fixup: configured resources for all deployments

Author: davidumea

config/config/sc-config.yaml

@@ -1243,17 +1243,75 @@ networkPolicies:
 
 # Tekton Configuration
 tekton:
-  components:
-    pipelines:
-      enabled: false
-    dashboard:
-      enabled: false
-    triggers:
-      enabled: false
-    chains:
-      enabled: false
+  enabled: false
+
+  operator:
+    resources:
+      limits:
+        cpu: 50m
+        memory: 128Mi
+      requests:
+        cpu: 25m
+        memory: 64Mi
+
+    webhook:
+      resources:
+        limits:
+          cpu: 20m
+          memory: 64Mi
+        requests:
+          cpu: 10m
+          memory: 32Mi
+
+    webhookProxy:
+      resources:
+        limits:
+          cpu: 20m
+          memory: 64Mi
+        requests:
+          cpu: 10m
+          memory: 32Mi
+
+  pipelines:
+    controller:
+      resources:
+        limits:
+          cpu: 50m
+          memory: 128Mi
+        requests:
+          cpu: 25m
+          memory: 64Mi
+
+    remoteResolvers:
+      resources:
+        limits:
+          cpu: 20m
+          memory: 64Mi
+        requests:
+          cpu: 10m
+          memory: 32Mi
+
+    webhook:
+      resources:
+        limits:
+          cpu: 20m
+          memory: 128Mi
+        requests:
+          cpu: 10m
+          memory: 64Mi
+
+  eventsController:
+    resources:
+      limits:
+        cpu: 20m
+        memory: 64Mi
+      requests:
+        cpu: 10m
+        memory: 32Mi
+
   serviceAccount:
     name: tekton-service
-    clusterAdmin: false
+    clusterAdmin: true
+
   imagePullSecrets:
     - name: pull-secret

config/config/wc-config.yaml

@@ -316,5 +316,5 @@ gatekeeper:
 tekton:
   serviceAccount:
     name: tekton-workload
-    clusterAdmin: false
+    clusterAdmin: true
   imagePullSecrets: []

helmfile.d/charts/tekton/tekton-operator/templates/deployment.yaml

@@ -24,10 +24,6 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      # {{- with .Values.podSecurityContext }}
-      # securityContext:
-      #   {{- toYaml . | nindent 8 }}
-      # {{- end }}
       containers:
         - env:
             - name: SYSTEM_NAMESPACE

helmfile.d/charts/tekton/tekton-operator/templates/tekton-pipeline-config.yaml

@@ -14,10 +14,33 @@ spec:
             spec:
               containers:
                 - name: tekton-pipelines-controller
-                  resources:
-                    requests:
-                      cpu: 100m
-                      memory: 100Mi
-                    limits:
-                      cpu: 120m
-                      memory: 102Mi # TODO: make this configurable through apps config
+                  resources: {{- toYaml .Values.pipelines.controller.resources | nindent 20 }}
+      tekton-pipelines-remote-resolvers:
+        spec:
+          template:
+            spec:
+              containers:
+                - name: controller
+                  resources: {{- toYaml .Values.pipelines.remoteResolvers.resources | nindent 20 }}
+      tekton-pipelines-webhook:
+        spec:
+          template:
+            spec:
+              containers:
+                - name: webhook
+                  resources: {{- toYaml .Values.pipelines.webhook.resources | nindent 20 }}
+      # These below are not actually part of tekton-pipelines but there was no other way of configuring resource requests/limits for them through the operator chart.
+      tekton-events-controller:
+        spec:
+          template:
+            spec:
+              containers:
+                - name: tekton-events-controller
+                  resources: {{- toYaml .Values.eventsController.resources | nindent 20 }}
+      tekton-operator-proxy-webhook:
+        spec:
+          template:
+            spec:
+              containers:
+                - name: proxy
+                  resources: {{- toYaml .Values.webhookProxy.resources | nindent 20 }}

helmfile.d/stacks/tekton.yaml

@@ -32,7 +32,7 @@ templates:
       - template: tekton
     name: tekton-operator
     chart: charts/tekton/tekton-operator
-    installed: {{ and (.Values | get "tekton.enabled" false) (.Values | get "tekton.components.pipelines.enabled" false) }}
-    version: 0.1.0
+    installed: {{ .Values | get "tekton.enabled" false }}
+    version: 0.68.0
     values:
       - values/tekton/tekton-sc.gotmpl

helmfile.d/values/tekton/tekton-sc.gotmpl

@@ -1,7 +1,4 @@
 {{- with .Values.tekton.imagePullSecrets }}
-## If container images are hosted in a private registry, set pull secrets.
-## Secrets must be manually created in the namespace.
-## see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
 imagePullSecrets: []
 {{- end  }}
 
@@ -10,75 +7,34 @@ serviceAccount:
   clusterAdmin: {{ .Values.tekton.serviceAccount.clusterAdmin }}
   imagePullSecrets: {{- toYaml .Values.tekton.imagePullSecrets | nindent 4 }}
 
-## Override the full name of this Helm release
-nameOverride: ""
-
-openshift:
-  enabled: false
-
 installCRDs: true
 
 rbac:
   create: false
-  # Annotations to add to the RBAC resources
-  annotations: {}
-  serviceAccount:
-    # The name of the service account to use.
-    # If not set and create is true, a name is generated using the fullname template
-    name: ""
 
 # Available controllers: "tektonconfig,tektonpipeline,tektontrigger,tektonhub,tektonchain,tektonresult,tektondashboard"
 controllers: "tektonpipeline"
 
-## Configuration for the tekton-operator pod
 operator:
-  # Internal name of the operator. Default value depends on the flavor (k8s/openshift).
-  operatorName: ""
-  image:
-    # Container image for Tekton operator. Default value depends on the flavor (k8s/openshift).
-    repository: ""
-    pullPolicy: IfNotPresent
-    # Overrides the image tag whose default is the chart appVersion.
-    tag: ""
   autoInstallComponents: true
-  # The namespace in which Tekton components should be deployed
-  # Defaults to "tekton-pipelines" for Kubernetes and to "openshift-pipelines" for Openshift flavor.
-  defaultTargetNamespace: ""
-  # Log level of the operator
-  logLevel: info
-  # Resource requests and limits for the operator pod
-  # see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-  resources: {}
-  deployment:
-    # Custom labels for the Deployment resource.
-    customLabels: ""
-    # Custom labels for the Deployment Pod Template.
-    podTemplateCustomLabels: ""
+  resources: {{- toYaml .Values.tekton.operator.resources | nindent 4 }}
 
-## Configuration for the tekton-operator-webhook pod
 webhook:
-  hostNetwork: false
-  dnsPolicy: ""
-  httpsWebhookPort: 8443
-  image:
-    # Container image for Tekton operator webhook. Default value depends on the flavor (k8s/openshift).
-    repository: ""
-    pullPolicy: IfNotPresent
-    # Overrides the image tag whose default is the chart appVersion.
-    tag: ""
-  certSecret:
-    name: ""
-    useExistingSecret: ""
-  # Log level of the webhook
-  logLevel: info
-  # Resource requests and limits for the operator pod
-  # see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-  resources: {}
+  resources: {{- toYaml .Values.tekton.operator.webhook.resources | nindent 4 }}
 
 webhookProxy:
-  image:
-    repository: ""
-    tag: ""
+  resources: {{- toYaml .Values.tekton.operator.webhookProxy.resources | nindent 4 }}
+
+pipelines:
+  controller:
+    resources: {{- toYaml .Values.tekton.pipelines.controller.resources | nindent 6 }}
+  remoteResolvers:
+    resources: {{- toYaml .Values.tekton.pipelines.remoteResolvers.resources | nindent 6 }}
+  webhook:
+    resources: {{- toYaml .Values.tekton.pipelines.webhook.resources | nindent 6 }}
+
+eventsController:
+  resources: {{- toYaml .Values.tekton.eventsController.resources | nindent 6 }}
 
 service:
   # Enable auto-discovery by Prometheus, requires the ServiceMonitor.monitoring.coreos.com CR