From b463bec9bf4fc0003b27aa8661aa1612968fa6ca Mon Sep 17 00:00:00 2001 From: Jeremy Lewi Date: Thu, 21 May 2020 07:47:56 -0700 Subject: [PATCH] Use multiple ACM repos and create a code-intelligence cluster. * For now, it looks like using multiple acm-repo (i.e. different repos for different clusters) will work better than trying to use a single acm-repo and cluster selectors. * I was hitting problems with the fact that Tekton can't be installed via ACM right now (it violates certain validation constraints). * I only wanted to install tekton on the auto-deploy cluster (kf-ci-v1) and not the kf-ci-management cluster but I was stil getting errors from ACM complaining the Tekton configs were invalid. * So as a work around I renamed acm-repo -> acm-repos with the intent we will have multiple subdirectories corresponding to different repos * A given cluster can then choose which cluster to enroll in * Create a new cluster for the KF chatbot (see kubeflow/code-intelligence#142) * The cluster will be managed using CNRM and ACM on the kf-ci-management cluster. So we need to check in the configs. * The source (kustomize packages for the manifests) is in kubeflow/code-intelligence#145 --- acm-repo/cluster/tekton.yaml | 794 ------------------ ...job_cleanup-ci-kubeflow-ci-deployment.yaml | 48 -- .../namespaces/auto-deploy/namespace.yaml | 8 - ...1alpha1_pipeline_deploy-gcp-blueprint.yaml | 44 - ...dev_v1alpha1_task_cleanup-kubeflow-ci.yaml | 67 -- ...ev_v1alpha1_task_deploy-gcp-blueprint.yaml | 80 -- ...ekton.dev_v1alpha1_task_notebook-test.yaml | 122 --- ...1_configmap_cleanup-config-4bm54d2bmb.yaml | 23 - .../tekton-pipelines/namespace.yaml | 8 - .../tekton-pipelines/release-0.12.yaml | 673 --------------- acm-repos/README.md | 6 + .../kf-ci-management}/README.md | 0 .../clusterregistry/kf-ci-selector.yaml | 0 ...1_computeaddress_code-intelligence-ip.yaml | 0 ...e-intelligence-storage-artifact-store.yaml | 0 ...e-intelligence-storage-metadata-store.yaml | 0 ...a1_containercluster_code-intelligence.yaml | 20 + ...odepool_code-intelligence-cpu-pool-v1.yaml | 29 + ...mber_code-intelligence-admin-bigquery.yaml | 0 ...er_code-intelligence-admin-cloudbuild.yaml | 0 ...mber_code-intelligence-admin-cloudsql.yaml | 0 ...mber_code-intelligence-admin-dataflow.yaml | 0 ...mber_code-intelligence-admin-dataproc.yaml | 0 ...mber_code-intelligence-admin-istio-wi.yaml | 0 ...ember_code-intelligence-admin-logging.yaml | 0 ..._code-intelligence-admin-metricwriter.yaml | 0 ...licymember_code-intelligence-admin-ml.yaml | 0 ...e-intelligence-admin-monitoringviewer.yaml | 0 ...ember_code-intelligence-admin-network.yaml | 0 ...-intelligence-admin-servicemanagement.yaml | 0 ...member_code-intelligence-admin-source.yaml | 0 ...ember_code-intelligence-admin-storage.yaml | 0 ...member_code-intelligence-admin-viewer.yaml | 0 ...licymember_code-intelligence-admin-wi.yaml | 0 ...ember_code-intelligence-user-bigquery.yaml | 0 ...ber_code-intelligence-user-cloudbuild.yaml | 0 ...ember_code-intelligence-user-cloudsql.yaml | 0 ...ember_code-intelligence-user-dataflow.yaml | 0 ...ember_code-intelligence-user-dataproc.yaml | 0 ...member_code-intelligence-user-logging.yaml | 0 ...r_code-intelligence-user-metricwriter.yaml | 0 ...olicymember_code-intelligence-user-ml.yaml | 0 ...de-intelligence-user-monitoringviewer.yaml | 0 ...ymember_code-intelligence-user-source.yaml | 0 ...member_code-intelligence-user-storage.yaml | 0 ...ymember_code-intelligence-user-viewer.yaml | 0 ...cymember_code-intelligence-vm-logging.yaml | 0 ...ode-intelligence-vm-policy-cloudtrace.yaml | 0 ...-intelligence-vm-policy-meshtelemetry.yaml | 0 ...elligence-vm-policy-monitoring-viewer.yaml | 0 ...ode-intelligence-vm-policy-monitoring.yaml | 0 ...r_code-intelligence-vm-policy-storage.yaml | 0 ...erviceaccount_code-intelligence-admin.yaml | 0 ...serviceaccount_code-intelligence-user.yaml | 0 ...amserviceaccount_code-intelligence-vm.yaml | 0 .../issue-label-bot-dev/namespace.yaml | 0 .../kf-ci-management}/system/README.md | 0 .../kf-ci-management}/system/repo.yaml | 0 .../configsync/config-management.yaml | 2 +- 59 files changed, 56 insertions(+), 1868 deletions(-) delete mode 100644 acm-repo/cluster/tekton.yaml delete mode 100644 acm-repo/namespaces/auto-deploy/batch_v1beta1_cronjob_cleanup-ci-kubeflow-ci-deployment.yaml delete mode 100644 acm-repo/namespaces/auto-deploy/namespace.yaml delete mode 100644 acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_pipeline_deploy-gcp-blueprint.yaml delete mode 100644 acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_task_cleanup-kubeflow-ci.yaml delete mode 100644 acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_task_deploy-gcp-blueprint.yaml delete mode 100644 acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_task_notebook-test.yaml delete mode 100644 acm-repo/namespaces/auto-deploy/~g_v1_configmap_cleanup-config-4bm54d2bmb.yaml delete mode 100644 acm-repo/namespaces/tekton-pipelines/namespace.yaml delete mode 100644 acm-repo/namespaces/tekton-pipelines/release-0.12.yaml create mode 100644 acm-repos/README.md rename {acm-repo => acm-repos/kf-ci-management}/README.md (100%) rename {acm-repo => acm-repos/kf-ci-management}/clusterregistry/kf-ci-selector.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computeaddress_code-intelligence-ip.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computedisk_code-intelligence-storage-artifact-store.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computedisk_code-intelligence-storage-metadata-store.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/container.cnrm.cloud.google.com_v1beta1_containercluster_code-intelligence.yaml (55%) create mode 100644 acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/container.cnrm.cloud.google.com_v1beta1_containernodepool_code-intelligence-cpu-pool-v1.yaml rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-bigquery.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-cloudbuild.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-cloudsql.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-dataflow.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-dataproc.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-istio-wi.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-logging.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-metricwriter.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-ml.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-monitoringviewer.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-network.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-servicemanagement.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-source.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-storage.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-viewer.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-wi.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-bigquery.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-cloudbuild.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-cloudsql.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-dataflow.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-dataproc.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-logging.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-metricwriter.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-ml.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-monitoringviewer.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-source.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-storage.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-viewer.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-logging.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-cloudtrace.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-meshtelemetry.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-monitoring-viewer.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-monitoring.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-storage.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-admin.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-user.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-vm.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/namespaces/issue-label-bot-dev/namespace.yaml (100%) rename {acm-repo => acm-repos/kf-ci-management}/system/README.md (100%) rename {acm-repo => acm-repos/kf-ci-management}/system/repo.yaml (100%) diff --git a/acm-repo/cluster/tekton.yaml b/acm-repo/cluster/tekton.yaml deleted file mode 100644 index 46b11c175..000000000 --- a/acm-repo/cluster/tekton.yaml +++ /dev/null @@ -1,794 +0,0 @@ -# Cluster level resources for tekton. -# -# These are obtained by -# 1. curl https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.12.1/release.yaml > ../cluster/tekton.yaml -# 2. Remove all non-namespace scoped resources. - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: tekton-pipelines -spec: - privileged: false - allowPrivilegeEscalation: false - volumes: - - 'emptyDir' - - 'configMap' - - 'secret' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - ---- -# Copyright 2020 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-controller-cluster-access -rules: -- apiGroups: [""] - # Namespace access is required because the controller timeout handling logic - # iterates over all namespaces and times out any PipelineRuns that have expired. - # Pod access is required because the taskrun controller wants to be updated when - # a Pod underlying a TaskRun changes state. - resources: ["namespaces", "pods"] - verbs: ["list", "watch"] - # Controller needs cluster access to all of the CRDs that it is responsible for - # managing. -- apiGroups: ["tekton.dev"] - resources: ["tasks", "clustertasks", "taskruns", "pipelines", "pipelineruns", "pipelineresources", - "conditions"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] -- apiGroups: ["tekton.dev"] - resources: ["taskruns/finalizers", "pipelineruns/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] -- apiGroups: ["tekton.dev"] - resources: ["tasks/status", "clustertasks/status", "taskruns/status", "pipelines/status", - "pipelineruns/status", "pipelineresources/status"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] -- apiGroups: ["policy"] - resources: ["podsecuritypolicies"] - resourceNames: ["tekton-pipelines"] - verbs: ["use"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - # This is the access that the controller needs on a per-namespace basis. - name: tekton-pipelines-controller-tenant-access -rules: -- apiGroups: [""] - resources: ["pods", "pods/log", "secrets", "events", "serviceaccounts", "configmaps", - "persistentvolumeclaims", "limitranges"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] - # Unclear if this access is actually required. Simply a hold-over from the previous - # incarnation of the controller's ClusterRole. -- apiGroups: ["apps"] - resources: ["deployments"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] -- apiGroups: ["apps"] - resources: ["deployments/finalizers"] - verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-webhook-cluster-access -rules: -- # The webhook needs to be able to list and update customresourcedefinitions, - # mainly to update the webhook certificates. - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions", "customresourcedefinitions/status"] - verbs: ["get", "list", "update", "patch", "watch"] -- apiGroups: ["admissionregistration.k8s.io"] - # The webhook performs a reconciliation on these two resources and continuously - # updates configuration. - resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] - # knative starts informers on these things, which is why we need get, list and watch. - verbs: ["list", "watch"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - # This mutating webhook is responsible for applying defaults to tekton objects - # as they are received. - resourceNames: ["webhook.pipeline.tekton.dev"] - # When there are changes to the configs or secrets, knative updates the mutatingwebhook config - # with the updated certificates or the refreshed set of rules. - verbs: ["get", "update"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - # validation.webhook.pipeline.tekton.dev performs schema validation when you, for example, create TaskRuns. - # config.webhook.pipeline.tekton.dev validates the logging configuration against knative's logging structure - resourceNames: ["validation.webhook.pipeline.tekton.dev", "config.webhook.pipeline.tekton.dev"] - # When there are changes to the configs or secrets, knative updates the validatingwebhook config - # with the updated certificates or the refreshed set of rules. - verbs: ["get", "update"] -- apiGroups: ["policy"] - resources: ["podsecuritypolicies"] - resourceNames: ["tekton-pipelines"] - verbs: ["use"] - - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: tekton-pipelines-controller-cluster-access -subjects: -- kind: ServiceAccount - name: tekton-pipelines-controller - namespace: tekton-pipelines -roleRef: - kind: ClusterRole - name: tekton-pipelines-controller-cluster-access - apiGroup: rbac.authorization.k8s.io ---- -# If this ClusterRoleBinding is replaced with a RoleBinding -# then the ClusterRole would be namespaced. The access described by -# the tekton-pipelines-controller-tenant-access ClusterRole would -# be scoped to individual tenant namespaces. -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: tekton-pipelines-controller-tenant-access -subjects: -- kind: ServiceAccount - name: tekton-pipelines-controller - namespace: tekton-pipelines -roleRef: - kind: ClusterRole - name: tekton-pipelines-controller-tenant-access - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: tekton-pipelines-webhook-cluster-access -subjects: -- kind: ServiceAccount - name: tekton-pipelines-webhook - namespace: tekton-pipelines -roleRef: - kind: ClusterRole - name: tekton-pipelines-webhook-cluster-access - apiGroup: rbac.authorization.k8s.io - - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clustertasks.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - preserveUnknownFields: false - validation: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - versions: - - name: v1alpha1 - served: true - storage: true - - name: v1beta1 - served: true - storage: false - names: - kind: ClusterTask - plural: clustertasks - categories: - - tekton - - tekton-pipelines - scope: Cluster - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - conversion: - strategy: Webhook - webhookClientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: conditions.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - names: - kind: Condition - plural: conditions - categories: - - tekton - - tekton-pipelines - scope: Namespaced - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - version: v1alpha1 - ---- -# Copyright 2018 The Knative Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: images.caching.internal.knative.dev - labels: - knative.dev/crd-install: "true" -spec: - group: caching.internal.knative.dev - version: v1alpha1 - names: - kind: Image - plural: images - singular: image - categories: - - knative-internal - - caching - shortNames: - - img - scope: Namespaced - subresources: - status: {} - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: pipelines.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - preserveUnknownFields: false - validation: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - versions: - - name: v1alpha1 - served: true - storage: true - - name: v1beta1 - served: true - storage: false - names: - kind: Pipeline - plural: pipelines - categories: - - tekton - - tekton-pipelines - scope: Namespaced - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - conversion: - strategy: Webhook - webhookClientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: pipelineruns.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - preserveUnknownFields: false - validation: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - versions: - - name: v1alpha1 - served: true - storage: true - - name: v1beta1 - served: true - storage: false - names: - kind: PipelineRun - plural: pipelineruns - categories: - - tekton - - tekton-pipelines - shortNames: - - pr - - prs - scope: Namespaced - additionalPrinterColumns: - - name: Succeeded - type: string - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - JSONPath: .status.startTime - - name: CompletionTime - type: date - JSONPath: .status.completionTime - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - conversion: - strategy: Webhook - webhookClientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: pipelineresources.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - names: - kind: PipelineResource - plural: pipelineresources - categories: - - tekton - - tekton-pipelines - scope: Namespaced - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - version: v1alpha1 - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: tasks.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - preserveUnknownFields: false - validation: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - versions: - - name: v1alpha1 - served: true - storage: true - - name: v1beta1 - served: true - storage: false - names: - kind: Task - plural: tasks - categories: - - tekton - - tekton-pipelines - scope: Namespaced - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - conversion: - strategy: Webhook - webhookClientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: taskruns.tekton.dev - labels: - pipeline.tekton.dev/release: "devel" - version: "devel" -spec: - group: tekton.dev - preserveUnknownFields: false - validation: - openAPIV3Schema: - type: object - # One can use x-kubernetes-preserve-unknown-fields: true - # at the root of the schema (and inside any properties, additionalProperties) - # to get the traditional CRD behaviour that nothing is pruned, despite - # setting spec.preserveUnknownProperties: false. - # - # See https://kubernetes.io/blog/2019/06/20/crd-structural-schema/ - # See issue: https://github.com/knative/serving/issues/912 - x-kubernetes-preserve-unknown-fields: true - versions: - - name: v1alpha1 - served: true - storage: true - - name: v1beta1 - served: true - storage: false - names: - kind: TaskRun - plural: taskruns - categories: - - tekton - - tekton-pipelines - shortNames: - - tr - - trs - scope: Namespaced - additionalPrinterColumns: - - name: Succeeded - type: string - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].status" - - name: Reason - type: string - JSONPath: ".status.conditions[?(@.type==\"Succeeded\")].reason" - - name: StartTime - type: date - JSONPath: .status.startTime - - name: CompletionTime - type: date - JSONPath: .status.completionTime - # Opt into the status subresource so metadata.generation - # starts to increment - subresources: - status: {} - conversion: - strategy: Webhook - webhookClientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - - ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.pipeline.tekton.dev - labels: - pipeline.tekton.dev/release: devel -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - failurePolicy: Fail - sideEffects: None - name: validation.webhook.pipeline.tekton.dev ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.pipeline.tekton.dev - labels: - pipeline.tekton.dev/release: devel -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - failurePolicy: Fail - sideEffects: None - name: webhook.pipeline.tekton.dev ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.pipeline.tekton.dev - labels: - pipeline.tekton.dev/release: devel -webhooks: -- admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - failurePolicy: Fail - sideEffects: None - name: config.webhook.pipeline.tekton.dev - namespaceSelector: - matchExpressions: - - key: pipeline.tekton.dev/release - operator: Exists - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tekton-aggregate-edit - labels: - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: -- apiGroups: - - tekton.dev - resources: - - tasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - - conditions - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: tekton-aggregate-view - labels: - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: - - tekton.dev - resources: - - tasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - - conditions - verbs: - - get - - list - - watch - diff --git a/acm-repo/namespaces/auto-deploy/batch_v1beta1_cronjob_cleanup-ci-kubeflow-ci-deployment.yaml b/acm-repo/namespaces/auto-deploy/batch_v1beta1_cronjob_cleanup-ci-kubeflow-ci-deployment.yaml deleted file mode 100644 index 0fd66e9b1..000000000 --- a/acm-repo/namespaces/auto-deploy/batch_v1beta1_cronjob_cleanup-ci-kubeflow-ci-deployment.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - labels: - app: cleanup-ci-kubeflow-ci-deployment - name: cleanup-ci-kubeflow-ci-deployment - namespace: auto-deploy -spec: - concurrencyPolicy: Forbid - failedJobsHistoryLimit: 1 - jobTemplate: - metadata: - annotations: - sidecar.istio.io/inject: "false" - creationTimestamp: null - labels: - job: cleanup-kubeflow-ci-deployment - spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - job: cleanup-kubeflow-ci-deployment - spec: - containers: - - command: - - kubectl - - create - - -f - - /configs/cleanup-blueprints-pipeline.yaml - image: gcr.io/kubeflow-ci/test-worker-py3@sha256:b679ce5d7edbcc373fd7d28c57454f4f22ae987f200f601252b6dcca1fd8823b - imagePullPolicy: IfNotPresent - name: create-pipeline - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /configs - name: cleanup-config - restartPolicy: OnFailure - serviceAccountName: default-editor - volumes: - - configMap: - name: cleanup-config-4bm54d2bmb - name: cleanup-config - schedule: 0 */2 * * * - successfulJobsHistoryLimit: 3 - suspend: false \ No newline at end of file diff --git a/acm-repo/namespaces/auto-deploy/namespace.yaml b/acm-repo/namespaces/auto-deploy/namespace.yaml deleted file mode 100644 index dbfe9e478..000000000 --- a/acm-repo/namespaces/auto-deploy/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: auto-deploy - annotations: - # Auto-deploy namespace should only be created in CI clusters - # running tekton. - configmanagement.gke.io/cluster-selector: kf-ci-tekton \ No newline at end of file diff --git a/acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_pipeline_deploy-gcp-blueprint.yaml b/acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_pipeline_deploy-gcp-blueprint.yaml deleted file mode 100644 index 3f80f98a1..000000000 --- a/acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_pipeline_deploy-gcp-blueprint.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: tekton.dev/v1alpha1 -kind: Pipeline -metadata: - annotations: - configmanagement.gke.io/cluster-selector: kf-ci-tekton - name: deploy-gcp-blueprint - namespace: auto-deploy -spec: - params: - - default: kf-vbp-{uid} - description: The name for the Kubeflow deployment - name: name - type: string - - default: kf-ci-management - description: The name of the management cluster. - name: management-cluster-name - type: string - - default: kubeflow-ci-deployment - description: The project to deploy into - name: project - type: string - resources: - - name: testing-repo - type: git - - name: blueprint-repo - type: git - tasks: - - name: deploy-gcp - params: - - name: name - value: $(params.name) - - name: project - value: $(params.project) - - name: management-cluster-name - value: $(params.management-cluster-name) - resources: - inputs: - - name: blueprint-repo - resource: blueprint-repo - - name: testing-repo - resource: testing-repo - taskRef: - kind: namespaced - name: deploy-gcp-blueprint diff --git a/acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_task_cleanup-kubeflow-ci.yaml b/acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_task_cleanup-kubeflow-ci.yaml deleted file mode 100644 index c8f7ace74..000000000 --- a/acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_task_cleanup-kubeflow-ci.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: tekton.dev/v1alpha1 -kind: Task -metadata: - annotations: - configmanagement.gke.io/cluster-selector: kf-ci-tekton - sidecar.istio.io/inject: "false" - name: cleanup-kubeflow-ci - namespace: auto-deploy -spec: - inputs: - params: - - default: kf-vbp-{uid} - description: The name for the Kubeflow deployment - name: name - type: string - - default: kubeflow-ci-deployment - description: The project to clean up. - name: project - type: string - - default: kf-ci-management - description: The name of the management cluster. - name: management-cluster-name - type: string - - default: kubeflow-ci - description: The project containing the management cluster - name: management-project - type: string - - default: us-central1 - description: The location of the management cluster - name: management-location - type: string - resources: - - description: The GitHub repo containing kubeflow testing scripts - name: testing-repo - type: git - steps: - - command: - - python - - -m - - kubeflow.testing.create_context - - create - - --name=$(inputs.params.management-project) - - --project=$(inputs.params.management-project) - - --location=$(inputs.params.management-location) - - --cluster=$(inputs.params.management-cluster-name) - - --namespace=$(inputs.params.project) - env: - - name: KUBECONFIG - value: /workspace/kubeconfig - - name: PYTHONPATH - value: /workspace/$(inputs.resources.testing-repo.name)/py - image: gcr.io/kubeflow-ci/test-worker-py3@sha256:b679ce5d7edbcc373fd7d28c57454f4f22ae987f200f601252b6dcca1fd8823b - name: create-context - - command: - - python - - -m - - kubeflow.testing.cleanup_blueprints - - auto-blueprints - - --project=$(inputs.params.project) - - --context=$(inputs.params.management-project) - env: - - name: KUBECONFIG - value: /workspace/kubeconfig - - name: PYTHONPATH - value: /workspace/$(inputs.resources.testing-repo.name)/py - image: gcr.io/kubeflow-ci/test-worker-py3@sha256:b679ce5d7edbcc373fd7d28c57454f4f22ae987f200f601252b6dcca1fd8823b - name: cleanup-ci diff --git a/acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_task_deploy-gcp-blueprint.yaml b/acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_task_deploy-gcp-blueprint.yaml deleted file mode 100644 index 8852efe8f..000000000 --- a/acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_task_deploy-gcp-blueprint.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: tekton.dev/v1alpha1 -kind: Task -metadata: - annotations: - configmanagement.gke.io/cluster-selector: kf-ci-tekton - sidecar.istio.io/inject: "false" - name: deploy-gcp-blueprint - namespace: auto-deploy -spec: - inputs: - params: - - default: kf-vbp-{uid} - description: The name for the Kubeflow deployment - name: name - type: string - - default: kubeflow-ci-deployment - description: The project to deploy into. - name: project - type: string - - default: kf-ci-management - description: The name of the management cluster. - name: management-cluster-name - type: string - - default: kubeflow-ci - description: The project containing the management cluster - name: management-project - type: string - - default: us-central1 - description: The location of the management cluster - name: management-location - type: string - resources: - - description: The GitHub repo containing kubeflow testing scripts - name: testing-repo - type: git - - description: The GitHub repo containing the blueprint - name: blueprint-repo - type: git - stepTemplate: - env: - - name: KUBECONFIG - value: /workspace/kubeconfig - image: gcr.io/kubeflow-ci/test-worker-py3@sha256:b679ce5d7edbcc373fd7d28c57454f4f22ae987f200f601252b6dcca1fd8823b - steps: - - command: - - /workspace/$(inputs.resources.blueprint-repo.name)/kubeflow/hack/create_context.sh - env: - - name: PROJECT - value: $(inputs.params.management-project) - - name: REGION - value: $(inputs.params.management-location) - - name: NAME - value: $(inputs.params.management-cluster-name) - - name: NAMESPACE - value: $(inputs.params.project) - name: get-credential - - command: - - python - - -m - - kubeflow.testing.create_kf_from_gcp_blueprint - - deploy - - --name=$(inputs.params.name) - - --blueprint-dir=/workspace/$(inputs.resources.blueprint-repo.name)/kubeflow - - --management-context=$(inputs.params.management-cluster-name) - - --labels-file=/etc/podinfo/labels - env: - - name: PYTHONPATH - value: /workspace/$(inputs.resources.testing-repo.name)/py - name: deploy-gcp - volumeMounts: - - mountPath: /etc/podinfo - name: podinfo - workingDir: /workspace/$(inputs.resources.blueprint-repo.name)/kubeflow - volumes: - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - name: podinfo diff --git a/acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_task_notebook-test.yaml b/acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_task_notebook-test.yaml deleted file mode 100644 index 46611a5f7..000000000 --- a/acm-repo/namespaces/auto-deploy/tekton.dev_v1alpha1_task_notebook-test.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: tekton.dev/v1alpha1 -kind: Task -metadata: - annotations: - configmanagement.gke.io/cluster-selector: kf-ci-tekton - sidecar.istio.io/inject: "false" - name: notebook-test - namespace: auto-deploy -spec: - inputs: - params: - - description: Testing notebook location. Should be in the form of {REPO_OWNER}/{REPO}/path/to/notebook.ipynb - name: notebook-path - type: string - - default: kf-master-(?!n\d\d) - description: Cluster pattern to run the notebook test. Default to be from master - branch. - name: testing-cluster-pattern - type: string - - description: Test target name from Prow ENV. Should be provided at runtime. - name: test-target-name - type: string - - description: Testing repo owner from Prow ENV. - name: repo-owner - type: string - - description: Prow job ID from Prow ENV. - name: prow-job-id - type: string - - description: Job type from Prow ENV. - name: job-type - type: string - - description: Job name from Prow ENV. - name: job-name - type: string - - description: Testing repo name from Prow ENV. - name: repo-name - type: string - - description: Pull number from Prow ENV. - name: pull-number - type: string - - description: BUILD_ID from Prow ENV. - name: build-id - type: string - resources: - - name: examples-repo - targetPath: src/kubeflow/examples - type: git - - name: kf-testing-repo - targetPath: src/kubeflow/testing - type: git - steps: - - args: - - -m - - kubeflow.testing.get_kf_testing_cluster - - --base=$(inputs.params.testing-cluster-pattern) - - get-credentials - command: - - python3 - env: - - name: PYTHONPATH - value: /workspace/src/kubeflow/examples/py:/workspace/src/kubeflow/testing/py - - name: TEST_TARGET_NAME - value: $(inputs.params.test-target-name) - - name: REPO_OWNER - value: $(inputs.params.repo-owner) - - name: PROW_JOB_ID - value: $(inputs.params.prow-job-id) - - name: JOB_TYPE - value: $(inputs.params.job-type) - - name: JOB_NAME - value: $(inputs.params.job-name) - - name: REPO_NAME - value: $(inputs.params.repo-name) - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /secret/gcp-credentials/key.json - image: gcr.io/kubeflow-ci/test-worker:latest - name: get-credential - volumeMounts: - - mountPath: /secret/gcp-credentials - name: gcp-credentials - readOnly: true - - args: - - run_notebook_test.py - - --log-cli-level=info - - --log-cli-format='%(levelname)s|%(asctime)s|%(pathname)s|%(lineno)d| %(message)s' - - --timeout=1800 - - --junitxml=/workspace/outputs/junit_xgboost-synthetic-test.xml - - --notebook_path=$(inputs.params.notebook-path) - command: - - pytest - env: - - name: PYTHONPATH - value: /workspace/src/kubeflow/examples/py:/workspace/src/kubeflow/testing/py - - name: TEST_TARGET_NAME - value: $(inputs.params.test-target-name) - - name: REPO_OWNER - value: $(inputs.params.repo-owner) - - name: PROW_JOB_ID - value: $(inputs.params.prow-job-id) - - name: JOB_TYPE - value: $(inputs.params.job-type) - - name: JOB_NAME - value: $(inputs.params.job-name) - - name: REPO_NAME - value: $(inputs.params.repo-name) - - name: PULL_NUMBER - value: $(inputs.params.pull-number) - - name: BUILD_ID - value: $(inputs.params.build-id) - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /secret/gcp-credentials/key.json - image: gcr.io/kubeflow-ci/test-worker:latest - name: run-notebook - volumeMounts: - - mountPath: /secret/gcp-credentials - name: gcp-credentials - readOnly: true - workingDir: /workspace/src/kubeflow/examples/py/kubeflow/examples/notebook_tests - volumes: - - name: gcp-credentials - secret: - secretName: gcp-credentials diff --git a/acm-repo/namespaces/auto-deploy/~g_v1_configmap_cleanup-config-4bm54d2bmb.yaml b/acm-repo/namespaces/auto-deploy/~g_v1_configmap_cleanup-config-4bm54d2bmb.yaml deleted file mode 100644 index cb4cdf948..000000000 --- a/acm-repo/namespaces/auto-deploy/~g_v1_configmap_cleanup-config-4bm54d2bmb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -data: - cleanup-blueprints-pipeline.yaml: "# A Tekton PipelineRun to do a one off \n# cleaning - up the Kubeflow auto-deployed blueprints.\n#\napiVersion: tekton.dev/v1alpha1\nkind: - PipelineRun\nmetadata:\n generateName: cleanup-blueprints-\n namespace: auto-deploy\nspec:\n - \ # TODO(jlewi): Override any parameters?\n #params: {}\n resources: \n - - name: testing-repo\n resourceSpec:\n type: git\n params:\n # - TODO(jlewi): Switch to master on kubeflow/gcp-blueprints\n - name: revision\n - \ value: gcp_blueprint\n - name: url\n value: https://github.com/jlewi/testing.git\n - \ # Need to use a KSA with appropriate GSA\n serviceAccountName: default-editor\n - \ pipelineSpec:\n params:\n - name: management-cluster-name\n type: - string\n description: The name of the management cluster. \n default: - \"kf-ci-management\"\n resources:\n - name: testing-repo\n type: git\n - \ tasks:\n - name: cleanup-blueprints\n # TODO(jlewi): expose other - parameters? Right now\n # we are just relying on the defaults defined in - the task\n params:\n - name: management-cluster-name\n value: - \"$(params.management-cluster-name)\"\n resources:\n inputs: \n - \ - name: testing-repo\n resource: testing-repo\n taskRef:\n - \ name: cleanup-kubeflow-ci\n kind: namespaced " -kind: ConfigMap -metadata: - name: cleanup-config-4bm54d2bmb - namespace: auto-deploy diff --git a/acm-repo/namespaces/tekton-pipelines/namespace.yaml b/acm-repo/namespaces/tekton-pipelines/namespace.yaml deleted file mode 100644 index dc04a27bc..000000000 --- a/acm-repo/namespaces/tekton-pipelines/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: tekton-pipelines - annotations: - # Auto-deploy namespace should only be created in CI clusters - # running tekton. - configmanagement.gke.io/cluster-selector: kf-ci-tekton \ No newline at end of file diff --git a/acm-repo/namespaces/tekton-pipelines/release-0.12.yaml b/acm-repo/namespaces/tekton-pipelines/release-0.12.yaml deleted file mode 100644 index eea42d4f0..000000000 --- a/acm-repo/namespaces/tekton-pipelines/release-0.12.yaml +++ /dev/null @@ -1,673 +0,0 @@ -# NAmespace scoped resources for tekton. -# -# These are obtained by -# 1. curl https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.12.1/release.yaml > ../cluster/tekton.yaml -# 2. Remove all non-namespace scoped resources. -# 3. Remove the namespace definition' - -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -# Copyright 2020 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-controller - namespace: tekton-pipelines -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["list", "watch"] -- # The controller needs access to these configmaps for logging information and runtime configuration. - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] - resourceNames: ["config-logging", "config-observability", "config-artifact-bucket", - "config-artifact-pvc", "feature-flags", "config-leader-election"] ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: tekton-pipelines-webhook - namespace: tekton-pipelines -rules: -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["list", "watch"] -- # The webhook needs access to these configmaps for logging information. - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get"] - resourceNames: ["config-logging", "config-observability"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["list", "watch"] -- # The webhook daemon makes a reconciliation loop on webhook-certs. Whenever - # the secret changes it updates the webhook configurations with the certificates - # stored in the secret. - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "update"] - resourceNames: ["webhook-certs"] - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tekton-pipelines-controller - namespace: tekton-pipelines ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tekton-pipelines-webhook - namespace: tekton-pipelines - ---- -# Copyright 2020 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: tekton-pipelines-controller - namespace: tekton-pipelines -subjects: -- kind: ServiceAccount - name: tekton-pipelines-controller - namespace: tekton-pipelines -roleRef: - kind: Role - name: tekton-pipelines-controller - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: tekton-pipelines-webhook - namespace: tekton-pipelines -subjects: -- kind: ServiceAccount - name: tekton-pipelines-webhook - namespace: tekton-pipelines -roleRef: - kind: Role - name: tekton-pipelines-webhook - apiGroup: rbac.authorization.k8s.io - ---- -# Copyright 2020 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: Secret -metadata: - name: webhook-certs - namespace: tekton-pipelines - labels: - pipeline.tekton.dev/release: devel - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-artifact-bucket - namespace: tekton-pipelines -# data: -# # location of the gcs bucket to be used for artifact storage -# location: "gs://bucket-name" -# # name of the secret that will contain the credentials for the service account -# # with access to the bucket -# bucket.service.account.secret.name: -# # The key in the secret with the required service account json -# bucket.service.account.secret.key: - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-artifact-pvc - namespace: tekton-pipelines -# data: -# # size of the PVC volume -# size: 5Gi -# -# # storage class of the PVC volume -# storageClassName: storage-class-name - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-defaults - namespace: tekton-pipelines -data: - _example: |- - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # default-timeout-minutes contains the default number of - # minutes to use for TaskRun and PipelineRun, if none is specified. - default-timeout-minutes: "60" # 60 minutes - - # default-service-account contains the default service account name - # to use for TaskRun and PipelineRun, if none is specified. - default-service-account: "default" - - # default-managed-by-label-value contains the default value given to the - # "app.kubernetes.io/managed-by" label applied to all Pods created for - # TaskRuns. If a user's requested TaskRun specifies another value for this - # label, the user's request supercedes. - default-managed-by-label-value: "tekton-pipelines" - - # default-pod-template contains the default pod template to use - # TaskRun and PipelineRun, if none is specified. If a pod template - # is specified, the default pod template is ignored. - # default-pod-template: - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: feature-flags - namespace: tekton-pipelines -data: - # Setting this flag to "true" will prevent Tekton overriding your - # Task container's $HOME environment variable. - # - # The default behaviour currently is for Tekton to override the - # $HOME environment variable but this will change in an upcoming - # release. - # - # See https://github.com/tektoncd/pipeline/issues/2013 for more - # info. - disable-home-env-overwrite: "false" - # Setting this flag to "true" will prevent Tekton overriding your - # Task container's working directory. - # - # The default behaviour currently is for Tekton to override the - # working directory if not set by the user but this will change - # in an upcoming release. - # - # See https://github.com/tektoncd/pipeline/issues/1836 for more - # info. - disable-working-directory-overwrite: "false" - ---- -# Copyright 2020 Tekton Authors LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-leader-election - namespace: tekton-pipelines -data: - # An inactive but valid configuration follows; see example. - resourceLock: "leases" - leaseDuration: "15s" - renewDeadline: "10s" - retryPeriod: "2s" - ---- -# Copyright 2019 Tekton Authors LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: tekton-pipelines -data: - # Common configuration for all knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "sampling": { - "initial": 100, - "thereafter": 100 - }, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "", - "levelKey": "level", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "msg", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "", - "durationEncoder": "", - "callerEncoder": "" - } - } - # Log level overrides - loglevel.controller: "info" - loglevel.webhook: "info" - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-observability - namespace: tekton-pipelines -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this example block and unindented to be in the data block - # to actually change the configuration. - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using Stackdriver will incur additional charges. - metrics.backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the Stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used and metrics will be sent to the cluster's project if this field is - # not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed - # to send metrics to Stackdriver using "global" resource type and custom - # metric type. Setting this flag to "true" could cause extra Stackdriver - # charge. If metrics.backend-destination is not Stackdriver, this is - # ignored. - metrics.allow-stackdriver-custom-metrics: "false" - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tekton-pipelines-controller - namespace: tekton-pipelines - labels: - app.kubernetes.io/name: tekton-pipelines - app.kubernetes.io/component: controller - pipeline.tekton.dev/release: "v0.12.1" - version: "v0.12.1" -spec: - replicas: 1 - selector: - matchLabels: - app: tekton-pipelines-controller - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: tekton-pipelines-controller - app.kubernetes.io/name: tekton-pipelines - app.kubernetes.io/component: controller - # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.12.1" - version: "v0.12.1" - spec: - serviceAccountName: tekton-pipelines-controller - containers: - - name: tekton-pipelines-controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.12.1@sha256:0ca86ec6f246f49c1ac643357fd1c8e73a474aaa216548807b1216a9ff12f7be - args: [ - # These images are built on-demand by `ko resolve` and are replaced - # by image references by digest. - "-kubeconfig-writer-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.12.1@sha256:67dcd447b0c624befa12843ce9cc0bcfc502179bdb28d59563d761a7f3968509", - "-creds-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/creds-init:v0.12.1@sha256:6266d023172dde7fa421f626074b4e7eedc7d7d5ff561c033d6d63ebfff4a2f2", - "-git-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.12.1@sha256:d82c78288699dd6ee40c852b146cb3bd89b322b42fb3bc4feec28ea54bb7b36c", - "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.12.1@sha256:7f3db925f7660673a74b0e1030e65540adea36fe361ab7f06f5b5c47cdcef47d", - "-imagedigest-exporter-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.12.1@sha256:e8f08214baad9054bbed7be2b8617c6964b9a1c5405cf59eabcc3d3267a6253f", - "-pr-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.12.1@sha256:71e0226346e0d3d57af7c35b6cb907d42d3142e845b0f865ba0c86d3e248f3cb", - "-build-gcs-fetcher-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/vendor/github.com/googlecloudplatform/cloud-builders/gcs-fetcher/cmd/gcs-fetcher:v0.12.1@sha256:ae5721bf0d883947c3c13f519ca26129792f4058d5f9dfedd50174d9e7acb2bc", - # These images are pulled from Dockerhub, by digest, as of April 15, 2020. - "-nop-image", "tianon/true@sha256:009cce421096698832595ce039aa13fa44327d96beedb84282a69d3dbcf5a81b", - "-shell-image", "busybox@sha256:a2490cec4484ee6c1068ba3a05f89934010c85242f736280b35343483b2264b6", - "-gsutil-image", "google/cloud-sdk@sha256:6e8676464c7581b2dc824956b112a61c95e4144642bec035e6db38e3384cae2e"] - volumeMounts: - - name: config-logging - mountPath: /etc/config-logging - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - # If you are changing these names, you will also need to update - # the controller's Role in 200-role.yaml to include the new - # values in the "configmaps" "get" rule. - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: CONFIG_ARTIFACT_BUCKET_NAME - value: config-artifact-bucket - - name: CONFIG_ARTIFACT_PVC_NAME - value: config-artifact-pvc - - name: CONFIG_FEATURE_FLAGS_NAME - value: feature-flags - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - volumes: - - name: config-logging - configMap: - name: config-logging ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: tekton-pipelines-controller - pipeline.tekton.dev/release: "v0.12.1" - version: "v0.12.1" - name: tekton-pipelines-controller - namespace: tekton-pipelines -spec: - ports: - - name: http-metrics - port: 9090 - protocol: TCP - targetPort: 9090 - selector: - app: tekton-pipelines-controller - ---- -# Copyright 2019 The Tekton Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: apps/v1 -kind: Deployment -metadata: - # Note: the Deployment name must be the same as the Service name specified in - # config/400-webhook-service.yaml. If you change this name, you must also - # change the value of WEBHOOK_SERVICE_NAME below. - name: tekton-pipelines-webhook - namespace: tekton-pipelines - labels: - app.kubernetes.io/name: tekton-pipelines - app.kubernetes.io/component: webhook-controller - pipeline.tekton.dev/release: "v0.12.1" - version: "v0.12.1" -spec: - replicas: 1 - selector: - matchLabels: - app: tekton-pipelines-webhook - role: webhook - template: - metadata: - annotations: - cluster-autoscaler.kubernetes.io/safe-to-evict: "false" - labels: - app: tekton-pipelines-webhook - role: webhook - app.kubernetes.io/name: tekton-pipelines - app.kubernetes.io/component: webhook-controller - pipeline.tekton.dev/release: "v0.12.1" - version: "v0.12.1" - spec: - serviceAccountName: tekton-pipelines-webhook - containers: - - name: webhook - # This is the Go import path for the binary that is containerized - # and substituted here. - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.12.1@sha256:69f065d493244dbd50563b96f5474bf6590821a6308fd8c69c5ef06cf4d988b2 - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - # If you are changing these names, you will also need to update - # the webhook's Role in 200-role.yaml to include the new - # values in the "configmaps" "get" rule. - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: CONFIG_LEADERELECTION_NAME - value: config-leader-election - - name: WEBHOOK_SERVICE_NAME - value: tekton-pipelines-webhook - - name: WEBHOOK_SECRET_NAME - value: webhook-certs - - name: METRICS_DOMAIN - value: tekton.dev/pipeline - securityContext: - allowPrivilegeEscalation: false - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 - - name: https-webhook - containerPort: 8443 ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: tekton-pipelines-webhook - role: webhook - pipeline.tekton.dev/release: v0.12.1 - version: "v0.12.1" - name: tekton-pipelines-webhook - namespace: tekton-pipelines -spec: - ports: - - # Define metrics and profiling for them to be accessible within service meshes. - name: http-metrics - port: 9090 - targetPort: 9090 - - name: http-profiling - port: 8008 - targetPort: 8008 - - name: https-webhook - port: 443 - targetPort: 8443 - selector: - app: tekton-pipelines-webhook - role: webhook - ---- diff --git a/acm-repos/README.md b/acm-repos/README.md new file mode 100644 index 000000000..ac010b651 --- /dev/null +++ b/acm-repos/README.md @@ -0,0 +1,6 @@ +# ACM Repos + +Every subdirectory should be the top level ACM repository + +We have more then one because we want to install different things on different clusters +* Using clusterselectors wasn't working as expected. \ No newline at end of file diff --git a/acm-repo/README.md b/acm-repos/kf-ci-management/README.md similarity index 100% rename from acm-repo/README.md rename to acm-repos/kf-ci-management/README.md diff --git a/acm-repo/clusterregistry/kf-ci-selector.yaml b/acm-repos/kf-ci-management/clusterregistry/kf-ci-selector.yaml similarity index 100% rename from acm-repo/clusterregistry/kf-ci-selector.yaml rename to acm-repos/kf-ci-management/clusterregistry/kf-ci-selector.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computeaddress_code-intelligence-ip.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computeaddress_code-intelligence-ip.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computeaddress_code-intelligence-ip.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computeaddress_code-intelligence-ip.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computedisk_code-intelligence-storage-artifact-store.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computedisk_code-intelligence-storage-artifact-store.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computedisk_code-intelligence-storage-artifact-store.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computedisk_code-intelligence-storage-artifact-store.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computedisk_code-intelligence-storage-metadata-store.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computedisk_code-intelligence-storage-metadata-store.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computedisk_code-intelligence-storage-metadata-store.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/compute.cnrm.cloud.google.com_v1beta1_computedisk_code-intelligence-storage-metadata-store.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/container.cnrm.cloud.google.com_v1beta1_containercluster_code-intelligence.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/container.cnrm.cloud.google.com_v1beta1_containercluster_code-intelligence.yaml similarity index 55% rename from acm-repo/namespaces/issue-label-bot-dev/container.cnrm.cloud.google.com_v1beta1_containercluster_code-intelligence.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/container.cnrm.cloud.google.com_v1beta1_containercluster_code-intelligence.yaml index dd69a50ad..f1de962c3 100644 --- a/acm-repo/namespaces/issue-label-bot-dev/container.cnrm.cloud.google.com_v1beta1_containercluster_code-intelligence.yaml +++ b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/container.cnrm.cloud.google.com_v1beta1_containercluster_code-intelligence.yaml @@ -8,6 +8,22 @@ metadata: name: code-intelligence namespace: issue-label-bot-dev spec: + clusterAutoscaling: + autoProvisioningDefaults: + oauthScopes: + - https://www.googleapis.com/auth/logging.write + - https://www.googleapis.com/auth/monitoring + - https://www.googleapis.com/auth/devstorage.read_only + serviceAccountRef: + name: code-intelligence-vm + enabled: true + resourceLimits: + - maximum: 128 + resourceType: cpu + - maximum: 2000 + resourceType: memory + - maximum: 16 + resourceType: nvidia-tesla-k80 initialNodeCount: 2 location: us-central1 loggingService: logging.googleapis.com/kubernetes @@ -17,6 +33,10 @@ spec: machineType: n1-standard-8 metadata: disable-legacy-endpoints: "true" + oauthScopes: + - https://www.googleapis.com/auth/logging.write + - https://www.googleapis.com/auth/monitoring + - https://www.googleapis.com/auth/devstorage.read_only serviceAccountRef: name: code-intelligence-vm workloadMetadataConfig: diff --git a/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/container.cnrm.cloud.google.com_v1beta1_containernodepool_code-intelligence-cpu-pool-v1.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/container.cnrm.cloud.google.com_v1beta1_containernodepool_code-intelligence-cpu-pool-v1.yaml new file mode 100644 index 000000000..03a093cdd --- /dev/null +++ b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/container.cnrm.cloud.google.com_v1beta1_containernodepool_code-intelligence-cpu-pool-v1.yaml @@ -0,0 +1,29 @@ +apiVersion: container.cnrm.cloud.google.com/v1beta1 +kind: ContainerNodePool +metadata: + clusterName: issue-label-bot-dev/us-central1/code-intelligence + labels: + kf-name: code-intelligence + name: code-intelligence-cpu-pool-v1 + namespace: issue-label-bot-dev +spec: + autoscaling: + maxNodeCount: 8 + minNodeCount: 2 + clusterRef: + name: code-intelligence + initialNodeCount: 2 + location: us-central1 + nodeConfig: + machineType: n1-standard-8 + metadata: + disable-legacy-endpoints: "true" + minCpuPlatform: Intel Broadwell + oauthScopes: + - https://www.googleapis.com/auth/logging.write + - https://www.googleapis.com/auth/monitoring + - https://www.googleapis.com/auth/devstorage.read_only + serviceAccountRef: + name: code-intelligence-vm@issue-label-bot-dev.iam.gserviceaccount.com + workloadMetadataConfig: + nodeMetadata: GKE_METADATA_SERVER diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-bigquery.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-bigquery.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-bigquery.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-bigquery.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-cloudbuild.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-cloudbuild.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-cloudbuild.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-cloudbuild.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-cloudsql.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-cloudsql.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-cloudsql.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-cloudsql.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-dataflow.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-dataflow.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-dataflow.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-dataflow.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-dataproc.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-dataproc.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-dataproc.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-dataproc.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-istio-wi.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-istio-wi.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-istio-wi.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-istio-wi.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-logging.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-logging.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-logging.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-logging.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-metricwriter.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-metricwriter.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-metricwriter.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-metricwriter.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-ml.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-ml.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-ml.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-ml.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-monitoringviewer.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-monitoringviewer.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-monitoringviewer.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-monitoringviewer.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-network.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-network.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-network.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-network.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-servicemanagement.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-servicemanagement.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-servicemanagement.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-servicemanagement.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-source.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-source.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-source.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-source.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-storage.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-storage.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-storage.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-storage.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-viewer.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-viewer.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-viewer.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-viewer.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-wi.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-wi.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-wi.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-admin-wi.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-bigquery.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-bigquery.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-bigquery.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-bigquery.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-cloudbuild.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-cloudbuild.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-cloudbuild.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-cloudbuild.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-cloudsql.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-cloudsql.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-cloudsql.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-cloudsql.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-dataflow.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-dataflow.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-dataflow.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-dataflow.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-dataproc.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-dataproc.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-dataproc.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-dataproc.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-logging.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-logging.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-logging.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-logging.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-metricwriter.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-metricwriter.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-metricwriter.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-metricwriter.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-ml.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-ml.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-ml.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-ml.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-monitoringviewer.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-monitoringviewer.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-monitoringviewer.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-monitoringviewer.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-source.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-source.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-source.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-source.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-storage.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-storage.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-storage.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-storage.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-viewer.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-viewer.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-viewer.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-user-viewer.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-logging.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-logging.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-logging.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-logging.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-cloudtrace.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-cloudtrace.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-cloudtrace.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-cloudtrace.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-meshtelemetry.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-meshtelemetry.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-meshtelemetry.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-meshtelemetry.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-monitoring-viewer.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-monitoring-viewer.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-monitoring-viewer.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-monitoring-viewer.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-monitoring.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-monitoring.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-monitoring.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-monitoring.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-storage.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-storage.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-storage.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iampolicymember_code-intelligence-vm-policy-storage.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-admin.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-admin.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-admin.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-admin.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-user.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-user.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-user.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-user.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-vm.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-vm.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-vm.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/iam.cnrm.cloud.google.com_v1beta1_iamserviceaccount_code-intelligence-vm.yaml diff --git a/acm-repo/namespaces/issue-label-bot-dev/namespace.yaml b/acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/namespace.yaml similarity index 100% rename from acm-repo/namespaces/issue-label-bot-dev/namespace.yaml rename to acm-repos/kf-ci-management/namespaces/issue-label-bot-dev/namespace.yaml diff --git a/acm-repo/system/README.md b/acm-repos/kf-ci-management/system/README.md similarity index 100% rename from acm-repo/system/README.md rename to acm-repos/kf-ci-management/system/README.md diff --git a/acm-repo/system/repo.yaml b/acm-repos/kf-ci-management/system/repo.yaml similarity index 100% rename from acm-repo/system/repo.yaml rename to acm-repos/kf-ci-management/system/repo.yaml diff --git a/test-infra/management/configsync/config-management.yaml b/test-infra/management/configsync/config-management.yaml index 84bde215f..16ea7d324 100644 --- a/test-infra/management/configsync/config-management.yaml +++ b/test-infra/management/configsync/config-management.yaml @@ -12,7 +12,7 @@ spec: syncRepo: "https://github.com/jlewi/testing.git" # {"type":"string","x-kustomize":{"setBy":"kpt","partialSetters":[{"name":"source_repo","value":"https://github.com/jlewi/community-infra.git"}]}} syncBranch: acm secretType: none - policyDir: "/acm-repo" # {"$ref":"#/definitions/io.k8s.cli.setters.sync-repo-dir"} + policyDir: "/acm-repos/kf-ci-management" # {"$ref":"#/definitions/io.k8s.cli.setters.sync-repo-dir"} # Set to true to install and enable Config Connector # We currently don't use ACM to install config connector because # 1. ACM 1.3 was installing a version of KCC which is too old