add tekton-operator

soerenschneider · soerenschneider · commit 2a33afb7dce8 · 2024-11-16T15:48:20.000+01:00
diff --git a/infra/tekton-operator/config.yaml b/infra/tekton-operator/config.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: operator.tekton.dev/v1alpha1
+kind: TektonConfig
+metadata:
+  name: config
+spec:
+  targetNamespace: tekton-pipelines
+  profile: basic
+  config:
+    priorityClassName: system-cluster-critical
+  chain:
+    disabled: true
+  pipeline:
+    set-security-context: true
+    performance:
+      disable-ha: true
+    options:
+      disabled: false
+      deployments:
+        tekton-pipelines-controller:
+          spec:
+            template:
+              metadata:
+                annotations:
+                  prometheus.io/port: "9090"
+                  prometheus.io/scrape: "true"
+  pruner:
+    schedule: "0 8 * * *"
+    resources:
+      - taskrun
+      - pipelinerun
+    keep: 3
+    prune-per-resource: true
+  hub:
+    options:
+      disabled: true
+  dashboard:
+    readonly: true
+    options:
+      disabled: false
+      webhookConfigurationOptions: {}
+  platforms:
+    openshift:
+      pipelinesAsCode:
+        enable: false
diff --git a/infra/tekton-operator/kustomization.yaml b/infra/tekton-operator/kustomization.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: tekton-operator
+resources:
+  - https://storage.googleapis.com/tekton-releases/operator/previous/v0.73.1/release.yaml
+  - config.yaml
+patches:
+  - target:
+      kind: Deployment
+    patch: |-
+      - op: add
+        path: /spec/template/spec/containers/0/resources
+        value:
+          requests:
+            memory: 96M
+            cpu: 15m
+          limits:
+            memory: 192M
+      - op: add
+        path: /spec/template/spec/securityContext
+        value:
+          runAsUser: 32456
+          runAsGroup: 32456
+          fsGroup: 32456
+          runAsNonRoot: true
+          seccompProfile:
+            type: "RuntimeDefault"
+      - op: add
+        path: /spec/template/spec/containers/0/securityContext
+        value:
+          runAsUser: 32456
+          runAsGroup: 32456
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          privileged: false
+          runAsNonRoot: true
+          capabilities:
+            drop:
+              - "ALL"
+          seccompProfile:
+            type: "RuntimeDefault"
