Red Hat SummitThis documentation is for a release that is no longer maintained
See documentation for the latest supported version.이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 3. Integrating pre-existing deployments and outside products
RHTAP installs a network of products that work together to form a secure, automated CI/CD platform. However, two of these products you may have already installed in your cluster: Advanced Cluster Security (ACS) and Quay. If you already have instances of either of these products, you can integrate them into your installation of RHTAP. Integration saves time and prevents data loss. If you have instances of these products in your cluster and do not integrate them, then the installer just creates new instances in new namespaces.
There are three other products that RHTAP uses by default, which you can replace in your instance. The table below names these products, their purpose, and what other products you can use instead.
| Product | Purpose | Possible substitutes |
|---|---|---|
| GitHub | Source code repository |
|
| Tekton | CI pipeline |
CI pipeline substitutes conform to SLSA Build L2. Only Tekton conforms to Build L3. |
| Quay | Registry for artifacts | Artifactory |
Please note that when you use alternative providers for your Git, CI and registry integrations, RHTAP also installs plugins for those products in Red Hat Developer Hub. Most of them are Technology Preview or community plugins. This means that replacing default products can introduce security risks and is not recommended for a production environment. For more information, please see the plugins table in our release notes and the RHDH documentation about plugins.
The following procedures explain how to integrate these products into RHTAP.
Examples of all rhtap-cli integration commands listed in this guide include the --config parameter. Replace $CONFIG with the path of the config.yaml file.
You don’t need to add --config if you run the rhtap-cli integration command from a local clone of the rhtap-cli repo and you’re in the corresponding branch.
3.1. (Optional) Integrating ACS
Prerequisites
- Administrator access to an instance of ACS.
Procedure
Before you can integrate your instance of ACS, you need an API token and the central endpoint URL.
- In your CLI, login to the OpenShift cluster where you plan to install RHTAP.
Run the integration command. Replace $ENDPOINT with your ACS central endpoint URL, and $TOKEN with your ACS API token.
rhtap-cli integration acs --endpoint="$ENDPOINT" --token="$TOKEN" --config="$CONFIG"
rhtap-cli integration acs --endpoint="$ENDPOINT" --token="$TOKEN" --config="$CONFIG"Copy to Clipboard Copied! Toggle word wrap Toggle overflow
3.2. (Optional) Integrating Quay
In this procedure, you obtain two values from your instance of Quay. Then you integrate your instance into RHTAP.
Prerequisites:
- A Quay account
- Ownership of a Quay organization (you can use any plan, including the free option).
We recommend using a robot account in Quay for this procedure. This way, once RHTAP is installed, multiple users can authenticate to your organization’s namespace in Quay.
Procedure:
- In your web browser, login to Quay. On the right side of the banner, select your username and select Account Settings from the dropdown menu.
- On your user settings page, under Docker CLI Password, select Generate Encrypted Password. In the popup window, enter your password to authenticate.
-
Next, still in the popup window, select Docker Configuration > View [username]-auth.json. Copy the string, without the quotation marks, following
"auth":. -
In your
~/install_values.txtfile, label and create the Docker configuration value with the following format, using your username and auth token where appropriate: {"auths": {"quay.io": {"auth": "[auth token]","email": ""}}} - Back in the Quay UI, return to the default Repositories page. On the right side, under Users and Organizations, select the Quay organization you want to use for RHTAP.
- From the tabs on the left side, select Applications.
- Click Create New Application. Give your application a name.
- Click on the application’s name.
- From the tabs on the left, select Generate Token.
- From the options for permissions for the token, select View all visible repositories.
- Click Generate Access Token.
- Click Authorize Applicaiton.
-
The UI displays an access token. Label and save this token in
~/install_values.txt, too. In your CLI, run the following command to integrate your instance of Quay. Replace $DOCKERCONFIGJSON with the Docker configuration value. Replace $API_TOKEN with the token you just generated. And replace $URL with the address for your instance of Quay (https://quay.io if you have not installed Quay in your cluster).
rhtap-cli integration quay --dockerconfigjson="$DOCKERCONFIGJSON" --token="$API_TOKEN" --url="$URL" --config="$CONFIG"
$ rhtap-cli integration quay --dockerconfigjson="$DOCKERCONFIGJSON" --token="$API_TOKEN" --url="$URL" --config="$CONFIG"Copy to Clipboard Copied! Toggle word wrap Toggle overflow
3.3. (Optional) Integrating GitLab
If you want to use GitLab to host your source code, or as a CI provider, complete the steps in the following procedure.
Prerequisites
- You must have the necessary permissions to create and manage GitLab jobs.
- You must have a GitLab API token.
-
You must have a host URL, if you plan to integrate with a custom GitLab host. If you do not specify a GitLab host URL, the system defaults to
gitlab.com.
Procedure
In your CLI, run the integration command. Replace $API_TOKEN with your GitLab API token. If you are integrating with a custom GitLab host, replace $URL with you GitLab host URL. If you are using the default
gitlab.comhost, you can remove the--hostoption.rhtap-cli integration gitlab --token="$API_TOKEN" --host="$URL" --config="$CONFIG"
$ rhtap-cli integration gitlab --token="$API_TOKEN" --host="$URL" --config="$CONFIG"Copy to Clipboard Copied! Toggle word wrap Toggle overflow
3.4. (Optional) Integrating Jenkins
Prerequisites
- You must have the necessary permissions to create and manage Jenkins jobs.
- You must have a URL using which you access Jenkins, a Jenkins user ID, and an API token.
Procedure
In your CLI, run the integration command. Replace $API_TOKEN with your Jenkins API token, $URL with you Jenkins instance URL, $USERNAME with your Jenkins user ID.
rhtap-cli integration jenkins --token="$API_TOKEN" --url="$URL" --username="$USERNAME" --config="$CONFIG"
$ rhtap-cli integration jenkins --token="$API_TOKEN" --url="$URL" --username="$USERNAME" --config="$CONFIG"Copy to Clipboard Copied! Toggle word wrap Toggle overflow
3.5. (Optional) Integrating JFrog Artifactory
Prerequisites
- Admin access to an instance of Artifactory
- A repository in Artifactory that you want to use with RHTAP
Procedure
- In the Artifactory UI, in the Administration view, click the green Set Up Client/CI Tool button next to the repository that you want to use.
- Select Docker Client
Follow the UI instructions to authenticate in your CLI.
-
The UI generates a token to use as a password. Make sure to save it in
~/install_values.txt. -
When you login to JFrog in your CLI, you should get a message saying your password has been stored in a location such as
~/.docker/config.json. If you do not see this message, a later step in this procedure explains what to do.
-
The UI generates a token to use as a password. Make sure to save it in
In your CLI, run the integration command. Set the value of ARTIFACTORY_URL to the URL of your instance (for example, "https://myusername.jfrog.io"). Set the value of ARTIFACTORY_DOCKERCONFIGJSON to the contents of the file where your password was stored. Set the value of ARTIFACTORY_API_TOKEN to the token that JFrog generated.
rhtap-cli integration artifactory --url="$ARTIFACTORY_URL" --dockerconfigjson="$ARTIFACTORY_DOCKERCONFIGJSON" --token="$ARTIFACTORY_API_TOKEN" --config="$CONFIG"
$ rhtap-cli integration artifactory --url="$ARTIFACTORY_URL" --dockerconfigjson="$ARTIFACTORY_DOCKERCONFIGJSON" --token="$ARTIFACTORY_API_TOKEN" --config="$CONFIG"Copy to Clipboard Copied! Toggle word wrap Toggle overflow
If your CLI did not print a message about the config.json file, you can create its contents as follows: { "auths": { "<URL for your JFrog instance>":{ "auth": "<base64 format of username:password>", "email": "" }}}
3.6. (Optional) Integrating Bitbucket
If you want to use Bitbucket cloud to host your source code, complete the steps in the following procedure.
Prerequisites
You must have Bitbucket username. To find your username:
- On the sidebar in Bitbucket, click your profile picture and select View profile.
- In the sidebar, select Settings. The system displays your username in the account settings.
- You must have a app password.
Procedure
In your CLI, run the integration command. Replace $username with your Bitbucket username, and $appPassword with your Bitbucket access tokens. If you are integrating with a custom Bitbucket host, replace $URL with you Bitbucket host URL. If you are using the default
bitbucket.orghost, you can remove the--hostoption.rhtap-cli integration bitbucket --username="$username" --app-password="$access_token" --host="$URL" --config="$CONFIG"
$ rhtap-cli integration bitbucket --username="$username" --app-password="$access_token" --host="$URL" --config="$CONFIG"Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}