From 34de9051c67186370cae9163cfc1133c0c703afc Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Wed, 7 Jan 2026 14:27:44 +0900 Subject: [PATCH] FEAT(tekton): add Tekton CI/CD platform - Tekton Pipeline for container builds - Tekton Triggers for webhook events - Tekton Dashboard at tekton0213.kro.kr - Namespace patched to privileged for buildah --- tekton/dashboard/argocd.yaml | 40 ++++++++++++++++++++++ tekton/dashboard/kustomization.yaml | 16 +++++++++ tekton/dashboard/manifests/ingress.yaml | 25 ++++++++++++++ tekton/pipeline/argocd.yaml | 44 +++++++++++++++++++++++++ tekton/pipeline/kustomization.yaml | 26 +++++++++++++++ tekton/triggers/argocd.yaml | 40 ++++++++++++++++++++++ tekton/triggers/kustomization.yaml | 16 +++++++++ 7 files changed, 207 insertions(+) create mode 100644 tekton/dashboard/argocd.yaml create mode 100644 tekton/dashboard/kustomization.yaml create mode 100644 tekton/dashboard/manifests/ingress.yaml create mode 100644 tekton/pipeline/argocd.yaml create mode 100644 tekton/pipeline/kustomization.yaml create mode 100644 tekton/triggers/argocd.yaml create mode 100644 tekton/triggers/kustomization.yaml diff --git a/tekton/dashboard/argocd.yaml b/tekton/dashboard/argocd.yaml new file mode 100644 index 0000000..8d1d619 --- /dev/null +++ b/tekton/dashboard/argocd.yaml @@ -0,0 +1,40 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tekton-dashboard + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://github.com/K3S-HOME/platform.git + targetRevision: main + path: tekton/dashboard + destination: + server: https://kubernetes.default.svc + namespace: tekton-pipelines + ignoreDifferences: + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + jsonPointers: + - /status + - /spec/preserveUnknownFields + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - PrunePropagationPolicy=foreground + - PruneLast=true + - RespectIgnoreDifferences=true + - Replace=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + revisionHistoryLimit: 10 diff --git a/tekton/dashboard/kustomization.yaml b/tekton/dashboard/kustomization.yaml new file mode 100644 index 0000000..efce579 --- /dev/null +++ b/tekton/dashboard/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- https://infra.tekton.dev/tekton-releases/dashboard/latest/release-full.yaml +- manifests/ingress.yaml + +patches: +- target: + group: apiextensions.k8s.io + version: v1 + kind: CustomResourceDefinition + patch: |- + - op: replace + path: /metadata/labels/app.kubernetes.io~1instance + value: tekton-dashboard diff --git a/tekton/dashboard/manifests/ingress.yaml b/tekton/dashboard/manifests/ingress.yaml new file mode 100644 index 0000000..8b164e5 --- /dev/null +++ b/tekton/dashboard/manifests/ingress.yaml @@ -0,0 +1,25 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: tekton-dashboard + namespace: tekton-pipelines + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd +spec: + ingressClassName: traefik + tls: + - hosts: + - tekton0213.kro.kr + secretName: tekton-dashboard-tls + rules: + - host: tekton0213.kro.kr + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: tekton-dashboard + port: + number: 9097 diff --git a/tekton/pipeline/argocd.yaml b/tekton/pipeline/argocd.yaml new file mode 100644 index 0000000..0eac2dc --- /dev/null +++ b/tekton/pipeline/argocd.yaml @@ -0,0 +1,44 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tekton-pipeline + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://github.com/K3S-HOME/platform.git + targetRevision: main + path: tekton/pipeline + destination: + server: https://kubernetes.default.svc + namespace: tekton-pipelines + ignoreDifferences: + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + jsonPointers: + - /status + - /spec/preserveUnknownFields + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - PrunePropagationPolicy=foreground + - PruneLast=true + - RespectIgnoreDifferences=true + - Replace=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + managedNamespaceMetadata: + labels: + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged + revisionHistoryLimit: 10 diff --git a/tekton/pipeline/kustomization.yaml b/tekton/pipeline/kustomization.yaml new file mode 100644 index 0000000..0c2ff8e --- /dev/null +++ b/tekton/pipeline/kustomization.yaml @@ -0,0 +1,26 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml + +patches: +- target: + group: apiextensions.k8s.io + version: v1 + kind: CustomResourceDefinition + patch: |- + - op: replace + path: /metadata/labels/app.kubernetes.io~1instance + value: tekton-pipeline +- target: + version: v1 + kind: Namespace + name: tekton-pipelines + patch: |- + - op: replace + path: /metadata/labels/pod-security.kubernetes.io~1enforce + value: privileged + - op: add + path: /metadata/labels/pod-security.kubernetes.io~1warn + value: privileged diff --git a/tekton/triggers/argocd.yaml b/tekton/triggers/argocd.yaml new file mode 100644 index 0000000..f86bfd9 --- /dev/null +++ b/tekton/triggers/argocd.yaml @@ -0,0 +1,40 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tekton-triggers + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://github.com/K3S-HOME/platform.git + targetRevision: main + path: tekton/triggers + destination: + server: https://kubernetes.default.svc + namespace: tekton-pipelines + ignoreDifferences: + - group: apiextensions.k8s.io + kind: CustomResourceDefinition + jsonPointers: + - /status + - /spec/preserveUnknownFields + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - PrunePropagationPolicy=foreground + - PruneLast=true + - RespectIgnoreDifferences=true + - Replace=true + retry: + limit: 5 + backoff: + duration: 5s + factor: 2 + maxDuration: 3m + revisionHistoryLimit: 10 diff --git a/tekton/triggers/kustomization.yaml b/tekton/triggers/kustomization.yaml new file mode 100644 index 0000000..ba2bf12 --- /dev/null +++ b/tekton/triggers/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml +- https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml + +patches: +- target: + group: apiextensions.k8s.io + version: v1 + kind: CustomResourceDefinition + patch: |- + - op: replace + path: /metadata/labels/app.kubernetes.io~1instance + value: tekton-triggers