Skip to content

Add TektonResult to TektonConfig doc #2400

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tekton-robot merged 1 commit into from
Mar 14, 2025
Merged

Add TektonResult to TektonConfig doc #2400

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 53 additions & 2 deletions docs/TektonConfig.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ Operator provides support for installing and managing following operator compone
Other than the above components depending on the platform operator also provides support for
- On both Kubernetes and OpenShift
- [TektonChain](./TektonChain.md)
- [TektonResult](./TektonResult.md)
- On Kubernetes
- [TektonDashboard](./TektonDashboard.md)
- On OpenShift
Expand Down Expand Up @@ -113,6 +114,10 @@ The TektonConfig CR provides the following features
configMaps: {}
deployments: {}
webhookConfigurationOptions: {}
result:
disabled: false
is_external_db: false
options: {}
Copy link
Member

@jkandasa jkandasa Nov 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pratap0007 still the results is not part for TektonConfig CRD

platforms:
openshift:
pipelinesAsCode:
Expand Down Expand Up @@ -165,8 +170,8 @@ By default, namespace would be `tekton-pipelines` for Kubernetes and `openshift-

This allows user to choose which all components to install on the cluster.
There are 3 profiles available:
- `all`: This profile will install all components (TektonPipeline, TektonTrigger and TektonChain)
- `basic`: This profile will install only TektonPipeline, TektonTrigger and TektonChain component
- `all`: This profile will install all components (TektonPipeline, TektonTrigger, TektonResult and TektonChain)
- `basic`: This profile will install only TektonPipeline, TektonTrigger, TektonResult and TektonChain component
- `lite`: This profile will install only TektonPipeline component

On Kubernetes, `all` profile will install `TektonDashboard` and on OpenShift `TektonAddon` will be installed.
Expand Down Expand Up @@ -284,6 +289,52 @@ chain:
transparency.url: #value
```

### Result

Result section allows user to customize the Tekton Result component, Refer to [Result Spec](https://github.com/tektoncd/operator/blob/main/docs/TektonResult.md#spec) section in TektonResult for available options.

Default Result configuration in TektonConfig looks like following if user doesn't specified any configuration options

Example:

```yaml
result:
disabled: false
is_external_db: false
options: {}
```

User can customize Result configuration with following options

Example:

Copy link
Contributor

@khrm khrm Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we mention what's the default when no values are specified?

Copy link
Member

@jkhelil jkhelil Jan 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pratap0007 ^^^

Copy link
Contributor Author

@pratap0007 pratap0007 Feb 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@khrm updated and please review once again

```yaml
result:
disabled: false # - `disabled` : if the value set as `true`, result component will be disabled (default: `false`)
targetNamespace: tekton-pipelines
is_external_db: false # By default, this is set to false, TektonOperator will create Tekton Results database. If set to true, an external database will be used, and Tekton Results will retrieve its database credentials from the Kubernetes secret named tekton-results-postgres
db_host: localhost
db_port: 5342
db_sslmode: verify-full
db_sslrootcert: /etc/tls/db/ca.crt
db_enable_auto_migration: true
log_level: debug
logs_api: true
logs_type: File
logs_buffer_size: 90kb
logs_path: /logs
auth_disable: true
logging_pvc_name: tekton-logs
secret_name: # optional
gcs_creds_secret_name: <value>
gcc_creds_secret_key: <value>
gcs_bucket_name: <value>
loki_stack_name: #optional
loki_stack_namespace: #optional
prometheus_port: 9090
prometheus_histogram: false
```

### Pruner
Pruner provides auto clean up feature for the Tekton `pipelinerun` and `taskrun` resources. In the background pruner container runs `tkn` command.

Expand Down
55 changes: 6 additions & 49 deletions docs/TektonResult.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,51 +8,12 @@ weight: 5

TektonResult custom resource allows user to install and manage [Tekton Result][result].

TektonResult is an optional component and currently cannot be installed through TektonConfig. It has to be installed seperately.

To install Tekton Result on your cluster follow steps as given below:
- Make sure Tekton Pipelines is installed on your cluster, using the Operator.
- Generate a database root password.
A database root password must be generated and stored in a [Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/)
before installing results. By default, Tekton Results expects this secret to have
the following properties:

- namespace: `tekton-pipelines`
- name: `tekton-results-postgres`
- contains the fields:
- `user=<user name>`
- `password=<your password>`

If you are not using a particular password management strategy, the following
command will generate a random password for you:
Update namespace value in the command if Tekton Pipelines is installed in a different namespace..

```sh
export NAMESPACE="tekton-pipelines"
kubectl create secret generic tekton-results-postgres --namespace=${NAMESPACE} --from-literal=POSTGRES_USER=result --from-literal=POSTGRES_PASSWORD=$(openssl rand -base64 20)
```
- Generate cert/key pair.
Note: Feel free to use any cert management software to do this!

Tekton Results expects the cert/key pair to be stored in a [TLS Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets).
Update the namespace value in below export command if Tekton Pipelines is installed in a different namespace.
```sh
export NAMESPACE="tekton-pipelines"
# Generate new self-signed cert.
openssl req -x509 \
-newkey rsa:4096 \
-keyout key.pem \
-out cert.pem \
-days 365 \
-nodes \
-subj "/CN=tekton-results-api-service.${NAMESPACE}.svc.cluster.local" \
-addext "subjectAltName = DNS:tekton-results-api-service.${NAMESPACE}.svc.cluster.local"
# Create new TLS Secret from cert.
kubectl create secret tls -n ${NAMESPACE} tekton-results-tls \
--cert=cert.pem \
--key=key.pem
```
- Create PVC if using PVC for logging
TektonResult is installed through [TektonConfig](./TektonConfig.md) by default.

**Note** : TektonOperator creates a secret for default database root password and a tls secret for TektonResult, the TektonResult doesn't rotate the tls certificate.

- Create PVC if using PVC for logging (Optional)

```!bash
cat <<EOF > pvc.yaml
apiVersion: v1
Expand All @@ -71,10 +32,6 @@ EOF
kubectl apply -f pvc.yaml
```

- Once the secrets are created create a TektonResult CR (Check ##Properties) as below.
```sh
kubectl apply -f config/crs/kubernetes/result/operator_v1alpha1_result_cr.yaml
```
- Check the status of installation using following command
```sh
kubectl get tektonresults.operator.tekton.dev
Expand Down
Loading