change

dev/tekton/dashboard.yaml

@@ -1,3 +1,70 @@
+# Copyright 2019-2024 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tekton-dashboard
+  labels:
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-dashboard
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    app.kubernetes.io/component: dashboard
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-dashboard
+  name: extensions.dashboard.tekton.dev
+spec:
+  group: dashboard.tekton.dev
+  names:
+    categories:
+      - tekton
+      - tekton-dashboard
+    kind: Extension
+    plural: extensions
+    shortNames:
+      - ext
+      - exts
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .spec.apiVersion
+          name: API version
+          type: string
+        - jsonPath: .spec.name
+          name: Kind
+          type: string
+        - jsonPath: .spec.displayName
+          name: Display name
+          type: string
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          type: object
+          x-kubernetes-preserve-unknown-fields: true
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -33,7 +100,34 @@ metadata:
     app.kubernetes.io/component: dashboard
     app.kubernetes.io/instance: default
     app.kubernetes.io/part-of: tekton-dashboard
-  name: tekton-dashboard-backend
+  name: tekton-dashboard-backend-edit
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - serviceaccounts
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - dashboard.tekton.dev
+    resources:
+      - extensions
+    verbs:
+      - create
+      - update
+      - delete
+      - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/component: dashboard
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-dashboard
+  name: tekton-dashboard-backend-view
 rules:
   - apiGroups:
       - apiextensions.k8s.io
@@ -48,25 +142,6 @@ rules:
       - securitycontextconstraints
     verbs:
       - use
-  - apiGroups:
-      - tekton.dev
-    resources:
-      - clustertasks
-    verbs:
-      - get
-      - list
-      - watch
-      - update
-  - apiGroups:
-      - triggers.tekton.dev
-    resources:
-      - clusterinterceptors
-      - clustertriggerbindings
-    verbs:
-      - get
-      - list
-      - watch
-      - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -75,7 +150,7 @@ metadata:
     app.kubernetes.io/component: dashboard
     app.kubernetes.io/instance: default
     app.kubernetes.io/part-of: tekton-dashboard
-  name: tekton-dashboard-tenant
+  name: tekton-dashboard-tenant-view
 rules:
   - apiGroups:
       - dashboard.tekton.dev
@@ -85,7 +160,6 @@ rules:
       - get
       - list
       - watch
-      - update
   - apiGroups:
       - ""
     resources:
@@ -97,32 +171,6 @@ rules:
       - get
       - list
       - watch
-      - update
-  - apiGroups:
-      - tekton.dev
-    resources:
-      - tasks
-      - taskruns
-      - pipelines
-      - pipelineruns
-      - customruns
-    verbs:
-      - get
-      - list
-      - watch
-      - update
-  - apiGroups:
-      - triggers.tekton.dev
-    resources:
-      - eventlisteners
-      - interceptors
-      - triggerbindings
-      - triggers
-      - triggertemplates
-    verbs:
-      - get
-      - list
-      - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -149,11 +197,11 @@ metadata:
     app.kubernetes.io/instance: default
     app.kubernetes.io/part-of: tekton-dashboard
     rbac.dashboard.tekton.dev/subject: tekton-dashboard
-  name: tekton-dashboard-backend
+  name: tekton-dashboard-backend-view
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: tekton-dashboard-backend
+  name: tekton-dashboard-backend-view
 subjects:
   - kind: ServiceAccount
     name: tekton-dashboard
@@ -161,7 +209,7 @@ subjects:
 ---
 apiVersion: v1
 data:
-  version: v0.36.0
+  version: v0.63.1
 kind: ConfigMap
 metadata:
   labels:
@@ -179,9 +227,9 @@ metadata:
     app.kubernetes.io/instance: default
     app.kubernetes.io/name: dashboard
     app.kubernetes.io/part-of: tekton-dashboard
-    app.kubernetes.io/version: v0.36.0
+    app.kubernetes.io/version: v0.63.1
-    dashboard.tekton.dev/release: v0.36.0
+    dashboard.tekton.dev/release: v0.63.1
-    version: v0.36.0
+    version: v0.63.1
   name: tekton-dashboard
   namespace: tekton-pipelines
 spec:
@@ -205,9 +253,9 @@ metadata:
     app.kubernetes.io/instance: default
     app.kubernetes.io/name: dashboard
     app.kubernetes.io/part-of: tekton-dashboard
-    app.kubernetes.io/version: v0.36.0
+    app.kubernetes.io/version: v0.63.1
-    dashboard.tekton.dev/release: v0.36.0
+    dashboard.tekton.dev/release: v0.63.1
-    version: v0.36.0
+    version: v0.63.1
   name: tekton-dashboard
   namespace: tekton-pipelines
 spec:
@@ -226,27 +274,48 @@ spec:
         app.kubernetes.io/instance: default
         app.kubernetes.io/name: dashboard
         app.kubernetes.io/part-of: tekton-dashboard
-        app.kubernetes.io/version: v0.36.0
+        app.kubernetes.io/version: v0.63.1
       name: tekton-dashboard
     spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: kubernetes.io/os
+                    operator: NotIn
+                    values:
+                      - windows
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    app.kubernetes.io/component: dashboard
+                    app.kubernetes.io/instance: default
+                    app.kubernetes.io/name: dashboard
+                    app.kubernetes.io/part-of: tekton-dashboard
+                topologyKey: kubernetes.io/hostname
+              weight: 100
       containers:
         - args:
-            - --port=9097
+            - --default-namespace=
-            - --logout-url=
-            - --pipelines-namespace=tekton-pipelines
-            - --triggers-namespace=tekton-pipelines
-            - --read-only=no
-            - --log-level=info
-            - --log-format=json
-            - --namespace=
-            - --stream-logs=true
             - --external-logs=
+            - --log-format=json
+            - --log-level=info
+            - --logout-url=
+            - --namespaces=
+            - --pipelines-namespace=tekton-pipelines
+            - --port=9097
+            - --read-only=false
+            - --stream-logs=true
+            - --triggers-namespace=tekton-pipelines
           env:
             - name: INSTALLED_NAMESPACE
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
-          image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.36.0@sha256:e7058eabec6bc53bfb3505b637ea6208e6e81ff71a29a5f47a32fa0ed03cb5e4
+          image: ghcr.io/tektoncd/dashboard/dashboard-9623576a202fe86c8b7d1bc489905f86:v0.63.1@sha256:16eca97b649f6f27dfbab2be167be0afc34bab43af9d3304f64bf7f04d44e606
           livenessProbe:
             httpGet:
               path: /health
@@ -272,6 +341,8 @@ spec:
         kubernetes.io/os: linux
       serviceAccountName: tekton-dashboard
       volumes: []
+
+---
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -281,11 +352,101 @@ metadata:
     app.kubernetes.io/instance: default
     app.kubernetes.io/part-of: tekton-dashboard
     rbac.dashboard.tekton.dev/subject: tekton-dashboard
-  name: tekton-dashboard-tenant
+  name: tekton-dashboard-tenant-view
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: tekton-dashboard-tenant
+  name: tekton-dashboard-tenant-view
+subjects:
+  - kind: ServiceAccount
+    name: tekton-dashboard
+    namespace: tekton-pipelines
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: dashboard
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-dashboard
+    rbac.dashboard.tekton.dev/subject: tekton-dashboard
+  name: tekton-dashboard-pipelines-view
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-aggregate-view
+subjects:
+  - kind: ServiceAccount
+    name: tekton-dashboard
+    namespace: tekton-pipelines
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: dashboard
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-dashboard
+    rbac.dashboard.tekton.dev/subject: tekton-dashboard
+  name: tekton-dashboard-triggers-view
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-triggers-aggregate-view
+subjects:
+  - kind: ServiceAccount
+    name: tekton-dashboard
+    namespace: tekton-pipelines
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: dashboard
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-dashboard
+    rbac.dashboard.tekton.dev/subject: tekton-dashboard
+  name: tekton-dashboard-backend-edit
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-dashboard-backend-edit
+subjects:
+  - kind: ServiceAccount
+    name: tekton-dashboard
+    namespace: tekton-pipelines
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: dashboard
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-dashboard
+    rbac.dashboard.tekton.dev/subject: tekton-dashboard
+  name: tekton-dashboard-pipelines-edit
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-aggregate-edit
+subjects:
+  - kind: ServiceAccount
+    name: tekton-dashboard
+    namespace: tekton-pipelines
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: dashboard
+    app.kubernetes.io/instance: default
+    app.kubernetes.io/part-of: tekton-dashboard
+    rbac.dashboard.tekton.dev/subject: tekton-dashboard
+  name: tekton-dashboard-triggers-edit
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-triggers-aggregate-edit
 subjects:
   - kind: ServiceAccount
     name: tekton-dashboard

dev/tekton/diversen/dashboard-patch.yaml

@@ -1,31 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: tekton-dashboard-tutorial
-rules:
-  - apiGroups:
-      - tekton.dev
-    resources:
-      - tasks
-      - taskruns
-      - pipelines
-      - pipelineruns
-    verbs:
-      - get
-      - create
-      - update
-      - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: tekton-dashboard-tutorial
-  namespace: default
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: tekton-dashboard-tutorial
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: tekton-dashboard

dev/tekton/diversen/dashboard.yaml

@@ -1,337 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  labels:
-    app.kubernetes.io/component: dashboard
-    app.kubernetes.io/instance: default
-    app.kubernetes.io/part-of: tekton-dashboard
-  name: extensions.dashboard.tekton.dev
-spec:
-  group: dashboard.tekton.dev
-  names:
-    categories:
-      - tekton
-      - tekton-dashboard
-    kind: Extension
-    plural: extensions
-    shortNames:
-      - ext
-      - exts
-  preserveUnknownFields: false
-  scope: Namespaced
-  versions:
-    - additionalPrinterColumns:
-        - jsonPath: .spec.apiVersion
-          name: API version
-          type: string
-        - jsonPath: .spec.name
-          name: Kind
-          type: string
-        - jsonPath: .spec.displayname
-          name: Display name
-          type: string
-        - jsonPath: .metadata.creationTimestamp
-          name: Age
-          type: date
-      name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          type: object
-          x-kubernetes-preserve-unknown-fields: true
-      served: true
-      storage: true
-      subresources:
-        status: {}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/component: dashboard
-    app.kubernetes.io/instance: default
-    app.kubernetes.io/part-of: tekton-dashboard
-  name: tekton-dashboard
-  namespace: tekton-pipelines
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    app.kubernetes.io/instance: default
-    app.kubernetes.io/part-of: tekton-dashboard
-  name: tekton-dashboard-info
-  namespace: tekton-pipelines
-rules:
-  - apiGroups:
-      - ""
-    resourceNames:
-      - dashboard-info
-    resources:
-      - configmaps
-    verbs:
-      - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/component: dashboard
-    app.kubernetes.io/instance: default
-    app.kubernetes.io/part-of: tekton-dashboard
-  name: tekton-dashboard-backend
-rules:
-  - apiGroups:
-      - apiextensions.k8s.io
-    resources:
-      - customresourcedefinitions
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - security.openshift.io
-    resources:
-      - securitycontextconstraints
-    verbs:
-      - use
-  - apiGroups:
-      - tekton.dev
-    resources:
-      - clustertasks
-    verbs:
-      - get
-      - list
-      - watch
-      - update
-  - apiGroups:
-      - triggers.tekton.dev
-    resources:
-      - clusterinterceptors
-      - clustertriggerbindings
-    verbs:
-      - get
-      - list
-      - watch
-      - update
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/component: dashboard
-    app.kubernetes.io/instance: default
-    app.kubernetes.io/part-of: tekton-dashboard
-  name: tekton-dashboard-tenant
-rules:
-  - apiGroups:
-      - dashboard.tekton.dev
-    resources:
-      - extensions
-    verbs:
-      - get
-      - list
-      - watch
-      - update
-  - apiGroups:
-      - ""
-    resources:
-      - events
-      - namespaces
-      - pods
-      - pods/log
-    verbs:
-      - get
-      - list
-      - watch
-      - update
-  - apiGroups:
-      - tekton.dev
-    resources:
-      - tasks
-      - taskruns
-      - pipelines
-      - pipelineruns
-      - customruns
-    verbs:
-      - get
-      - list
-      - watch
-      - update
-  - apiGroups:
-      - triggers.tekton.dev
-    resources:
-      - eventlisteners
-      - interceptors
-      - triggerbindings
-      - triggers
-      - triggertemplates
-    verbs:
-      - get
-      - list
-      - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/instance: default
-    app.kubernetes.io/part-of: tekton-dashboard
-  name: tekton-dashboard-info
-  namespace: tekton-pipelines
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: tekton-dashboard-info
-subjects:
-  - apiGroup: rbac.authorization.k8s.io
-    kind: Group
-    name: system:authenticated
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/component: dashboard
-    app.kubernetes.io/instance: default
-    app.kubernetes.io/part-of: tekton-dashboard
-    rbac.dashboard.tekton.dev/subject: tekton-dashboard
-  name: tekton-dashboard-backend
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: tekton-dashboard-backend
-subjects:
-  - kind: ServiceAccount
-    name: tekton-dashboard
-    namespace: tekton-pipelines
----
-apiVersion: v1
-data:
-  version: v0.36.0
-kind: ConfigMap
-metadata:
-  labels:
-    app.kubernetes.io/instance: default
-    app.kubernetes.io/part-of: tekton-dashboard
-  name: dashboard-info
-  namespace: tekton-pipelines
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: tekton-dashboard
-    app.kubernetes.io/component: dashboard
-    app.kubernetes.io/instance: default
-    app.kubernetes.io/name: dashboard
-    app.kubernetes.io/part-of: tekton-dashboard
-    app.kubernetes.io/version: v0.36.0
-    dashboard.tekton.dev/release: v0.36.0
-    version: v0.36.0
-  name: tekton-dashboard
-  namespace: tekton-pipelines
-spec:
-  ports:
-    - name: http
-      port: 9097
-      protocol: TCP
-      targetPort: 9097
-  selector:
-    app.kubernetes.io/component: dashboard
-    app.kubernetes.io/instance: default
-    app.kubernetes.io/name: dashboard
-    app.kubernetes.io/part-of: tekton-dashboard
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: tekton-dashboard
-    app.kubernetes.io/component: dashboard
-    app.kubernetes.io/instance: default
-    app.kubernetes.io/name: dashboard
-    app.kubernetes.io/part-of: tekton-dashboard
-    app.kubernetes.io/version: v0.36.0
-    dashboard.tekton.dev/release: v0.36.0
-    version: v0.36.0
-  name: tekton-dashboard
-  namespace: tekton-pipelines
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/component: dashboard
-      app.kubernetes.io/instance: default
-      app.kubernetes.io/name: dashboard
-      app.kubernetes.io/part-of: tekton-dashboard
-  template:
-    metadata:
-      labels:
-        app: tekton-dashboard
-        app.kubernetes.io/component: dashboard
-        app.kubernetes.io/instance: default
-        app.kubernetes.io/name: dashboard
-        app.kubernetes.io/part-of: tekton-dashboard
-        app.kubernetes.io/version: v0.36.0
-      name: tekton-dashboard
-    spec:
-      containers:
-        - args:
-            - --port=9097
-            - --logout-url=
-            - --pipelines-namespace=tekton-pipelines
-            - --triggers-namespace=tekton-pipelines
-            - --read-only=no
-            - --log-level=info
-            - --log-format=json
-            - --namespace=
-            - --stream-logs=true
-            - --external-logs=
-          env:
-            - name: INSTALLED_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-          image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.36.0@sha256:e7058eabec6bc53bfb3505b637ea6208e6e81ff71a29a5f47a32fa0ed03cb5e4
-          livenessProbe:
-            httpGet:
-              path: /health
-              port: 9097
-          name: tekton-dashboard
-          ports:
-            - containerPort: 9097
-          readinessProbe:
-            httpGet:
-              path: /readiness
-              port: 9097
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-            runAsGroup: 65532
-            runAsNonRoot: true
-            runAsUser: 65532
-            seccompProfile:
-              type: RuntimeDefault
-      nodeSelector:
-        kubernetes.io/os: linux
-      serviceAccountName: tekton-dashboard
-      volumes: []
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/component: dashboard
-    app.kubernetes.io/instance: default
-    app.kubernetes.io/part-of: tekton-dashboard
-    rbac.dashboard.tekton.dev/subject: tekton-dashboard
-  name: tekton-dashboard-tenant
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: tekton-dashboard-tenant
-subjects:
-  - kind: ServiceAccount
-    name: tekton-dashboard
-    namespace: tekton-pipelines