130 lines
7.1 KiB
YAML
130 lines
7.1 KiB
YAML
# Copyright 2019 The Tekton Authors
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# https://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: feature-flags
|
|
namespace: tekton-pipelines
|
|
labels:
|
|
app.kubernetes.io/instance: default
|
|
app.kubernetes.io/part-of: tekton-pipelines
|
|
data:
|
|
# Setting this flag to "true" will prevent Tekton to create an
|
|
# Affinity Assistant for every TaskRun sharing a PVC workspace
|
|
#
|
|
# The default behaviour is for Tekton to create Affinity Assistants
|
|
#
|
|
# See more in the Affinity Assistant documentation
|
|
# https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md
|
|
# or https://github.com/tektoncd/pipeline/pull/2630 for more info.
|
|
#
|
|
# Note: This feature flag is deprecated and will be removed in release v0.60. Consider using `coschedule` feature flag to configure Affinity Assistant behavior.
|
|
disable-affinity-assistant: "false"
|
|
# Setting this flag will determine how PipelineRun Pods are scheduled with Affinity Assistant.
|
|
# Acceptable values are "workspaces" (default), "pipelineruns", "isolate-pipelinerun", or "disabled".
|
|
#
|
|
# Setting it to "workspaces" will schedule all the taskruns sharing the same PVC-based workspace in a pipelinerun to the same node.
|
|
# Setting it to "pipelineruns" will schedule all the taskruns in a pipelinerun to the same node.
|
|
# Setting it to "isolate-pipelinerun" will schedule all the taskruns in a pipelinerun to the same node,
|
|
# and only allows one pipelinerun to run on a node at a time.
|
|
# Setting it to "disabled" will not apply any coschedule policy.
|
|
#
|
|
# See more in the Affinity Assistant documentation
|
|
# https://github.com/tektoncd/pipeline/blob/main/docs/affinityassistants.md
|
|
coschedule: "workspaces"
|
|
# Setting this flag to "true" will prevent Tekton scanning attached
|
|
# service accounts and injecting any credentials it finds into your
|
|
# Steps.
|
|
#
|
|
# The default behaviour currently is for Tekton to search service
|
|
# accounts for secrets matching a specified format and automatically
|
|
# mount those into your Steps.
|
|
#
|
|
# Note: setting this to "true" will prevent PipelineResources from
|
|
# working.
|
|
#
|
|
# See https://github.com/tektoncd/pipeline/issues/2791 for more
|
|
# info.
|
|
disable-creds-init: "false"
|
|
# Setting this flag to "false" will stop Tekton from waiting for a
|
|
# TaskRun's sidecar containers to be running before starting the first
|
|
# step. This will allow Tasks to be run in environments that don't
|
|
# support the DownwardAPI volume type, but may lead to unintended
|
|
# behaviour if sidecars are used.
|
|
#
|
|
# See https://github.com/tektoncd/pipeline/issues/4937 for more info.
|
|
await-sidecar-readiness: "true"
|
|
# This option should be set to false when Pipelines is running in a
|
|
# cluster that does not use injected sidecars such as Istio. Setting
|
|
# it to false should decrease the time it takes for a TaskRun to start
|
|
# running. For clusters that use injected sidecars, setting this
|
|
# option to false can lead to unexpected behavior.
|
|
#
|
|
# See https://github.com/tektoncd/pipeline/issues/2080 for more info.
|
|
running-in-environment-with-injected-sidecars: "true"
|
|
# Setting this flag to "true" will require that any Git SSH Secret
|
|
# offered to Tekton must have known_hosts included.
|
|
#
|
|
# See https://github.com/tektoncd/pipeline/issues/2981 for more
|
|
# info.
|
|
require-git-ssh-secret-known-hosts: "false"
|
|
# Setting this flag to "true" enables the use of Tekton OCI bundle.
|
|
# This is an experimental feature and thus should still be considered
|
|
# an alpha feature.
|
|
enable-tekton-oci-bundles: "false"
|
|
# Setting this flag will determine which gated features are enabled.
|
|
# Acceptable values are "stable", "beta", or "alpha".
|
|
enable-api-fields: "beta"
|
|
# Setting this flag to "true" enables CloudEvents for CustomRuns and Runs, as long as a
|
|
# CloudEvents sink is configured in the config-defaults config map
|
|
send-cloudevents-for-runs: "false"
|
|
# This flag affects the behavior of taskruns and pipelineruns in cases where no VerificationPolicies match them.
|
|
# If it is set to "fail", TaskRuns and PipelineRuns will fail verification if no matching policies are found.
|
|
# If it is set to "warn", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and an error will be logged.
|
|
# If it is set to "ignore", TaskRuns and PipelineRuns will run to completion if no matching policies are found, and no error will be logged.
|
|
trusted-resources-verification-no-match-policy: "ignore"
|
|
# Setting this flag to "true" enables populating the "provenance" field in TaskRun
|
|
# and PipelineRun status. This field contains metadata about resources used
|
|
# in the TaskRun/PipelineRun such as the source from where a remote Task/Pipeline
|
|
# definition was fetched.
|
|
enable-provenance-in-status: "true"
|
|
# Setting this flag will determine how Tekton pipelines will handle non-falsifiable provenance.
|
|
# If set to "spire", then SPIRE will be used to ensure non-falsifiable provenance.
|
|
# If set to "none", then Tekton will not have non-falsifiable provenance.
|
|
# This is an experimental feature and thus should still be considered an alpha feature.
|
|
enforce-nonfalsifiability: "none"
|
|
# Setting this flag will determine how Tekton pipelines will handle extracting results from the task.
|
|
# Acceptable values are "termination-message" or "sidecar-logs".
|
|
# "sidecar-logs" is an experimental feature and thus should still be considered
|
|
# an alpha feature.
|
|
results-from: "termination-message"
|
|
# Setting this flag will determine the upper limit of each task result
|
|
# This flag is optional and only associated with the previous flag, results-from
|
|
# When results-from is set to "sidecar-logs", this flag can be used to configure the upper limit of a task result
|
|
# max-result-size: "4096"
|
|
# Setting this flag to "true" will limit privileges for containers injected by Tekton into TaskRuns.
|
|
# This allows TaskRuns to run in namespaces with "restricted" pod security standards.
|
|
# Not all Kubernetes implementations support this option.
|
|
set-security-context: "false"
|
|
# Setting this flag to "true" will keep pod on cancellation
|
|
# allowing examination of the logs on the pods from cancelled taskruns
|
|
keep-pod-on-cancel: "false"
|
|
# Setting this flag to "true" will enable the CEL evaluation in WhenExpression
|
|
enable-cel-in-whenexpression: "false"
|
|
# Setting this flag to "true" will enable the use of StepActions in Steps
|
|
# This feature is in preview mode and not implemented yet. Please check #7259 for updates.
|
|
enable-step-actions: "false"
|
|
# Setting this flag to "true" will enable the built-in param input validation via param enum.
|
|
enable-param-enum: "false" |