fix: add ingress and rbac

cicd/templates/ingress.yaml

@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: '{{.Values.prefix}}-webhook'
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: 'false'
+    haproxy-ingress.github.io/ssl-redirect: 'false'
+    kubernetes.io/ingress.class: '{{.Values.config.ingressClass}}'
+    cert-manager.io/cluster-issuer: 'letsencrypt-prod'
+spec:
+  tls:
+    - hosts:
+        - '{{.Values.config.ingressDomain}}'
+      secretName: listener-tekton-tls
+  rules:
+    - host: '{{.Values.config.ingressDomain}}'
+      http:
+        paths:
+          - path: '/{{.Values.config.name}}/{{.Values.prefix}}'
+            pathType: Exact
+            backend:
+              service:
+                name: 'el-{{.Values.prefix}}-event-listener'
+                port:
+                  number: 8080

cicd/templates/rbac.yaml

@@ -0,0 +1,77 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{.Values.prefix}}-sa
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{.Values.prefix}}-sa
+rules:
+  - apiGroups: ["apps"]
+    resources: ["deployments", "statefulsets", "daemonsets", "replicasets"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  - apiGroups: ["networking.k8s.io"]
+    resources: ["ingresses"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{.Values.prefix}}-sa
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{.Values.prefix}}-sa
+subjects:
+  - kind: ServiceAccount
+    name: {{.Values.prefix}}-sa
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{.Values.prefix}}-sa-binding-2
+subjects:
+  - kind: ServiceAccount
+    name: {{.Values.prefix}}-sa
+    namespace: {{.Release.Namespace}}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-triggers-eventlistener-roles
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{.Values.prefix}}-sa-clusterbinding
+subjects:
+  - kind: ServiceAccount
+    name: {{.Values.prefix}}-sa
+    namespace: {{.Release.Namespace}}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tekton-triggers-eventlistener-clusterroles
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{.Values.prefix}}-sa
+  annotations:
+    kubernetes.io/service-account.name: {{.Values.prefix}}-sa
+type: kubernetes.io/service-account-token

cicd/values.yaml

@@ -36,3 +36,6 @@ image:
 
 config:
   domain: '{{- template "mychart.name" . }}.dev.mono-folio.com'
+  ingressClass: "haproxy"
+  listenerDomain: "el-{{.Values.config.prefix}}-event-listener.dev.mono-folio.com"
+  name: "batleforc"