Skip to content

Tekton Pipeline release v0.32.0 "Pixie-bob Prima"
Compare
Choose a tag to compare
@tekton-robot tekton-robot released this 13 Jan 20:32
v0.32.0
1401ab7

πŸŽ‰ Security & Performance Improvements πŸŽ‰

-Docs @ v0.32.0
-Examples @ v0.32.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.32.0/release.yaml

⚠️ Known Issues

  • #4483 Implicit parameter mapping incorrectly passes params from the top-level Pipeline or PipelineRun to taskRef Pipeline Tasks. Mapping should only occur from top-level resource to Pipeline Tasks with in-line taskSpec. This issue only affects users with enable-api-fields: alpha in the feature-flags ConfigMap stored in the tekton-pipelines namespace.

Changes

Features

  • ✨ Match k8s recommended restricted PSP. (#4439)

tekton-pipelines PodSecurityPolicy now drops all capabilities and enables default
seccomp/apparmor annotations. This should not affect user Runs unless you are
running in the tekton-pipelines namespace (which we generally do not recommend).

  • ✨ Avoid API server call to get Pod when sidecars are stopped (#4374)

Avoids calls to the API server to stop sidecars when sidecars are already stopped

  • ✨ Lockdown /tekton/step folders to their own steps. (#4352)

The /tekton/steps directory is now read-only and subdirectories in /tekton/steps are now symlinks. The content for the resolved paths remains the same.

Fixes

  • πŸ› git: Remove usage of git symbolic-ref. (#4464)

  • πŸ› scripts: remove set -x by default 🧣 (#4451)

Scripts will no longer print their commands and arguments by default in order to limit unexpected exposure of sensitive values.

  • πŸ› set activeDeadlineSeconds to max for tasks with notimeouts (#4450)

Set activeDeadlineSeconds to max. permitted value (MaxInt32) for a task with 0s timeout (no timeouts).
This commit fixes the bug where a task with 0s timeout was failing with out of range error.

  • πŸ› test/sidecar_test.go: replace t.Errorfs with t.Fatalfs (#4436)

  • πŸ› Select entrypoint command based on runtime platform (#4420)

Changes the way image commands are passed to the entrypoint executor, enabling more correct behavior in heterogeneous clusters, and allowing for multi-platform image references to be passed to generated Pods.

  • πŸ› Merge default PodTemplate's affinity field (#4406)

Fixes an issue that default PodTemplate's affinity field is ignored.

  • πŸ› Pass explicit platforms list when publishing images (#4480)
  • πŸ› Bump GoogleContainerTools/skaffold revision from v0.32.0 to v1.32.0 (#4423)

Misc

  • πŸ”¨ Fix links in expressions migrations announcements (#4462)

  • πŸ”¨ Pick up latest (k8s 0.22 libs) (#4449)

The pipelines clients are now compatible with k8s.io/client-go v0.22.x

  • πŸ”¨ Refactor PipelineRun timeout logic (#4447)

[Bug fix] Handle cases where PipelineRun task timeouts are greater than Pipeline.Timeouts.Task or Pipeline.Timeouts.Finally

  • πŸ”¨ Remove --enable-basic-auth from the development guide (#4442)

  • πŸ”¨ subcommands_test: Group command tests with t.Run. (#4437)

  • πŸ”¨ Reduce RBAC permissions for Tekton controller/webhook roles. (#4434)

Tekton tekton-pipelines-controller-tenant-access and tekton-pipelines-webhook-cluster-access
ClusterRole permissions are reduced to better fit least privilege.
This should have no effect on the Pipelines Controller/Webhook itself, but may impact users
if they were relying on these roles for other uses.

  • πŸ”¨ Don't install golangci-lint with curl|bash, use go install, introduce the tools folder (#4411)

  • πŸ”¨ Clean up RunsToCompletion interface (#4479)

  • πŸ”¨ Reduce duplication in TaskRun reconciler tests (#4441)

  • πŸ”¨ Add image replacement for amd64 specific image (#4456)

  • πŸ”¨ Skip creds-init-only-mounts-provided-credentials test for linux/s390x (#4452)

  • πŸ”¨ Remove unused informers (#4459)

Reduce memory footprint of the pipeline controller

Docs

  • πŸ“– updating README to include v0.31.0 release links (#4429)

Adding links to the latest release - v0.31.0

Thanks

Thanks to these contributors who contributed to v0.32.0!

Extra shout-out for awesome release notes:

Contributors

vdemeester, guillaumerose, and 10 other contributors
Assets 4
Loading