feature and thus should still be considered an alpha feature. | |
| enforce-nonfalsifiablity: "none" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment