diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a0b1cbe5a8..4c5251b875 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,8 +31,8 @@ jobs: kubernetes: # Only v1.18 is currently enabled because of the flakiness in the tests, specifically API calls failing with "etcdserver: request timed out" #- v1.17.17 - - v1.18.15 - #- v1.19.7 + #- v1.18.15 + - v1.19.7 #- v1.20.2 max-parallel: 1 runs-on: ${{ matrix.os }} @@ -74,8 +74,8 @@ jobs: kubernetes: # Only v1.18 is currently enabled because of the flakiness in the tests, specifically API calls failing with "etcdserver: request timed out" #- v1.17.17 - - v1.18.15 - #- v1.19.7 + #- v1.18.15 + - v1.19.7 #- v1.20.2 max-parallel: 2 runs-on: ${{ matrix.os }} diff --git a/README.md b/README.md index 97b2997362..95632fcc88 100644 --- a/README.md +++ b/README.md @@ -23,10 +23,10 @@ as [Kaniko](https://github.com/GoogleContainerTools/kaniko), ## Dependencies -| Dependency | Supported versions | -| ----------------------------------------- | -------------------------------------- | -| [Kubernetes](https://kubernetes.io/) | v1.15.\*, v1.16.\*, v1.17.\*, v1.18.\* | -| [Tekton](https://tekton.dev) | v0.21.0 | +| Dependency | Supported versions | +| -------------------------------------| ---------------------------- | +| [Kubernetes](https://kubernetes.io/) | v1.17.\*, v1.18.\*, v1.19.\* | +| [Tekton](https://tekton.dev) | v0.21.0 | ## Build Strategies diff --git a/deploy/crds/shipwright.io_buildstrategies.yaml b/deploy/crds/shipwright.io_buildstrategies.yaml index d75520a5b2..f100f6d89e 100644 --- a/deploy/crds/shipwright.io_buildstrategies.yaml +++ b/deploy/crds/shipwright.io_buildstrategies.yaml @@ -115,9 +115,10 @@ spec: type: object fieldRef: description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: description: Version of the schema the FieldPath @@ -840,6 +841,30 @@ spec: to the container. type: string type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object windowsOptions: description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext diff --git a/deploy/crds/shipwright.io_clusterbuildstrategies.yaml b/deploy/crds/shipwright.io_clusterbuildstrategies.yaml index 1e3da896a4..b9556d6f23 100644 --- a/deploy/crds/shipwright.io_clusterbuildstrategies.yaml +++ b/deploy/crds/shipwright.io_clusterbuildstrategies.yaml @@ -115,9 +115,10 @@ spec: type: object fieldRef: description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, status.podIPs.' + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: description: Version of the schema the FieldPath @@ -840,6 +841,30 @@ spec: to the container. type: string type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." + type: string + required: + - type + type: object windowsOptions: description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext diff --git a/hack/install-kind.sh b/hack/install-kind.sh index c1e34c42c1..3c74621208 100755 --- a/hack/install-kind.sh +++ b/hack/install-kind.sh @@ -25,7 +25,7 @@ kind --version KIND_CLUSTER_NAME="${KIND_CLUSTER_NAME:-kind}" # kind cluster version -KIND_CLUSTER_VERSION="${KIND_CLUSTER_VERSION:-v1.18.2}" +KIND_CLUSTER_VERSION="${KIND_CLUSTER_VERSION:-v1.19.7}" echo "# Creating a new Kubernetes cluster..." kind create cluster --quiet --name="${KIND_CLUSTER_NAME}" --image="kindest/node:${KIND_CLUSTER_VERSION}" --wait=120s