fix: default TektonConfig causing trouble

Despite the subscription configuration, the default TektonConfig
is instanciated, causing the deployment to fail.

So we change the configuration so that it is created, and then
patched during the deployment.

cf RHTAP-5228

Author: Roming22

installer/charts/tssc-infrastructure/templates/openshift-pipelines/tektonconfig/default._tpl

@@ -2,3 +2,5 @@
 {{- include "common.serviceAccount" . }}
 ---
 {{- include "common.clusterRoleBindingClusterAdmin" . }}
+---
+{{- include "pipelines.TektonConfigRbac" . }}

installer/charts/tssc-infrastructure/templates/openshift-pipelines/tektonconfig/tektonconfig.yaml

@@ -1,4 +1,10 @@
 {{- define "pipelines.TektonConfigPatch" -}}
+metadata:
+  annotations:
+    meta.helm.sh/release-name: {{ .Chart.Name }}
+    meta.helm.sh/release-namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/managed-by: Helm
 spec:
   chain:
     transparency.enabled: 'true'

installer/charts/tssc-pipelines/templates/service-account.yaml

@@ -0,0 +1,43 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-tekton-config
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  backoffLimit: 30
+  template:
+    spec:
+      serviceAccountName: {{ .Release.Name }}
+      restartPolicy: OnFailure
+      containers:
+        - name: patch-tekton-config
+          image: quay.io/openshift/origin-cli:latest
+          resources:
+            ephemeral-storage: 100Mi
+            limits:
+              memory: 128Mi
+            requests:
+              memory: 100Mi
+              cpu: 0.1
+          command:
+            - /bin/bash
+            - -c
+            - |
+              if [[ "{{ .Values.subscriptions.openshiftPipelines.managed }}" != "true" ]]; then
+                  echo "Skipping TektonConfig resource as pipeline subscription is not managed"
+                  echo "Success"
+                  exit 0
+              fi
+
+              if ! oc get tektonconfig config >/dev/null; then
+                echo "Waiting for the default TektonConfig to be instanciated"
+                sleep 10
+                exit 1
+              fi
+
+              echo "Patching the TektonConfig resource"
+              oc patch tektonconfig config --type=merge -p '{{ fromYaml (include "pipelines.TektonConfigPatch" .) | toJson }}'
+              echo "Success"

…nshift-pipelines/tektonconfig/patch._tpl …elines/templates/tektonconfig/patch._tplinstaller/charts/tssc-infrastructure/templates/openshift-pipelines/tektonconfig/patch._tpl renamed to installer/charts/tssc-pipelines/templates/tektonconfig/patch._tpl installer/charts/tssc-infrastructure/templates/openshift-pipelines/tektonconfig/patch._tpl renamed to installer/charts/tssc-pipelines/templates/tektonconfig/patch._tpl

@@ -1,30 +1,25 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: delete-tekton-config-sa
-  namespace: {{ .Release.Namespace }}
-  labels: {{- include "common.postDeployDeleteLabels" . | nindent 4 }}
----
+{{- define "pipelines.TektonConfigRbac" -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: delete-tekton-config-role
+  name: patch-tekton-config-role
   labels: {{- include "common.postDeployDeleteLabels" . | nindent 4 }}
 rules:
   - apiGroups: ["operator.tekton.dev"]
     resources: ["tektonconfigs"]
-    verbs: ["get", "delete"]
+    verbs: ["get", "patch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: delete-tekton-config-rolebinding
+  name: patch-tekton-config-rolebinding
   labels: {{- include "common.postDeployDeleteLabels" . | nindent 4 }}
 subjects:
   - kind: ServiceAccount
-    name: delete-tekton-config-sa
+    name: patch-tekton-config-sa
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
-  name: delete-tekton-config-role
+  name: patch-tekton-config-role
   apiGroup: rbac.authorization.k8s.io
+{{- end -}}

installer/charts/tssc-pipelines/templates/tektonconfig/patch_tekton_config.yaml

@@ -40,10 +40,6 @@ subscriptions:
     channel: pipelines-1.18
     source: redhat-operators
     sourceNamespace: openshift-marketplace
-    config:
-      env:
-        - name: AUTOINSTALL_COMPONENTS
-          value: "false"
   openshiftTrustedArtifactSigner:
     enabled: false
     description: Red Hat Trusted Artifact Signer Operator