fixup: split the tekton-operator chart into two

Author: davidumea

helmfile.d/charts/tekton/tekton-operator/.helmignore helmfile.d/charts/tekton/tekton-config/.helmignore

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: tekton-config
+description: A Helm chart to configure the Tekton Operator and its CRDs
+type: application
+version: 0.1.0
+appVersion: "v0.1.0"

helmfile.d/charts/tekton/tekton-config/Chart.yaml

@@ -0,0 +1,4 @@
+# Tekton Operator Helm Chart
+
+This Helm chart installs the [Tekton Operator](https://tekton.dev/docs/operator/) into your Kubernetes (v1.16+) or Openshift cluster (v4.3+).
+Once this chart is published it can be installed directly, until then [helm-git](https://github.com/aslafy-z/helm-git) can be used.

helmfile.d/charts/tekton/tekton-config/README.md

@@ -15,32 +15,44 @@ spec:
               containers:
                 - name: tekton-pipelines-controller
                   resources: {{- toYaml .Values.pipelines.controller.resources | nindent 20 }}
+                  securityContext: {{- toYaml .Values.securityContext | nindent 20 }}
       tekton-pipelines-remote-resolvers:
         spec:
           template:
             spec:
               containers:
                 - name: controller
                   resources: {{- toYaml .Values.pipelines.remoteResolvers.resources | nindent 20 }}
+                  securityContext: {{- toYaml .Values.securityContext | nindent 20 }}
       tekton-pipelines-webhook:
         spec:
           template:
             spec:
               containers:
                 - name: webhook
                   resources: {{- toYaml .Values.pipelines.webhook.resources | nindent 20 }}
-      # These below are not actually part of tekton-pipelines but there was no other way of configuring resource requests/limits for them through the operator chart.
+                  securityContext: {{- toYaml .Values.securityContext | nindent 20 }}
       tekton-events-controller:
         spec:
           template:
             spec:
               containers:
                 - name: tekton-events-controller
                   resources: {{- toYaml .Values.eventsController.resources | nindent 20 }}
+                  securityContext: {{- toYaml .Values.securityContext | nindent 20 }}
+      tekton-operator-webhook:
+        spec:
+          template:
+            spec:
+              containers:
+                - name: tekton-operator-webhook
+                  resources: {{- toYaml .Values.operator.webhook.resources | nindent 20 }}
+                  securityContext: {{- toYaml .Values.securityContext | nindent 20 }}
       tekton-operator-proxy-webhook:
         spec:
           template:
             spec:
               containers:
                 - name: proxy
-                  resources: {{- toYaml .Values.webhookProxy.resources | nindent 20 }}
+                  resources: {{- toYaml .Values.operator.webhookProxy.resources | nindent 20 }}
+                  securityContext: {{- toYaml .Values.securityContext | nindent 20 }}

helmfile.d/charts/tekton/tekton-operator/templates/tekton-pipeline-config.yaml helmfile.d/charts/tekton/tekton-config/templates/tektonpipeline.yaml

@@ -0,0 +1,66 @@
+operator:
+  webhook:
+    resources:
+      limits:
+        cpu: 20m
+        memory: 64Mi
+      requests:
+        cpu: 10m
+        memory: 32Mi
+
+  webhookProxy:
+    resources:
+      limits:
+        cpu: 20m
+        memory: 64Mi
+      requests:
+        cpu: 10m
+        memory: 32Mi
+
+pipelines:
+  controller:
+    resources:
+      limits:
+        cpu: 50m
+        memory: 128Mi
+      requests:
+        cpu: 25m
+        memory: 64Mi
+
+  remoteResolvers:
+    resources:
+      limits:
+        cpu: 20m
+        memory: 64Mi
+      requests:
+        cpu: 10m
+        memory: 32Mi
+
+  webhook:
+    resources:
+      limits:
+        cpu: 20m
+        memory: 128Mi
+      requests:
+        cpu: 10m
+        memory: 64Mi
+
+eventsController:
+  resources:
+    limits:
+      cpu: 20m
+      memory: 64Mi
+    requests:
+      cpu: 10m
+      memory: 32Mi
+
+securityContext:
+  capabilities:
+    drop:
+    - ALL
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+  allowPrivilegeEscalation: false
+  seccompProfile:
+    type: RuntimeDefault

helmfile.d/charts/tekton/tekton-config/values.yaml

@@ -31,8 +31,23 @@ templates:
     inherit:
       - template: tekton
     name: tekton-operator
-    chart: charts/tekton/tekton-operator
+    chart: upstream/tekton-operator
     installed: {{ .Values | get "tekton.enabled" false }}
     version: 0.68.0
     values:
       - values/tekton/tekton-sc.gotmpl
+
+  tekton-config:
+    labels:
+      app: tekton
+    condition: ck8sManagementCluster.enabled
+    namespace: tekton-pipelines
+    needs:
+      - kube-system/admin-namespaces
+      - tekton-pipelines/tekton-operator
+    name: tekton-config
+    chart: charts/tekton/tekton-config
+    installed: {{ .Values | get "tekton.enabled" false }}
+    version: 0.1.0
+    values:
+      - values/tekton/tekton-sc.gotmpl

helmfile.d/stacks/tekton.yaml

@@ -157,3 +157,4 @@ releases:
 
   - inherit: [ template: tekton-rbac ]
   - inherit: [ template: tekton-operator ]
+  - inherit: [ template: tekton-config ]

helmfile.d/state.yaml

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helmfile.d/upstream/tekton-operator/.helmignore

@@ -69,7 +69,6 @@ helm repo remove tektoncd
 **Important:** if you installed the CRDs with the Helm chart (by setting `installCRDs=true`), the CRDs will be removed as well: this means any remaining Tekton resources (e.g. Tekton Pipelines) in the cluster will be deleted!
 
 If you installed the CRDs manually, you can use the following command to remove them (*this will remove all Tekton resources from your cluster*):
-
 ```
 kubectl delete crd TektonConfig TektonPipeline TektonDashboard TektonInstallerSet TektonResults TektonTrigger TektonAddon --ignore-not-found
 ```

helmfile.d/charts/tekton/tekton-operator/Chart.yaml helmfile.d/upstream/tekton-operator/Chart.yaml

@@ -68,7 +68,7 @@ spec:
               value: {{ include "tekton-operator.fullname" . }}-observability
           args:
             - "-controllers"
-            - {{ .Values.controllers | quote }}
+            - {{ .Values.controllers | default "tektonconfig,tektonpipeline,tektontrigger,tektonhub,tektonchain,tektonresult,tektondashboard" | quote }}
             - "-unique-process-name"
             - "tekton-operator-lifecycle"
           image: {{ include "tekton-operator.operator-image" . }}

helmfile.d/charts/tekton/tekton-operator/README.md helmfile.d/upstream/tekton-operator/README.md

@@ -475,4 +475,4 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "tekton-operator.fullname" . }}
     namespace: {{ .Release.Namespace }}
-{{- end -}}
+{{- end -}}