Migrate install Tekton release CD service to workspaces

Install Tekton release relies on the cluster PipelineResource
to target deployments of resources.

Migrate that to workspaces: a secret stored in the cluster bound
through a workspace is used to target the deployment.

Secrets have been preprovisioned on the cluster, their name is
tektoncd-, their type is kubeconfig.

See tektoncd#887 for more details.

The change is implemented so that the template interface does not
change and thus all existing cronjobs are still valid as well as
the deployment script.

Signed-off-by: Andrea Frittoli <andrea.frittoli@uk.ibm.com>

robocat/README.md

@@ -148,7 +148,7 @@ been created in the `dogfooding` cluster as well. Once that is in place, create
 the secret in the `robocat` cluster that holds the service account credentials
 need to use `tekton-deployer` on `dogfooding`:
 
-```
+```shell
 # Fetch the secret data from robocat
 TD_SECRET=$(kubectl --cluster gke_tekton-releases_us-central1-a_dogfooding \
   get -n tekton-pipelines sa/tekton-deployer -o jsonpath='{.secrets[0].name}')
@@ -170,5 +170,5 @@ data:
 EOF
 ```
 
-The `cluster` type `PipelineResource` is already deployed on `robocat` and it
-uses the secret `dogfooding-tekton-deployer-token`.
+The secret `tektoncd-dogfooding-tekton-deployer` holds a Kubernetes
+configuration file for the `tekton-deployer` service account on `dogfooding`.

tekton/cd/README.md

@@ -8,24 +8,31 @@ Tekton services can be deployed on-demand using a Tekton task called
 follows using the `tkn` client:
 
 ```
-# The RELEASE_BUCKET_RESOURCE is a storage PipelineResource that points to the
+# The releaseBucket is a parameter that points to where the 
 # bucket where the release files are stored e.g. gs://tekton-releases/pipeline
-export RELEASE_BUCKET_RESOURCE=<release-bucket>
+export RELEASE_BUCKET=<release-bucket>
 
-# The K8S_CLUSTER_RESOURCE is a cluster PipelineResource that points to the
-# k8s cluster where the Tekton service is being deployed to
-export K8S_CLUSTER_RESOURCE=<k8s-cluster>
+# The K8S_CLUSTER is a the name of a secret that contains the k8s configuration
+# for k8s cluster where the Tekton service is being deployed to
+export K8S_CLUSTER=<k8s-cluster>
 
-# The PLUMBING_GIT_RESOURCE is a git PipelineResource that points to the git
-# repo where shared plumbing scripts are (usually tektoncd/plumbing)
-export PLUMBING_GIT_RESOURCE=<plumbing-git>
+# Create a workspace template file with the following content
+cat <<EOF > workspace-template.yaml
+spec:
+ accessModes:
+   - ReadWriteOnce
+ resources:
+   requests:
+     storage: 1Gi
+EOF
 
-tkn task start \
-  -i release-bucket=$RELEASE_BUCKET_RESOURCE \
-  -i k8s-cluster=$K8S_CLUSTER_RESOURCE \
-  -i plumbing-library=$PLUMBING_GIT_RESOURCE \
+tkn pipeline start \
+  -p releaseBucket=$RELEASE_BUCKET \
   -p projectName=pipeline \
   -p version=v0.9.2 \
   -p environment=dogfooding \
+  -w name=targetCluster,secret=$K8S_CLUSTER \
+  -w name=resources,volumeClaimTemplateFile=workspace-template.yaml
+  -w name=credentials,emptyDir=
   install-tekton-release
 ```

tekton/images/koparse/koparse/test_release.yaml

@@ -182,24 +182,6 @@ spec:
 ---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
-metadata:
-  name: pipelineresources.tekton.dev
-spec:
-  group: tekton.dev
-  names:
-    categories:
-    - all
-    - knative
-    - tekton-pipelines
-    kind: PipelineResource
-    plural: pipelineresources
-  scope: Namespaced
-  subresources:
-    status: {}
-  version: v1alpha1
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
 metadata:
   name: tasks.tekton.dev
 spec:

tekton/resources/cd/helm-template.yaml

@@ -36,7 +36,7 @@ spec:
     default: ""
   - name: preDeployResources
     description: >-
-      Some charts require resources to be deployed firt, usually CRDs.
+      Some charts require resources to be deployed first, usually CRDs.
       When provided this should be the URL to a YAML file with resources.
     default: ""
   resourcetemplates: