Pipelines controller fails to apply app.kubernetes.io/managed-by: tekton-pipelines label when deploying PipelineRuns and TaskRuns via Helm, affecting environment variable injection

[ab-ghosh]

Expected Behavior

Regardless of how the PipelineRun is created (via Helm or kubectl ), the Tekton Pipelines controller should:

• Override the app.kubernetes.io/managed-by label on pods to tekton-pipelines.
• Inject expected environment variables accordingly.

Actual Behavior

When PipelineRuns are deployed via Helm, the pods created for the associated TaskRuns are labeled with:
app.kubernetes.io/managed-by: Helm
These pods do not receive certain environment variables such as SSL_CERT_DIR.

Steps to Reproduce the Problem

1. Define a PipelineRun in a Helm chart template.
2. Deploy it using helm install.
3. Observe the labels on the resulting pods created for the TaskRuns.
4. Compare this with pods created by PipelineRuns triggered via kubectl or the Tekton dashboard.

Additional Info

When PipelineRuns are created via kubectl apply or via the Tekton UI/CLI, the controller does set the correct label and injects the required env vars into pods.

When created via Helm, the label app.kubernetes.io/managed-by: Helm persists and pods lack required environment variables.

This leads to functional issues in environments where those variables (like SSL_CERT_DIR) are critical.