cd
/
k8s-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add chains installation and notes.

This commit is contained in:
James Pace 2023-02-02 22:22:45 -05:00
parent cfcb908bfc
commit 95f543154b
3 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
chains/chains-config.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-chains
name: chains-config
namespace: tekton-chains
data:
artifacts.taskrun.format: in-toto
artifacts.taskrun.storage: tekton
artifacts.taskrun.signer: x509
artifacts.pipelinerun.format: in-toto
artifacts.pipelinerun.storage: tekton
artifacts.pipelinerun.signer: x509
artifacts.oci.storage: tekton
artifacts.oci.signer: x509
builder.id: http://tekton.internal.jpace121.net

21
notes.md
View File

@ -23,6 +23,7 @@ Install Tekton:
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
``` ```
Set up local registry on master. Set up local registry on master.
(See below.) (See below.)
@ -61,8 +62,7 @@ Apply rest of the CRDs.
# Set up Tekton Dashboard: # Set up Tekton Dashboard:
``` ```
curl -sL https://raw.githubusercontent.com/tektoncd/dashboard/main/scripts/release-installer | \ kubectl apply --filename https://storage.googleapis.com/tekton-releases/dashboard/latest/release.yaml
bash -s -- install latest --read-only
``` ```
Port forward locally: Port forward locally:
``` ```
@ -187,6 +187,23 @@ helm install --namespace nfs-subdir-external-provisioner nfs-subdir-external-pro
--set nfs.path=/srv/nfs --set nfs.path=/srv/nfs
``` ```
# Chains
Set up:
```
kubectl apply --filename https://storage.googleapis.com/tekton-releases/chains/previous/v0.14.0/release.yaml
# Apply secret from j7s-intoto.
# name: signing-secrets namespace: tekton-chains data: x509.pem: base64 of pem
kubectl apply -f chains-config.yaml
kubectl rollout restart -n tekton-chains deployment tekton-chains-controller
```
See:
```
export TASKRUN_UID=$(tkn pr describe --namespace j7s-ci --last -o jsonpath='{.metadata.uid}')
tkn pr describe --namespace j7s-ci --last -o jsonpath="{.metadata.annotations.chains\.tekton\.dev/signature-pipelinerun-$TASKRUN_UID}" > signature
tkn pr describe --namespace j7s-ci --last -o jsonpath="{.metadata.annotations.chains\.tekton\.dev/payload-pipelinerun-$TASKRUN_UID}" | base64 -d > payload
```
# Future Ideas # Future Ideas
If we later want to do this on an overlay network: If we later want to do this on an overlay network:

2
pipelines/test-report-pipeline.yaml
View File

@ -39,7 +39,7 @@ spec:
script: | script: |
set -x set -x
cat $(workspaces.source.path)/README.md cat $(workspaces.source.path)/README.md
exit -1 exit 0
finally: finally:
- name: notify-onedev - name: notify-onedev
params: params: