Add new infra architecture 12

2026-01-21 16:21:24 +01:00
parent 2512de4173
commit 66dfd50fbc
20 changed files with 4082 additions and 480 deletions
--- a/infrastructure/cicd/tekton-helm/values-prod.yaml
+++ b/infrastructure/cicd/tekton-helm/values-prod.yaml
@@ -0,0 +1,81 @@
+# Production values for tekton-cicd Helm chart
+# This file overrides values.yaml for production deployment
+#
+# Installation:
+#   helm upgrade --install tekton-cicd infrastructure/cicd/tekton-helm \
+#     -n tekton-pipelines \
+#     -f infrastructure/cicd/tekton-helm/values.yaml \
+#     -f infrastructure/cicd/tekton-helm/values-prod.yaml \
+#     --set secrets.webhook.token=$TEKTON_WEBHOOK_TOKEN \
+#     --set secrets.registry.password=$GITEA_ADMIN_PASSWORD \
+#     --set secrets.git.password=$GITEA_ADMIN_PASSWORD
+#
+# Required environment variables:
+#   TEKTON_WEBHOOK_TOKEN - Secure webhook token (generate with: openssl rand -hex 32)
+#   GITEA_ADMIN_PASSWORD - Gitea admin password (must match gitea-admin-secret)
+
+# Global settings for production
+global:
+  # Git configuration
+  git:
+    userEmail: "ci@bakewise.ai"
+
+# Pipeline configuration for production
+pipeline:
+  # Build configuration
+  build:
+    verbosity: "warn"  # Less verbose in production
+
+  # Test configuration
+  test:
+    skipTests: "false"
+    skipLint: "false"
+
+  # Workspace configuration - ensure storage class exists in production cluster
+  workspace:
+    size: "10Gi"
+    storageClass: "standard"  # Adjust to your production storage class
+
+# Tekton controller settings - increased resources for production
+controller:
+  replicas: 2
+  resources:
+    limits:
+      cpu: 2000m
+      memory: 2Gi
+    requests:
+      cpu: 200m
+      memory: 256Mi
+
+# Tekton webhook settings - increased resources for production
+webhook:
+  replicas: 2
+  resources:
+    limits:
+      cpu: 1000m
+      memory: 1Gi
+    requests:
+      cpu: 100m
+      memory: 128Mi
+
+# Secrets configuration
+# IMPORTANT: These MUST be overridden via --set flags during deployment
+# DO NOT commit actual secrets to this file
+secrets:
+  # Webhook secret for validating incoming webhooks
+  # Override with: --set secrets.webhook.token=$TEKTON_WEBHOOK_TOKEN
+  webhook:
+    token: ""  # MUST be set via --set flag
+
+  # Registry credentials for pushing images
+  # Override with: --set secrets.registry.password=$GITEA_ADMIN_PASSWORD
+  registry:
+    username: "bakery-admin"
+    password: ""  # MUST be set via --set flag
+    registryUrl: "gitea-http.gitea.svc.cluster.local:3000"
+
+  # Git credentials for GitOps updates
+  # Override with: --set secrets.git.password=$GITEA_ADMIN_PASSWORD
+  git:
+    username: "bakery-admin"
+    password: ""  # MUST be set via --set flag