Initial commit - production deployment

2026-01-21 17:17:16 +01:00
commit c23d00dd92
2289 changed files with 638440 additions and 0 deletions
--- a/infrastructure/cicd/tekton-helm/README.md
+++ b/infrastructure/cicd/tekton-helm/README.md
@@ -0,0 +1,83 @@
+# Tekton CI/CD Helm Chart
+
+This Helm chart deploys the Tekton CI/CD infrastructure for the Bakery-IA project.
+
+## Prerequisites
+
+- Kubernetes 1.20+
+- Tekton Pipelines installed (v0.57.0 or later)
+- Helm 3.0+
+
+## Installation
+
+Before installing this chart, Tekton Pipelines must be installed separately:
+
+```bash
+kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
+```
+
+Then install the chart:
+
+### Development Installation
+
+```bash
+helm install tekton-cicd infrastructure/cicd/tekton-helm \
+  --namespace tekton-pipelines \
+  --create-namespace
+```
+
+### Production Installation
+
+**Important**: Never use default secrets in production. Always provide secure credentials.
+
+```bash
+# Generate secure webhook token
+export TEKTON_WEBHOOK_TOKEN=$(openssl rand -hex 32)
+
+# Use the same password as Gitea admin (from GITEA_ADMIN_PASSWORD)
+helm upgrade --install tekton-cicd infrastructure/cicd/tekton-helm \
+  -n tekton-pipelines \
+  -f infrastructure/cicd/tekton-helm/values.yaml \
+  -f infrastructure/cicd/tekton-helm/values-prod.yaml \
+  --set secrets.webhook.token=$TEKTON_WEBHOOK_TOKEN \
+  --set secrets.registry.password=$GITEA_ADMIN_PASSWORD \
+  --set secrets.git.password=$GITEA_ADMIN_PASSWORD
+```
+
+## Configuration
+
+The following table lists the configurable parameters of the tekton-cicd chart and their default values.
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `global.registry.url` | Container registry URL | `"gitea.bakery-ia.local:5000"` |
+| `global.git.branch` | Git branch name | `"main"` |
+| `global.git.userName` | Git user name | `"bakery-ia-ci"` |
+| `global.git.userEmail` | Git user email | `"ci@bakery-ia.local"` |
+| `pipeline.build.cacheTTL` | Build cache TTL | `"24h"` |
+| `pipeline.build.verbosity` | Build verbosity level | `"info"` |
+| `pipeline.test.skipTests` | Skip tests flag | `"false"` |
+| `pipeline.test.skipLint` | Skip lint flag | `"false"` |
+| `pipeline.deployment.namespace` | Deployment namespace | `"bakery-ia"` |
+| `pipeline.deployment.fluxNamespace` | Flux namespace | `"flux-system"` |
+| `pipeline.workspace.size` | Workspace size | `"5Gi"` |
+| `pipeline.workspace.storageClass` | Workspace storage class | `"standard"` |
+| `secrets.webhook.token` | Webhook validation token | `"example-webhook-token-do-not-use-in-production"` |
+| `secrets.registry.username` | Registry username | `"example-user"` |
+| `secrets.registry.password` | Registry password | `"example-password"` |
+| `secrets.registry.registryUrl` | Registry URL | `"gitea.bakery-ia.local:5000"` |
+| `secrets.git.username` | Git username | `"example-user"` |
+| `secrets.git.password` | Git password | `"example-password"` |
+| `namespace` | Namespace for Tekton resources | `"tekton-pipelines"` |
+
+## Uninstallation
+
+To uninstall/delete the `tekton-cicd` release:
+
+```bash
+helm delete tekton-cicd --namespace tekton-pipelines
+```
+
+## Values
+
+For a detailed list of configurable values, see the `values.yaml` file.