-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Sally O'Malley <[email protected]>
- Loading branch information
Showing
8 changed files
with
121 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,20 @@ | ||
| FROM quay.io/redhat-user-workloads/rhtas-tenant/rhtas-cli-1-0-beta/cosign@sha256:1a34ac0ee18d144b18a3f18333216e87709018acb6fea42892b5e1a17e2c8af7 AS cosign-image | ||
| FROM quay.io/redhat-user-workloads/rhtas-tenant/rhtas-cli-1-0-beta/gitsign@sha256:a8e8fb362beb5a9a10f11877f676d4d6399b4f66fe9bd15c3bc352748707b98d AS gitsign-image | ||
|
|
||
| FROM registry.redhat.io/rhel8/httpd-24 | ||
| FROM registry.redhat.io/rhel8/httpd-24:latest | ||
|
|
||
| COPY --from=cosign-image /usr/local/bin/cosign /var/www/html/downloads/cosign | ||
| COPY --from=gitsign-image /usr/local/bin/gitsign /var/www/html/downloads/gitsign | ||
| RUN mkdir -p /var/www/html/clients | ||
|
|
||
| COPY --from=cosign-image /usr/local/bin/cosign /var/www/html/clients/ | ||
| COPY --from=gitsign-image /usr/local/bin/gitsign /var/www/html/clients/ | ||
|
|
||
| CMD run-httpd | ||
|
|
||
| LABEL \ | ||
| com.redhat.component="trusted-artifact-signer-serve-cli-container" \ | ||
| name="trusted-artifact-signer-serve-cli-container" \ | ||
| version="0.0.1" \ | ||
| summary="Red Hat serves Trusted Artifact Signer CLI binaries" \ | ||
| description="Serves Trusted Artifact Signer CLI binaries from server" \ | ||
| io.k8s.display-name="Red Hat serves Trusted Artifact Signer CLI binaries" \ | ||
| maintainer="[email protected]" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| apiVersion: console.openshift.io/v1 | ||
| kind: ConsoleCLIDownload | ||
| metadata: | ||
| name: cosign | ||
| spec: | ||
| description: cosign is a CLI tool that allows you to | ||
| manage sigstore artifacts. | ||
| displayName: cosign - Command Line Interface (CLI) | ||
| links: | ||
| - href: https://tas-clients-trusted-artifact-signer.apps.open-svc-sts.k1wl.p1.openshiftapps.com/clients/cosign | ||
| text: Download cosign for Linux x86_64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| apiVersion: console.openshift.io/v1 | ||
| kind: ConsoleCLIDownload | ||
| metadata: | ||
| name: gitsign | ||
| spec: | ||
| description: gitsign is a CLI tool that allows you to | ||
| digitally sign and verify git commits. | ||
| displayName: gitsign - Command Line Interface (CLI) | ||
| links: | ||
| - href: https://tas-clients-trusted-artifact-signer.apps.open-svc-sts.k1wl.p1.openshiftapps.com/clients/gitsign | ||
| text: Download gitsign for Linux x86_64 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: tas-clients-serve | ||
| namespace: trusted-artifact-signer | ||
| labels: | ||
| app: trusted-artifact-signer-clients | ||
| spec: | ||
| selector: | ||
| matchLabels: | ||
| app: trusted-artifact-signer-clients | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: trusted-artifact-signer-clients | ||
| spec: | ||
| securityContext: | ||
| runAsNonRoot: true | ||
| seccompProfile: | ||
| type: RuntimeDefault | ||
| serviceAccountName: tas-clients | ||
| containers: | ||
| - name: tas-clients | ||
| image: quay.io/sallyom/tas-clients:httpd | ||
| imagePullPolicy: IfNotPresent | ||
| ports: | ||
| - containerPort: 8080 | ||
| protocol: TCP | ||
| securityContext: | ||
| allowPrivilegeEscalation: false | ||
| capabilities: | ||
| drop: | ||
| - ALL | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| apiVersion: kustomize.config.k8s.io/v1beta1 | ||
| kind: Kustomization | ||
|
|
||
| namespace: trusted-artifact-signer | ||
|
|
||
| resources: | ||
| - deployment.yaml | ||
| - service.yaml | ||
| - route.yaml | ||
| - serviceaccount.yaml | ||
| - consoleclidownload-cosign.yaml | ||
| - consoleclidownload-gitsign.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| apiVersion: route.openshift.io/v1 | ||
| kind: Route | ||
| metadata: | ||
| labels: | ||
| app: trusted-artifact-signer-clients | ||
| name: tas-clients | ||
| namespace: trusted-artifact-signer | ||
| spec: | ||
| port: | ||
| targetPort: 8080-tcp | ||
| tls: | ||
| insecureEdgeTerminationPolicy: Redirect | ||
| termination: edge | ||
| to: | ||
| kind: Service | ||
| name: tas-clients | ||
| weight: 100 | ||
| wildcardPolicy: None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| labels: | ||
| app: trusted-artifact-signer-clients | ||
| name: tas-clients | ||
| spec: | ||
| ports: | ||
| - name: 8080-tcp | ||
| port: 8080 | ||
| protocol: TCP | ||
| targetPort: 8080 | ||
| selector: | ||
| app: trusted-artifact-signer-clients | ||
| type: ClusterIP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: tas-clients | ||
| namespace: trusted-artifact-signer | ||
|
|