From 740fc6fdff2a447c6cc365b567ac0cbf428d7a40 Mon Sep 17 00:00:00 2001 From: Sally O'Malley Date: Tue, 10 Oct 2023 21:27:37 -0400 Subject: [PATCH] add cli-server Signed-off-by: Sally O'Malley --- tas-clients/Containerfile | 17 ++++++++-- .../resources/consoleclidownload-cosign.yaml | 11 ++++++ .../resources/consoleclidownload-gitsign.yaml | 11 ++++++ tas-clients/resources/deployment.yaml | 34 +++++++++++++++++++ tas-clients/resources/kustomization.yaml | 12 +++++++ tas-clients/resources/route.yaml | 18 ++++++++++ tas-clients/resources/service.yaml | 15 ++++++++ tas-clients/resources/serviceaccount.yaml | 6 ++++ 8 files changed, 121 insertions(+), 3 deletions(-) create mode 100644 tas-clients/resources/consoleclidownload-cosign.yaml create mode 100644 tas-clients/resources/consoleclidownload-gitsign.yaml create mode 100644 tas-clients/resources/deployment.yaml create mode 100644 tas-clients/resources/kustomization.yaml create mode 100644 tas-clients/resources/route.yaml create mode 100644 tas-clients/resources/service.yaml create mode 100644 tas-clients/resources/serviceaccount.yaml diff --git a/tas-clients/Containerfile b/tas-clients/Containerfile index 25f87d79..b2ec800e 100644 --- a/tas-clients/Containerfile +++ b/tas-clients/Containerfile @@ -1,9 +1,20 @@ FROM quay.io/redhat-user-workloads/rhtas-tenant/rhtas-cli-1-0-beta/cosign@sha256:1a34ac0ee18d144b18a3f18333216e87709018acb6fea42892b5e1a17e2c8af7 AS cosign-image FROM quay.io/redhat-user-workloads/rhtas-tenant/rhtas-cli-1-0-beta/gitsign@sha256:a8e8fb362beb5a9a10f11877f676d4d6399b4f66fe9bd15c3bc352748707b98d AS gitsign-image -FROM registry.redhat.io/rhel8/httpd-24 +FROM registry.redhat.io/rhel8/httpd-24:latest -COPY --from=cosign-image /usr/local/bin/cosign /var/www/html/downloads/cosign -COPY --from=gitsign-image /usr/local/bin/gitsign /var/www/html/downloads/gitsign +RUN mkdir -p /var/www/html/clients + +COPY --from=cosign-image /usr/local/bin/cosign /var/www/html/clients/ +COPY --from=gitsign-image /usr/local/bin/gitsign /var/www/html/clients/ CMD run-httpd + +LABEL \ + com.redhat.component="trusted-artifact-signer-serve-cli-container" \ + name="trusted-artifact-signer-serve-cli-container" \ + version="0.0.1" \ + summary="Red Hat serves Trusted Artifact Signer CLI binaries" \ + description="Serves Trusted Artifact Signer CLI binaries from server" \ + io.k8s.display-name="Red Hat serves Trusted Artifact Signer CLI binaries" \ + maintainer="trusted-artifact-signer@redhat.com" diff --git a/tas-clients/resources/consoleclidownload-cosign.yaml b/tas-clients/resources/consoleclidownload-cosign.yaml new file mode 100644 index 00000000..d609e075 --- /dev/null +++ b/tas-clients/resources/consoleclidownload-cosign.yaml @@ -0,0 +1,11 @@ +apiVersion: console.openshift.io/v1 +kind: ConsoleCLIDownload +metadata: + name: cosign +spec: + description: cosign is a CLI tool that allows you to + manage sigstore artifacts. + displayName: cosign - Command Line Interface (CLI) + links: + - href: https://tas-clients-trusted-artifact-signer.apps.open-svc-sts.k1wl.p1.openshiftapps.com/clients/cosign + text: Download cosign for Linux x86_64 diff --git a/tas-clients/resources/consoleclidownload-gitsign.yaml b/tas-clients/resources/consoleclidownload-gitsign.yaml new file mode 100644 index 00000000..23c046b1 --- /dev/null +++ b/tas-clients/resources/consoleclidownload-gitsign.yaml @@ -0,0 +1,11 @@ +apiVersion: console.openshift.io/v1 +kind: ConsoleCLIDownload +metadata: + name: gitsign +spec: + description: gitsign is a CLI tool that allows you to + digitally sign and verify git commits. + displayName: gitsign - Command Line Interface (CLI) + links: + - href: https://tas-clients-trusted-artifact-signer.apps.open-svc-sts.k1wl.p1.openshiftapps.com/clients/gitsign + text: Download gitsign for Linux x86_64 diff --git a/tas-clients/resources/deployment.yaml b/tas-clients/resources/deployment.yaml new file mode 100644 index 00000000..44fd66a4 --- /dev/null +++ b/tas-clients/resources/deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tas-clients-serve + namespace: trusted-artifact-signer + labels: + app: trusted-artifact-signer-clients +spec: + selector: + matchLabels: + app: trusted-artifact-signer-clients + template: + metadata: + labels: + app: trusted-artifact-signer-clients + spec: + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: tas-clients + containers: + - name: tas-clients + image: quay.io/sallyom/tas-clients:httpd + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8080 + protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + diff --git a/tas-clients/resources/kustomization.yaml b/tas-clients/resources/kustomization.yaml new file mode 100644 index 00000000..9705baf8 --- /dev/null +++ b/tas-clients/resources/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: trusted-artifact-signer + +resources: +- deployment.yaml +- service.yaml +- route.yaml +- serviceaccount.yaml +- consoleclidownload-cosign.yaml +- consoleclidownload-gitsign.yaml diff --git a/tas-clients/resources/route.yaml b/tas-clients/resources/route.yaml new file mode 100644 index 00000000..e1f87ffc --- /dev/null +++ b/tas-clients/resources/route.yaml @@ -0,0 +1,18 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + labels: + app: trusted-artifact-signer-clients + name: tas-clients + namespace: trusted-artifact-signer +spec: + port: + targetPort: 8080-tcp + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: tas-clients + weight: 100 + wildcardPolicy: None diff --git a/tas-clients/resources/service.yaml b/tas-clients/resources/service.yaml new file mode 100644 index 00000000..561653ee --- /dev/null +++ b/tas-clients/resources/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: trusted-artifact-signer-clients + name: tas-clients +spec: + ports: + - name: 8080-tcp + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: trusted-artifact-signer-clients + type: ClusterIP diff --git a/tas-clients/resources/serviceaccount.yaml b/tas-clients/resources/serviceaccount.yaml new file mode 100644 index 00000000..2cb1254a --- /dev/null +++ b/tas-clients/resources/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tas-clients + namespace: trusted-artifact-signer +