Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 3. Integrating instances of ACS, Quay, Jenkins
RHTAP installs a network of products that work together to form a secure, automated CI/CD platform. However, there are two products—Advanced Cluster Security (ACS) and Quay—that you may integrate into RHTAP, rather than installing them as a part of RHTAP. If you already have instances of these products, integrating them saves time and prevents data loss. If you have instances of these products in your cluster and do not integrate them, then the installer just creates new instances in new namespaces.
Additionally, RHTAP uses Tekton by default to define and run build pipelines for your applications. However, you can also integrate Jenkins, to use it as the basis for your build pipeline instead.
The following procedures explain how to integrate each of these products into RHTAP—ACS, Quay, and Jenkins.
3.1. Integrating ACS
Prerequisites
- Administrator access to an instance of ACS.
Procedure
Before you can integrate your instance of ACS, you need an API token and the central endpoint URL.
- In your CLI, login to the OpenShift cluster where you plan to install RHTAP.
Make sure you are in the
rhtap-clidirectory.$ cd ~/rhtap-cliRun the integration command. Replace $ENDPOINT with your ACS central endpoint URL, and $TOKEN with your ACS API token.
./bin/rhtap-cli integration acs --endpoint="$ENDPOINT" --token="$TOKEN"
3.2. Integrating Quay
In this procedure, you obtain two values from your instance of Quay. Then you integrate your instance into RHTAP.
Prerequisites:
- A Quay account
- Ownership of a Quay organization (you can use any plan, including the free option).
We recommend using a robot account in Quay for this procedure. This way, once RHTAP is installed, multiple users can authenticate to your organization’s namespace in Quay.
Procedure:
- In your web browser, login to Quay. On the right side of the banner, select your username and select Account Settings from the dropdown menu.
- On your user settings page, under Docker CLI Password, select Generate Encrypted Password. In the popup window, enter your password to authenticate.
-
Next, still in the popup window, select Docker Configuration > View [username]-auth.json. Copy the string, without the quotation marks, following
"auth":. -
In your
~/install_values.txtfile, label and create the Docker configuration value with the following format, using your username and auth token where appropriate: {"auths": {"quay.io": {"auth": "[auth token]","email": ""}}} - Back in the Quay UI, return to the default Repositories page. On the right side, under Users and Organizations, select the Quay organization you want to use for RHTAP.
- From the tabs on the left side, select Applications.
- Click Create New Application. Give your application a name.
- Click on the application’s name.
- From the tabs on the left, select Generate Token.
- From the options for permissions for the token, select View all visible repositories.
- Click Generate Access Token.
- Click Authorize Applicaiton.
-
The UI displays an access token. Label and save this token in
~/install_values.txt, too. In your CLI, make sure you are in the
rhtap-clidirectory.$ cd ~/rhtap-cliRun the following command to integrate your instance of Quay. Replace $DOCKERCONFIGJSON with the Docker configuration value. Replace $API_TOKEN with the token you just generated. And replace $URL with the address for your instance of Quay (https://quay.io if you have not installed Quay in your cluster).
$ ./bin/rhtap-cli integration quay --dockerconfigjson="$DOCKERCONFIGJSON" --token="$API_TOKEN" --url="$URL"
3.3. (Optional) Integrating Jenkins
Prerequisites
- You must have the necessary permissions to create and manage Jenkins jobs.
- You must have a URL using which you access Jenkins, a Jenkins user ID, and an API token.
Procedure
In your CLI, make sure you are in the
rhtap-clidirectory.$ cd ~/rhtap-cliRun the integration command. Replace $API_TOKEN with your Jenkins API token, $URL with you Jenkins instance URL, $USERNAME with your Jenkins user ID.
$ ./bin/rhtap-cli integration jenkins --token="$API_TOKEN" --url="$URL" --username="$USERNAME"
3.4. (Optional) Integrating GitLab
Prerequisites
- You must have the necessary permissions to create and manage GitLab jobs.
- You must have a GitLab API token.
-
You must have a host URL, if you plan to integrate with a custom GitLab host. If you do not specify a GitLab host URL, the system defaults to
gitlab.com.
Procedure
In your CLI, make sure you are in the
rhtap-clidirectory.$ cd ~/rhtap-cliRun the integration command. Replace $API_TOKEN with your GitLab API token. If you are integrating with a custom GitLab host, replace $HOST_URL with you GitLab host URL. If you are using the default
gitlab.comhost, you can remove the--hostoption.$ ./bin/rhtap-cli integration gitlab --token="$API_TOKEN" --host="$HOST_URL"
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}