Update pipeline version to 0.11-rc1

After this change, the minimum k8s version is 1.15

Co-Authored-by: Vincent Demeester <vdemeest@redhat.com>

Gopkg.toml

@@ -22,7 +22,7 @@ required = [
 
 [[constraint]]
   name = "github.com/tektoncd/pipeline"
-  version = "v0.10.1"
+  version = "v0.11.0-rc1"
 
 [[override]]
   name = "k8s.io/klog"
@@ -38,42 +38,31 @@ required = [
 
 [[override]]
   name = "k8s.io/api"
-  version = "kubernetes-1.13.12"
+  version = "v0.16.5"
 
 [[override]]
   name = "k8s.io/apimachinery"
-  version = "kubernetes-1.13.12"
+  version = "v0.16.5"
 
 [[override]]
   name = "k8s.io/code-generator"
-  version = "kubernetes-1.13.12"
+  version = "v0.16.5"
 
 [[override]]
   name = "k8s.io/client-go"
-  version = "kubernetes-1.13.12"
+  version = "v0.16.5"
 
 [[override]]
   name = "k8s.io/apiextensions-apiserver"
-  version = "kubernetes-1.13.12"
+  version = "v0.16.5"
 
 [[override]]
-  name = "k8s.io/kubernetes"
-  version = "1.13.12"
-
-[[constraint]]
-  name = "knative.dev/caching"
-  # HEAD as of 2019-07-23
-  revision = "2032732871ff807958e045858b462d372eec9587"
-
-[[constraint]]
-  name = "github.com/knative/test-infra"
-  # HEAD as of 2019-06-25
-  revision = "69af8af1d3fec861ada88efc72409b3467b0588d"
+  name = "knative.dev/pkg"
+  branch = "release-0.12"
 
 [[override]]
-  name = "knative.dev/pkg"
-  # HEAD as of 2019-09-09 💖
-  revision = "528ad1c1dd627059b95aef17ccf27f9ab0f46c10"
+  name = "knative.dev/caching"
+  revision = "13d271455c742f0918c598733ca7405b406bf458"
 
 [[override]]
   name = "go.uber.org/zap"
@@ -85,7 +74,8 @@ required = [
 
 [[override]]
   name = "contrib.go.opencensus.io/exporter/stackdriver"
-  version = "0.12.2"
+  #version = "0.12.8"
+  revision = "a428e35cb99f2a327af67f8b42e438250776a461"
 
 [[override]]
   name = "contrib.go.opencensus.io/exporter/prometheus"
@@ -103,6 +93,10 @@ required = [
   name="github.com/golang/protobuf"
   version = "1.3.2"
 
+[[constraint]]
+  name = "github.com/tidwall/sjson"
+  version = "1.0.4"
+
 [prune]
   go-tests = true
   unused-packages = true
@@ -122,11 +116,7 @@ required = [
   name = "github.com/tektoncd/plumbing"
   non-go = false
 
- [[prune.project]]
+[[prune.project]]
   name = "knative.dev/pkg"
   unused-packages = false
   non-go = false
-
-[[constraint]]
-  name = "github.com/tidwall/sjson"
-  version = "1.0.4"

cmd/webhook/main.go

@@ -17,78 +17,111 @@ limitations under the License.
 package main
 
 import (
-	"log"
+	"context"
+	"os"
 
-	"github.com/tektoncd/pipeline/pkg/system"
+	defaultconfig "github.com/tektoncd/pipeline/pkg/apis/config"
 	"github.com/tektoncd/triggers/pkg/apis/triggers/v1alpha1"
-	"github.com/tektoncd/triggers/pkg/logging"
-	"go.uber.org/zap"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/rest"
+	"knative.dev/pkg/configmap"
+	"knative.dev/pkg/controller"
+	"knative.dev/pkg/injection/sharedmain"
+	"knative.dev/pkg/logging"
 	"knative.dev/pkg/signals"
 	"knative.dev/pkg/webhook"
+	"knative.dev/pkg/webhook/certificates"
+	"knative.dev/pkg/webhook/configmaps"
+	"knative.dev/pkg/webhook/resourcesemantics"
+	"knative.dev/pkg/webhook/resourcesemantics/defaulting"
+	"knative.dev/pkg/webhook/resourcesemantics/validation"
 )
 
-// WebhookLogKey is the name of the logger for the webhook cmd
-const (
-	WebhookLogKey = "webhook"
-	// ConfigName is the name of the ConfigMap that the logging config will be stored in
-	ConfigName = "config-logging-triggers"
-)
+var types = map[schema.GroupVersionKind]resourcesemantics.GenericCRD{
+	v1alpha1.SchemeGroupVersion.WithKind("ClusterTriggerBinding"): &v1alpha1.ClusterTriggerBinding{},
+	v1alpha1.SchemeGroupVersion.WithKind("EventListener"):         &v1alpha1.EventListener{},
+	v1alpha1.SchemeGroupVersion.WithKind("TriggerBinding"):        &v1alpha1.TriggerBinding{},
+	v1alpha1.SchemeGroupVersion.WithKind("TriggerTemplate"):       &v1alpha1.TriggerTemplate{},
+}
 
-func main() {
-	// set up signals so we handle the first shutdown signal gracefully
-	stopCh := signals.SetupSignalHandler()
+func NewDefaultingAdmissionController(ctx context.Context, cmw configmap.Watcher) *controller.Impl {
 
-	clusterConfig, err := rest.InClusterConfig()
-	if err != nil {
-		log.Fatalf("Failed to get in cluster config: %v", err)
-	}
+	store := defaultconfig.NewStore(logging.FromContext(ctx).Named("config-store"))
+	store.WatchConfigs(cmw)
 
-	kubeClient, err := kubernetes.NewForConfig(clusterConfig)
-	if err != nil {
-		log.Fatalf("Failed to get the client set: %v", err)
-	}
+	return defaulting.NewAdmissionController(ctx,
 
-	logger := logging.ConfigureLogging(WebhookLogKey, ConfigName, stopCh, kubeClient)
-
-	defer func() {
-		err := logger.Sync()
-		if err != nil {
-			logger.Fatalf("Failed to sync the logger", zap.Error(err))
-		}
-	}()
-
-	options := webhook.ControllerOptions{
-		ServiceName:                     "tekton-triggers-webhook",
-		DeploymentName:                  "tekton-triggers-webhook",
-		Namespace:                       system.GetNamespace(),
-		Port:                            8443,
-		SecretName:                      "triggers-webhook-certs",
-		WebhookName:                     "triggers-webhook.tekton.dev",
-		ResourceAdmissionControllerPath: "/",
-	}
-	resourceHandlers := map[schema.GroupVersionKind]webhook.GenericCRD{
-		v1alpha1.SchemeGroupVersion.WithKind("ClusterTriggerBinding"): &v1alpha1.ClusterTriggerBinding{},
-		v1alpha1.SchemeGroupVersion.WithKind("EventListener"):         &v1alpha1.EventListener{},
-		v1alpha1.SchemeGroupVersion.WithKind("TriggerBinding"):        &v1alpha1.TriggerBinding{},
-		v1alpha1.SchemeGroupVersion.WithKind("TriggerTemplate"):       &v1alpha1.TriggerTemplate{},
-	}
-	resourceAdmissionController := webhook.NewResourceAdmissionController(resourceHandlers, options, true)
-	admissionControllers := map[string]webhook.AdmissionController{
-		options.ResourceAdmissionControllerPath: resourceAdmissionController,
-	}
+		// Name of the resource webhook.
+		"webhook.triggers.tekton.dev",
 
-	// Decorate contexts with the current state of the config.
-	ctxFunc := v1alpha1.WithUpgradeViaDefaulting
+		// The path on which to serve the webhook.
+		"/defaulting",
 
-	controller, err := webhook.New(kubeClient, options, admissionControllers, logger, ctxFunc)
-	if err != nil {
-		logger.Fatal("Error creating admission controller", zap.Error(err))
-	}
+		// The resources to validate and default.
+		types,
+
+		// A function that infuses the context passed to Validate/SetDefaults with custom metadata.
+		v1alpha1.WithUpgradeViaDefaulting,
+
+		// Whether to disallow unknown fields.
+		true,
+	)
+}
+
+func NewValidationAdmissionController(ctx context.Context, cmw configmap.Watcher) *controller.Impl {
+	return validation.NewAdmissionController(ctx,
 
-	if err := controller.Run(stopCh); err != nil {
-		logger.Fatal("Error running admission controller", zap.Error(err))
+		// Name of the resource webhook.
+		"validation.webhook.triggers.tekton.dev",
+
+		// The path on which to serve the webhook.
+		"/resource-validation",
+
+		// The resources to validate and default.
+		types,
+
+		// A function that infuses the context passed to Validate/SetDefaults with custom metadata.
+		func(ctx context.Context) context.Context {
+			return ctx
+		},
+
+		// Whether to disallow unknown fields.
+		true,
+	)
+}
+
+func NewConfigValidationController(ctx context.Context, cmw configmap.Watcher) *controller.Impl {
+	return configmaps.NewAdmissionController(ctx,
+
+		// Name of the configmap webhook.
+		"config.webhook.triggers.tekton.dev",
+
+		// The path on which to serve the webhook.
+		"/config-validation",
+
+		configmap.Constructors{
+			logging.ConfigMapName():          logging.NewConfigFromConfigMap,
+			defaultconfig.DefaultsConfigName: defaultconfig.NewDefaultsFromConfigMap,
+		},
+	)
+}
+
+func main() {
+	serviceName := os.Getenv("WEBHOOK_SERVICE_NAME")
+	if serviceName == "" {
+		serviceName = "tekton-triggers-webhook"
 	}
+
+	// Set up a signal context with our webhook options
+	ctx := webhook.WithOptions(signals.NewContext(), webhook.Options{
+		ServiceName: serviceName,
+		Port:        8443,
+		SecretName:  "webhook-certs",
+	})
+
+	sharedmain.MainWithContext(ctx, "webhook",
+		certificates.NewController,
+		NewDefaultingAdmissionController,
+		NewValidationAdmissionController,
+		NewConfigValidationController,
+	)
 }

config/200-clusterrole.yaml

@@ -24,7 +24,7 @@ rules:
     resources: ["deployments", "deployments/finalizers"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["mutatingwebhookconfigurations"]
+    resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   - apiGroups: ["tekton.dev"]
     resources: ["clustertriggerbindings", "eventlisteners", "triggerbindings", "triggertemplates", "eventlisteners/finalizers"]

config/500-webhooks.yaml

@@ -0,0 +1,79 @@
+# Copyright 2020 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: webhook-certs
+  namespace: tekton-pipelines
+  labels:
+    pipeline.tekton.dev/release: devel
+# The data is populated at install time.
+
+---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: validation.webhook.triggers.tekton.dev
+  labels:
+    pipeline.tekton.dev/release: devel
+webhooks:
+- admissionReviewVersions:
+  - v1alpha1
+  clientConfig:
+    service:
+      name: tekton-triggers-webhook
+      namespace: tekton-pipelines
+  failurePolicy: Fail
+  sideEffects: None
+  name: validation.webhook.triggers.tekton.dev
+---
+
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: webhook.triggers.tekton.dev
+  labels:
+    pipeline.tekton.dev/release: devel
+webhooks:
+- admissionReviewVersions:
+  - v1alpha1
+  clientConfig:
+    service:
+      name: tekton-triggers-webhook
+      namespace: tekton-pipelines
+  failurePolicy: Fail
+  sideEffects: None
+  name: webhook.triggers.tekton.dev
+---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: config.webhook.triggers.tekton.dev
+  labels:
+    pipeline.tekton.dev/release: devel
+webhooks:
+- admissionReviewVersions:
+  - v1alpha1
+  clientConfig:
+    service:
+      name: tekton-triggers-webhook
+      namespace: tekton-pipelines
+  failurePolicy: Fail
+  sideEffects: None
+  name: config.webhook.triggers.tekton.dev
+  namespaceSelector:
+    matchExpressions:
+    - key: triggers.tekton.dev/release
+      operator: Exists

config/webhook.yaml

@@ -40,16 +40,13 @@ spec:
       serviceAccountName: tekton-triggers-controller
       containers:
       - name: webhook
+        # This is the Go import path for the binary that is containerized
+        # and substituted here.
         image: github.com/tektoncd/triggers/cmd/webhook
         env:
         - name: SYSTEM_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        volumeMounts:
-        - name: config-logging
-          mountPath: /etc/config-logging
-      volumes:
-        - name: config-logging
-          configMap:
-            name: config-logging-triggers
+        - name: CONFIG_LOGGING_NAME
+          value: config-logging-triggers