-
OCP 4.16
-
oc client >= 4.16
-
Minio client(mc) in your local $PATH
-
Helm client
Parameter | Example Value | Definition |
---|---|---|
token |
sha256~vFanQbthlPKfsaldJT3bdLXIyEkd7ypO_XPygY1DNtQ |
access token for a user with cluster-admin privileges |
server |
OpenShift cluster API URL |
|
github_pat |
longString |
Personal Access Token used to download and publish content on Github. For information regarding scope, refer to the docs |
Before testing cosig, first, create a new user in Keycloak. You will need it for authentication.
export TUF_URL=$(oc get tuf -o jsonpath='{.items[0].status.url}' -n trusted-artifact-signer) export OIDC_ISSUER_URL=https://$(oc get route keycloak-ingress-xsv9t -n keycloak-system | tail -n 1 | awk '{print $2}')/realms/trusted-artifact-signer export COSIGN_FULCIO_URL=$(oc get fulcio -o jsonpath='{.items[0].status.url}' -n trusted-artifact-signer) export COSIGN_REKOR_URL=$(oc get rekor -o jsonpath='{.items[0].status.url}' -n trusted-artifact-signer) export COSIGN_MIRROR=$TUF_URL export COSIGN_ROOT=$TUF_URL/root.json export COSIGN_OIDC_CLIENT_ID="trusted-artifact-signer" export COSIGN_OIDC_ISSUER=$OIDC_ISSUER_URL export COSIGN_CERTIFICATE_OIDC_ISSUER=$OIDC_ISSUER_URL export COSIGN_YES="true" export SIGSTORE_FULCIO_URL=$COSIGN_FULCIO_URL export SIGSTORE_OIDC_ISSUER=$COSIGN_OIDC_ISSUER export SIGSTORE_REKOR_URL=$COSIGN_REKOR_URL export REKOR_REKOR_SERVER=$COSIGN_REKOR_URL