Working pipeline for acs workflow.

2023-07-30 23:32:56 +12:00
parent cd4ba6e532
commit c0ecafdcbc
2 changed files with 23 additions and 2 deletions
--- a/2023-07-31-acs-workflows/README.org
+++ b/2023-07-31-acs-workflows/README.org
@ -144,6 +144,23 @@ EOF
 #+end_src


+** Configure rhacs ocp registry
+
+The pipeline we will shortly be running below for deploying our sample application includes steps for scanning a built image with ~roxctl~ command line utility for Red Hat Advanced Cluster Security. In order for these scans to work we need to configure Red Had Advanced Cluster Security with an integration for the [[https://docs.openshift.com/acs/4.1/integration/integrate-with-image-registries.html#manual-configuration-image-registry-ocp_integrate-with-image-registries][openshift internal image registry]] which is used by the pipeline.
+
+We can configure that automatically using the ~imageintegrations~ api:
+
+#+begin_src bash :results silent
+export $(cat .env)
+
+curl -v "https://${rox_central_endpoint}/v1/imageintegrations" \
+  --user "admin:${rox_admin_password}" \
+  --header 'content-type: application/json' \
+  --data-raw '{"id":"","name":"ocp-internal","categories":["REGISTRY"],"docker":{"endpoint":"image-registry.openshift-image-registry.svc:5000","username":"opentlc-mgr","password":"$(oc whoami --show-token)","insecure":true},"autogenerated":false,"clusterId":"","clusters":[],"skipTestIntegration":false,"type":"docker"}' \
+  --insecure
+#+end_src
+
+
 ** Deploy sample application

 In order to showcase incorporating ~roxctl~ into developer workflows we need a sample application to tinker with. For our purposes included in a subdirectory here is a small version of the classic kubernetes guestbook app.
--- a/2023-07-31-acs-workflows/guestbook/manifests/pipeline.yaml
+++ b/2023-07-31-acs-workflows/guestbook/manifests/pipeline.yaml
@ -69,7 +69,9 @@ spec:
        - name: rox_central_endpoint
          value: roxsecrets
        - name: output_format
-          value: pretty
+          value: json
+      runAfter:
+        - build
      taskRef:
        kind: ClusterTask
        name: rox-image-scan
@ -81,6 +83,8 @@ spec:
          value: roxsecrets
        - name: rox_central_endpoint
          value: roxsecrets
+      runAfter:
+        - image-scan
      taskRef:
        kind: ClusterTask
        name: rox-image-check
@ -89,7 +93,7 @@ spec:
        - name: SCRIPT
          value: oc rollout status deploy/$(params.APP_NAME)
      runAfter:
-        - build
+        - image-check
      taskRef:
        kind: ClusterTask
        name: openshift-client