🎉 Feature Flags, Workspaces in Steps and Sidecars, Better Defaults for Steps and more! 🎉
-Docs @ v0.24.0
-Examples @ v0.24.0
Installation one-liner
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.24.0/release.yaml
Upgrade Notices
- Release v0.24.0 of Tekton requires Kubernetes v1.18+.
- The default value of
disable-home-env-overwrite
anddisable-working-dir-overwrite
has been changed to true. See the e-mail thread and the pull request for more details.
Changes
Features
- ✨ Allow dot character in resource names (#3893)
Allow resource names to contain the dot character (".")
Resource names now validated using the common validation.IsDNS1123Subdomain()
function
- ✨ Feat: Adding hostAliases in PodTemplate spec. (#3889)
Feat: Add hostAliases in PodTemplate spec which provides Pod-level override of hostname resolution by modifing /etc/hosts.
- ✨ Implement TEP-0033: Add enable-api-fields feature-flag (#3881)
A new feature-flag, "enable-api-fields" has been added. Valid values are "alpha" and "stable". It defaults to "stable".
Setting the "enable-api-fields" flag tells Tekton what level of API stability you require in the cluster. As new features are added to Pipelines we'll first place those features under the "alpha" flag. When the feature is ready we'll promote it to "stable". This process is described in TEP-0033[1].
Opting in to "alpha" gives you early exposure to exciting new features as they're added to Pipelines but those features are still undergoing development and could be subject to backwards-incompatible changes.
[1] https://github.com/tektoncd/community/blob/main/teps/0033-tekton-feature-gates.md
- ✨ Disable the default workingDir and HOME overrides (#3878)
Steps no longer receive a default HOME env var of "/tekton/home", nor a default workingDir of "/workspace".
action required: if you rely on these defaults you now have a choice to make: either update your Task steps to include the workingDir and HOME env or set the "disable-home-env-overwrite" and "disable-working-directory-overwrite" feature flags to "false". We plan to continue supporting these flags for another 9 months following the release of 0.24 and then they too will be removed.
- ✨ an aggregate status of tasks in finally (#3817)
Introducing a variable $(tasks.status) to access aggregate execution status of tasks in finally.
- ✨ Add Step and Sidecar Workspaces feature (#3700)
New alpha feature added: "Step and Sidecar Workspaces":
- Requires "enable-api-fields: alpha" feature gate.
- Sidecars in a Task now receive Workspaces, just like Steps do.
- Steps and Sidecars can now specify which Workspaces they want access to. This isolates the workspace to only those Steps or Sidecars that need them, allowing Task authors to limit exposure of sensitive data like credentials.
- The default behaviour for workspaces in Steps remains the same - all Steps get access to them.
- ✨ Make entrypoint binary build for Windows (#3876)
Deprecation Notices
- 🚨 The
disable-home-env-overwrite
anddisable-working-dir-overwrite
are now deprecated (#3878)
The default value of these flags has been changed to true
. The flags are still available so that the old behaviour can still be configured; the flags are now deprecated and will be removed in 9 months from now. e-mail thread
Fixes
- 🐛 validate the context variable in when expressions (#3899)
Do not allow when
expressions in dag
to specify the context variable accessing the execution status of any other task - $(tasks.<pipelineTask>.status)
- 🐛 Fix issue with "$$" in Script blocks (#3888)
Fix a bug where the literal characters "$$" in a Step's script block would be replaced with a single "$".
- 🐛 Skip sidecar deletion logic for canceled or timed-out TaskRun (#3877)
Do not run sidecar deletion logic for canceled or timed-out taskrun where pod was deleted
- 🐛 Bump distroless/base:debug image (#3890)
Misc
- 🔨 Remove cluster-wide namespace list/watch permissions (#3880)
The controller SA no longer requests cluster-wide permission to list and watch namespaces.
- 🔨 Use v1 API for RoleBinding 🦝 (#3872)
Using rbac.authorization.k8s.io/v1
instead of rbac.authorization.k8s.io/v1beta1
for RoleBinding
as it is being deprecated starting in 1.17.
- 🔨 Add alpha feature gate tests (integration & examples) to our CI (#3917)
Pipelines now e2e tests every commit against both the "stable" and "alpha" feature gates.
- 🔨 Test multiple scripts in one task executing with different UIDs (#3914)
Added test for running Scripts with differing securityContexts in the same Task.
- 🔨 Add a nodeAffinity rule to the controller and webhook deployments (#3909)
Controller and Webhook pods will no longer be scheduled on Windows nodes if any exist in a Kubernetes cluster.
- 🔨 Enable Bundles and Custom Tasks when feature gate is set to alpha (#3908)
Switching the "enable-api-fields" feature gate to "alpha" also turns on Tekton Bundles and Custom Tasks support, since these are alpha features.
- 🔨 Bump knative to 0.22 🧙 (#3883)
Update knative dependency to 0.22, and default minimum kubernetes version supported, v1.18.0
- 🔨 Updates the Tekton Bundle spec and resolver to be more explicit. (#3869)
- 🔨 Fix lint issues (#3926)
- 🔨 Remove field name from error returned during feature gate validation (#3918)
- 🔨 Remove random suffixes on creds-init volumes (#3907)
- 🔨 Add test YAML helpers (#3905)
- 🔨 Last minute fixups from review feedback on "enable-api-fields" PR (#3904)
- 🔨 Resolving integration test failures by bumping plumbing (#3894)
- 🔨 Add doc links for 0.23.0 to README and update release-cheat-sheet (#3868)
Docs
Thanks
Thanks to these contributors who contributed to v0.24.0!
- ❤️ @SaschaSchwarze0
- ❤️ @Siddhesh-Ghadi
- ❤️ @afrittoli
- ❤️ @aiden-deloryn
- ❤️ @imjasonh
- ❤️ @jmcshane
- ❤️ @joellord
- ❤️ @pierretasci
- ❤️ @pritidesai
- ❤️ @psschwei
- ❤️ @sbwsg
- ❤️ @vdemeester
- ❤️ @xclud
Extra shout-out for awesome release notes:
- 😍 @SaschaSchwarze0
- 😍 @aiden-deloryn
- 😍 @imjasonh
- 😍 @pritidesai
- 😍 @psschwei
- 😍 @sbwsg
- 😍 @vdemeester
- 😍 @xclud
To Be Done: Deprecation Notices, Backward Incompatible Changes