feat(tekton): Initial deploy

2513c7e2 · Sheogorath · a4ef893c · 2513c7e2 · 2513c7e2 · 2513c7e2
Verified Commit 2513c7e2 authored 3 years ago by Sheogorath
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -16,3 +16,4 @@ resources:
  - postgres
  - kubenav
  - starboard
+  - tekton
--- a/infrastructure/tekton/kustomization.yaml
+++ b/infrastructure/tekton/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: tekton-system
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
+  - ../../shared/networkpolicies/allow-from-same-namespace.yaml
+  - ../../shared/networkpolicies/allow-from-monitoring.yaml
+patchesStrategicMerge:
+  - networkpolicy.yaml
--- a/infrastructure/tekton/namespace.yaml
+++ b/infrastructure/tekton/namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tekton-system
+  labels:
+    name: tekton-system
+    kyverno.shivering-isles.com/class: "system" 
--- a/infrastructure/tekton/networkpolicy.yaml
+++ b/infrastructure/tekton/networkpolicy.yaml
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-monitoring
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/component: operator
--- a/infrastructure/tekton/release.yaml
+++ b/infrastructure/tekton/release.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: tekton-operator
+  namespace: tekton-system
+spec:
+  releaseName: tekton-operator
+  chart:
+    spec:
+      chart: tekton-operator
+      sourceRef:
+        kind: GitRepository
+        name: tekton
+        namespace: tekton-system
+  interval: 5m
+  install:
+    crds: CreateReplace
+  upgrade:
+    crds: CreateReplace
+  values:
+    installCRDs: true
+    operator:
+      defaultTargetNamespace: tekton-system
+    service:
+      createServiceMonitor: true
+    securityContext:
+        capabilities:
+          drop:
+          - ALL
+        readOnlyRootFilesystem: true
+        runAsNonRoot: true
+        runAsUser: 1000
--- a/infrastructure/tekton/repository.yaml
+++ b/infrastructure/tekton/repository.yaml
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: tekton
+  namespace: tekton-system
+spec:
+spec:
+  interval: 30m
+  ref:
+    commit: 8dad037328193d6694f4d8365765d8a31e32c712
+  url: https://github.com/tektoncd/operator.git
+  ignore: |
+    # exclude all
+    /*
+    # include deploy dir
+    !/chart