$ tkn pipeline export test_pipeline -n openshift-pipelines- Documentation
- OpenShift Container Platform
- CI/CD
- Pipelines
- OpenShift Pipelines release notes history bug_report picture_as_pdf
- About
- Release notes
- Getting started
- Architecture
-
Installing
- Installation overview
- Selecting an installation method and preparing a cluster
- Disconnected installation mirroring
- Installing on Alibaba
-
Installing on AWS
- Preparing to install on AWS
- Configuring an AWS account
- Manually creating IAM
- Installing a cluster quickly on AWS
- Installing a cluster on AWS with customizations
- Installing a cluster on AWS with network customizations
- Installing a cluster on AWS in a restricted network
- Installing a cluster on AWS into an existing VPC
- Installing a private cluster on AWS
- Installing a cluster on AWS into a government region
- Installing a cluster on AWS into a Top Secret Region
- Installing a cluster on AWS into a China region
- Installing a cluster on AWS using CloudFormation templates
- Installing a cluster on AWS in a restricted network with user-provisioned infrastructure
- Uninstalling a cluster on AWS
-
Installing on Azure
- Preparing to install on Azure
- Configuring an Azure account
- Manually creating IAM
- Installing a cluster quickly on Azure
- Installing a cluster on Azure with customizations
- Installing a cluster on Azure with network customizations
- Installing a cluster on Azure into an existing VNet
- Installing a private cluster on Azure
- Installing a cluster on Azure into a government region
- Installing a cluster on Azure using ARM templates
- Uninstalling a cluster on Azure
-
Installing on Azure Stack Hub
- Preparing to install on Azure Stack Hub
- Configuring an Azure Stack Hub account
- Installing a cluster on Azure Stack Hub with an installer-provisioned infrastructure
- Installing a cluster on Azure Stack Hub with network customizations
- Installing a cluster on Azure Stack Hub using ARM templates
- Uninstalling a cluster on Azure Stack Hub
-
Installing on GCP
- Preparing to install on GCP
- Configuring a GCP project
- Manually creating IAM
- Installing a cluster quickly on GCP
- Installing a cluster on GCP with customizations
- Installing a cluster on GCP with network customizations
- Installing a cluster on GCP in a restricted network
- Installing a cluster on GCP into an existing VPC
- Installing a private cluster on GCP
- Installing a cluster on GCP using Deployment Manager templates
- Installing a cluster into a shared VPC on GCP using Deployment Manager templates
- Installing a cluster on GCP in a restricted network with user-provisioned infrastructure
- Uninstalling a cluster on GCP
- Installing on IBM Cloud VPC
- Installing on bare metal
- Installing on-premise with Assisted Installer
- Installing on a single node
- Deploying installer-provisioned clusters on bare metal
- Installing bare metal clusters on IBM Cloud
- Installing with z/VM on IBM Z and LinuxONE
- Installing with RHEL KVM on IBM Z and LinuxONE
- Installing on IBM Power
-
Installing on OpenStack
- Preparing to install on OpenStack
- Installing a cluster on OpenStack with customizations
- Installing a cluster on OpenStack with Kuryr
- Installing a cluster that supports SR-IOV compute machines on OpenStack
- Installing a cluster on OpenStack that supports OVS-DPDK-connected compute machines
- Installing a cluster on OpenStack on your own infrastructure
- Installing a cluster on OpenStack with Kuryr on your own infrastructure
- Installing a cluster on OpenStack on your own SR-IOV infrastructure
- Installing a cluster on OpenStack in a restricted network
- Uninstalling a cluster on OpenStack
- Uninstalling a cluster on OpenStack from your own infrastructure
- Installing on RHV
-
Installing on vSphere
- Preparing to install on vSphere
- Installing a cluster on vSphere
- Installing a cluster on vSphere with customizations
- Installing a cluster on vSphere with network customizations
- Installing a cluster on vSphere with user-provisioned infrastructure
- Installing a cluster on vSphere with user-provisioned infrastructure and network customizations
- Installing a cluster on vSphere in a restricted network
- Installing a cluster on vSphere in a restricted network with user-provisioned infrastructure
- Uninstalling a cluster on vSphere that uses installer-provisioned infrastructure
- Using the vSphere Problem Detector Operator
-
Installing on VMC
- Preparing to install on VMC
- Installing a cluster on VMC
- Installing a cluster on VMC with customizations
- Installing a cluster on VMC with network customizations
- Installing a cluster on VMC in a restricted network
- Installing a cluster on VMC with user-provisioned infrastructure
- Installing a cluster on VMC with user-provisioned infrastructure and network customizations
- Installing a cluster on VMC in a restricted network with user-provisioned infrastructure
- Uninstalling a cluster on VMC
- Installing on any platform
- Installation configuration
- Validating an installation
- Troubleshooting installation issues
- Support for FIPS cryptography
-
Post-installation configuration
- Post-installation configuration overview
- Configuring a private cluster
- Bare metal configuration
- Machine configuration tasks
- Cluster tasks
- Node tasks
- Network configuration
- Storage configuration
- Preparing for users
- Configuring alert notifications
- Converting a connected cluster to a disconnected cluster
-
Updating clusters
- Updating clusters overview
- Understanding OpenShift updates
- Understanding upgrade channels
- Understanding OpenShift update duration
- Preparing to perform an EUS-to-EUS update
- Updating a cluster using the web console
- Updating a cluster using the CLI
- Performing update using canary rollout strategy
- Updating a cluster that includes RHEL compute machines
- Updating a restricted network cluster
- Updating hardware on nodes running on vSphere
-
Support
- Support overview
- Managing your cluster resources
- Getting support
-
Remote health monitoring with connected clusters
- About remote health monitoring
- Showing data collected by remote health monitoring
- Opting out of remote health reporting
- Enabling remote health reporting
- Using Insights to identify issues with your cluster
- Using Insights Operator
- Using remote health reporting in a restricted network
- Importing simple content access certificates with Insights Operator
- Gathering data about your cluster
- Summarizing cluster specifications
-
Troubleshooting
- Troubleshooting installations
- Verifying node health
- Troubleshooting CRI-O container runtime issues
- Troubleshooting operating system issues
- Troubleshooting network issues
- Troubleshooting Operator issues
- Investigating pod issues
- Troubleshooting the Source-to-Image process
- Troubleshooting storage issues
- Troubleshooting Windows container workload issues
- Investigating monitoring issues
- Diagnosing OpenShift CLI (oc) issues
- Web console
- CLI tools
-
Security and compliance
- Security and compliance overview
-
Container security
- Understanding container security
- Understanding host and VM security
- Hardening Red Hat Enterprise Linux CoreOS
- Container image signatures
- Understanding compliance
- Securing container content
- Using container registries securely
- Securing the build process
- Deploying containers
- Securing the container platform
- Securing networks
- Securing attached storage
- Monitoring cluster events and logs
- Configuring certificates
-
Certificate types and descriptions
- User-provided certificates for the API server
- Proxy certificates
- Service CA certificates
- Node certificates
- Bootstrap certificates
- etcd certificates
- OLM certificates
- User-provided certificates for default ingress
- Ingress certificates
- Monitoring and cluster logging Operator component certificates
- Control plane certificates
-
Compliance Operator
- Compliance Operator release notes
- Supported compliance profiles
- Installing the Compliance Operator
- Compliance Operator scans
- Understanding the Compliance Operator
- Managing the Compliance Operator
- Tailoring the Compliance Operator
- Retrieving Compliance Operator raw results
- Managing Compliance Operator remediation
- Performing advanced Compliance Operator tasks
- Troubleshooting the Compliance Operator
- Uninstalling the Compliance Operator
- Using the oc-compliance plug-in
- Understanding the Custom Resource Definitions
- File Integrity Operator
- cert-manager Operator for Red Hat OpenShift
- Viewing audit logs
- Configuring the audit log policy
- Configuring TLS security profiles
- Configuring seccomp profiles
- Allowing JavaScript-based access to the API server from additional hosts
- Encrypting etcd data
- Scanning pods for vulnerabilities
- Network-Bound Disk Encryption (NBDE)
-
Authentication and authorization
- Authentication and authorization overview
- Understanding authentication
- Configuring the internal OAuth server
- Configuring OAuth clients
- Managing user-owned OAuth access tokens
- Understanding identity provider configuration
-
Configuring identity providers
- Configuring an HTPasswd identity provider
- Configuring a Keystone identity provider
- Configuring an LDAP identity provider
- Configuring a basic authentication identity provider
- Configuring a request header identity provider
- Configuring a GitHub or GitHub Enterprise identity provider
- Configuring a GitLab identity provider
- Configuring a Google identity provider
- Configuring an OpenID Connect identity provider
- Using RBAC to define and apply permissions
- Removing the kubeadmin user
- Understanding and creating service accounts
- Using service accounts in applications
- Using a service account as an OAuth client
- Scoping tokens
- Using bound service account tokens
- Managing security context constraints
- Impersonating the system:admin user
- Syncing LDAP groups
- Managing cloud provider credentials
-
Networking
- Understanding networking
- Accessing hosts
- Networking Operators overview
- Understanding the Cluster Network Operator
- Understanding the DNS Operator
- Understanding the Ingress Operator
- Configuring the Ingress Controller endpoint publishing strategy
- Verifying connectivity to an endpoint
- Changing the cluster network MTU
- Configuring the node port service range
- Configuring IP failover
- Using SCTP
- Using PTP hardware
- External DNS Operator
- Network policy
-
Multiple networks
- Understanding multiple networks
- Configuring an additional network
- About virtual routing and forwarding
- Configuring multi-network policy
- Attaching a pod to an additional network
- Removing a pod from an additional network
- Editing an additional network
- Removing an additional network
- Assigning a secondary network to a VRF
-
Hardware networks
- About Single Root I/O Virtualization (SR-IOV) hardware networks
- Installing the SR-IOV Operator
- Configuring the SR-IOV Operator
- Configuring an SR-IOV network device
- Configuring an SR-IOV Ethernet network attachment
- Configuring an SR-IOV InfiniBand network attachment
- Adding a pod to an SR-IOV network
- Using high performance multicast
- Using DPDK and RDMA
- Using pod-level bonding for secondary networks
- Configuring hardware offloading
- Uninstalling the SR-IOV Operator
-
OpenShift SDN default CNI network provider
- About the OpenShift SDN default CNI network provider
- Configuring egress IPs for a project
- Configuring an egress firewall for a project
- Viewing an egress firewall for a project
- Editing an egress firewall for a project
- Removing an egress firewall from a project
- Considerations for the use of an egress router pod
- Deploying an egress router pod in redirect mode
- Deploying an egress router pod in HTTP proxy mode
- Deploying an egress router pod in DNS proxy mode
- Configuring an egress router pod destination list from a config map
- Enabling multicast for a project
- Disabling multicast for a project
- Configuring multitenant isolation
- Configuring kube-proxy
-
OVN-Kubernetes default CNI network provider
- About the OVN-Kubernetes network provider
- Migrating from the OpenShift SDN cluster network provider
- Rolling back to the OpenShift SDN cluster network provider
- Converting to IPv4/IPv6 dual stack networking
- IPsec encryption configuration
- Configuring an egress firewall for a project
- Viewing an egress firewall for a project
- Editing an egress firewall for a project
- Removing an egress firewall from a project
- Configuring an egress IP address
- Assigning an egress IP address
- Considerations for the use of an egress router pod
- Deploying an egress router pod in redirect mode
- Enabling multicast for a project
- Disabling multicast for a project
- Tracking network flows
- Configuring hybrid networking
- Configuring Routes
-
Configuring ingress cluster traffic
- Overview
- Configuring ExternalIPs for services
- Configuring ingress cluster traffic using an Ingress Controller
- Configuring ingress cluster traffic using a load balancer
- Configuring ingress cluster traffic on AWS using a Network Load Balancer
- Configuring ingress cluster traffic using a service external IP
- Configuring ingress cluster traffic using a NodePort
- Kubernetes NMState
- Configuring the cluster-wide proxy
- Configuring a custom PKI
- Load balancing on OpenStack
- Load balancing with MetalLB
- Associating secondary interfaces metrics to network attachments
-
Storage
- Storage overview
- Understanding ephemeral storage
- Understanding persistent storage
-
Configuring persistent storage
- Persistent storage using AWS Elastic Block Store
- Persistent storage using Azure Disk
- Persistent storage using Azure File
- Persistent storage using Cinder
- Persistent storage using Fibre Channel
- Persistent storage using FlexVolume
- Persistent storage using GCE Persistent Disk
- Persistent storage using hostPath
- Persistent Storage using iSCSI
- Persistent storage using local volumes
- Persistent storage using NFS
- Persistent storage using Red Hat OpenShift Data Foundation
- Persistent storage using VMware vSphere
-
Using Container Storage Interface (CSI)
- Configuring CSI volumes
- CSI inline ephemeral volumes
- Shared Resource CSI Driver Operator
- CSI volume snapshots
- CSI volume cloning
- CSI automatic migration
- AliCloud Disk CSI Driver Operator
- AWS Elastic Block Store CSI Driver Operator
- AWS Elastic File Service CSI Driver Operator
- Azure Disk CSI Driver Operator
- Azure File CSI Driver Operator
- Azure Stack Hub CSI Driver Operator
- GCP PD CSI Driver Operator
- IBM VPC Block CSI Driver Operator
- OpenStack Cinder CSI Driver Operator
- OpenStack Manila CSI Driver Operator
- Red Hat Virtualization CSI Driver Operator
- VMware vSphere CSI Driver Operator
- Expanding persistent volumes
- Dynamic provisioning
-
Registry
- Registry overview
- Image Registry Operator in OpenShift Container Platform
-
Setting up and configuring the registry
- Configuring the registry for AWS user-provisioned infrastructure
- Configuring the registry for GCP user-provisioned infrastructure
- Configuring the registry for OpenStack user-provisioned infrastructure
- Configuring the registry for Azure user-provisioned infrastructure
- Configuring the registry for OpenStack
- Configuring the registry for bare metal
- Configuring the registry for vSphere
- Accessing the registry
- Exposing the registry
-
Operators
- Operators overview
- Understanding Operators
- User tasks
-
Administrator tasks
- Adding Operators to a cluster
- Upgrading installed Operators
- Deleting Operators from a cluster
- Configuring OLM features
- Configuring proxy support
- Viewing Operator status
- Managing Operator conditions
- Allowing non-cluster administrators to install Operators
- Managing custom catalogs
- Using OLM on restricted networks
-
Developing Operators
- About the Operator SDK
- Installing the Operator SDK CLI
- Upgrading projects for newer Operator SDK versions
- Go-based Operators
- Ansible-based Operators
- Helm-based Operators
- Defining cluster service versions (CSVs)
- Working with bundle images
- Validating Operators using the scorecard
- High-availability or single-node cluster detection and support
- Configuring built-in monitoring with Prometheus
- Configuring leader election
- Object pruning utility
- Migrating package manifest projects to bundle format
- Operator SDK CLI reference
- Cluster Operators reference
-
CI/CD
- CI/CD overview
-
Builds
- Understanding image builds
- Understanding build configurations
- Creating build inputs
- Managing build output
- Using build strategies
- Custom image builds with Buildah
- Performing and configuring basic builds
- Triggering and modifying builds
- Performing advanced builds
- Using Red Hat subscriptions in builds
- Securing builds by strategy
- Build configuration resources
- Troubleshooting builds
- Setting up additional trusted certificate authorities for builds
- Migrating from Jenkins to Tekton
-
Pipelines
- OpenShift Pipelines release notes
- Understanding OpenShift Pipelines
- Installing OpenShift Pipelines
- Uninstalling OpenShift Pipelines
- Creating CI/CD solutions for applications using OpenShift Pipelines
- Managing non-versioned and versioned cluster tasks
- Using Tekton Hub with OpenShift Pipelines
- Using Pipelines as Code
- Working with OpenShift Pipelines using the Developer perspective
- Reducing resource consumption of OpenShift Pipelines
- Setting compute resource quota for OpenShift Pipelines
- Automatic pruning of task run and pipeline run
- Using pods in a privileged security context
- Securing webhooks with event listeners
- Authenticating pipelines using git secret
- Using Tekton Chains for OpenShift Pipelines supply chain security
- Viewing pipeline logs using the OpenShift Logging Operator
-
GitOps
- OpenShift GitOps release notes
- Understanding OpenShift GitOps
- Installing OpenShift GitOps
- Uninstalling OpenShift GitOps
- Setting up a new Argo CD instance
- Configuring an OpenShift cluster by deploying an application with cluster configurations
- Deploying a Spring Boot application with Argo CD
- Argo CD custom resource properties
- Monitoring application health status
- Configuring SSO for Argo CD using Dex
- Configuring SSO for Argo CD using Keycloak
- Configuring Argo CD RBAC
- Running Control Plane Workloads on Infra nodes
- Sizing requirements for GitOps Operator
-
Images
- Overview of images
- Configuring the Cluster Samples Operator
- Using the Cluster Samples Operator with an alternate registry
- Creating images
- Managing images
- Managing image streams
- Using image streams with Kubernetes resources
- Triggering updates on image stream changes
- Image configuration resources
- Using templates
- Using Ruby on Rails
- Using images
-
Building applications
- Building applications overview
- Projects
- Creating applications
- Viewing application composition using the Topology view
-
Connecting applications to services
- Service Binding Operator release notes
- Understanding Service Binding Operator
- Installing Service Binding Operator
- Getting started with service binding
- Getting started with service binding on IBM Power, IBM Z, and LinuxONE
- Exposing binding data from a service
- Projecting binding data
- Binding workloads using Service Binding Operator
- Connecting an application to a service using the Developer perspective
- Working with Helm charts
- Deployments
- Quotas
- Using config maps with applications
- Monitoring project and application metrics using the Developer perspective
- Monitoring application health
- Editing applications
- Pruning objects to reclaim resources
- Idling applications
- Deleting applications
- Using the Red Hat Marketplace
-
Machine management
- Overview of machine management
-
Creating machine sets
- Creating a machine set on Alibaba Cloud
- Creating a machine set on AWS
- Creating a machine set on Azure
- Creating a machine set on Azure Stack Hub
- Creating a machine set on GCP
- Creating a machine set on IBM Cloud
- Creating a machine set on OpenStack
- Creating a machine set on RHV
- Creating a machine set on vSphere
- Manually scaling a machine set
- Modifying a machine set
- Deleting a machine
- Applying autoscaling to a cluster
- Creating infrastructure machine sets
- Adding a RHEL compute machine
- Adding more RHEL compute machines
- User-provisioned infrastructure
- Deploying machine health checks
-
Nodes
- Overview of nodes
-
Working with pods
- About pods
- Viewing pods
- Configuring a cluster for pods
- Automatically scaling pods with the horizontal pod autoscaler
- Automatically scaling pods with the custom metrics autoscaler
- Automatically adjust pod resource levels with the vertical pod autoscaler
- Providing sensitive data to pods
- Creating and using config maps
- Using Device Manager to make devices available to nodes
- Including pod priority in pod scheduling decisions
- Placing pods on specific nodes using node selectors
-
Controlling pod placement onto nodes (scheduling)
- About pod placement using the scheduler
- Scheduling pods using a scheduler profile
- Placing pods relative to other pods using pod affinity and anti-affinity rules
- Controlling pod placement on nodes using node affinity rules
- Placing pods onto overcommited nodes
- Controlling pod placement using node taints
- Placing pods on specific nodes using node selectors
- Controlling pod placement using pod topology spread constraints
- Running a custom scheduler
- Evicting pods using the descheduler
- Secondary scheduler
- Using Jobs and DaemonSets
-
Working with nodes
- Viewing and listing the nodes in your cluster
- Working with nodes
- Managing nodes
- Managing the maximum number of pods per node
- Using the Node Tuning Operator
- Remediating nodes with the Poison Pill Operator
- Deploying node health checks by using the Node Health Check Operator
- Using the Node Maintenance Operator to place nodes in maintenance mode
- Understanding node rebooting
- Freeing node resources using garbage collection
- Allocating resources for nodes
- Allocating specific CPUs for nodes in a cluster
- Configuring the TLS security profile for the kubelet
- Machine Config Daemon metrics
-
Working with containers
- Using containers
- Using Init Containers to perform tasks before a pod is deployed
- Using volumes to persist container data
- Mapping volumes using projected volumes
- Allowing containers to consume API objects
- Copying files to or from a container
- Executing remote commands in a container
- Using port forwarding to access applications in a container
- Using sysctls in containers
- Working with clusters
- Remote worker nodes on the network edge
-
Windows Container Support for OpenShift
- Red Hat OpenShift support for Windows Containers overview
- Red Hat OpenShift support for Windows Containers release notes
- Understanding Windows container workloads
- Enabling Windows container workloads
- Creating Windows MachineSet objects
- Scheduling Windows container workloads
- Windows node upgrades
- Using Bring-Your-Own-Host Windows instances as nodes
- Removing Windows nodes
- Disabling Windows container workloads
-
Sandboxed Containers Support for OpenShift
- OpenShift sandboxed containers release notes
- Understanding OpenShift sandboxed containers
- Deploying OpenShift sandboxed containers workloads
- Monitoring OpenShift sandboxed containers
- Uninstalling OpenShift sandboxed containers
- Upgrading OpenShift sandboxed containers
- Collecting OpenShift sandboxed containers data
-
Logging
- Release notes
- About Logging
- Installing Logging
-
Configuring your Logging deployment
- About the Cluster Logging custom resource
- Configuring the logging collector
- Configuring the log store
- Configuring the log visualizer
- Configuring Logging storage
- Configuring CPU and memory limits for Logging components
- Using tolerations to control Logging pod placement
- Moving the Logging resources with node selectors
- Configuring systemd-journald for Logging
- Maintenance and support
- Logging with the LokiStack
- Viewing logs for a specific resource
- Viewing cluster logs in Kibana
- Forwarding logs to third party systems
- Enabling JSON logging
- Collecting and storing Kubernetes events
- Updating Logging
- Viewing cluster dashboards
- Troubleshooting Logging
- Uninstalling Logging
- Exported fields
-
Monitoring
- Monitoring overview
- Configuring the monitoring stack
- Enabling monitoring for user-defined projects
- Enabling alert routing for user-defined projects
- Managing metrics
- Managing metrics targets
- Managing alerts
- Reviewing monitoring dashboards
- Monitoring bare-metal events
- Accessing third-party monitoring UIs and APIs
- Troubleshooting monitoring issues
- ConfigMap reference for Cluster Monitoring Operator
-
Scalability and performance
- Recommended installation practices
- Recommended host practices
- Recommended host practices for IBM Z & LinuxONE environments
- Recommended cluster scaling practices
- Using the Node Tuning Operator
- Using CPU Manager
- Using Topology Manager
- Scheduling NUMA-aware workloads
- Scaling the Cluster Monitoring Operator
- Planning your environment according to object maximums
- Optimizing storage
- Optimizing routing
- Optimizing networking
- Managing bare metal hosts
- What huge pages do and how they are consumed by apps
- Performance Addon Operator for low latency nodes
- Topology Aware Lifecycle Manager for cluster updates
- Creating a performance profile
- Deploying distributed units manually on single-node OpenShift
- Validating cluster tuning for vDU application workloads
- Workload partitioning on single-node OpenShift
- Deploying distributed units at scale in a disconnected environment
- Specialized hardware and driver enablement
-
Backup and restore
- Overview of backup and restore operations
- Shutting down a cluster gracefully
- Restarting a cluster gracefully
- Application backup and restore
- Control plane backup and restore
-
Migrating from version 3 to 4
- Migrating from version 3 to 4 overview
- About migrating from OpenShift Container Platform 3 to 4
- Differences between OpenShift Container Platform 3 and 4
- Network considerations
- About MTC
- Installing MTC
- Installing MTC in a restricted network environment
- Upgrading MTC
- Premigration checklists
- Migrating your applications
- Advanced migration options
- Troubleshooting
- Migration Toolkit for Containers
-
API reference
- Understanding API tiers
- API compatibility guidelines
- Editing kubelet log level verbosity and gathering logs
- API list
- Common object reference
-
Authorization APIs
- About Authorization APIs
- LocalResourceAccessReview [authorization.openshift.io/v1]
- LocalSubjectAccessReview [authorization.openshift.io/v1]
- ResourceAccessReview [authorization.openshift.io/v1]
- SelfSubjectRulesReview [authorization.openshift.io/v1]
- SubjectAccessReview [authorization.openshift.io/v1]
- SubjectRulesReview [authorization.openshift.io/v1]
- TokenRequest [authentication.k8s.io/v1]
- TokenReview [authentication.k8s.io/v1]
- LocalSubjectAccessReview [authorization.k8s.io/v1]
- SelfSubjectAccessReview [authorization.k8s.io/v1]
- SelfSubjectRulesReview [authorization.k8s.io/v1]
- SubjectAccessReview [authorization.k8s.io/v1]
- Autoscale APIs
-
Config APIs
- About Config APIs
- APIServer [config.openshift.io/v1]
- Authentication [config.openshift.io/v1]
- Build [config.openshift.io/v1]
- ClusterOperator [config.openshift.io/v1]
- ClusterVersion [config.openshift.io/v1]
- Console [config.openshift.io/v1]
- DNS [config.openshift.io/v1]
- FeatureGate [config.openshift.io/v1]
- HelmChartRepository [helm.openshift.io/v1beta1]
- Image [config.openshift.io/v1]
- ImageContentPolicy [config.openshift.io/v1]
- Infrastructure [config.openshift.io/v1]
- Ingress [config.openshift.io/v1]
- Network [config.openshift.io/v1]
- OAuth [config.openshift.io/v1]
- OperatorHub [config.openshift.io/v1]
- Project [config.openshift.io/v1]
- Proxy [config.openshift.io/v1]
- Scheduler [config.openshift.io/v1]
-
Console APIs
- About Console APIs
- ConsoleCLIDownload [console.openshift.io/v1]
- ConsoleExternalLogLink [console.openshift.io/v1]
- ConsoleLink [console.openshift.io/v1]
- ConsoleNotification [console.openshift.io/v1]
- ConsolePlugin [console.openshift.io/v1alpha1]
- ConsoleQuickStart [console.openshift.io/v1]
- ConsoleYAMLSample [console.openshift.io/v1]
- Extension APIs
-
Image APIs
- About Image APIs
- Image [image.openshift.io/v1]
- ImageSignature [image.openshift.io/v1]
- ImageStreamImage [image.openshift.io/v1]
- ImageStreamImport [image.openshift.io/v1]
- ImageStreamLayers [image.openshift.io/v1]
- ImageStreamMapping [image.openshift.io/v1]
- ImageStream [image.openshift.io/v1]
- ImageStreamTag [image.openshift.io/v1]
- ImageTag [image.openshift.io/v1]
- SecretList [image.openshift.io/v1]
-
Machine APIs
- About Machine APIs
- ContainerRuntimeConfig [machineconfiguration.openshift.io/v1]
- ControllerConfig [machineconfiguration.openshift.io/v1]
- KubeletConfig [machineconfiguration.openshift.io/v1]
- MachineConfigPool [machineconfiguration.openshift.io/v1]
- MachineConfig [machineconfiguration.openshift.io/v1]
- MachineHealthCheck [machine.openshift.io/v1beta1]
- Machine [machine.openshift.io/v1beta1]
- MachineSet [machine.openshift.io/v1beta1]
- Metadata APIs
-
Monitoring APIs
- About Monitoring APIs
- Alertmanager [monitoring.coreos.com/v1]
- AlertmanagerConfig [monitoring.coreos.com/v1alpha1]
- PodMonitor [monitoring.coreos.com/v1]
- Probe [monitoring.coreos.com/v1]
- Prometheus [monitoring.coreos.com/v1]
- PrometheusRule [monitoring.coreos.com/v1]
- ServiceMonitor [monitoring.coreos.com/v1]
- ThanosRuler [monitoring.coreos.com/v1]
-
Network APIs
- About Network APIs
- ClusterNetwork [network.openshift.io/v1]
- Endpoints [v1]
- EndpointSlice [discovery.k8s.io/v1]
- EgressNetworkPolicy [network.openshift.io/v1]
- EgressRouter [network.operator.openshift.io/v1]
- HostSubnet [network.openshift.io/v1]
- Ingress [networking.k8s.io/v1]
- IngressClass [networking.k8s.io/v1]
- IPPool [whereabouts.cni.cncf.io/v1alpha1]
- NetNamespace [network.openshift.io/v1]
- NetworkAttachmentDefinition [k8s.cni.cncf.io/v1]
- NetworkPolicy [networking.k8s.io/v1]
- PodNetworkConnectivityCheck [controlplane.operator.openshift.io/v1alpha1]
- Route [route.openshift.io/v1]
- Service [v1]
- Node APIs
- OAuth APIs
-
Operator APIs
- About Operator APIs
- Authentication [operator.openshift.io/v1]
- CloudCredential [operator.openshift.io/v1]
- ClusterCSIDriver [operator.openshift.io/v1]
- Console [operator.openshift.io/v1]
- Config [operator.openshift.io/v1]
- Config [imageregistry.operator.openshift.io/v1]
- Config [samples.operator.openshift.io/v1]
- CSISnapshotController [operator.openshift.io/v1]
- DNS [operator.openshift.io/v1]
- DNSRecord [ingress.operator.openshift.io/v1]
- Etcd [operator.openshift.io/v1]
- ImageContentSourcePolicy [operator.openshift.io/v1alpha1]
- ImagePruner [imageregistry.operator.openshift.io/v1]
- IngressController [operator.openshift.io/v1]
- KubeAPIServer [operator.openshift.io/v1]
- KubeControllerManager [operator.openshift.io/v1]
- KubeScheduler [operator.openshift.io/v1]
- KubeStorageVersionMigrator [operator.openshift.io/v1]
- Network [operator.openshift.io/v1]
- OpenShiftAPIServer [operator.openshift.io/v1]
- OpenShiftControllerManager [operator.openshift.io/v1]
- OperatorPKI [network.operator.openshift.io/v1]
- ServiceCA [operator.openshift.io/v1]
- Storage [operator.openshift.io/v1]
-
OperatorHub APIs
- About OperatorHub APIs
- CatalogSource [operators.coreos.com/v1alpha1]
- ClusterServiceVersion [operators.coreos.com/v1alpha1]
- InstallPlan [operators.coreos.com/v1alpha1]
- Operator [operators.coreos.com/v1]
- OperatorCondition [operators.coreos.com/v2]
- OperatorGroup [operators.coreos.com/v1]
- PackageManifest [packages.operators.coreos.com/v1]
- Subscription [operators.coreos.com/v1alpha1]
- Policy APIs
- Project APIs
- Provisioning APIs
- RBAC APIs
- Role APIs
-
Schedule and quota APIs
- About Schedule and quota APIs
- AppliedClusterResourceQuota [quota.openshift.io/v1]
- ClusterResourceQuota [quota.openshift.io/v1]
- FlowSchema [flowcontrol.apiserver.k8s.io/v1beta1]
- LimitRange [v1]
- PriorityClass [scheduling.k8s.io/v1]
- PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1beta1]
- ResourceQuota [v1]
-
Security APIs
- About Security APIs
- CertificateSigningRequest [certificates.k8s.io/v1]
- CredentialsRequest [cloudcredential.openshift.io/v1]
- PodSecurityPolicyReview [security.openshift.io/v1]
- PodSecurityPolicySelfSubjectReview [security.openshift.io/v1]
- PodSecurityPolicySubjectReview [security.openshift.io/v1]
- RangeAllocation [security.openshift.io/v1]
- Secret [v1]
- SecurityContextConstraints [security.openshift.io/v1]
- ServiceAccount [v1]
-
Storage APIs
- About Storage APIs
- CSIDriver [storage.k8s.io/v1]
- CSINode [storage.k8s.io/v1]
- CSIStorageCapacity [storage.k8s.io/v1beta1]
- PersistentVolumeClaim [v1]
- StorageClass [storage.k8s.io/v1]
- StorageState [migration.k8s.io/v1alpha1]
- StorageVersionMigration [migration.k8s.io/v1alpha1]
- VolumeAttachment [storage.k8s.io/v1]
- VolumeSnapshot [snapshot.storage.k8s.io/v1]
- VolumeSnapshotClass [snapshot.storage.k8s.io/v1]
- VolumeSnapshotContent [snapshot.storage.k8s.io/v1]
- Template APIs
- User and group APIs
-
Workloads APIs
- About Workloads APIs
- BuildConfig [build.openshift.io/v1]
- Build [build.openshift.io/v1]
- BuildLog [build.openshift.io/v1]
- BuildRequest [build.openshift.io/v1]
- CronJob [batch/v1]
- DaemonSet [apps/v1]
- Deployment [apps/v1]
- DeploymentConfig [apps.openshift.io/v1]
- DeploymentConfigRollback [apps.openshift.io/v1]
- DeploymentLog [apps.openshift.io/v1]
- DeploymentRequest [apps.openshift.io/v1]
- Job [batch/v1]
- Pod [v1]
- ReplicationController [v1]
- PersistentVolume [v1]
- ReplicaSet [apps/v1]
- StatefulSet [apps/v1]
-
Service Mesh
-
Service Mesh 2.x
- About OpenShift Service Mesh
- Service Mesh 2.x release notes
- Service Mesh architecture
- Service Mesh deployment models
- Service Mesh and Istio differences
- Preparing to install Service Mesh
- Installing the Operators
- Creating the ServiceMeshControlPlane
- Adding workloads to a service mesh
- Enabling sidecar injection
- Upgrading Service Mesh
- Managing users and profiles
- Security
- Traffic management
- Metrics, logs, and traces
- Performance and scalability
- Deploying to production
- Federation
- Extensions
- 3scale WebAssembly for 2.1
- 3scale Istio adapter for 2.0
- Troubleshooting Service Mesh
- Control plane configuration reference
- Kiali configuration reference
- Jaeger configuration reference
- Uninstalling Service Mesh
-
Service Mesh 1.x
- Service Mesh 1.x release notes
- Service Mesh architecture
- Service Mesh and Istio differences
- Preparing to install Service Mesh
- Installing Service Mesh
- Security
- Traffic management
- Deploying applications on Service Mesh
- Data visualization and observability
- Custom resources
- 3scale Istio adapter for 1.x
- Removing Service Mesh
-
Service Mesh 2.x
- Distributed tracing
-
Virtualization
- About OpenShift Virtualization
- Getting started with OpenShift Virtualization
- OpenShift Virtualization release notes
-
Installing
- Preparing your cluster for OpenShift Virtualization
- Specifying nodes for OpenShift Virtualization components
- Installing OpenShift Virtualization using the web console
- Installing OpenShift Virtualization using the CLI
- Enabling the virtctl client
- Uninstalling OpenShift Virtualization using the web console
- Uninstalling OpenShift Virtualization using the CLI
- Updating OpenShift Virtualization
- Additional security privileges granted for kubevirt-controller and virt-launcher
- Using the CLI tools
-
Virtual machines
- Creating virtual machines
- Editing virtual machines
- Editing boot order
- Deleting virtual machines
- Managing virtual machine instances
- Controlling virtual machine states
- Accessing virtual machine consoles
- Automating Windows installation with sysprep
- Triggering virtual machine failover by resolving a failed node
- Installing the QEMU guest agent on virtual machines
- Viewing the QEMU guest agent information for virtual machines
- Managing config maps, secrets, and service accounts in virtual machines
- Installing VirtIO driver on an existing Windows virtual machine
- Installing VirtIO driver on a new Windows virtual machine
-
Advanced virtual machine management
- Specifying nodes for virtual machines
- Configuring certificate rotation
- Automating management tasks
- UEFI mode for virtual machines
- Configuring PXE booting for virtual machines
- Using huge pages with virtual machines
- Enabling dedicated resources for a virtual machine
- Scheduling virtual machines
- Configuring PCI passthrough
- Configuring vGPU passthrough
- Configuring mediated devices
- Configuring a watchdog device
- Automatic importing and updating of pre-defined boot sources
- Enabling descheduler evictions on virtual machines
- Importing virtual machines
- Cloning virtual machines
-
Virtual machine networking
- Configuring the virtual machine for the default pod network
- Attaching a virtual machine to a Linux bridge network
- Configuring IP addresses for virtual machines
- Configuring an SR-IOV network device for virtual machines
- Connecting virtual machines to a service mesh
- Defining an SR-IOV network
- Attaching a virtual machine to an SR-IOV network
- Viewing the IP address of NICs on a virtual machine
- Using a MAC address pool for virtual machines
-
Virtual machine disks
- Features for storage
- Configuring local storage for virtual machines
- Creating data volumes
- Reserving PVC space for file system overhead
- Configuring CDI to work with namespaces that have a compute resource quota
- Managing data volume annotations
- Using preallocation for data volumes
- Uploading local disk images by using the web console
- Uploading local disk images by using the virtctl tool
- Uploading a local disk image to a block storage data volume
- Managing virtual machine snapshots
- Moving a local virtual machine disk to a different node
- Expanding virtual storage by adding blank disk images
- Cloning a data volume using smart-cloning
- Creating and using boot sources
- Hot-plugging virtual disks
- Using container disks with virtual machines
- Preparing CDI scratch space
- Re-using statically provisioned persistent volumes
- Expanding a virtual machine disk
- Deleting data volumes
- Virtual machine templates
-
Live migration
- Virtual machine live migration
- Live migration limits and timeouts
- Migrating a virtual machine instance to another node
- Migrating a virtual machine over a dedicated additional network
- Monitoring live migration of a virtual machine instance
- Cancelling the live migration of a virtual machine instance
- Configuring virtual machine eviction strategy
- Node maintenance
- Node networking
-
Logging, events, and monitoring
- Reviewing virtualization overview
- Viewing logs
- Viewing events
- Diagnosing data volumes using events and conditions
- Viewing information about virtual machine workloads
- Monitoring virtual machine health
- Viewing cluster information
- Reviewing resource usage by virtual machines
- OpenShift cluster monitoring, logging, and Telemetry
- Prometheus queries for virtual resources
- Exposing custom metrics for virtual machines
- OpenShift Virtualization critical alerts
- Collecting data for Red Hat Support
- Backup and restore
-
Serverless
- Release notes
- Discover
- Install
- Knative CLI
-
Develop
- Serverless applications
- Autoscaling
- Traffic management
- Routing
- Event sinks
- Event delivery
- Listing event sources and event source types
- Creating an API server source
- Creating a ping source
- Custom event sources
- Creating channels
- Creating and managing subscriptions
- Creating brokers
- Triggers
- Using Knative Kafka
- Administer
- Monitor
- Tracing
- Support
- Security
-
Functions
- Setting up OpenShift Serverless Functions
- Getting started with functions
- Developing Node.js functions
- Developing TypeScript functions
- Developing Go functions
- Developing Python functions
- Developing Quarkus functions
- Using functions with Knative Eventing
- Function project configuration in func.yaml
- Accessing secrets and config maps from functions
- Adding annotations to functions
- Functions development reference guide
- Integrations
×
Red Hat OpenShift Pipelines release notes
- Compatibility and support matrix
- Making open source more inclusive
- Release notes for Red Hat OpenShift Pipelines General Availability 1.7
- Release notes for Red Hat OpenShift Pipelines General Availability 1.6
- New features
- Deprecated features
- Known issues
- Fixed issues
- Release notes for Red Hat OpenShift Pipelines General Availability 1.6.1
- Release notes for Red Hat OpenShift Pipelines General Availability 1.6.2
- Release notes for Red Hat OpenShift Pipelines General Availability 1.6.3
- Release notes for Red Hat OpenShift Pipelines General Availability 1.6.4
- Release notes for Red Hat OpenShift Pipelines General Availability 1.5
- Release notes for Red Hat OpenShift Pipelines General Availability 1.4
- Release notes for Red Hat OpenShift Pipelines Technology Preview 1.3
- Release notes for Red Hat OpenShift Pipelines Technology Preview 1.2
- Release notes for Red Hat OpenShift Pipelines Technology Preview 1.1
- Release notes for Red Hat OpenShift Pipelines Technology Preview 1.0
Red Hat OpenShift Pipelines is a cloud-native CI/CD experience based on the Tekton project which provides:
-
Standard Kubernetes-native pipeline definitions (CRDs).
-
Serverless pipelines with no CI server management overhead.
-
Extensibility to build images using any Kubernetes tool, such as S2I, Buildah, JIB, and Kaniko.
-
Portability across any Kubernetes distribution.
-
Powerful CLI for interacting with pipelines.
-
Integrated user experience with the Developer perspective of the OpenShift Container Platform web console.
For an overview of Red Hat OpenShift Pipelines, see Understanding OpenShift Pipelines.
Compatibility and support matrix
Some features in this release are currently in Technology Preview. These experimental features are not intended for production use.
In the table, features are marked with the following statuses:
| TP |
Technology Preview |
| GA |
General Availability |
| Red Hat OpenShift Pipelines Version | Component Version | OpenShift Version | Support Status | ||||||
|---|---|---|---|---|---|---|---|---|---|
Operator |
Pipelines |
Triggers |
CLI |
Catalog |
Chains |
Hub |
PAC |
||
1.7 |
0.33.x |
0.19.x |
0.23.x |
0.33 |
0.8.0 (TP) |
1.7.0 (TP) |
0.5.4 (TP) |
4.9, 4.10 |
GA |
1.6 |
0.28.x |
0.16.x |
0.21.x |
0.28 |
N/A |
N/A |
N/A |
4.9 |
GA |
1.5 |
0.24.x |
0.14.x (TP) |
0.19.x |
0.24 |
N/A |
N/A |
N/A |
4.8 |
GA |
1.4 |
0.22.x |
0.12.x (TP) |
0.17.x |
0.22 |
N/A |
N/A |
N/A |
4.7 |
GA |
For questions and feedback, you can send an email to the product team at pipelines-interest@redhat.com.
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Release notes for Red Hat OpenShift Pipelines General Availability 1.7
With this update, Red Hat OpenShift Pipelines General Availability (GA) 1.7 is available on OpenShift Container Platform 4.9, 4.10, and 4.11.
New features
In addition to the fixes and stability improvements, the following sections highlight what is new in Red Hat OpenShift Pipelines 1.7.
Pipelines
-
With this update,
pipelines-<version>is the default channel to install the Red Hat OpenShift Pipelines Operator. For example, the default channel to install the Pipelines Operator version1.7ispipelines-1.7. Cluster administrators can also use thelatestchannel to install the most recent stable version of the Operator.The
previewandstablechannels will be deprecated and removed in a future release. -
When you run a command in a user namespace, your container runs as
root(user id0) but has user privileges on the host. With this update, to run pods in the user namespace, you must pass the annotations that CRI-O expects.-
To add these annotations for all users, run the
oc edit clustertask buildahcommand and edit thebuildahcluster task. -
To add the annotations to a specific namespace, export the cluster task as a task to that namespace.
-
-
With this update, the
whenexpressions in aTaskobject are scoped to guard the tasks by default. To continue guarding theTaskobject and its dependent tasks, set thescope-when-expressions-to-taskflag totrue.The
scope-when-expressions-to-taskflag is deprecated and will be removed in a future release. As a best practice for Pipelines, usewhenexpressions scoped to the guardedTaskonly. -
With this update, you can use variable substitution in the
subPathfield of a workspace within a task. -
With this update, you can reference parameters and results by using a bracket notation with single or double quotes. Prior to this update, you could only use the dot notation. For example, the following are now equivalent:
-
$(param.myparam),$(param['myparam']), and$(param["myparam"]).You can use single or double quotes to enclose parameter names that contain problematic characters, such as
".". For example,$(param['my.param'])and$(param["my.param"]).
-
-
With this update, you can include the
onErrorparameter of a step in the task definition without enabling theenable-api-fieldsflag.
Triggers
-
With this update, the
feature-flag-triggersconfig map has a new fieldlabels-exclusion-pattern. You can set the value of this field to a regular expression (regex) pattern. The controller filters out labels that match the regex pattern from propagating from the event listener to the resources created for the event listener. -
With this update, the
TriggerGroupsfield is added to theEventListenerspecification. Using this field, you can specify a set of interceptors to run before selecting and running a group of triggers. To enable this feature, set theenable-api-fieldsflag in thefeature-flags-triggersconfig map toalpha. -
With this update,
Triggerresources support custom runs defined by aTriggerTemplatetemplate. -
With this update, Triggers support emitting Kubernetes events from an
EventListenerpod. -
With this update, count metrics are available for the following objects:
ClusterInteceptor,EventListener,TriggerTemplate,ClusterTriggerBinding, andTriggerBinding. -
This update adds the
ServicePortspecification to Kubernetes resource. You can use this specification to modify which port exposes the event listener service. The default port is8080. -
With this update, you can use the
targetURIfield in theEventListenerspecification to send cloud events during trigger processing. To enable this feature, set theenable-api-fieldsflag in thefeature-flags-triggersconfig map toalpha. -
With this update, the
tekton-triggers-eventlistener-rolesobject now has apatchverb, in addition to thecreateverb that already exists. -
With this update, the
securityContext.runAsUserparameter is removed from event listener deployment.
CLI
-
With this update, the
tkn [pipeline | pipelinerun] exportcommand exports a pipeline or pipeline run as a YAML file. For example:-
Export a pipeline named
test_pipelinein theopenshift-pipelinesnamespace: -
Export a pipeline run named
test_pipeline_runin theopenshift-pipelinesnamespace:$ tkn pipelinerun export test_pipeline_run -n openshift-pipelines
-
-
With this update, the
--graceoption is added to thetkn pipelinerun cancel. Use the--graceoption to terminate a pipeline run gracefully instead of forcing the termination. To enable this feature, set theenable-api-fieldsflag in thefeature-flagsconfig map toalpha. -
This update adds the Operator and Chains versions to the output of the
tkn versioncommand.Tekton Chains is a Technology Preview feature.
-
With this update, the
tkn pipelinerun describecommand displays all canceled task runs, when you cancel a pipeline run. Before this fix, only one task run was displayed. -
With this update, you can skip supplying the asking specifications for optional workspace when you run the
tkn [t | p | ct] startcommand skips with the--skip-optional-workspaceflag. You can also skip it when running in interactive mode. -
With this update, you can use the
tkn chainscommand to manage Tekton Chains. You can also use the--chains-namespaceoption to specify the namespace where you want to install Tekton Chains.Tekton Chains is a Technology Preview feature.
Operator
-
With this update, you can use the Red Hat OpenShift Pipelines Operator to install and deploy Tekton Hub and Tekton Chains.
Tekton Chains and deployment of Tekton Hub on a cluster are Technology Preview features.
-
With this update, you can find and use Pipelines as Code (PAC) as an add-on option.
Pipelines as Code is a Technology Preview feature.
-
With this update, you can now disable the installation of community cluster tasks by setting the
communityClusterTasksparameter tofalse. For example:... spec: profile: all targetNamespace: openshift-pipelines addon: params: - name: clusterTasks value: "true" - name: pipelineTemplates value: "true" - name: communityClusterTasks value: "false" ... -
With this update, you can disable the integration of Tekton Hub with the Developer perspective by setting the
enable-devconsole-integrationflag in theTektonConfigcustom resource tofalse. For example:... hub: params: - name: enable-devconsole-integration value: "true" ... -
With this update, the
operator-config.yamlconfig map enables the output of thetkn versioncommand to display of the Operator version. -
With this update, the version of the
argocd-task-sync-and-waittasks is modified tov0.2. -
With this update to the
TektonConfigCRD, theoc get tektonconfigcommand displays the OPerator version. -
With this update, service monitor is added to the Triggers metrics.
Hub
|
Deploying Tekton Hub on a cluster is a Technology Preview feature. |
Tekton Hub helps you discover, search, and share reusable tasks and pipelines for your CI/CD workflows. A public instance of Tekton Hub is available at hub.tekton.dev.
Staring with Red Hat OpenShift Pipelines 1.7, cluster administrators can also install and deploy a custom instance of Tekton Hub on enterprise clusters. You can curate a catalog with reusable tasks and pipelines specific to your organization.
Chains
|
Tekton Chains is a Technology Preview feature. |
Tekton Chains is a Kubernetes Custom Resource Definition (CRD) controller. You can use it to manage the supply chain security of the tasks and pipelines created using Red Hat OpenShift Pipelines.
By default, Tekton Chains monitors the task runs in your OpenShift Container Platform cluster. Chains takes snapshots of completed task runs, converts them to one or more standard payload formats, and signs and stores all artifacts.
Tekton Chains supports the following features:
-
You can sign task runs, task run results, and OCI registry images with cryptographic key types and services such as
cosign. -
You can use attestation formats such as
in-toto. -
You can securely store signatures and signed artifacts using OCI repository as a storage backend.
Pipelines as Code (PAC)
|
Pipelines as Code is a Technology Preview feature. |
With Pipelines as Code, cluster administrators and users with the required privileges can define pipeline templates as part of source code Git repositories. When triggered by a source code push or a pull request for the configured Git repository, the feature runs the pipeline and reports status.
Pipelines as Code supports the following features:
-
Pull request status. When iterating over a pull request, the status and control of the pull request is exercised on the platform hosting the Git repository.
-
GitHub checks the API to set the status of a pipeline run, including rechecks.
-
GitHub pull request and commit events.
-
Pull request actions in comments, such as
/retest. -
Git events filtering, and a separate pipeline for each event.
-
Automatic task resolution in Pipelines for local tasks, Tekton Hub, and remote URLs.
-
Use of GitHub blobs and objects API for retrieving configurations.
-
Access Control List (ACL) over a GitHub organization, or using a Prow-style
OWNERfile. -
The
tkn-pacplugin for thetknCLI tool, which you can use to manage Pipelines as Code repositories and bootstrapping. -
Support for GitHub Application, GitHub Webhook, Bitbucket Server, and Bitbucket Cloud.
Deprecated features
-
Breaking change: This update removes the
disable-working-directory-overwriteanddisable-home-env-overwritefields from theTektonConfigcustom resource (CR). As a result, theTektonConfigCR no longer automatically sets the$HOMEenvironment variable andworkingDirparameter. You can still set the$HOMEenvironment variable andworkingDirparameter by using theenvandworkingDirfields in theTaskcustom resource definition (CRD).
-
The
Conditionscustom resource definition (CRD) type is deprecated and planned to be removed in a future release. Instead, use the recommendedWhenexpression.
-
Breaking change: The
Triggersresource validates the templates and generates an error if you do not specify theEventListenerandTriggerBindingvalues.
Known issues
-
When you run Maven and Jib-Maven cluster tasks, the default container image is supported only on Intel (x86) architecture. Therefore, tasks will fail on IBM Power Systems (ppc64le), IBM Z, and LinuxONE (s390x) clusters. As a workaround, you can specify a custom image by setting the
MAVEN_IMAGEparameter value tomaven:3.6.3-adoptopenjdk-11.Before you install tasks based on the Tekton Catalog on IBM Power Systems (ppc64le), IBM Z, and LinuxONE (s390x) using
tkn hub, verify if the task can be executed on these platforms. To check ifppc64leands390xare listed in the "Platforms" section of the task information, you can run the following command:tkn hub info task <name> -
On IBM Power Systems, IBM Z, and LinuxONE, the
s2i-dotnetcluster task is unsupported. -
You cannot use the
nodejs:14-ubi8-minimalimage stream because doing so generates the following errors:STEP 7: RUN /usr/libexec/s2i/assemble /bin/sh: /usr/libexec/s2i/assemble: No such file or directory subprocess exited with status 127 subprocess exited with status 127 error building at STEP "RUN /usr/libexec/s2i/assemble": exit status 127 time="2021-11-04T13:05:26Z" level=error msg="exit status 127"
-
Implicit parameter mapping incorrectly passes parameters from the top-level
PipelineorPipelineRundefinitions to thetaskReftasks. Mapping should only occur from a top-level resource to tasks with in-linetaskSpecspecifications. This issue only affects users who have set theenable-api-fieldsfeature flag toalpha.
Fixed issues
-
With this update, if metadata such as
labelsandannotationsare present in bothPipelineandPipelineRunobject definitions, the values in thePipelineRuntype takes precedence. You can observe similar behavior forTaskandTaskRunobjects. -
With this update, if the
timeouts.tasksfield or thetimeouts.finallyfield is set to0, then thetimeouts.pipelineis also set to0. -
With this update, the
-xset flag is removed from scripts that do not use a shebang. The fix reduces potential data leak from script execution. -
With this update, any backslash character present in the usernames in Git credentials is escaped with an additional backslash in the
.gitconfigfile.
-
With this update, the
finalizerproperty of theEventListenerobject is not necessary for cleaning up logging and config maps. -
With this update, the default HTTP client associated with the event listener server is removed, and a custom HTTP client added. As a result, the timeouts have improved.
-
With this update, the Triggers cluster role now works with owner references.
-
With this update, the race condition in the event listener does not happen when multiple interceptors return extensions.
-
With this update, the
tkn pr deletecommand does not delete the pipeline runs with theignore-runningflag.
-
With this update, the Operator pods do not continue restarting when you modify any add-on parameters.
-
With this update, the
tkn serveCLI pod is scheduled on infra nodes, if not configured in the subscription and config custom resources. -
With this update, cluster tasks with specified versions are not deleted during upgrade.
Release notes for Red Hat OpenShift Pipelines General Availability 1.7.1
With this update, Red Hat OpenShift Pipelines General Availability (GA) 1.7.1 is available on OpenShift Container Platform 4.9, 4.10, and 4.11.
Fixed issues
-
Before this update, upgrading the Red Hat OpenShift Pipelines Operator deleted the data in the database associated with Tekton Hub and installed a new database. With this update, an Operator upgrade preserves the data.
-
Before this update, only cluster administrators could access pipeline metrics in the OpenShift Container Platform console. With this update, users with other cluster roles also can access the pipeline metrics.
-
Before this update, pipeline runs failed for pipelines containing tasks that emit large termination messages. The pipeline runs failed because the total size of termination messages of all containers in a pod cannot exceed 12 KB. With this update, the
place-toolsandstep-initinitialization containers that uses the same image are merged to reduce the number of containers running in each tasks’s pod. The solution reduces the chance of failed pipeline runs by minimizing the number of containers running in a task’s pod. However, it does not remove the limitation of the maximum allowed size of a termination message. -
Before this update, attempts to access resource URLs directly from the Tekton Hub web console resulted in an Nginx
404error. With this update, the Tekton Hub web console image is fixed to allow accessing resource URLs directly from the Tekton Hub web console. -
Before this update, for each namespace the resource pruner job created a separate container to prune resources. With this update, the resource pruner job runs commands for all namespaces as a loop in one container.
Release notes for Red Hat OpenShift Pipelines General Availability 1.7.2
With this update, Red Hat OpenShift Pipelines General Availability (GA) 1.7.2 is available on OpenShift Container Platform 4.9, 4.10, and the upcoming version.
Known issues
-
The
chains-configconfig map for Tekton Chains in theopenshift-pipelinesnamespace is automatically reset to default after upgrading the Red Hat OpenShift Pipelines Operator. Currently, there is no workaround for this issue.
Fixed issues
-
Before this update, tasks on Pipelines 1.7.1 failed on using
initas the first argument, followed by two or more arguments. With this update, the flags are parsed correctly and the task runs are successful. -
Before this update, installation of the Red Hat OpenShift Pipelines Operator on OpenShift Container Platform 4.9 and 4.10 failed due to invalid role binding, with the following error message:
error updating rolebinding openshift-operators-prometheus-k8s-read-binding: RoleBinding.rbac.authorization.k8s.io "openshift-operators-prometheus-k8s-read-binding" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"Role", Name:"openshift-operator-read"}: cannot change roleRefWith this update, the Red Hat OpenShift Pipelines Operator installs with distinct role binding namespaces to avoid conflict with installation of other Operators.
-
Before this update, upgrading the Operator triggered a reset of the
signing-secretssecret key for Tekton Chains to its default value. With this update, the custom secret key persists after you upgrade the Operator.Upgrading to Red Hat OpenShift Pipelines 1.7.2 resets the key. However, when you upgrade to future releases, the key is expected to persist.
-
Before this update, all S2I build tasks failed with an error similar to the following message:
Error: error writing "0 0 4294967295\n" to /proc/22/uid_map: write /proc/22/uid_map: operation not permitted time="2022-03-04T09:47:57Z" level=error msg="error writing \"0 0 4294967295\\n\" to /proc/22/uid_map: write /proc/22/uid_map: operation not permitted" time="2022-03-04T09:47:57Z" level=error msg="(unable to determine exit status)"With this update, the
pipelines-sccsecurity context constraint (SCC) is compatible with theSETFCAPcapability necessary for S2I and Buildah clustertasks. As a result, the S2I build tasks run successfully.
Release notes for Red Hat OpenShift Pipelines General Availability 1.7.3
With this update, Red Hat OpenShift Pipelines General Availability (GA) 1.7.3 is available on OpenShift Container Platform 4.9, 4.10, and 4.11.
Fixed issues
-
Before this update, the Operator failed when creating RBAC resources if any namespace was in a
Terminatingstate. With this update, the Operator ignores namespaces in aTerminatingstate and creates the RBAC resources. -
Previously, upgrading the Red Hat OpenShift Pipelines Operator caused the
pipelineservice account to be recreated, which meant that the secrets linked to the service account were lost. This update fixes the issue. During upgrades, the Operator no longer recreates thepipelineservice account. As a result, secrets attached to thepipelineservice account persist after upgrades, and the resources (tasks and pipelines) continue to work correctly.
Release notes for Red Hat OpenShift Pipelines General Availability 1.6
With this update, Red Hat OpenShift Pipelines General Availability (GA) 1.6 is available on OpenShift Container Platform 4.9.
New features
In addition to the fixes and stability improvements, the following sections highlight what is new in Red Hat OpenShift Pipelines 1.6.
-
With this update, you can configure a pipeline or task
startcommand to return a YAML or JSON-formatted string by using the--output <string>, where<string>isyamlorjson. Otherwise, without the--outputoption, thestartcommand returns a human-friendly message that is hard for other programs to parse. Returning a YAML or JSON-formatted string is useful for continuous integration (CI) environments. For example, after a resource is created, you can useyqorjqto parse the YAML or JSON-formatted message about the resource and wait until that resource is terminated without using theshowlogoption. -
With this update, you can authenticate to a registry using the
auth.jsonauthentication file of Podman. For example, you can usetkn bundle pushto push to a remote registry using Podman instead of Docker CLI. -
With this update, if you use the
tkn [taskrun | pipelinerun] delete --allcommand, you can preserve runs that are younger than a specified number of minutes by using the new--keep-since <minutes>option. For example, to keep runs that are less than five minutes old, you entertkn [taskrun | pipelinerun] delete -all --keep-since 5. -
With this update, when you delete task runs or pipeline runs, you can use the
--parent-resourceand--keep-sinceoptions together. For example, thetkn pipelinerun delete --pipeline pipelinename --keep-since 5command preserves pipeline runs whose parent resource is namedpipelinenameand whose age is five minutes or less. Thetkn tr delete -t <taskname> --keep-since 5andtkn tr delete --clustertask <taskname> --keep-since 5commands work similarly for task runs. -
This update adds support for the triggers resources to work with
v1beta1resources.
-
This update adds an
ignore-runningoption to thetkn pipelinerun deleteandtkn taskrun deletecommands. -
This update adds a
createsubcommand to thetkn taskandtkn clustertaskcommands. -
With this update, when you use the
tkn pipelinerun delete --allcommand, you can use the new--label <string>option to filter the pipeline runs by label. Optionally, you can use the--labeloption with=and==as equality operators, or!=as an inequality operator. For example, thetkn pipelinerun delete --all --label asdfandtkn pipelinerun delete --all --label==asdfcommands both delete all the pipeline runs that have theasdflabel. -
With this update, you can fetch the version of installed Tekton components from the config map or, if the config map is not present, from the deployment controller.
-
With this update, triggers support the
feature-flagsandconfig-defaultsconfig map to configure feature flags and to set default values respectively. -
This update adds a new metric,
eventlistener_event_count, that you can use to count events received by theEventListenerresource. -
This update adds
v1beta1Go API types. With this update, triggers now support thev1beta1API version.With the current release, the
v1alpha1features are now deprecated and will be removed in a future release. Begin using thev1beta1features instead.
-
In the current release, auto-prunning of resources is enabled by default. In addition, you can configure auto-prunning of task run and pipeline run for each namespace separately, by using the following new annotations:
-
operator.tekton.dev/prune.schedule: If the value of this annotation is different from the value specified at theTektonConfigcustom resource definition, a new cron job in that namespace is created. -
operator.tekton.dev/prune.skip: When set totrue, the namespace for which it is configured will not be prunned. -
operator.tekton.dev/prune.resources: This annotation accepts a comma-separated list of resources. To prune a single resource such as a pipeline run, set this annotation to"pipelinerun". To prune multiple resources, such as task run and pipeline run, set this annotation to"taskrun, pipelinerun". -
operator.tekton.dev/prune.keep: Use this annotation to retain a resource without prunning. -
operator.tekton.dev/prune.keep-since: Use this annotation to retain resources based on their age. The value for this annotation must be equal to the age of the resource in minutes. For example, to retain resources which were created not more than five days ago, setkeep-sinceto7200.The
keepandkeep-sinceannotations are mutually exclusive. For any resource, you must configure only one of them. -
operator.tekton.dev/prune.strategy: Set the value of this annotation to eitherkeeporkeep-since.
-
-
Administrators can disable the creation of the
pipelineservice account for the entire cluster, and prevent privilege escalation by misusing the associated SCC, which is very similar toanyuid. -
You can now configure feature flags and components by using the
TektonConfigcustom resource (CR) and the CRs for individual components, such asTektonPipelineandTektonTriggers. This level of granularity helps customize and test alpha features such as the Tekton OCI bundle for individual components. -
You can now configure optional
Timeoutsfield for thePipelineRunresource. For example, you can configure timeouts separately for a pipeline run, each task run, and thefinallytasks. -
The pods generated by the
TaskRunresource now sets theactiveDeadlineSecondsfield of the pods. This enables OpenShift to consider them as terminating, and allows you to use specifically scopedResourceQuotaobject for the pods. -
You can use configmaps to eliminate metrics tags or labels type on a task run, pipeline run, task, and pipeline. In addition, you can configure different types of metrics for measuring duration, such as a histogram, gauge, or last value.
-
You can define requests and limits on a pod coherently, as Tekton now fully supports the
LimitRangeobject by considering theMin,Max,Default, andDefaultRequestfields. -
The following alpha features are introduced:
-
A pipeline run can now stop after running the
finallytasks, rather than the previous behavior of stopping the execution of all task run directly. This update adds the followingspec.statusvalues:-
StoppedRunFinallywill stop the currently running tasks after they are completed, and then run thefinallytasks. -
CancelledRunFinallywill immediately cancel the running tasks, and then run thefinallytasks. -
Cancelledwill retain the previous behavior provided by thePipelineRunCancelledstatus.The
Cancelledstatus replaces the deprecatedPipelineRunCancelledstatus, which will be removed in thev1version.
-
-
You can now use the
oc debugcommand to put a task run into debug mode, which pauses the execution and allows you to inspect specific steps in a pod. -
When you set the
onErrorfield of a step tocontinue, the exit code for the step is recorded and passed on to subsequent steps. However, the task run does not fail and the execution of the rest of the steps in the task continues. To retain the existing behavior, you can set the value of theonErrorfield tostopAndFail. -
Tasks can now accept more parameters than are actually used. When the alpha feature flag is enabled, the parameters can implicitly propagate to inlined specs. For example, an inlined task can access parameters of its parent pipeline run, without explicitly defining each parameter for the task.
-
If you enable the flag for the alpha features, the conditions under
Whenexpressions will only apply to the task with which it is directly associated, and not the dependents of the task. To apply theWhenexpressions to the associated task and its dependents, you must associate the expression with each dependent task separately. Note that, going forward, this will be the default behavior of theWhenexpressions in any new API versions of Tekton. The existing default behavior will be deprecated in favor of this update.
-
-
The current release enables you to configure node selection by specifying the
nodeSelectorandtolerationsvalues in theTektonConfigcustom resource (CR). The Operator adds these values to all the deployments that it creates.-
To configure node selection for the Operator’s controller and webhook deployment, you edit the
config.nodeSelectorandconfig.tolerationsfields in the specification for theSubscriptionCR, after installing the Operator. -
To deploy the rest of the control plane pods of OpenShift Pipelines on an infrastructure node, update the
TektonConfigCR with thenodeSelectorandtolerationsfields. The modifications are then applied to all the pods created by Operator.
-
Deprecated features
-
In CLI 0.21.0, support for all
v1alpha1resources forclustertask,task,taskrun,pipeline, andpipelineruncommands are deprecated. These resources are now deprecated and will be removed in a future release.
-
In Tekton Triggers v0.16.0, the redundant
statuslabel is removed from the metrics for theEventListenerresource.Breaking change: The
statuslabel has been removed from theeventlistener_http_duration_seconds_*metric. Remove queries that are based on thestatuslabel. -
With the current release, the
v1alpha1features are now deprecated and will be removed in a future release. With this update, you can begin using thev1beta1Go API types instead. Triggers now supports thev1beta1API version. -
With the current release, the
EventListenerresource sends a response before the triggers finish processing.Breaking change: With this change, the
EventListenerresource stops responding with a201 Createdstatus code when it creates resources. Instead, it responds with a202 Acceptedresponse code. -
The current release removes the
podTemplatefield from theEventListenerresource.Breaking change: The
podTemplatefield, which was deprecated as part of #1100, has been removed. -
The current release removes the deprecated
replicasfield from the specification for theEventListenerresource.Breaking change: The deprecated
replicasfield has been removed.
-
In Red Hat OpenShift Pipelines 1.6, the values of
HOME="/tekton/home"andworkingDir="/workspace"are removed from the specification of theStepobjects.Instead, Red Hat OpenShift Pipelines sets
HOMEandworkingDirto the values defined by the containers running theStepobjects. You can override these values in the specification of yourStepobjects.To use the older behavior, you can change the
disable-working-directory-overwriteanddisable-home-env-overwritefields in theTektonConfigCR tofalse:apiVersion: operator.tekton.dev/v1alpha1 kind: TektonConfig metadata: name: config spec: pipeline: disable-working-directory-overwrite: false disable-home-env-overwrite: false ...The
disable-working-directory-overwriteanddisable-home-env-overwritefields in theTektonConfigCR are now deprecated and will be removed in a future release.
Known issues
-
When you run Maven and Jib-Maven cluster tasks, the default container image is supported only on Intel (x86) architecture. Therefore, tasks will fail on IBM Power Systems (ppc64le), IBM Z, and LinuxONE (s390x) clusters. As a workaround, you can specify a custom image by setting the
MAVEN_IMAGEparameter value tomaven:3.6.3-adoptopenjdk-11. -
On IBM Power Systems, IBM Z, and LinuxONE, the
s2i-dotnetcluster task is unsupported. -
Before you install tasks based on the Tekton Catalog on IBM Power Systems (ppc64le), IBM Z, and LinuxONE (s390x) using
tkn hub, verify if the task can be executed on these platforms. To check ifppc64leands390xare listed in the "Platforms" section of the task information, you can run the following command:tkn hub info task <name> -
You cannot use the
nodejs:14-ubi8-minimalimage stream because doing so generates the following errors:STEP 7: RUN /usr/libexec/s2i/assemble /bin/sh: /usr/libexec/s2i/assemble: No such file or directory subprocess exited with status 127 subprocess exited with status 127 error building at STEP "RUN /usr/libexec/s2i/assemble": exit status 127 time="2021-11-04T13:05:26Z" level=error msg="exit status 127"
Fixed issues
-
The
tkn hubcommand is now supported on IBM Power Systems, IBM Z, and LinuxONE.
-
Before this update, the terminal was not available after the user ran a
tkncommand, and the pipeline run was done, even ifretrieswere specified. Specifying a timeout in the task run or pipeline run had no effect. This update fixes the issue so that the terminal is available after running the command. -
Before this update, running
tkn pipelinerun delete --allwould delete all resources. This update prevents the resources in the running state from getting deleted. -
Before this update, using the
tkn version --component=<component>command did not return the component version. This update fixes the issue so that this command returns the component version. -
Before this update, when you used the
tkn pr logscommand, it displayed the pipelines output logs in the wrong task order. This update resolves the issue so that logs of completedPipelineRunsare listed in the appropriateTaskRunexecution order.
-
Before this update, editing the specification of a running pipeline might prevent the pipeline run from stopping when it was complete. This update fixes the issue by fetching the definition only once and then using the specification stored in the status for verification. This change reduces the probability of a race condition when a
PipelineRunor aTaskRunrefers to aPipelineorTaskthat changes while it is running. -
Whenexpression values can now have array parameter references, such as:values: [$(params.arrayParam[*])].
Release notes for Red Hat OpenShift Pipelines General Availability 1.6.1
Known issues
-
After upgrading to Red Hat OpenShift Pipelines 1.6.1 from an older version, Pipelines might enter an inconsistent state where you are unable to perform any operations (create/delete/apply) on Tekton resources (tasks and pipelines). For example, while deleting a resource, you might encounter the following error:
Error from server (InternalError): Internal error occurred: failed calling webhook "validation.webhook.pipeline.tekton.dev": Post "https://tekton-pipelines-webhook.openshift-pipelines.svc:443/resource-validation?timeout=10s": service "tekton-pipelines-webhook" not found.
Fixed issues
-
The
SSL_CERT_DIRenvironment variable (/tekton-custom-certs) set by Red Hat OpenShift Pipelines will not override the following default system directories with certificate files:-
/etc/pki/tls/certs -
/etc/ssl/certs -
/system/etc/security/cacerts
-
-
The Horizontal Pod Autoscaler can manage the replica count of deployments controlled by the Red Hat OpenShift Pipelines Operator. From this release onward, if the count is changed by an end user or an on-cluster agent, the Red Hat OpenShift Pipelines Operator will not reset the replica count of deployments managed by it. However, the replicas will be reset when you upgrade the Red Hat OpenShift Pipelines Operator.
-
The pod serving the
tknCLI will now be scheduled on nodes, based on the node selector and toleration limits specified in theTektonConfigcustom resource.
Release notes for Red Hat OpenShift Pipelines General Availability 1.6.2
Known issues
-
When you create a new project, the creation of the
pipelineservice account is delayed, and removal of existing cluster tasks and pipeline templates takes more than 10 minutes.
Fixed issues
-
Before this update, multiple instances of Tekton installer sets were created for a pipeline after upgrading to Red Hat OpenShift Pipelines 1.6.1 from an older version. With this update, the Operator ensures that only one instance of each type of
TektonInstallerSetexists after an upgrade. -
Before this update, all the reconcilers in the Operator used the component version to decide resource recreation during an upgrade to Red Hat OpenShift Pipelines 1.6.1 from an older version. As a result, those resources were not recreated whose component versions did not change in the upgrade. With this update, the Operator uses the Operator version instead of the component version to decide resource recreation during an upgrade.
-
Before this update, the pipelines webhook service was missing in the cluster after an upgrade. This was due to an upgrade deadlock on the config maps. With this update, a mechanism is added to disable webhook validation if the config maps are absent in the cluster. As a result, the pipelines webhook service persists in the cluster after an upgrade.
-
Before this update, cron jobs for auto-pruning got recreated after any configuration change to the namespace. With this update, cron jobs for auto-pruning get recreated only if there is a relevant annotation change in the namespace.
-
The upstream version of Tekton Pipelines is revised to
v0.28.3, which has the following fixes:-
Fix
PipelineRunorTaskRunobjects to allow label or annotation propagation. -
For implicit params:
-
Do not apply the
PipelineSpecparameters to theTaskRefsobject. -
Disable implicit param behavior for the
Pipelineobjects.
-
-
Release notes for Red Hat OpenShift Pipelines General Availability 1.6.3
Fixed issues
-
Before this update, the Red Hat OpenShift Pipelines Operator installed pod security policies from components such as Pipelines and Triggers. However, the pod security policies shipped as part of the components were deprecated in an earlier release. With this update, the Operator stops installing pod security policies from components. As a result, the following upgrade paths are affected:
-
Upgrading from Pipelines 1.6.1 or 1.6.2 to Pipelines
-