Add TektonResult to TektonConfig doc

pratap0007 · pratap0007 · commit 03bd2eb4a1e8 · 2025-02-10T18:21:37.000+05:30
This will add the instructions in TektonConfig doc how to install and manage
Results component through Tekton Config TektonConfig doc and updates TektonResult doc

Signed-off-by: Shiv Verma
diff --git a/docs/TektonConfig.md b/docs/TektonConfig.md
@@ -18,6 +18,7 @@ Operator provides support for installing and managing following operator compone
 Other than the above components depending on the platform operator also provides support for
 - On both Kubernetes and OpenShift
     - [TektonChain](./TektonChain.md)
+    - [TektonResult](./TektonResult.md)
 - On Kubernetes
     - [TektonDashboard](./TektonDashboard.md)
 - On OpenShift
@@ -113,6 +114,10 @@ The TektonConfig CR provides the following features
         configMaps: {}
         deployments: {}
         webhookConfigurationOptions: {}
+    result:
+      disabled: false
+      is_external_db: false
+      options: {}
     platforms:
       openshift:
         pipelinesAsCode:
@@ -165,8 +170,8 @@ By default, namespace would be `tekton-pipelines` for Kubernetes and `openshift-
 
 This allows user to choose which all components to install on the cluster.
 There are 3 profiles available:
-- `all`: This profile will install all components (TektonPipeline, TektonTrigger and TektonChain)
-- `basic`:  This profile will install only TektonPipeline, TektonTrigger and TektonChain component
+- `all`: This profile will install all components (TektonPipeline, TektonTrigger,TektonResult and TektonChain)
+- `basic`:  This profile will install only TektonPipeline, TektonTrigger, TektonResult and TektonChain component
 - `lite`: This profile will install only TektonPipeline component
 
 On Kubernetes, `all` profile will install `TektonDashboard` and on OpenShift `TektonAddon` will be installed.
@@ -284,6 +289,52 @@ chain:
   transparency.url: #value
 ```
 
+### Result
+
+Result section allows user to customize the Tekton Result component, Refer to [Result Spec](https://github.com/tektoncd/operator/blob/main/docs/TektonResult.md#spec) section in TektonResult for available options.
+
+Default Result configuration in TektonConfig looks like following if user doesn't specified any configuration options
+
+Example:
+
+```yaml
+result:
+  disabled: false
+  is_external_db: false
+  options: {}
+```
+
+User can customize Result configuration with following options
+
+Example:
+
+```yaml
+result:
+  disabled: false                  # - `disabled` : if the value set as `true`, result component will be disabled (default: `false`)
+  targetNamespace: tekton-pipelines
+  is_external_db: false # By default, this is set to false, TektonOperator will create Tekton Results database. If set to true, an external database will be used, and Tekton Results will retrieve its database credentials from the Kubernetes secret named tekton-results-postgres
+  db_host: localhost
+  db_port: 5342
+  db_sslmode: verify-full
+  db_sslrootcert: /etc/tls/db/ca.crt
+  db_enable_auto_migration: true
+  log_level: debug
+  logs_api: true
+  logs_type: File
+  logs_buffer_size: 90kb
+  logs_path: /logs
+  auth_disable: true
+  logging_pvc_name: tekton-logs
+  secret_name: # optional
+  gcs_creds_secret_name: <value>
+  gcc_creds_secret_key: <value>
+  gcs_bucket_name: <value>
+  loki_stack_name: #optional
+  loki_stack_namespace: #optional
+  prometheus_port: 9090
+  prometheus_histogram: false
+```
+
 ### Pruner
 Pruner provides auto clean up feature for the Tekton `pipelinerun` and `taskrun` resources. In the background pruner container runs `tkn` command.
 
diff --git a/docs/TektonResult.md b/docs/TektonResult.md
@@ -1,58 +1,22 @@
-<!--
----
+## <!--
+
 linkTitle: "TektonResult"
 weight: 5
+
 ---
+
 -->
+
 # Tekton Result
 
 TektonResult custom resource allows user to install and manage [Tekton Result][result].
 
-TektonResult is an optional component and currently cannot be installed through TektonConfig. It has to be installed seperately.
-
-To install Tekton Result on your cluster follow steps as given below:
-- Make sure Tekton Pipelines is installed on your cluster, using the Operator.
-- Generate a database root password.
-  A database root password must be generated and stored in a [Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/)
-  before installing results. By default, Tekton Results expects this secret to have
-  the following properties:
-
-    - namespace: `tekton-pipelines`
-    - name: `tekton-results-postgres`
-    - contains the fields:
-        - `user=<user name>`
-        - `password=<your password>`
-
-  If you are not using a particular password management strategy, the following
-  command will generate a random password for you:
-  Update namespace value in the command if Tekton Pipelines is installed in a different namespace..
-
-   ```sh
-   export NAMESPACE="tekton-pipelines"
-   kubectl create secret generic tekton-results-postgres --namespace=${NAMESPACE} --from-literal=POSTGRES_USER=result --from-literal=POSTGRES_PASSWORD=$(openssl rand -base64 20)
-   ```
-- Generate cert/key pair.
-  Note: Feel free to use any cert management software to do this!
-
-  Tekton Results expects the cert/key pair to be stored in a [TLS Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets).
-  Update the namespace value in below export command if Tekton Pipelines is installed in a different namespace.
-   ```sh
-   export NAMESPACE="tekton-pipelines"
-   # Generate new self-signed cert.
-   openssl req -x509 \
-   -newkey rsa:4096 \
-   -keyout key.pem \
-   -out cert.pem \
-   -days 365 \
-   -nodes \
-   -subj "/CN=tekton-results-api-service.${NAMESPACE}.svc.cluster.local" \
-   -addext "subjectAltName = DNS:tekton-results-api-service.${NAMESPACE}.svc.cluster.local"
-   # Create new TLS Secret from cert.
-   kubectl create secret tls -n ${NAMESPACE} tekton-results-tls \
-   --cert=cert.pem \
-   --key=key.pem
-   ```
-- Create PVC if using PVC for logging
+TektonResult is installed through [TektonConfig](./TektonConfig.md) by default.
+
+**Note** : TektonOperator creates a secret for default database root password and a tls secret for TektonResult, the TektonResult doesn't rotate the tls certificate.
+
+- Create PVC if using PVC for logging (Optional)
+
 ```!bash
 cat <<EOF > pvc.yaml
 apiVersion: v1
@@ -71,17 +35,15 @@ EOF
 kubectl apply -f pvc.yaml
 ```
 
-- Once the secrets are created create a TektonResult CR (Check ##Properties) as below.
-  ```sh
-  kubectl apply -f config/crs/kubernetes/result/operator_v1alpha1_result_cr.yaml
-  ```
 - Check the status of installation using following command
   ```sh
   kubectl get tektonresults.operator.tekton.dev
   ```
 
 ## Spec
+
 The TektonResult CR is like below:
+
 ```yaml
 apiVersion: operator.tekton.dev/v1alpha1
 kind: TektonResult
@@ -114,22 +76,23 @@ spec:
 
 These properties are analogous to the one in configmap of tekton results api `tekton-results-api-config` documented at [api.md]:https://github.com/tektoncd/results/blob/4472848a0fb7c1473cfca8b647553170efac78a1/cmd/api/README.md
 
-
-[result]:https://github.com/tektoncd/results
-
+[result]: https://github.com/tektoncd/results
 
 ### Property "secret_name":
+
 `secret_name` - name of your custom secret or leave it as empty. It an optional property. The secret should be created by the user on the `targetNamespace`. The secret can contain `S3_` prefixed keys from the [result API properties](https://github.com/tektoncd/results/blob/fded140081468e418aeb860d16aca3306c675d8b/cmd/api/README.md). Please note: the key of the secret should be in UPPER_CASE and values should be in `string` format.
 The following keys are supported by this secret.
-* `S3_BUCKET_NAME`
-* `S3_ENDPOINT`
-* `S3_HOSTNAME_IMMUTABLE`
-* `S3_REGION`
-* `S3_ACCESS_KEY_ID`
-* `S3_SECRET_ACCESS_KEY`
-* `S3_MULTI_PART_SIZE`
+
+- `S3_BUCKET_NAME`
+- `S3_ENDPOINT`
+- `S3_HOSTNAME_IMMUTABLE`
+- `S3_REGION`
+- `S3_ACCESS_KEY_ID`
+- `S3_SECRET_ACCESS_KEY`
+- `S3_MULTI_PART_SIZE`
 
 #### Sample Secret File
+
 ```yaml
 apiVersion: v1
 kind: Secret
@@ -147,9 +110,10 @@ stringData:
   S3_MULTI_PART_SIZE: "5242880"
 ```
 
-
 ### GCS specific Property
+
 The follow keys are needed for enabling GCS storage of logs:
+
 ```yaml
 apiVersion: operator.tekton.dev/v1alpha1
 kind: TektonResult
@@ -185,15 +149,18 @@ If you want to move from internal DB to external DB, please take backup of the D
 delete previous TektonResult CR. and recreate the fresh one with following instructions:
 
 - Generate a secret with user name and password for Postgres (subsitute ${password} with your password):
+
 ```sh
    export NAMESPACE="tekton-pipelines" # Put the targetNamespace of TektonResult where it is going to be installed.
    kubectl create secret generic tekton-results-postgres --namespace=${NAMESPACE} --from-literal=POSTGRES_USER=result --from-literal=POSTGRES_PASSWORD=${password}
 ```
 
 - Create a TektonResult CR like below:
+
 * Add `db_host` with DB url without port.
 * Add `db_port` with your DB port.
 * Set `is_external_db` to true.
+
 ```yaml
 apiVersion: operator.tekton.dev/v1alpha1
 kind: TektonResult
@@ -205,14 +172,12 @@ spec:
   db_user: result
   db_host: tekton-results-postgres-external-service.pg-redhat.svc.cluster.local
   is_external_db: true
-...
 ```
 
 ### Securing the DB connection
 
 To secure the DB connection using self-segned certificate or using certificate signed by 3rd party CA (e.g AWS RDS), one can provide path to the DB SSL root certificate, mounted and available on the Results API pod. The configuration will look like:
 
-
 ```yaml
 apiVersion: operator.tekton.dev/v1alpha1
 kind: TektonResult
@@ -238,10 +203,11 @@ and bad for performance. It's better to use forwarders like Vector, Promtail, Fl
 
 #### Loki
 
-You can either use Grafana's [Helm Repo](https://grafana.com/docs/loki/latest/setup/install/helm/) or operator from [OperatorHub](https://operatorhub.io/operator/loki-operator) to install Loki. 
+You can either use Grafana's [Helm Repo](https://grafana.com/docs/loki/latest/setup/install/helm/) or operator from [OperatorHub](https://operatorhub.io/operator/loki-operator) to install Loki.
 Installing via operator simplies certain operations for Tekton Operator. You just need to configure `lokistack_name` and `lokistack_namespace`.
 
 In case of helm installation, you will need to configure options field to configure Results API configMap `tekton-results-api-config`:
+
 ```yaml
 LOGS_API
 LOGGING_PLUGIN_PROXY_PATH
@@ -260,6 +226,7 @@ Please consult the docs [here](https://github.com/tektoncd/results/blob/main/doc
 These fields allow you to configure how Tekton Results interacts with your Loki backend.
 
 You might need to configure following environment variable to Tekton Results API deployment if you are using some custom CA to generate TLS certificate:
+
 ```yaml
 LOGGING_PLUGIN_CA_CERT
 ```
@@ -270,14 +237,12 @@ LOGGING_PLUGIN_CA_CERT
 
 You need to configure forwarder systems to add labels for namespace, pass TaskRun UID/PipelineRun UID in pods and a common label <key:value> alongwith logs from nodes.
 
-A sample configuration for vector: [values.yaml](https://github.com/tektoncd/results/blob/main/test/e2e/loki_vector/vector.yaml). 
+A sample configuration for vector: [values.yaml](https://github.com/tektoncd/results/blob/main/test/e2e/loki_vector/vector.yaml).
 
 ### OpenShift (LokiStack + OpenShift Logging)
 
-
 To configure LokiStack with TektonResult, you can use the `lokistack_name` and `lokistack_namespace` properties in the TektonResult custom resource. Here's how to do it:
 
-
 1. First, ensure that you have LokiStack installed in your cluster.
 
 2. Then, create or update your TektonResult CR with the following properties:
@@ -293,16 +258,17 @@ spec:
   lokistack_name: your-lokistack-name
   lokistack_namespace: your-lokistack-namespace
 ```
+
 Replace your-lokistack-name with the name of your LokiStack instance and your-lokistack-namespace with the namespace where LokiStack is installed.
 
 By setting these properties, Operator will configure Tekton Result to use the specified LokiStack instance for log retrieval.
 
-
 #### OpenShift Logging
 
 Install the openshift logging operator by following this: [Deploying Cluster Logging](https://docs.openshift.com/container-platform/4.16/observability/logging/cluster-logging-deploying.html#logging-loki-gui-install_cluster-logging-deploying)
 
 If you are installing OpenShift Logging Operator only for TaskRun Logs, then you also need to configure a ClusterLogForwarder:
+
 ```yaml
 apiVersion: "logging.openshift.io/v1"
 kind: ClusterLogForwarder
@@ -311,15 +277,15 @@ metadata:
   namespace: openshift-logging
 spec:
   inputs:
-  - name: only-tekton
-    application:
-      selector:
-        matchLabels:
-          app.kubernetes.io/managed-by: tekton-pipelines
+    - name: only-tekton
+      application:
+        selector:
+          matchLabels:
+            app.kubernetes.io/managed-by: tekton-pipelines
   pipelines:
     - name: enable-default-log-store
-      inputRefs: [ only-tekton ]
-      outputRefs: [ default ]
+      inputRefs: [only-tekton]
+      outputRefs: [default]
 ```
 
 ### Debugging
