openshift-pipelines · sayan-biswas · Apr 28, 2023
diff --git a/developer/openshift/dev_setup.sh b/developer/openshift/dev_setup.sh
@@ -234,7 +234,7 @@ install_pipeline_service() {
   TEKTON_RESULTS_DATABASE_PASSWORD="$(yq '.tekton_results_db.password' "$CONFIG")"
   export TEKTON_RESULTS_DATABASE_USER
   export TEKTON_RESULTS_DATABASE_PASSWORD
-  TEKTON_RESULTS_S3_USER="$(yq '.tekton_results_s3.user // "minio"' "$CONFIG")"
+  TEKTON_RESULTS_S3_USER="$(yq '.tekton_results_s3.user // "tekton"' "$CONFIG")"
   TEKTON_RESULTS_S3_PASSWORD="$(yq ".tekton_results_s3.password // \"$(openssl rand -base64 20)\"" "$CONFIG")"
   export TEKTON_RESULTS_S3_USER
   export TEKTON_RESULTS_S3_PASSWORD
@@ -251,17 +251,14 @@ install_pipeline_service() {
   for app in "pipeline-service" "pipeline-service-storage" "pipeline-service-o11y"; do
     cat << EOF >"$manifest_dir/patch-$app.yaml"
 ---
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: $app
-  namespace: openshift-gitops
-spec:
-  source:
-    repoURL: $GIT_URL
-    targetRevision: $GIT_REF
+- op: replace
+  path: "/spec/sources/0/repoURL"
+  value: $GIT_URL
+- op: replace
+  path: "/spec/sources/0/targetRevision"
+  value: $GIT_REF
 EOF
-    yq -i ".patches += [{\"path\": \"patch-$app.yaml\"}]" "$manifest_dir/kustomization.yaml"
+    yq -i ".patches += [{\"path\": \"patch-$app.yaml\", \"target\": {\"kind\": \"Application\", \"namespace\": \"openshift-gitops\", \"name\": \"$app\" }}]" "$manifest_dir/kustomization.yaml"
   done
 
   #############################################################################

diff --git a/developer/openshift/gitops/argocd/kustomization.yaml b/developer/openshift/gitops/argocd/kustomization.yaml
@@ -4,5 +4,5 @@ kind: Kustomization
 
 resources:
   - pipeline-service.yaml
-  - pipeline-service-storage.yaml
   - pipeline-service-o11y.yaml
+  - pipeline-service-storage
diff --git a/developer/openshift/gitops/argocd/pipeline-service-o11y.yaml b/developer/openshift/gitops/argocd/pipeline-service-o11y.yaml
@@ -10,10 +10,10 @@ spec:
   destination:
     namespace: openshift-gitops
     server: https://kubernetes.default.svc
-  source:
-    path: developer/openshift/gitops/argocd/pipeline-service-o11y
-    repoURL: https://github.com/openshift-pipelines/pipeline-service.git
-    targetRevision: main
+  sources:
+    - path: developer/openshift/gitops/argocd/pipeline-service-o11y
+      repoURL: https://github.com/openshift-pipelines/pipeline-service.git
+      targetRevision: main
   project: default
   syncPolicy:
     # Comment this out if you want to manually trigger deployments (using the

diff --git a/developer/openshift/gitops/argocd/pipeline-service-storage/kustomization.yaml b/developer/openshift/gitops/argocd/pipeline-service-storage/kustomization.yaml
@@ -3,5 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-  - postgres.yaml
-  - minio
+  - pipeline-service-storage.yaml
diff --git a/developer/openshift/gitops/argocd/pipeline-service-storage/minio/tenant/tenant.yaml b/developer/openshift/gitops/argocd/pipeline-service-storage/minio/tenant/tenant.yaml
@@ -2,7 +2,7 @@
 apiVersion: minio.min.io/v2
 kind: Tenant
 metadata:
-  name: storage
+  name: minio
   namespace: tekton-results
   labels:
     app: minio
@@ -13,60 +13,35 @@ metadata:
     argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
     argocd.argoproj.io/sync-wave: "0"
 spec:
+  image: quay.io/minio/minio:latest
+  requestAutoCert: false
+  podManagementPolicy: Parallel
+  configuration:
+    name: minio-configuration
   exposeServices:
     minio: true
   features:
     bucketDNS: false
-    domains: {}
-  # This desired part doesn't work. Issues:
-  # https://github.com/minio/operator/issues/1345
-  # https://github.com/minio/operator/issues/1346
-  # users:
-  #   - name: storage-user
-  # buckets:
-  #   - name: "tekton-results"
-  #     region: "us-east-1"
-  #     objectLock: true
-  certConfig: {}
-  podManagementPolicy: Parallel
-  configuration:
-    name: minio-storage-configuration
-  env: []
-  serviceMetadata:
-    minioServiceLabels: {}
-    minioServiceAnnotations: {}
-    consoleServiceLabels: {}
-    consoleServiceAnnotations: {}
-  priorityClassName: ""
-  externalCaCertSecret: []
-  externalCertSecret: []
-  externalClientCertSecrets: []
-  image: quay.io/minio/minio:RELEASE.2022-09-17T00-09-45Z
-  imagePullSecret: {}
-  mountPath: /export
-  subPath: ""
+  users:
+    - name: minio-user
+  buckets:
+    - name: tekton-results
+      region: not-applicable
+      objectLock: true
   pools:
     - servers: 1
       name: pool-0
       volumesPerServer: 2
-      nodeSelector: {}
-      tolerations: []
-      affinity:
-        nodeAffinity: {}
-        podAffinity: {}
-        podAntiAffinity: {}
-      resources: {}
       volumeClaimTemplate:
         apiVersion: v1
         kind: persistentvolumeclaims
-        metadata: {}
         spec:
           accessModes:
             - ReadWriteOnce
           resources:
             requests:
               storage: 1Gi
-        status: {}
-      securityContext: {}
-      containerSecurityContext: {}
-  requestAutoCert: true
+      securityContext:
+        runAsNonRoot: true
+      containerSecurityContext:
+        runAsNonRoot: true
diff --git a/...tops/argocd/pipeline-service-storage.yaml → ...ice-storage/pipeline-service-storage.yaml b/...tops/argocd/pipeline-service-storage.yaml → ...ice-storage/pipeline-service-storage.yaml
@@ -8,12 +8,20 @@ metadata:
     argocd.argoproj.io/sync-wave: "0"
 spec:
   destination:
-    namespace: openshift-gitops
+    namespace: tekton-results
     server: https://kubernetes.default.svc
-  source:
-    path: developer/openshift/gitops/argocd/pipeline-service-storage
-    repoURL: https://github.com/openshift-pipelines/pipeline-service.git
-    targetRevision: main
+  sources:
+    - repoURL: https://github.com/openshift-pipelines/pipeline-service.git
+      path: developer/openshift/gitops/argocd/pipeline-service-storage/minio
+      targetRevision: main
+      ref: values
+    - repoURL: https://charts.bitnami.com/bitnami
+      chart: postgresql
+      targetRevision: 12.2.7
+      helm:
+        releaseName: postgres
+        valueFiles:
+          - $values/developer/openshift/gitops/argocd/pipeline-service-storage/postgres/values.yaml
   project: default
   syncPolicy:
     # Comment this out if you want to manually trigger deployments (using the

diff --git a/developer/openshift/gitops/argocd/pipeline-service-storage/postgres.yaml b/developer/openshift/gitops/argocd/pipeline-service-storage/postgres.yaml
diff --git a/developer/openshift/gitops/argocd/pipeline-service-storage/postgres/values.yaml b/developer/openshift/gitops/argocd/pipeline-service-storage/postgres/values.yaml
@@ -0,0 +1,38 @@
+---
+image:
+  tag: 13.10.0
+
+tls:
+  enabled: true
+  autoGenerated: true
+
+auth:
+  database: tekton_results
+  username: tekton
+  existingSecret: tekton-results-database
+  secretKeys:
+    userPasswordKey: db.password
+    adminPasswordKey: db.password
+
+primary:
+  resources:
+    requests: null
+  podSecurityContext:
+    fsGroup: null
+    seccompProfile:
+      type: RuntimeDefault
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    runAsNonRoot: true
+    runAsUser: null
+    seccompProfile:
+      type: RuntimeDefault
+    capabilities:
+      drop:
+        - ALL
+
+volumePermissions:
+  enabled: false
+
+shmVolume:
+  enabled: false
diff --git a/developer/openshift/gitops/argocd/pipeline-service.yaml b/developer/openshift/gitops/argocd/pipeline-service.yaml
@@ -8,12 +8,12 @@ metadata:
     argocd.argoproj.io/sync-wave: "0"
 spec:
   destination:
-    namespace: openshift-gitops
+    namespace: pipeline-service
     server: https://kubernetes.default.svc
-  source:
-    path: developer/openshift/gitops/argocd/pipeline-service
-    repoURL: https://github.com/openshift-pipelines/pipeline-service.git
-    targetRevision: main
+  sources:
+    - path: developer/openshift/gitops/argocd/pipeline-service
+      repoURL: https://github.com/openshift-pipelines/pipeline-service.git
+      targetRevision: main
   project: default
   syncPolicy:
     # Comment this out if you want to manually trigger deployments (using the

diff --git a/developer/openshift/gitops/argocd/pipeline-service/kustomization.yaml b/developer/openshift/gitops/argocd/pipeline-service/kustomization.yaml
@@ -5,9 +5,8 @@ kind: Kustomization
 resources:
   - ../../../../../operator/gitops/argocd/pipeline-service
 
-patches:
-  - path: tekton-results/minio-create-bucket.yaml
-  - path: tekton-results/minio-tls.yaml
+  # patches:
+  #  - path: tekton-results/minio-tls.yaml
 
   # Skip applying the Tekton operands while the Tekton operator is being installed.
   # See more information about this option, here:

diff --git a/developer/openshift/gitops/argocd/pipeline-service/tekton-results/kustomization.yaml b/developer/openshift/gitops/argocd/pipeline-service/tekton-results/kustomization.yaml
@@ -5,5 +5,4 @@ resources:
   - ../../../../../../operator/gitops/argocd/pipeline-service/tekton-results
 
 patches:
-  - path: minio-create-bucket.yaml
   - path: minio-tls.yaml
diff --git a/developer/openshift/gitops/argocd/pipeline-service/tekton-results/minio-create-bucket.yaml b/developer/openshift/gitops/argocd/pipeline-service/tekton-results/minio-create-bucket.yaml
diff --git a/developer/openshift/gitops/argocd/pipeline-service/tekton-results/minio-tls.yaml b/developer/openshift/gitops/argocd/pipeline-service/tekton-results/minio-tls.yaml
@@ -12,7 +12,7 @@ spec:
       volumes:
         - name: ca-s3
           secret:
-            secretName: storage-tls
+            secretName: minio-tls
             items:
               - key: public.crt
                 path: s3-cert.crt