SRVKP-5855: move all tekton related config to infra-deployments (#4291)

* pull pipeline-service grafana artifacts to infra-deployments rh-pre-commit.version: 2.3.0 rh-pre-commit.check-secrets: ENABLED * pull pipeline-service tekton and storage config for development overlay rh-pre-commit.version: 2.3.0 rh-pre-commit.check-secrets: ENABLED * pull pipeline-service tekton related config for stage overlay rh-pre-commit.version: 2.3.0 rh-pre-commit.check-secrets: ENABLED * pull pipeline service tekton related config for prod overlay rh-pre-commit.version: 2.3.0 rh-pre-commit.check-secrets: ENABLED
redhat-appstudio · Aug 12, 2024 · 6087d8e · 6087d8e
1 parent a5ebae8
commit 6087d8e
Show file tree

Hide file tree

Showing 37 changed files with 10,462 additions and 701 deletions.
diff --git a/components/monitoring/grafana/base/dashboards/pipeline-service/grafana-config.yaml b/components/monitoring/grafana/base/dashboards/pipeline-service/grafana-config.yaml
diff --git a/components/monitoring/grafana/base/dashboards/pipeline-service/kustomization.yaml b/components/monitoring/grafana/base/dashboards/pipeline-service/kustomization.yaml
@@ -2,4 +2,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - https://github.com/openshift-pipelines/pipeline-service/operator/gitops/argocd/grafana/?ref=dcd5b72748435ed46b9e1487b8a3011dabe2b9b8
+  - grafana-config.yaml
diff --git a/components/pipeline-service/base/testing/rbac.yaml b/components/pipeline-service/base/testing/rbac.yaml
@@ -33,4 +33,4 @@ subjects:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: admin
+  name: tekton-results-admin
diff --git a/components/pipeline-service/development/bump-results-watcher-replicas.yaml b/components/pipeline-service/development/bump-results-watcher-replicas.yaml
diff --git a/components/pipeline-service/development/chains-tekton-config-patches.yaml b/components/pipeline-service/development/chains-tekton-config-patches.yaml
diff --git a/components/pipeline-service/development/config.env b/components/pipeline-service/development/config.env
diff --git a/components/pipeline-service/development/dev-only-pipeline-service-storage-configuration.yaml b/components/pipeline-service/development/dev-only-pipeline-service-storage-configuration.yaml
@@ -0,0 +1,195 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  name: openshift-minio-apply-tenants
+rules:
+- apiGroups:
+  - minio.min.io
+  resources:
+  - tenants
+  verbs:
+  - get
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  - services
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  name: openshift-minio-apply-tenants
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: openshift-minio-apply-tenants
+subjects:
+- kind: ServiceAccount
+  name: openshift-gitops-argocd-application-controller
+  namespace: openshift-gitops
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  name: postgres
+  namespace: openshift-gitops
+spec:
+  destination:
+    namespace: tekton-results
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    chart: postgresql
+    helm:
+      parameters:
+      - name: image.tag
+        value: 13.14.0
+      - name: tls.enabled
+        value: "true"
+      - name: tls.certificatesSecret
+        value: postgresql-tls
+      - name: tls.certFilename
+        value: tls.crt
+      - name: tls.certKeyFilename
+        value: tls.key
+      - name: auth.database
+        value: tekton_results
+      - name: auth.username
+        value: tekton
+      - name: auth.existingSecret
+        value: tekton-results-database
+      - name: auth.secretKeys.userPasswordKey
+        value: db.password
+      - name: auth.secretKeys.adminPasswordKey
+        value: db.password
+      - name: primary.resources.requests
+        value: "null"
+      - name: primary.podSecurityContext.fsGroup
+        value: "null"
+      - name: primary.podSecurityContext.seccompProfile.type
+        value: RuntimeDefault
+      - name: primary.containerSecurityContext.runAsUser
+        value: "null"
+      - name: primary.containerSecurityContext.allowPrivilegeEscalation
+        value: "false"
+      - name: primary.containerSecurityContext.runAsNonRoot
+        value: "true"
+      - name: primary.containerSecurityContext.seccompProfile.type
+        value: RuntimeDefault
+      - name: primary.containerSecurityContext.capabilities.drop[0]
+        value: ALL
+      - name: volumePermissions.enabled
+        value: "false"
+      - name: shmVolume.enabled
+        value: "false"
+      releaseName: postgres
+    repoURL: https://charts.bitnami.com/bitnami
+    targetRevision: 14.0.5
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    retry:
+      backoff:
+        duration: 10s
+        factor: 2
+        maxDuration: 3m
+      limit: -1
+    syncOptions:
+    - CreateNamespace=false
+    - Validate=false
+---
+apiVersion: minio.min.io/v2
+kind: Tenant
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/sync-wave: "0"
+    prometheus.io/path: /minio/v2/metrics/cluster
+    prometheus.io/port: "9000"
+    prometheus.io/scrape: "true"
+  labels:
+    app: minio
+  name: storage
+  namespace: tekton-results
+spec:
+  certConfig: {}
+  configuration:
+    name: minio-storage-configuration
+  env: []
+  exposeServices:
+    minio: false
+  externalCaCertSecret: []
+  externalCertSecret: []
+  externalClientCertSecrets: []
+  features:
+    bucketDNS: false
+    domains: {}
+  image: quay.io/minio/minio:RELEASE.2022-09-17T00-09-45Z
+  imagePullSecret: {}
+  mountPath: /export
+  podManagementPolicy: Parallel
+  pools:
+  - affinity:
+      nodeAffinity: {}
+      podAffinity: {}
+      podAntiAffinity: {}
+    containerSecurityContext: {}
+    name: pool-0
+    nodeSelector: {}
+    resources: {}
+    securityContext: {}
+    servers: 1
+    tolerations: []
+    volumeClaimTemplate:
+      apiVersion: v1
+      kind: persistentvolumeclaims
+      metadata: {}
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 1Gi
+      status: {}
+    volumesPerServer: 2
+  priorityClassName: ""
+  requestAutoCert: true
+  serviceMetadata:
+    consoleServiceAnnotations: {}
+    consoleServiceLabels: {}
+    minioServiceAnnotations: {}
+    minioServiceLabels: {}
+  subPath: ""
+---
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  annotations:
+    argocd.argoproj.io/sync-wave: "0"
+  name: minio-operator
+  namespace: openshift-operators
+spec:
+  channel: stable
+  installPlanApproval: Automatic
+  name: minio-operator
+  source: certified-operators
+  sourceNamespace: openshift-marketplace
diff --git a/components/pipeline-service/development/enable-step-actions.yaml b/components/pipeline-service/development/enable-step-actions.yaml
diff --git a/components/pipeline-service/development/increase-results-pruner-gracePeriod.yaml b/components/pipeline-service/development/increase-results-pruner-gracePeriod.yaml
diff --git a/components/pipeline-service/development/kustomization.yaml b/components/pipeline-service/development/kustomization.yaml
@@ -8,68 +8,7 @@ commonAnnotations:
   argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
 
 resources:
-  - https://github.com/openshift-pipelines/pipeline-service.git/developer/openshift/gitops/argocd/pipeline-service?ref=dcd5b72748435ed46b9e1487b8a3011dabe2b9b8
-  - https://github.com/openshift-pipelines/pipeline-service.git/developer/openshift/gitops/argocd/pipeline-service-storage?ref=dcd5b72748435ed46b9e1487b8a3011dabe2b9b8
+  - main-pipeline-service-configuration.yaml
+  - dev-only-pipeline-service-storage-configuration.yaml
   - ../base/rbac
 
-images:
-  - name: quay.io/konflux-ci/tekton-results-watcher
-    newName: quay.io/redhat-appstudio/tekton-results-watcher
-    newTag: dcd5b72748435ed46b9e1487b8a3011dabe2b9b8
-  - name: quay.io/redhat-appstudio/tekton-results-watcher
-    newTag: bae7851ff584423503af324200f52cd28ca99116
-  # temp bump of exporter only until OCP/openshift-pipelines upgrade is sorted out
-  - name: quay.io/konflux-ci/pipeline-service-exporter
-    newTag: 9d2439c8a77d2ce0527cc5aea3fc6561b7671b48
-
-# generate a new configmap with updated values (logs api, db ssl mode) and replace the default one
-configMapGenerator:
-  - behavior: replace
-    files:
-      - config.env
-    name: api-config
-    options:
-      disableNameSuffixHash: true
-  - behavior: merge
-    name: config-observability
-    literals:
-      - profiling.enable="true"
-
-patches:
-  - path: chains-tekton-config-patches.yaml
-    target:
-      kind: TektonConfig
-      name: config
-  - path: metrics-exporter-trace.yaml
-    target:
-      kind: Deployment
-      name: pipeline-metrics-exporter
-      namespace: openshift-pipelines
-#  - path: scale-down-exporter.yaml
-#    target:
-#      kind: Deployment
-#      name: pipeline-metrics-exporter
-#      namespace: openshift-pipelines
-  - path: update-tekton-config-performance.yaml
-    target:
-      kind: TektonConfig
-      name: config
-  - path: bump-results-watcher-replicas.yaml
-    target:
-      kind: Deployment
-      namespace: tekton-results
-      name: tekton-results-watcher
-  - path: increase-results-pruner-gracePeriod.yaml
-    target:
-      kind: Deployment
-      namespace: tekton-results
-      name: tekton-results-watcher
-  - path: reduce-watcher-cpu-mem-reqs.yaml
-    target:
-      kind: Deployment
-      namespace: tekton-results
-      name: tekton-results-watcher
-  - path: enable-step-actions.yaml
-    target:
-      kind: TektonConfig
-      name: config