Goal

As a namespace-admin, I want to control the the default Tekton configurations in effect within my namespace so that I can adjust the default configurations based on the behaviour I desire for my pipelines.

As a cluster admin, I want to set default Tekton configs per namespace so that I can adjust the default configs in multi-tenant clusters in accordance to tenant's requirements.

Why is this important?

• improve flexibility for organizations gradually migrating their teams during Tekton's infrequent (but potentially disruptive) behavioural changes
• allow platforms and organizations to apply finer-grained configurations, such as individualized RBAC on a per-tenant basis
• improve a key portion of our own open source testing strategy by allowing configuration changes to be exercised in isolated namespaces rather than entirely separate clusters

Acceptance Criteria

• Cluster admin can set per-namespace Tekton configs
• Per-namespace Tekton configs override the operator-level Tekton configs

Related work

• https://github.com/tektoncd/community/pull/607
• https://github.com/tektoncd/community/blob/main/teps/0085-per-namespace-controller-configuration.md

Open questions

• Are there any risks associated with namespace-admins being able to change Tekton behaviour? Should it require cluster-admin privilleges?