feat(apps/prod/tekton): add tekton results instances

apps/prod/tekton/setup.yaml

@@ -19,7 +19,7 @@ spec:
           path: /metadata/annotations
           value:
             scheduler.alpha.kubernetes.io/defaultTolerations: '[{"operator": "Equal", "effect": "NoSchedule", "key": "dedicated", "value": "test-infra"}]'
-            scheduler.alpha.kubernetes.io/node-selector: enable-ci=true
+            scheduler.alpha.kubernetes.io/node-selector: enable-ci=true,kubernetes.io/arch=amd64
 
   prune: true
   healthChecks:
@@ -56,3 +56,19 @@ spec:
       name: tekton-dashboard
       namespace: tekton-pipelines
   timeout: 5m0s
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: tekton-results-setup
+  namespace: apps
+spec:
+  dependsOn:
+    - name: tekton-setup
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  path: ./apps/prod/tekton/setup/results
+  prune: true

apps/prod/tekton/setup/kustomization.yaml

@@ -6,5 +6,5 @@ resources:
   # - https://github.com/tektoncd/operator/releases/download/v0.60.1/release.yaml
   # we fixed the image tag to make it runable on arm64 nodes:
   #   gcr.io/tekton-releases/dogfooding/tkn
-  - operator-release.yaml 
+  - operator-release.yaml
   - operator-config.yaml

apps/prod/tekton/setup/results/db-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    secret-generator.v1.mittwald.de/autogenerate: POSTGRES_PASSWORD
+  name: tekton-results-postgres
+  namespace: tekton-pipelines
+type: Opaque
+data:
+  POSTGRES_USER: postgres
+  # POSTGRES_PASSWORD will be auto generated.

apps/prod/tekton/setup/results/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - db-secret.yaml
+  - tls-cert.yaml
+  - operator-tekton-result.yaml
+  # - progres-release.yaml # currently, the tekton result will create PG instance.

apps/prod/tekton/setup/results/operator-tekton-result.yaml

@@ -0,0 +1,8 @@
+apiVersion: operator.tekton.dev/v1alpha1
+kind: TektonResult
+metadata:
+  name: result
+spec:
+  targetNamespace: tekton-pipelines
+
+# TODO: currently it can not set the PVC storage class name.

apps/prod/tekton/setup/results/progres-release.yaml

@@ -0,0 +1,38 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: tekton-results-db
+  namespace: apps
+spec:
+  targetNamespace: tekton-pipelines
+  chart:
+    spec:
+      chart: postgresql
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+      version: "13.1.0"
+  interval: 10m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    crds: CreateReplace
+  test:
+    enable: true
+    ignoreFailures: false
+  values:
+    global:
+      storageClass: ceph-block
+    architecture: standalone # standalone or replication
+    auth: # custom prepares
+      username: tekton
+      database: tekton-results
+    primary:
+      persistence:
+        size: 8Gi
+    tls: # TLS traffic
+      enabled: true
+      autoGenerated: true

apps/prod/tekton/setup/results/tls-cert.yaml

@@ -0,0 +1,19 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: tekton-results
+  namespace: tekton-pipelines
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: tekton-results-cert
+  namespace: tekton-pipelines
+spec:
+  dnsNames:
+    - tekton-results-api-service.tekton-pipelines.svc.cluster.local
+  secretName: tekton-results-tls
+  issuerRef:
+    name: tekton-results-selfsigned

infrastructure/_base/sources/helm-repo-others.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: mittwald
+  namespace: flux-system
+spec:
+  interval: 24h
+  url: https://helm.mittwald.de
+

infrastructure/_base/sources/kustomization.yaml

@@ -6,3 +6,4 @@ resources:
   - helm-repo-ingress-nginx.yaml
   - helm-repo-nfs-server-provisioner.yaml
   - helm-repo-rook.yaml
+  - helm-repo-others.yaml

infrastructure/prod/kustomization.yaml

@@ -5,3 +5,4 @@ resources:
   - nginx
   - rook-ceph
   - nfs-pvc-provisioner
+  - secret-generator

infrastructure/prod/secret-generator/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - release.yaml

infrastructure/prod/secret-generator/namespace.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: secret-generator
+  annotations:
+    scheduler.alpha.kubernetes.io/defaultTolerations:
+      '[{"operator": "Equal", "effect": "NoSchedule", "key": "dedicated",
+      "value": "test-infra"}]'

infrastructure/prod/secret-generator/release.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: secret-generator
+  namespace: flux-system
+spec:
+  targetNamespace: secret-generator
+  releaseName: secret-generator
+  chart:
+    spec:
+      chart: kubernetes-secret-generator
+      sourceRef:
+        kind: HelmRepository
+        name: mittwald
+        namespace: flux-system
+      version: 3.4.0
+  interval: 1h0m0s
+  install:
+    remediation:
+      retries: 3
+  values:
+    logLevel: INFO
+    monitoring:
+      enabled: true
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi