Tekton Triggers release v0.28.0 "Tekton Triggers"
-Docs @ v0.28.0
-Examples @ v0.28.0
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.28.0/release.yaml
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/previous/v0.28.0/interceptors.yaml
Attestation
The Rekor UUID for this release is 24296fb24b8ad77ab8d7c9926b0e67fa6a87b50dacf2e91bcaeb6c964a25d5e562dc0518c48a37fd
Obtain the attestation:
REKOR_UUID=24296fb24b8ad77ab8d7c9926b0e67fa6a87b50dacf2e91bcaeb6c964a25d5e562dc0518c48a37fd
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .
Verify that all container images in the attestation are in the release file:
RELEASE_FILE=https://storage.googleapis.com/tekton-releases/triggers/previous/v0.28.0/release.yaml
REKOR_UUID=24296fb24b8ad77ab8d7c9926b0e67fa6a87b50dacf2e91bcaeb6c964a25d5e562dc0518c48a37fd
# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.28.0@sha256:" + .digest.sha256')
# Download the release file
curl "$RELEASE_FILE" > release.yaml
# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done
Changes
Features
-
✨ Set readOnlyRootFilesystem as true in Controller and Webhook (#1735)
- Controller's and Webhook's Deployment security context
readOnlyRootFilesystem
are set to true to increase the security and to avoid being flagged by the security scanner
- Controller's and Webhook's Deployment security context
-
✨ Update securityContext to include required configurations when the flag el-security-context is enabled (#1736) and (#1747)
- Added new field default-run-as-non-root to configmap so that RunAsNonRoot can be now configured through config-defaults-triggers ConfigMap
- Defaults values for RunAsNonRoot is
true
- Defaults values for RunAsNonRoot is
- Added new fields
default-run-as-user
anddefault-run-as-group
toconfig-defaults-triggers
configmap so that RunAsUser and RunAsGroup can be now configured through ConfigMap- Defaults values for RunAsUser and RunAsGroup 65532
- Added new field default-run-as-non-root to configmap so that RunAsNonRoot can be now configured through config-defaults-triggers ConfigMap
Misc
- 🔨 Bump 0.61.0 pipeline release (#1745)
- 🔨 Bump github.com/hashicorp/go-retryablehttp from 0.7.2 to 0.7.7 (#1738)
- 🔨 Handle validation when value for runAsGroup and runAsUser is empty (#1747)
- 🔨 Bump knative.dev/serving from 0.38.6 to 0.39.0 (#1733)
Docs
Thanks
Thanks to these contributors who contributed to v0.28.0!
- ❤️ @danielfbm
- ❤️ @dependabot[bot]
- ❤️ @khrm
- ❤️ @savitaashture
Extra shout-out for awesome release notes:
- 😍 @khrm
- 😍 @savitaashture