- Ensure that you have a Kubernetes cluster running version 1.25 or later. 1.1. You can use Kind/Minikube for this purpose.
- Have the kubectl CLI tool installed.
-
Install Tekton Pipeline
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.54.0/release.yaml
-
Install Tekton Chains
kubectl apply -f https://storage.googleapis.com/tekton-releases/chains/previous/v0.19.0/release.yaml
-
Install Tekton Dashboard
kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
- access Dashboard
http://localhost:9097/
kubectl --namespace tekton-pipelines port-forward svc/tekton-dashboard 9097:9097
- access Dashboard
-
Setup Pipelines as Code
- Install
kubectl apply -f https://github.com/openshift-pipelines/pipelines-as-code/releases/download/v0.22.4/release.k8s.yaml
-
Port forward the pipelines-as-code controller
a. kubectl --namespace pipelines-as-code port-forward svc/pipelines-as-code-controller 8080:8080 b. Use the gosmee client with the following command ```bash gosmee client https://hook.pipelinesascode.com/PCoifdgYPYpS http://localhost:8080 ```
OR
Follow : https://github.com/openshift-pipelines/pipelines-as-code/blob/main/hack/dev/kind/install.sh to create Kind, install Tekton Pipeline and setup gosmee
-
Follow https://pipelinesascode.com/
- Create and configure the GithubApp https://pipelinesascode.com/docs/install/github_apps/
- Create a repository https://pipelinesascode.com/docs/guide/repositorycrd/
-
Follow Tekton Chains Tutorial https://github.com/tektoncd/chains/blob/main/docs/tutorials/signed-provenance-tutorial.md to set up Chains to sign OCI images built in Tekton
-
Send a pull request to https://github.com/savitaashture/kubeday-india and observe the triggering of the PipelineRun for the pull request
-
After sending a push request, check if the PipelineRun for the push request is triggered.
-
Verify that the pushed image is signed and attested using Tekton Chains
Tekton Pipeline doc: https://tekton.dev/docs/
Tekton Chains doc: https://tekton.dev/docs/chains/
Pipelines as Code: https://pipelinesascode.com/
Demo Repository: https://github.com/savitaashture/kubeday-india
kubectl create ns argocd
kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/install.yaml -n argocd
kubectl port-forward -n argocd svc/argocd-server 8443:443 > /dev/null 2>&1 &
ADMIN_PASSWD=$(kubectl get secret argocd-initial-admin-secret -o jsonpath='{.data.password}' -n argocd | base64 -d)
argocd login --username admin --password ${ADMIN_PASSWD} localhost:8443 --insecure
IMAGE_UPDATER_TOKEN=$(argocd account generate-token --account image-updater --id image-updater)
kubectl create secret generic argocd-image-updater-secret \
--from-literal argocd.token=${IMAGE_UPDATER_TOKEN} --dry-run=client -o yaml | kubectl -n argocd apply -f -
kubectl create -f argo/application.yaml -n argocd
kubectl create namespace cosign-system
helm repo add sigstore https://sigstore.github.io/helm-charts
helm repo update
helm install policy-controller -n cosign-system sigstore/policy-controller --devel
kubectl -n cosign-system wait --for=condition=Available deployment/policy-controller-webhook && \
kubectl -n cosign-system wait --for=condition=Available deployment/policy-controller-webhook
kubectl create ns kubeday-integ
kubectl label namespace kubeday-integ policy.sigstore.dev/include=true