Add new infra architecture

infrastructure/cicd/tekton/rbac/resource-quota.yaml

@@ -0,0 +1,64 @@
+# ResourceQuota for Tekton Pipelines Namespace
+# Prevents resource exhaustion from runaway pipeline runs
+#
+# This quota limits:
+# - Total CPU and memory that can be requested/used
+# - Number of concurrent pods
+# - Number of PVCs for workspaces
+
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: tekton-pipelines-quota
+  namespace: tekton-pipelines
+  labels:
+    app.kubernetes.io/name: bakery-ia-cicd
+    app.kubernetes.io/component: quota
+spec:
+  hard:
+    # Limit total CPU
+    requests.cpu: "8"
+    limits.cpu: "16"
+    # Limit total memory
+    requests.memory: "16Gi"
+    limits.memory: "32Gi"
+    # Limit number of pods (controls concurrent pipeline tasks)
+    pods: "20"
+    # Limit PVCs (controls workspace storage)
+    persistentvolumeclaims: "10"
+    # Limit storage
+    requests.storage: "50Gi"
+
+---
+# LimitRange to set defaults and limits for individual pods
+# Ensures every pod has resource requests/limits
+apiVersion: v1
+kind: LimitRange
+metadata:
+  name: tekton-pipelines-limits
+  namespace: tekton-pipelines
+  labels:
+    app.kubernetes.io/name: bakery-ia-cicd
+    app.kubernetes.io/component: quota
+spec:
+  limits:
+    # Default limits for containers
+    - type: Container
+      default:
+        cpu: "1"
+        memory: "1Gi"
+      defaultRequest:
+        cpu: "100m"
+        memory: "256Mi"
+      max:
+        cpu: "4"
+        memory: "8Gi"
+      min:
+        cpu: "50m"
+        memory: "64Mi"
+    # Limits for PVCs
+    - type: PersistentVolumeClaim
+      max:
+        storage: "10Gi"
+      min:
+        storage: "1Gi"