bakery-ia/infrastructure/cicd/tekton-helm/values-prod.yaml

# Production values for tekton-cicd Helm chart
# This file overrides values.yaml for production deployment
#
# Installation:
#   helm upgrade --install tekton-cicd infrastructure/cicd/tekton-helm \
#     -n tekton-pipelines \
#     -f infrastructure/cicd/tekton-helm/values.yaml \
#     -f infrastructure/cicd/tekton-helm/values-prod.yaml \
#     --set secrets.webhook.token=$TEKTON_WEBHOOK_TOKEN \
#     --set secrets.registry.password=$GITEA_ADMIN_PASSWORD \
#     --set secrets.git.password=$GITEA_ADMIN_PASSWORD
#
# Required environment variables:
#   TEKTON_WEBHOOK_TOKEN - Secure webhook token (generate with: openssl rand -hex 32)
#   GITEA_ADMIN_PASSWORD - Gitea admin password (must match gitea-admin-secret)

# Global settings for production
global:
  # Git configuration
  git:
    userEmail: "ci@bakewise.ai"

# Pipeline configuration for production
pipeline:
  # Build configuration
  build:
    verbosity: "warn"  # Less verbose in production

  # Test configuration
  test:
    skipTests: "false"
    skipLint: "false"

  # Workspace configuration - ensure storage class exists in production cluster
  workspace:
    size: "10Gi"
    storageClass: "standard"  # Adjust to your production storage class

# Tekton controller settings - increased resources for production
controller:
  replicas: 2
  resources:
    limits:
      cpu: 2000m
      memory: 2Gi
    requests:
      cpu: 200m
      memory: 256Mi

# Tekton webhook settings - increased resources for production
webhook:
  replicas: 2
  resources:
    limits:
      cpu: 1000m
      memory: 1Gi
    requests:
      cpu: 100m
      memory: 128Mi

# Secrets configuration
# IMPORTANT: These MUST be overridden via --set flags during deployment
# DO NOT commit actual secrets to this file
secrets:
  # Webhook secret for validating incoming webhooks
  # Override with: --set secrets.webhook.token=$TEKTON_WEBHOOK_TOKEN
  webhook:
    token: ""  # MUST be set via --set flag

  # Registry credentials for pushing images
  # Override with: --set secrets.registry.password=$GITEA_ADMIN_PASSWORD
  registry:
    username: "bakery-admin"
    password: ""  # MUST be set via --set flag
    registryUrl: "gitea-http.gitea.svc.cluster.local:3000"

  # Git credentials for GitOps updates
  # Override with: --set secrets.git.password=$GITEA_ADMIN_PASSWORD
  git:
    username: "bakery-admin"
    password: ""  # MUST be set via --set flag
Add new infra architecture 12 2026-01-21 16:21:24 +01:00			`# Production values for tekton-cicd Helm chart`
			`# This file overrides values.yaml for production deployment`
			`#`
			`# Installation:`
			`# helm upgrade --install tekton-cicd infrastructure/cicd/tekton-helm \`
			`# -n tekton-pipelines \`
			`# -f infrastructure/cicd/tekton-helm/values.yaml \`
			`# -f infrastructure/cicd/tekton-helm/values-prod.yaml \`
			`# --set secrets.webhook.token=$TEKTON_WEBHOOK_TOKEN \`
			`# --set secrets.registry.password=$GITEA_ADMIN_PASSWORD \`
			`# --set secrets.git.password=$GITEA_ADMIN_PASSWORD`
			`#`
			`# Required environment variables:`
			`# TEKTON_WEBHOOK_TOKEN - Secure webhook token (generate with: openssl rand -hex 32)`
			`# GITEA_ADMIN_PASSWORD - Gitea admin password (must match gitea-admin-secret)`

			`# Global settings for production`
			`global:`
			`# Git configuration`
			`git:`
			`userEmail: "ci@bakewise.ai"`

			`# Pipeline configuration for production`
			`pipeline:`
			`# Build configuration`
			`build:`
			`verbosity: "warn" # Less verbose in production`

			`# Test configuration`
			`test:`
			`skipTests: "false"`
			`skipLint: "false"`

			`# Workspace configuration - ensure storage class exists in production cluster`
			`workspace:`
			`size: "10Gi"`
			`storageClass: "standard" # Adjust to your production storage class`

			`# Tekton controller settings - increased resources for production`
			`controller:`
			`replicas: 2`
			`resources:`
			`limits:`
			`cpu: 2000m`
			`memory: 2Gi`
			`requests:`
			`cpu: 200m`
			`memory: 256Mi`

			`# Tekton webhook settings - increased resources for production`
			`webhook:`
			`replicas: 2`
			`resources:`
			`limits:`
			`cpu: 1000m`
			`memory: 1Gi`
			`requests:`
			`cpu: 100m`
			`memory: 128Mi`

			`# Secrets configuration`
			`# IMPORTANT: These MUST be overridden via --set flags during deployment`
			`# DO NOT commit actual secrets to this file`
			`secrets:`
			`# Webhook secret for validating incoming webhooks`
			`# Override with: --set secrets.webhook.token=$TEKTON_WEBHOOK_TOKEN`
			`webhook:`
			`token: "" # MUST be set via --set flag`

			`# Registry credentials for pushing images`
			`# Override with: --set secrets.registry.password=$GITEA_ADMIN_PASSWORD`
			`registry:`
			`username: "bakery-admin"`
			`password: "" # MUST be set via --set flag`
			`registryUrl: "gitea-http.gitea.svc.cluster.local:3000"`

			`# Git credentials for GitOps updates`
			`# Override with: --set secrets.git.password=$GITEA_ADMIN_PASSWORD`
			`git:`
			`username: "bakery-admin"`
			`password: "" # MUST be set via --set flag`