From 2513c7e2aaf58b462e6afec7ea72912f628de8fb Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Tue, 17 May 2022 23:34:50 +0200
Subject: [PATCH] feat(tekton): Initial deploy

---
 infrastructure/kustomization.yaml        |  1 +
 infrastructure/tekton/kustomization.yaml | 11 ++++++++
 infrastructure/tekton/namespace.yaml     |  7 ++++++
 infrastructure/tekton/networkpolicy.yaml |  9 +++++++
 infrastructure/tekton/release.yaml       | 32 ++++++++++++++++++++++++
 infrastructure/tekton/repository.yaml    | 16 ++++++++++++
 6 files changed, 76 insertions(+)
 create mode 100644 infrastructure/tekton/kustomization.yaml
 create mode 100644 infrastructure/tekton/namespace.yaml
 create mode 100644 infrastructure/tekton/networkpolicy.yaml
 create mode 100644 infrastructure/tekton/release.yaml
 create mode 100644 infrastructure/tekton/repository.yaml

diff --git a/infrastructure/kustomization.yaml b/infrastructure/kustomization.yaml
index 169bd6e1d..d03694ee6 100644
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -16,3 +16,4 @@ resources:
   - postgres
   - kubenav
   - starboard
+  - tekton
diff --git a/infrastructure/tekton/kustomization.yaml b/infrastructure/tekton/kustomization.yaml
new file mode 100644
index 000000000..87ba6bab4
--- /dev/null
+++ b/infrastructure/tekton/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: tekton-system
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
+  - ../../shared/networkpolicies/allow-from-same-namespace.yaml
+  - ../../shared/networkpolicies/allow-from-monitoring.yaml
+patchesStrategicMerge:
+  - networkpolicy.yaml
diff --git a/infrastructure/tekton/namespace.yaml b/infrastructure/tekton/namespace.yaml
new file mode 100644
index 000000000..938b95398
--- /dev/null
+++ b/infrastructure/tekton/namespace.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tekton-system
+  labels:
+    name: tekton-system
+    kyverno.shivering-isles.com/class: "system" 
diff --git a/infrastructure/tekton/networkpolicy.yaml b/infrastructure/tekton/networkpolicy.yaml
new file mode 100644
index 000000000..1e6652a63
--- /dev/null
+++ b/infrastructure/tekton/networkpolicy.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-monitoring
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/component: operator
diff --git a/infrastructure/tekton/release.yaml b/infrastructure/tekton/release.yaml
new file mode 100644
index 000000000..68d9ee331
--- /dev/null
+++ b/infrastructure/tekton/release.yaml
@@ -0,0 +1,32 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: tekton-operator
+  namespace: tekton-system
+spec:
+  releaseName: tekton-operator
+  chart:
+    spec:
+      chart: tekton-operator
+      sourceRef:
+        kind: GitRepository
+        name: tekton
+        namespace: tekton-system
+  interval: 5m
+  install:
+    crds: CreateReplace
+  upgrade:
+    crds: CreateReplace
+  values:
+    installCRDs: true
+    operator:
+      defaultTargetNamespace: tekton-system
+    service:
+      createServiceMonitor: true
+    securityContext:
+        capabilities:
+          drop:
+          - ALL
+        readOnlyRootFilesystem: true
+        runAsNonRoot: true
+        runAsUser: 1000
diff --git a/infrastructure/tekton/repository.yaml b/infrastructure/tekton/repository.yaml
new file mode 100644
index 000000000..1bb79ad2c
--- /dev/null
+++ b/infrastructure/tekton/repository.yaml
@@ -0,0 +1,16 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: tekton
+  namespace: tekton-system
+spec:
+spec:
+  interval: 30m
+  ref:
+    commit: 8dad037328193d6694f4d8365765d8a31e32c712
+  url: https://github.com/tektoncd/operator.git
+  ignore: |
+    # exclude all
+    /*
+    # include deploy dir
+    !/chart
-- 
GitLab