openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-07 09:46:53 +01:00
Code Issues Releases Activity
Files
b861fb8d1fe02da170cbb977e5f74d9d1d76384c
openshift-docs/modules/op-release-notes-1-3.adoc
dfitzmau 96ba14be71 ibm-name-clean-up
2023-11-15 11:13:03 +00:00

154 lines
11 KiB
Plaintext
Raw Blame History

// Module included in the following assembly:
//
// * openshift_pipelines/op-release-notes.adoc
[id="op-release-notes-1-3_{context}"]
= Release notes for {pipelines-title} Technology Preview 1.3
[id="new-features-1-3_{context}"]
== New features
{pipelines-title} Technology Preview (TP) 1.3 is now available on {product-title} 4.7. {pipelines-title} TP 1.3 is updated to support:
* Tekton Pipelines 0.19.0
* Tekton `tkn` CLI 0.15.0
* Tekton Triggers 0.10.2
* cluster tasks based on Tekton Catalog 0.19.0
* {ibm-power-name} Systems on {product-title} 4.7
* {ibm-z-name} and {ibm-linuxone-name} on {product-title} 4.7
In addition to the fixes and stability improvements, the following sections highlight what is new in {pipelines-title} 1.3.
[id="pipeline-new-features-1-3_{context}"]
=== Pipelines
* Tasks that build images, such as S2I and Buildah tasks, now emit a URL of the image built that includes the image SHA.
* Conditions in pipeline tasks that reference custom tasks are disallowed because the `Condition` custom resource definition (CRD) has been deprecated.
* Variable expansion is now added in the `Task` CRD for the following fields:
`spec.steps[].imagePullPolicy` and `spec.sidecar[].imagePullPolicy`.
* You can disable the built-in credential mechanism in Tekton by setting the `disable-creds-init` feature-flag to `true`.
* Resolved when expressions are now listed in the `Skipped Tasks` and the `Task Runs` sections in the `Status` field of the `PipelineRun` configuration.
* The `git init` command can now clone recursive submodules.
* A `Task` CR author can now specify a timeout for a step in the `Task` spec.
* You can now base the entry point image on the `distroless/static:nonroot` image and give it a mode to copy itself to the destination, without relying on the `cp` command being present in the base image.
* You can now use the configuration flag `require-git-ssh-secret-known-hosts` to disallow omitting known hosts in the Git SSH secret. When the flag value is set to `true`, you must include the `known_host` field in the Git SSH secret. The default value for the flag is `false`.
* The concept of optional workspaces is now introduced. A task or pipeline might declare a workspace optional and conditionally change their behavior based on its presence. A task run or pipeline run might also omit that workspace, thereby modifying the task or pipeline behavior. The default task run workspaces are not added in place of an omitted optional workspace.
* Credentials initialization in Tekton now detects an SSH credential that is used with a non-SSH URL, and vice versa in Git pipeline resources, and logs a warning in the step containers.
* The task run controller emits a warning event if the affinity specified by the pod template is overwritten by the affinity assistant.
* The task run reconciler now records metrics for cloud events that are emitted once a task run is completed. This includes retries.
[id="cli-new-features-1-3_{context}"]
=== Pipelines CLI
* Support for `--no-headers flag` is now added to the following commands:
`tkn condition list`,`tkn triggerbinding list`,`tkn eventlistener list`,`tkn clustertask list`, `tkn clustertriggerbinding list`.
* When used together, the `--last` or `--use` options override the `--prefix-name` and `--timeout` options.
* The `tkn eventlistener logs` command is now added to view the `EventListener` logs.
* The `tekton hub` commands are now integrated into the `tkn` CLI.
* The `--nocolour` option is now changed to `--no-color`.
* The `--all-namespaces` flag is added to the following commands:
`tkn triggertemplate list`, `tkn condition list`, `tkn triggerbinding list`, `tkn eventlistener list`.
[id="triggers-new-features-1-3_{context}"]
=== Triggers
* You can now specify your resource information in the `EventListener` template.
* It is now mandatory for `EventListener` service accounts to have the `list` and `watch` verbs, in addition to the `get` verb for all the triggers resources. This enables you to use `Listers` to fetch data from `EventListener`, `Trigger`, `TriggerBinding`, `TriggerTemplate`, and `ClusterTriggerBinding` resources. You can use this feature to create a `Sink` object rather than specifying multiple informers, and directly make calls to the API server.
* A new `Interceptor` interface is added to support immutable input event bodies. Interceptors can now add data or fields to a new `extensions` field, and cannot modify the input bodies making them immutable. The CEL interceptor uses this new `Interceptor` interface.
* A `namespaceSelector` field is added to the `EventListener` resource. Use it to specify the namespaces from where the `EventListener` resource can fetch the `Trigger` object for processing events. To use the `namespaceSelector` field, the service account for the `EventListener` resource must have a cluster role.
* The triggers `EventListener` resource now supports end-to-end secure connection to the `eventlistener` pod.
* The escaping parameters behavior in the `TriggerTemplates` resource by replacing `"` with `\"` is now removed.
* A new `resources` field, supporting Kubernetes resources, is introduced as part of the `EventListener` spec.
* A new functionality for the CEL interceptor, with support for upper and lower-casing of ASCII strings, is added.
* You can embed `TriggerBinding` resources by using the `name` and `value` fields in a trigger, or an event listener.
* The `PodSecurityPolicy` configuration is updated to run in restricted environments. It ensures that containers must run as non-root. In addition, the role-based access control for using the pod security policy is moved from cluster-scoped to namespace-scoped. This ensures that the triggers cannot use other pod security policies that are unrelated to a namespace.
* Support for embedded trigger templates is now added. You can either use the `name` field to refer to an embedded template or embed the template inside the `spec` field.
[id="deprecated-features-1-3_{context}"]
== Deprecated features
* Pipeline templates that use `PipelineResources` CRDs are now deprecated and will be removed in a future release.
* The `template.name` field is deprecated in favor of the `template.ref` field and will be removed in a future release.
* The `-c` shorthand for the `--check` command has been removed. In addition, global `tkn` flags are added to the `version` command.
[id="known-issues-1-3_{context}"]
== Known issues
* CEL overlays add fields to a new top-level `extensions` function, instead of modifying the incoming event body. `TriggerBinding` resources can access values within this new `extensions` function using the `$(extensions.<key>)` syntax. Update your binding to use the `$(extensions.<key>)` syntax instead of the `$(body.<overlay-key>)` syntax.
* The escaping parameters behavior by replacing `"` with `\"` is now removed. If you need to retain the old escaping parameters behavior add the `tekton.dev/old-escape-quotes: true"` annotation to your `TriggerTemplate` specification.
* You can embed `TriggerBinding` resources by using the `name` and `value` fields inside a trigger or an event listener. However, you cannot specify both `name` and `ref` fields for a single binding. Use the `ref` field to refer to a `TriggerBinding` resource and the `name` field for embedded bindings.
* An interceptor cannot attempt to reference a `secret` outside the namespace of an `EventListener` resource. You must include secrets in the namespace of the `EventListener`resource.
* In Triggers 0.9.0 and later, if a body or header based `TriggerBinding` parameter is missing or malformed in an event payload, the default values are used instead of displaying an error.
* Tasks and pipelines created with `WhenExpression` objects using Tekton Pipelines 0.16.x must be reapplied to fix their JSON annotations.
* When a pipeline accepts an optional workspace and gives it to a task, the pipeline run stalls if the workspace is not provided.
* To use the Buildah cluster task in a disconnected environment, ensure that the Dockerfile uses an internal image stream as the base image, and then use it in the same manner as any S2I cluster task.
[id="fixed-issues-1-3_{context}"]
== Fixed issues
* Extensions added by a CEL Interceptor are passed on to webhook interceptors by adding the `Extensions` field within the event body.
* The activity timeout for log readers is now configurable using the `LogOptions` field. However, the default behavior of timeout in 10 seconds is retained.
* The `log` command ignores the `--follow` flag when a task run or pipeline run is complete, and reads available logs instead of live logs.
* References to the following Tekton resources: `EventListener`, `TriggerBinding`, `ClusterTriggerBinding`, `Condition`, and `TriggerTemplate` are now standardized and made consistent across all user-facing messages in `tkn` commands.
* Previously, if you started a canceled task run or pipeline run with the `--use-taskrun <canceled-task-run-name>`, `--use-pipelinerun <canceled-pipeline-run-name>` or `--last` flags, the new run would be canceled. This bug is now fixed.
* The `tkn pr desc` command is now enhanced to ensure that it does not fail in case of pipeline runs with conditions.
* When you delete a task run using the `tkn tr delete` command with the `--task` option, and a cluster task exists with the same name, the task runs for the cluster task also get deleted. As a workaround, filter the task runs by using the `TaskRefKind` field.
* The `tkn triggertemplate describe` command would display only part of the `apiVersion` value in the output. For example, only `triggers.tekton.dev` was displayed instead of `triggers.tekton.dev/v1alpha1`. This bug is now fixed.
* The webhook, under certain conditions, would fail to acquire a lease and not function correctly. This bug is now fixed.
* Pipelines with when expressions created in v0.16.3 can now be run in v0.17.1 and later. After an upgrade, you do not need to reapply pipeline definitions created in previous versions because both the uppercase and lowercase first letters for the annotations are now supported.
* By default, the `leader-election-ha` field is now enabled for high availability. When the `disable-ha` controller flag is set to `true`, it disables high availability support.
* Issues with duplicate cloud events are now fixed. Cloud events are now sent only when a condition changes the state, reason, or message.
* When a service account name is missing from a `PipelineRun` or `TaskRun` spec, the controller uses the service account name from the `config-defaults` config map. If the service account name is also missing in the `config-defaults` config map, the controller now sets it to `default` in the spec.
* Validation for compatibility with the affinity assistant is now supported when the same persistent volume claim is used for multiple workspaces, but with different subpaths.
View Git Blame Copy Permalink