Configure deploy target configuration
Specifies the specific information that is needed for the pipeline:
- solution deploy information
- security context (how to login into the cluster)
- helm chart repository for fetching already created solution helm chart
Open the configuration-controller
Use POST method Create a runtime configuration for
creating the configuration.
Request parameters
| Parameter | TYPE | Description |
|---|---|---|
configurationName |
path parameter (String) | The name of the configuration:
ssob-sdo-solution-deploy |
runtimeName |
path parameter (String) | The name of the specific Solution Envoy, e.g.
cpd-runtime-default |
data |
body parameter (YAML) | The configration values (Body Parameters) |
Configuration Parameters (body parameter)
The following table lists the required configurable parameters for the Solution Envoy configuration.
| Parameter | Description |
|---|---|
deployment.chart.s3.repositoryEndpoint |
The address of the internal s3 service (minio) of the installation, e.g.
gitlab-minio-svc.foundation.svc.cluster.local:9000 |
mode |
Used storage for the helm charts (possible value
s3) |
deployment.chart.s3.accessKey |
Access key for the s3 storage (see Getting accessKey and secretAccessKey for minio) |
deployment.chart.s3.bucketName |
Used bucket name of the s3 storage (you should ensure that the bucket is already present), e.g.
helm-charts-default |
deployment.chart.s3.disableSsl |
Specifies if ssl is disabled |
deployment.chart.s3.region |
Region of the s3 storage (region in default installation is
us-east-1) |
deployment.chart.s3.secretAccessKey |
Secret access key for the s3 storage (see Getting accessKey and secretAccessKey for minio) |
runtime.url |
The url of the Solution Envoy |
securityContext.mode.oc |
Used login to get kubernetes access (with oc the
OpenShift CLI is used) |
securityContext.oc.token |
Token for the oc login. It is required that the serviceaccount of this token is able to contact the tiller of the cpd namespace (see Getting valid oc login token) |
securityContext.oc.server |
Url of the OpenShift cluster |
The following table lists the optional configurable parameters for the Solution Envoy configuration, these variables have default values if nothing is set.
| Parameter | Description | Default value |
|---|---|---|
deployment.timeout |
Set the timeout for the helm deployment in sec | 300 |
deployment.useTls |
Set using the --tls flag for the helm
deployment |
true |
deployment.tlsCaCert |
Set TLS CA certificate file for the helm
deployment using helm --tls-ca-cert flag |
nil |
deployment.tlsCert |
Set TLS CA certificate file for the helm
deployment using helm --tls-cert flag |
nil |
deployment.tlsKey |
Set TLS key file for the helm
deployment using helm --tls-key flag |
nil |
deployment.skipInit |
Skip the helm init --client-only
command |
false |
deployment.additionalParameters |
Allows setting addional helm parameters for the helm deployment | nil |
securityContext.oc.skipTls |
Skip the tls verification during oc login command | false |
Example body parameter (data)
deployment:
chart:
mode: s3
s3:
accessKey: <ACCESS_KEY>
bucketName: helm-charts-default
disableSsl: true
region: us-east-1
secretAccessKey: <SECRET_KEY>
repositoryEndpoint: gitlab-minio-svc.foundation.svc.cluster.local:9000
runtime:
url: "https://cpd-runtime-default.apps.openshift-cluster.mydomain.cloud"
securityContext:
mode: oc
oc:
token: eyJ...URd.eyJ...trAS.zte...FDW
server: https://api.openshift-cluster.mydomain.cloud:6443
Getting accessKey and secretAccessKey for minio
The values for accessKey and secretAccessKey can be
found in the minio secret of the namespace where minio was installed, e.g.
For a minio service provided by GitLab the values can be found in a yet exisiting secret, that is located in
the namespace where GitLab was installed. By default the secret ends with -minio-secret.
oc -n gitlab get secret gitlab-minio-secret -o jsonpath='{.data.accesskey}'| base64 -doc -n gitlab get secret gitlab-minio-secret -o jsonpath='{.data.secretkey}'| base64 -dThe values of the secret have to be base64 decoded.
Getting valid oc login token
First search for the secrets of the cpd-admin-sa in the cpd namespace, where the cpd tiller is installed:
oc -n cpd get secret | grep cpd-admin-saThen use one of the two cpd-admin-sa-tokens (e.g. cpd-admin-sa-token-24zzk) and get the token:
oc -n cpd get secret cpd-admin-sa-token-24zzk -o jsonpath='{.data.token}' | base64 -d