Working pipeline for acs workflow.
This commit is contained in:
@ -144,6 +144,23 @@ EOF
|
|||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
|
||||||
|
** Configure rhacs ocp registry
|
||||||
|
|
||||||
|
The pipeline we will shortly be running below for deploying our sample application includes steps for scanning a built image with ~roxctl~ command line utility for Red Hat Advanced Cluster Security. In order for these scans to work we need to configure Red Had Advanced Cluster Security with an integration for the [[https://docs.openshift.com/acs/4.1/integration/integrate-with-image-registries.html#manual-configuration-image-registry-ocp_integrate-with-image-registries][openshift internal image registry]] which is used by the pipeline.
|
||||||
|
|
||||||
|
We can configure that automatically using the ~imageintegrations~ api:
|
||||||
|
|
||||||
|
#+begin_src bash :results silent
|
||||||
|
export $(cat .env)
|
||||||
|
|
||||||
|
curl -v "https://${rox_central_endpoint}/v1/imageintegrations" \
|
||||||
|
--user "admin:${rox_admin_password}" \
|
||||||
|
--header 'content-type: application/json' \
|
||||||
|
--data-raw '{"id":"","name":"ocp-internal","categories":["REGISTRY"],"docker":{"endpoint":"image-registry.openshift-image-registry.svc:5000","username":"opentlc-mgr","password":"$(oc whoami --show-token)","insecure":true},"autogenerated":false,"clusterId":"","clusters":[],"skipTestIntegration":false,"type":"docker"}' \
|
||||||
|
--insecure
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
|
||||||
** Deploy sample application
|
** Deploy sample application
|
||||||
|
|
||||||
In order to showcase incorporating ~roxctl~ into developer workflows we need a sample application to tinker with. For our purposes included in a subdirectory here is a small version of the classic kubernetes guestbook app.
|
In order to showcase incorporating ~roxctl~ into developer workflows we need a sample application to tinker with. For our purposes included in a subdirectory here is a small version of the classic kubernetes guestbook app.
|
||||||
|
|||||||
@ -69,7 +69,9 @@ spec:
|
|||||||
- name: rox_central_endpoint
|
- name: rox_central_endpoint
|
||||||
value: roxsecrets
|
value: roxsecrets
|
||||||
- name: output_format
|
- name: output_format
|
||||||
value: pretty
|
value: json
|
||||||
|
runAfter:
|
||||||
|
- build
|
||||||
taskRef:
|
taskRef:
|
||||||
kind: ClusterTask
|
kind: ClusterTask
|
||||||
name: rox-image-scan
|
name: rox-image-scan
|
||||||
@ -81,6 +83,8 @@ spec:
|
|||||||
value: roxsecrets
|
value: roxsecrets
|
||||||
- name: rox_central_endpoint
|
- name: rox_central_endpoint
|
||||||
value: roxsecrets
|
value: roxsecrets
|
||||||
|
runAfter:
|
||||||
|
- image-scan
|
||||||
taskRef:
|
taskRef:
|
||||||
kind: ClusterTask
|
kind: ClusterTask
|
||||||
name: rox-image-check
|
name: rox-image-check
|
||||||
@ -89,7 +93,7 @@ spec:
|
|||||||
- name: SCRIPT
|
- name: SCRIPT
|
||||||
value: oc rollout status deploy/$(params.APP_NAME)
|
value: oc rollout status deploy/$(params.APP_NAME)
|
||||||
runAfter:
|
runAfter:
|
||||||
- build
|
- image-check
|
||||||
taskRef:
|
taskRef:
|
||||||
kind: ClusterTask
|
kind: ClusterTask
|
||||||
name: openshift-client
|
name: openshift-client
|
||||||
|
|||||||
Reference in New Issue
Block a user