Merge pull request #60075 from ekristova/RHDEVDOCS-3785

RHDEVDOCS-3785: Configuring Pipelines Operator using the TektonConfig…

Author: abrennan89

_topic_maps/_topic_map.yml

@@ -1904,12 +1904,12 @@ Topics:
     File: using-pipelines-as-code
   - Name: Working with OpenShift Pipelines using the Developer perspective
     File: working-with-pipelines-using-the-developer-perspective
+  - Name: Customizing configurations in the TektonConfig custom resource
+    File: customizing-configurations-in-the-tektonconfig-cr
   - Name: Reducing resource consumption of OpenShift Pipelines
     File: reducing-pipelines-resource-consumption
   - Name: Setting compute resource quota for OpenShift Pipelines
     File: setting-compute-resource-quota-for-openshift-pipelines
-  - Name: Automatic pruning of task run and pipeline run
-    File: automatic-pruning-taskrun-pipelinerun
   - Name: Using pods in a privileged security context
     File: using-pods-in-a-privileged-security-context
   - Name: Securing webhooks with event listeners

cicd/pipelines/automatic-pruning-taskrun-pipelinerun.adoc

@@ -0,0 +1,56 @@
+:_content-type: ASSEMBLY
+[id="customizing-configurations-in-the-tektonconfig-cr"]
+= Customizing configurations in the TektonConfig custom resource
+include::_attributes/common-attributes.adoc[]
+:context: customizing-configurations-in-the-tektonconfig-cr
+
+toc::[]
+
+In {pipelines-title}, you can customize the following configurations by using the `TektonConfig` custom resource (CR):
+
+* Configuring the {pipelines-title} control plane
+* Changing the default service account
+* Disabling the service monitor
+* Configuring pipeline resolvers
+* Disabling cluster tasks and pipeline templates
+* Disabling the integration of {tekton-hub}
+* Disabling the automatic creation of RBAC resources
+* Pruning of task runs and pipeline runs
+
+[id="prerequisites_customizing-configurations-in-the-tektonconfig-cr"]
+== Prerequisites
+
+* You have installed the {pipelines-title} Operator.
+
+include::modules/op-configuring-pipelines-control-plane.adoc[leveloffset=+1]
+
+include::modules/op-modifiable-fields-with-default-values.adoc[leveloffset=+2]
+
+include::modules/op-optional-configuration-fields.adoc[leveloffset=+2]
+
+include::modules/op-changing-default-service-account.adoc[leveloffset=+1]
+
+include::modules/op-disabling-the-service-monitor.adoc[leveloffset=+1]
+
+include::modules/op-configuring-pipeline-resolvers.adoc[leveloffset=+1]
+
+include::modules/op-disabling-cluster-tasks-and-pipeline-templates.adoc[leveloffset=+1]
+
+include::modules/op-disabling-the-integretion-of-tekton-hub.adoc[leveloffset=+1]
+
+include::modules/op-disabling-automatic-creation-of-rbac-resources.adoc[leveloffset=+1]
+
+include::modules/op-automatic-pruning-taskrun-pipelinerun.adoc[leveloffset=+1]
+
+include::modules/op-default-pruner-configuration.adoc[leveloffset=+2]
+
+include::modules/op-annotations-for-automatic-pruning-taskruns-pipelineruns.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="additional-resources_customizing-configurations-in-the-tektonconfig-cr"]
+== Additional resources
+
+* xref:../../cicd/pipelines/authenticating-pipelines-using-git-secret.adoc#op-configuring-ssh-authentication-for-git_authenticating-pipelines-using-git-secret[Configuring SSH authentication for Git]
+* xref:managing-nonversioned-and-versioned-cluster-tasks.adoc#managing-nonversioned-and-versioned-cluster-tasks[Managing non-versioned and versioned cluster tasks]
+* xref:../../cicd/pipelines/working-with-pipelines-using-the-developer-perspective.adoc#using-custom-pipeline-template-for-git-import_working-with-pipelines-using-the-developer-perspective[Using a custom pipeline template for creating and deploying an application from a Git repository]
+* xref:../../applications/pruning-objects.adoc#pruning-objects[Pruning objects to reclaim resources]

cicd/pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc

@@ -37,11 +37,6 @@ include::modules/op-installing-pipelines-operator-using-the-cli.adoc[leveloffset
 
 include::modules/op-pipelines-operator-in-restricted-environment.adoc[leveloffset=+1]
 
-// Disabling automatic creation of RBAC resources 
-
-include::modules/op-disabling-automatic-creation-of-rbac-resources.adoc[leveloffset=+1]
-
-
 [role="_additional-resources"]
 == Additional resources
 

cicd/pipelines/installing-pipelines.adoc

@@ -0,0 +1,15 @@
+// This module is included in the following assembly:
+//
+// *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
+
+:_content-type: CONCEPT
+[id="op-automatic-pruning-taskrun-pipelinerun_{context}"]
+= Automatic pruning of task runs and pipeline runs 
+
+Stale `TaskRun` and `PipelineRun` objects and their executed instances occupy physical resources that can be used for active runs. For optimal utilization of these resources, {pipelines-title} provides annotations that cluster administrators can use to automatically prune the unused objects and their instances in various namespaces.
+
+[NOTE]
+====
+Configuring automatic pruning by specifying annotations affects the entire namespace. You cannot selectively auto-prune an individual task run or pipeline run in a namespace.
+====
+

modules/op-automatic-pruning-taskrun-pipelinerun.adoc

@@ -0,0 +1,24 @@
+// This module is included in the following assembly:
+//
+// *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
+
+:_content-type: CONCEPT
+[id="op-changing-default-service-account_{context}"]
+= Changing the default service account for {pipelines-shortname}
+
+You can change the default service account for {pipelines-shortname} by editing the `default-service-account` field in the `.spec.pipeline` and `.spec.trigger` specifications. The default service account name is `pipeline`.
+
+.Example
+[source,yaml]
+----
+apiVersion: operator.tekton.dev/v1alpha1
+kind: TektonConfig
+metadata:
+  name: config
+spec:
+  pipeline:
+    default-service-account: pipeline
+  trigger:
+    default-service-account: pipeline
+    enable-api-fields: stable
+----

modules/op-changing-default-service-account.adoc

@@ -0,0 +1,53 @@
+// This module is included in the following assembly:
+//
+// *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
+
+:_content-type: CONCEPT
+[id="op-configuring-pipeline-resolvers_{context}"]
+= Configuring pipeline resolvers
+
+:FeatureName: resolvers
+include::snippets/technology-preview.adoc[]
+
+You can configure pipeline resolvers in the `TektonConfig` custom resource (CR). You can enable or disable these pipeline resolvers:
+
+* `enable-bundles-resolver`
+* `enable-cluster-resolver`
+* `enable-git-resolver`
+* `enable-hub-resolver`
+
+.Example
+[source,yaml]
+----
+apiVersion: operator.tekton.dev/v1alpha1
+kind: TektonConfig
+metadata:
+  name: config
+spec:
+  pipeline:
+    enable-bundles-resolver: true
+    enable-cluster-resolver: true
+    enable-git-resolver: true
+    enable-hub-resolver: true
+----
+
+You can also provide resolver specific configurations in the `TektonConfig` CR. For example, define the following fields in the `map[string]string` format to set configurations for each pipeline resolver:
+
+.Example
+[source,yaml]
+----
+apiVersion: operator.tekton.dev/v1alpha1
+kind: TektonConfig
+metadata:
+  name: config
+spec:
+  pipeline:
+    bundles-resolver-config:
+      default-service-account: pipelines
+    cluster-resolver-config:
+      default-namespace: test
+    git-resolver-config:
+      server-url: localhost.com
+    hub-resolver-config:
+      default-tekton-hub-catalog: tekton
+----

modules/op-configuring-pipeline-resolvers.adoc

@@ -0,0 +1,52 @@
+// This module is included in the following assembly:
+//
+// *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
+
+:_content-type: PROCEDURE
+[id="op-configuring-pipelines-control-plane_{context}"]
+= Configuring the {pipelines-title} control plane
+
+You can customize the {pipelines-shortname} control plane by editing the configuration fields in the `TektonConfig` custom resource (CR). The {pipelines-title} Operator automatically adds the configuration fields with their default values so that you can use the {pipelines-shortname} control plane.
+
+.Procedure
+
+. In the *Administrator* perspective of the web console, navigate to *Administration* → *CustomResourceDefinitions*.
+
+. Use the *Search by name* box to search for the `tektonconfigs.operator.tekton.dev` custom resource definition (CRD). Click *TektonConfig* to see the CRD details page.
+
+. Click the *Instances* tab.
+
+. Click the *config* instance to see the `TektonConfig` CR details.
+
+. Click the *YAML* tab.
+
+. Edit the `TektonConfig` YAML file based on your requirements.
++
+.Example of `TektonConfig` CR with default values
+[source,yaml]
+----
+apiVersion: operator.tekton.dev/v1alpha1
+kind: TektonConfig
+metadata:
+  name: config
+spec:
+  pipeline:
+    running-in-environment-with-injected-sidecars: true
+    metrics.taskrun.duration-type: histogram
+    metrics.pipelinerun.duration-type: histogram
+    await-sidecar-readiness: true
+    params:
+      - name: enableMetrics
+        value: 'true'
+    default-service-account: pipeline
+    require-git-ssh-secret-known-hosts: false
+    enable-tekton-oci-bundles: false
+    metrics.taskrun.level: task
+    metrics.pipelinerun.level: pipeline
+    embedded-status: both
+    enable-api-fields: stable
+    enable-provenance-in-status: false
+    enable-custom-tasks: true
+    disable-creds-init: false
+    disable-affinity-assistant: true
+----

modules/op-configuring-pipelines-control-plane.adoc

@@ -8,6 +8,7 @@
 
 The default configuration for periodic pruning of resources associated with pipeline runs is as follows:
 
+.Example of the default configuration
 [source,yaml]
 ----
 apiVersion: operator.tekton.dev/v1alpha1

modules/op-default-pruner-configuration.adoc

@@ -1,11 +1,11 @@
-// Module included in the following assemblies:
+// This module is included in the following assembly:
 //
-// */openshift_pipelines/installing-pipelines.adoc
+// *openshift_pipelines/customizing-configurations-in-the-tektonconfig-cr.adoc
+
 :_content-type: CONCEPT
 [id="op-disabling-automatic-creation-of-rbac-resources_{context}"]
 = Disabling the automatic creation of RBAC resources
 
-[role="_abstract"]
 The default installation of the {pipelines-title} Operator creates multiple role-based access control (RBAC) resources for all namespaces in the cluster, except the namespaces matching the `^(openshift|kube)-*` regular expression pattern. Among these RBAC resources, the `pipelines-scc-rolebinding` security context constraint (SCC) role binding resource is a potential security issue, because the associated `pipelines-scc` SCC has the `RunAsAny` privilege. 
 
 To disable the automatic creation of cluster-wide RBAC resources after the {pipelines-title} Operator is installed, cluster administrators can set the `createRbacResource` parameter to `false` in the cluster-level `TektonConfig` custom resource (CR).
@@ -21,14 +21,6 @@ spec:
   params:
   - name: createRbacResource
     value: "false"
-  profile: all
-  targetNamespace: openshift-pipelines
-  addon:
-    params:
-    - name: clusterTasks
-      value: "true"
-    - name: pipelineTemplates
-      value: "true"
 ...
 ----