GKE Autopilot is a new mode for GKE which locks down certain aspects of the cluster, in exchange for a more managed environment, and billing based on pod resource requests instead of node reservations. Someone should make sure Tekton works well with it, or at least identify where it doesn't and document those.

Looking through the overview (https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview) there aren't many things locked down that we might rely on, but a few might be problematic:

Webhook limitations:

You cannot create custom mutating admission webhooks for Autopilot clusters, but you can create custom validating webhooks.

Tekton uses mutating webhooks to set defaults. There's also no mention of conversion webhooks, which Tekton uses.

Pod affinity and anti-affinity:

Pod affinity is limited for use only with the following keys: topology.kubernetes.io/region, topology.kubernetes.io/zone, failure-domain.beta.kubernetes.io/region, and failure-domain.beta.kubernetes.io/zone.

This might affect the Affinity Assistant

Allowable resource ranges:

The minimum value is 250 milliCPU (mCPU).

Containers with no resource requests will default to the standard minimums of 500 mCPU and 1 GiB memory.

We should set reasonable resource requests for controller and webhook deployments, especially if we think we should request lower than the default.

We might find out other things don't work as expected as well. If things already work fine with Autopilot, we should document that somewhere too.

/kind documentation