-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathenv.sh
executable file
·78 lines (67 loc) · 2.7 KB
/
env.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/bin/sh
# Pre-requisite: PROJECT is defined
# Pre-requisite: ${PROJECT} exists in GCP with billing enabled.
if [[ -z "${PROJECT}" ]]; then
echo "Set envvar PROJECT to your GCP project before running this script."
exit 1
fi;
# Pre-requisite: authentication for Cloud SDK
ACCOUNT=$(gcloud auth list --filter=status:ACTIVE --format="value(account)")
if [[ -z "${ACCOUNT}" ]]; then
echo "Run 'gcloud auth login' to authenticate on GCP before running this script."
exit 1
fi;
# Location settings
export LOCATION=us
export ZONE=us-central1-c
# Chains configuration
export ATTESTOR_NAME=tekton-chains-attestor
export CHAINS_NS=tekton-chains
# Artifact Registry repo and image
export IMAGE=allow
export REPO=my-repo
# Service Accounts
export BUILDER=builder
export BUILDER_SA="${BUILDER}@${PROJECT}.iam.gserviceaccount.com"
export VERIFIER=tekton-chains-controller
export VERIFIER_SA="${VERIFIER}@${PROJECT}.iam.gserviceaccount.com"
# KMS envvars
# It is a best practice to use a separate project for keys to better enforce
# separation of duties:
# https://cloud.google.com/kms/docs/separation-of-duties
#
# To use a separate project, set KEY_PROJECT before running ./setup.sh.
# Otherwise, we just put the key in the same PROJECT as everything else.
if [[ -z "${KEY_PROJECT}" ]]; then
# Use the same project for Tekton and key storage.
export KEY_PROJECT=${PROJECT}
export KEY=tekton-chains-key
else
# Keys are stored in a separate project; we name the key after the project
# that uses it to enable ease of key identification and management in the keys
# project.
export KEY=${PROJECT}
fi
export KEYRING=tekton-chains
export KEY_VERSION=1
export KMS_URI="gcpkms://projects/${KEY_PROJECT}/locations/${LOCATION}/keyRings/${KEYRING}/cryptoKeys/${KEY}/cryptoKeyVersions/${KEY_VERSION}"
# kubectl configuration
export PROD_CLUSTER=prod
export PROD_CONTEXT=gke_${PROJECT}_${ZONE}_${PROD_CLUSTER} # context for kubectl
export TEKTON_CLUSTER=tekton
export TEKTON_CONTEXT=gke_${PROJECT}_${ZONE}_${TEKTON_CLUSTER} # context for kubectl
# CRD versions to use; default is latest
# Pin to a specific version by specifying its directory, for example:
# CHAINS_VERSION=previous/v0.12.0
export PIPELINE_VERSION=latest
export CHAINS_VERSION=latest
# Pre-requisites: installation of Cloud SDK, kubectl, tkn
gcloud=$(which gcloud) || ( echo "gcloud not found" && exit 1 )
kubectl=$(which kubectl) || ( echo "kubectl not found" && exit 1 )
tkn=$(which tkn) || ( echo "tkn not found" && exit 1 )
# Aliases for commands
key_gcloud="${gcloud} --project=${KEY_PROJECT}"
gcloud="${gcloud} --project=${PROJECT}"
tkn="${tkn} --context=${TEKTON_CONTEXT}"
k_tekton="${kubectl} --context=${TEKTON_CONTEXT}"
k_prod="${kubectl} --context=${PROD_CONTEXT}"