docs/bundle-resolver.md
This Resolver responds to type bundles.
| Param Name | Description | Example Value |
|---|---|---|
secret | The name of the secret to use when constructing registry credentials | default |
bundle | The bundle url pointing at the image to fetch | gcr.io/tekton-releases/catalog/upstream/golang-build:0.1 |
name | The name of the resource to pull out of the bundle | golang-build |
kind | The resource kind to pull out of the bundle | task |
cache | Controls caching behavior for the resolved resource | always, never, auto |
enable-bundles-resolver feature flag in the resolvers-feature-flags ConfigMap
in the tekton-pipelines-resolvers namespace set to true.This resolver uses a ConfigMap for its settings. See
../config/resolvers/bundleresolver-config.yaml
for the name, namespace and defaults that the resolver ships with.
| Option Name | Description | Default Value | Required | Example Values |
|---|---|---|---|---|
backoff-duration | The initial duration for backoff retries. | 2s | false | 500ms, 2s |
backoff-factor | The factor by which the sleep duration increases at each retry step. | 2.0 | false | 2.5, 4.0 |
backoff-jitter | Random jitter added to each backoff duration (duration * jitter). | 0.1 | false | 0.1, 0.5 |
backoff-steps | The number of backoff retries to attempt. | 2 | false | 3, 7 |
backoff-cap | The maximum backoff duration. If reached, remaining retry steps are capped. | 10s | false | 10s, 20s |
default-service-account | The default service account name to use for bundle requests. | default | true | build-bot, default |
default-kind | The default layer kind in the bundle image. | task | true | task, pipeline |
The bundle resolver supports caching of resolved resources to improve performance. The caching behavior can be configured using the cache option:
| Cache Value | Description |
|---|---|
always | Always cache resolved resources. This is the most aggressive caching strategy and will cache all resolved resources regardless of their source. |
never | Never cache resolved resources. This disables caching completely. |
auto | Caching will only occur for bundles pulled by digest. (default) |
The resolver cache can be configured globally using the resolver-cache-config ConfigMap. This ConfigMap controls the cache size and TTL (time-to-live) for all resolvers.
| Option Name | Description | Default Value | Example Values |
|---|---|---|---|
max-size | Maximum number of entries in the cache | 1000 | 500, 2000 |
ttl | Time-to-live for cache entries | 5m | 10m, 1h |
The ConfigMap name can be customized using the RESOLVER_CACHE_CONFIG_MAP_NAME environment variable. If not set, it defaults to resolver-cache-config.
Additionally, you can set a default cache mode for the bundle resolver by adding the default-cache-mode option to the bundleresolver-config ConfigMap. This overrides the system default (auto) for this resolver:
| Option Name | Description | Valid Values | Default |
|---|---|---|---|
default-cache-mode | Default caching behavior when cache parameter is not specified | always, never, auto | auto |
Example:
apiVersion: v1
kind: ConfigMap
metadata:
name: bundleresolver-config
namespace: tekton-pipelines-resolvers
data:
default-cache-mode: "always" # Always cache unless task/pipeline specifies otherwise
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: remote-task-reference
spec:
taskRef:
resolver: bundles
params:
- name: bundle
value: docker.io/ptasci67/example-oci@sha256:053a6cb9f3711d4527dd0d37ac610e8727ec0288a898d5dfbd79b25bcaa29828
- name: name
value: hello-world
- name: kind
value: task
Unfortunately the Tekton Catalog does not publish pipelines at the
moment. Here's an example PipelineRun that talks to a private registry
but won't work unless you tweak the bundle field to point to a
registry with a pipeline in it:
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: bundle-demo
spec:
pipelineRef:
resolver: bundles
params:
- name: bundle
value: 10.96.190.208:5000/simple/pipeline:latest
- name: name
value: hello-pipeline
- name: kind
value: pipeline
params:
- name: username
value: "tekton pipelines"
ResolutionRequest StatusResolutionRequest.Status.RefSource field captures the source where the remote resource came from. It includes the 3 subfields: url, digest and entrypoint.
uri: The image repository URIdigest: The map of the algorithm portion -> the hex encoded portion of the image digest.entrypoint: The resource name in the OCI bundle image.Example:
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: remote-task-reference
spec:
taskRef:
resolver: bundles
params:
- name: bundle
value: gcr.io/tekton-releases/catalog/upstream/git-clone:0.7
- name: name
value: git-clone
- name: kind
value: task
params:
- name: url
value: https://github.com/octocat/Hello-World
workspaces:
- name: output
volumeClaimTemplate:
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi
ResolutionRequestapiVersion: resolution.tekton.dev/v1beta1
kind: ResolutionRequest
metadata:
...
labels:
resolution.tekton.dev/type: bundles
name: bundles-21ad80ec13f3e8b73fed5880a64d4611
...
spec:
params:
- name: bundle
value: gcr.io/tekton-releases/catalog/upstream/git-clone:0.7
- name: name
value: git-clone
- name: kind
value: task
status:
annotations: ...
...
data: xxx
observedGeneration: 1
refSource:
digest:
sha256: f51ca50f1c065acba8290ef14adec8461915ecc5f70a8eb26190c6e8e0ededaf
entryPoint: git-clone
uri: gcr.io/tekton-releases/catalog/upstream/git-clone
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License.