From dfaa2f75f61d8e21599d0efe7f69364f48a230e5 Mon Sep 17 00:00:00 2001
From: wuhuizuo <wuhuizuo@126.com>
Date: Fri, 10 Nov 2023 11:35:12 +0800
Subject: [PATCH] feat(apps/prod/tekton): add tekton results instances (#767)

Signed-off-by: wuhuizuo <wuhuizuo@126.com>

Signed-off-by: wuhuizuo <wuhuizuo@126.com>
---
 apps/prod/tekton/setup.yaml                   | 18 ++++++++-
 apps/prod/tekton/setup/kustomization.yaml     |  2 +-
 apps/prod/tekton/setup/results/db-secret.yaml | 11 ++++++
 .../tekton/setup/results/kustomization.yaml   |  7 ++++
 .../setup/results/operator-tekton-result.yaml |  8 ++++
 .../tekton/setup/results/progres-release.yaml | 38 +++++++++++++++++++
 apps/prod/tekton/setup/results/tls-cert.yaml  | 19 ++++++++++
 .../_base/sources/helm-repo-others.yaml       | 10 +++++
 .../_base/sources/kustomization.yaml          |  1 +
 infrastructure/prod/kustomization.yaml        |  1 +
 .../prod/secret-generator/kustomization.yaml  |  5 +++
 .../prod/secret-generator/namespace.yaml      |  9 +++++
 .../prod/secret-generator/release.yaml        | 29 ++++++++++++++
 13 files changed, 156 insertions(+), 2 deletions(-)
 create mode 100644 apps/prod/tekton/setup/results/db-secret.yaml
 create mode 100644 apps/prod/tekton/setup/results/kustomization.yaml
 create mode 100644 apps/prod/tekton/setup/results/operator-tekton-result.yaml
 create mode 100644 apps/prod/tekton/setup/results/progres-release.yaml
 create mode 100644 apps/prod/tekton/setup/results/tls-cert.yaml
 create mode 100644 infrastructure/_base/sources/helm-repo-others.yaml
 create mode 100644 infrastructure/prod/secret-generator/kustomization.yaml
 create mode 100644 infrastructure/prod/secret-generator/namespace.yaml
 create mode 100644 infrastructure/prod/secret-generator/release.yaml

diff --git a/apps/prod/tekton/setup.yaml b/apps/prod/tekton/setup.yaml
index 4d2bd857c..154bbbef1 100644
--- a/apps/prod/tekton/setup.yaml
+++ b/apps/prod/tekton/setup.yaml
@@ -19,7 +19,7 @@ spec:
           path: /metadata/annotations
           value:
             scheduler.alpha.kubernetes.io/defaultTolerations: '[{"operator": "Equal", "effect": "NoSchedule", "key": "dedicated", "value": "test-infra"}]'
-            scheduler.alpha.kubernetes.io/node-selector: enable-ci=true
+            scheduler.alpha.kubernetes.io/node-selector: enable-ci=true,kubernetes.io/arch=amd64
 
   prune: true
   healthChecks:
@@ -56,3 +56,19 @@ spec:
       name: tekton-dashboard
       namespace: tekton-pipelines
   timeout: 5m0s
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: tekton-results-setup
+  namespace: apps
+spec:
+  dependsOn:
+    - name: tekton-setup
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  path: ./apps/prod/tekton/setup/results
+  prune: true
diff --git a/apps/prod/tekton/setup/kustomization.yaml b/apps/prod/tekton/setup/kustomization.yaml
index 3d69e7527..5f3231dcb 100644
--- a/apps/prod/tekton/setup/kustomization.yaml
+++ b/apps/prod/tekton/setup/kustomization.yaml
@@ -6,5 +6,5 @@ resources:
   # - https://github.com/tektoncd/operator/releases/download/v0.60.1/release.yaml
   # we fixed the image tag to make it runable on arm64 nodes:
   #   gcr.io/tekton-releases/dogfooding/tkn
-  - operator-release.yaml 
+  - operator-release.yaml
   - operator-config.yaml
diff --git a/apps/prod/tekton/setup/results/db-secret.yaml b/apps/prod/tekton/setup/results/db-secret.yaml
new file mode 100644
index 000000000..8cbe58662
--- /dev/null
+++ b/apps/prod/tekton/setup/results/db-secret.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    secret-generator.v1.mittwald.de/autogenerate: POSTGRES_PASSWORD
+  name: tekton-results-postgres
+  namespace: tekton-pipelines
+type: Opaque
+data:
+  POSTGRES_USER: postgres
+  # POSTGRES_PASSWORD will be auto generated.
diff --git a/apps/prod/tekton/setup/results/kustomization.yaml b/apps/prod/tekton/setup/results/kustomization.yaml
new file mode 100644
index 000000000..34a6e37e4
--- /dev/null
+++ b/apps/prod/tekton/setup/results/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - db-secret.yaml
+  - tls-cert.yaml
+  - operator-tekton-result.yaml
+  # - progres-release.yaml # currently, the tekton result will create PG instance.
diff --git a/apps/prod/tekton/setup/results/operator-tekton-result.yaml b/apps/prod/tekton/setup/results/operator-tekton-result.yaml
new file mode 100644
index 000000000..8df640e1e
--- /dev/null
+++ b/apps/prod/tekton/setup/results/operator-tekton-result.yaml
@@ -0,0 +1,8 @@
+apiVersion: operator.tekton.dev/v1alpha1
+kind: TektonResult
+metadata:
+  name: result
+spec:
+  targetNamespace: tekton-pipelines
+
+# TODO: currently it can not set the PVC storage class name.
diff --git a/apps/prod/tekton/setup/results/progres-release.yaml b/apps/prod/tekton/setup/results/progres-release.yaml
new file mode 100644
index 000000000..4af68e1f4
--- /dev/null
+++ b/apps/prod/tekton/setup/results/progres-release.yaml
@@ -0,0 +1,38 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: tekton-results-db
+  namespace: apps
+spec:
+  targetNamespace: tekton-pipelines
+  chart:
+    spec:
+      chart: postgresql
+      sourceRef:
+        kind: HelmRepository
+        name: bitnami
+        namespace: flux-system
+      version: "13.1.0"
+  interval: 10m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    crds: CreateReplace
+  test:
+    enable: true
+    ignoreFailures: false
+  values:
+    global:
+      storageClass: ceph-block
+    architecture: standalone # standalone or replication
+    auth: # custom prepares
+      username: tekton
+      database: tekton-results
+    primary:
+      persistence:
+        size: 8Gi
+    tls: # TLS traffic
+      enabled: true
+      autoGenerated: true
diff --git a/apps/prod/tekton/setup/results/tls-cert.yaml b/apps/prod/tekton/setup/results/tls-cert.yaml
new file mode 100644
index 000000000..f7a01ce14
--- /dev/null
+++ b/apps/prod/tekton/setup/results/tls-cert.yaml
@@ -0,0 +1,19 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: tekton-results
+  namespace: tekton-pipelines
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: tekton-results-cert
+  namespace: tekton-pipelines
+spec:
+  dnsNames:
+    - tekton-results-api-service.tekton-pipelines.svc.cluster.local
+  secretName: tekton-results-tls
+  issuerRef:
+    name: tekton-results-selfsigned
diff --git a/infrastructure/_base/sources/helm-repo-others.yaml b/infrastructure/_base/sources/helm-repo-others.yaml
new file mode 100644
index 000000000..ee86c5347
--- /dev/null
+++ b/infrastructure/_base/sources/helm-repo-others.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: mittwald
+  namespace: flux-system
+spec:
+  interval: 24h
+  url: https://helm.mittwald.de
+ 
\ No newline at end of file
diff --git a/infrastructure/_base/sources/kustomization.yaml b/infrastructure/_base/sources/kustomization.yaml
index 3af436a9b..394ee62ea 100644
--- a/infrastructure/_base/sources/kustomization.yaml
+++ b/infrastructure/_base/sources/kustomization.yaml
@@ -6,3 +6,4 @@ resources:
   - helm-repo-ingress-nginx.yaml
   - helm-repo-nfs-server-provisioner.yaml
   - helm-repo-rook.yaml
+  - helm-repo-others.yaml
diff --git a/infrastructure/prod/kustomization.yaml b/infrastructure/prod/kustomization.yaml
index efa894da4..6e6051a7d 100644
--- a/infrastructure/prod/kustomization.yaml
+++ b/infrastructure/prod/kustomization.yaml
@@ -5,3 +5,4 @@ resources:
   - nginx
   - rook-ceph
   - nfs-pvc-provisioner
+  - secret-generator
diff --git a/infrastructure/prod/secret-generator/kustomization.yaml b/infrastructure/prod/secret-generator/kustomization.yaml
new file mode 100644
index 000000000..f5a4a20cc
--- /dev/null
+++ b/infrastructure/prod/secret-generator/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - release.yaml
diff --git a/infrastructure/prod/secret-generator/namespace.yaml b/infrastructure/prod/secret-generator/namespace.yaml
new file mode 100644
index 000000000..215ee465c
--- /dev/null
+++ b/infrastructure/prod/secret-generator/namespace.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: secret-generator
+  annotations:
+    scheduler.alpha.kubernetes.io/defaultTolerations:
+      '[{"operator": "Equal", "effect": "NoSchedule", "key": "dedicated",
+      "value": "test-infra"}]'
diff --git a/infrastructure/prod/secret-generator/release.yaml b/infrastructure/prod/secret-generator/release.yaml
new file mode 100644
index 000000000..f956ff651
--- /dev/null
+++ b/infrastructure/prod/secret-generator/release.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: secret-generator
+  namespace: flux-system
+spec:
+  targetNamespace: secret-generator
+  releaseName: secret-generator
+  chart:
+    spec:
+      chart: kubernetes-secret-generator
+      sourceRef:
+        kind: HelmRepository
+        name: mittwald
+        namespace: flux-system
+      version: 3.4.0
+  interval: 1h0m0s
+  install:
+    remediation:
+      retries: 3
+  values:
+    logLevel: INFO
+    monitoring:
+      enabled: true
+    resources:
+      limits:
+        cpu: 100m
+        memory: 128Mi