pflaeging-net-public/fulcio-rekor-appliance
4
0
Fork 0
Code Issues Pull requests Projects Packages Wiki Activity
No description
12 commits 1 branch 0 tags 41 KiB
  • Jinja 67.3%
  • Shell 32.7%
Find a file
Exact
Peter Pfläging 9c22d4362b small changes, ...
2024-07-29 14:02:57 +02:00
fulcio-rekor-rollout@3dd21c2bca make ist finally running in offline mode (no letsencrypt) 2024-07-19 15:26:35 +02:00
gubernat@a844508056 make ist finally running in offline mode (no letsencrypt) 2024-07-19 15:26:35 +02:00
templates make ist finally running in offline mode (no letsencrypt) 2024-07-19 15:26:35 +02:00
.gitignore small changes, ... 2024-07-29 14:02:57 +02:00
.gitmodules made submodule structure 2024-06-30 11:43:26 +02:00
00-push-to-appliance.sh update clusterissuer and ingressclassname 2024-07-16 14:45:14 +02:00
01-basic-setup.sh small changes, ... 2024-07-29 14:02:57 +02:00
02-generate-configs.sh Repo is ready, testing has to be done! 2024-06-30 15:47:02 +02:00
03-rollout-cluster.sh make ist finally running in offline mode (no letsencrypt) 2024-07-19 15:26:35 +02:00
04-rollout-fulcio+rekor.sh make ist finally running in offline mode (no letsencrypt) 2024-07-19 15:26:35 +02:00
05-setup-keycloak.sh make ist finally running in offline mode (no letsencrypt) 2024-07-19 15:26:35 +02:00
06-get-cosign-config.sh small changes, ... 2024-07-29 14:02:57 +02:00
make-files.yml Repo is ready, testing has to be done! 2024-06-30 15:47:02 +02:00
Readme.md Add step 06, modifiy Readme and variables 2024-07-17 14:44:29 +02:00
ToDo.md small changes, ... 2024-07-29 14:02:57 +02:00
variables.yml Add step 06, modifiy Readme and variables 2024-07-17 14:44:29 +02:00

Readme.md

Fulcio & Rekor Appliance based on gubernat

How does it work?

Mainly this is a wrapper for two projects:

  • gubernat: a system to make kubernetes based software appliances
  • fulcio-rekor-rollout: an automated rollout for private instances of fulcio and rekor

The whole system is based on ansible.

Steps:

  1. install a minimal RHEL9 clone (I'm using almalinux 9)
  2. login as root
  3. download or copy this repo as complete tree
  4. configure rollout
  5. install
  6. ready!

OK, here are the details:

Install minimal OS

I'm installing a minimal rpm based os (using one of the RHEL9 clones).

Here are the parameters:

  • Minimal install
  • virtual machine parameters:
    • Memory 4GB+
    • Disk 20GB+
    • minimal 2 core

Install and configure appliance

(assuming your appliance VM ip is 192.168.254.144)

Please be sure that you have cloned the two submodules with this main repo. If the content of the submodules is empty get the submodules with:

git submodule init
git submodule update

Do the following:

  1. edit variables.yml in this directory
  2. copy this repo on your cluster: ./00-push-to-appliance.sh
  3. enter your appliance: ssh root@192.168.254.144 and enter dir cd fulcio-rekor-appliance
  4. Execute basic setup: ./01-basic-setup.sh
  5. Generate your config: ./02-generate-configs.sh
    Don't forget to set your DNS definitions (via DNS server or local)
  6. Rollout K8s cluster: ./03-rollout-cluster.sh
  7. Rollout the fulcio and rekor deployment: ./04-rollout-fulcio+rekor.sh
  8. Setup Keycloak App: ./05-setup-keycloak.sh
  9. Generate cosign config: ./06-get-cosign-config.sh

After this you have a complete setup of fulcio and rekor!

This config works with 2 architectures:

  • x86_64 ("normal" Intel / AMD 64 server )
  • aarch64 (Arm64 like Raspberry Pi 4+ or Mac M1+ based VM's)