From 121a21fd06a8e226ffb4b0564c077e75646bd0d6 Mon Sep 17 00:00:00 2001 From: Tomas Turek Date: Mon, 11 Dec 2023 13:19:05 +0100 Subject: [PATCH] Agregate documentations files into docs folder --- README.md | 2 +- charts/trusted-artifact-signer/Chart.yaml | 2 +- charts/trusted-artifact-signer/README.md | 12 ++++++------ charts/trusted-artifact-signer/README.md.gotmpl | 10 +++++----- charts/trusted-artifact-signer/values.yaml | 2 ++ configure-oidc.md => docs/configure-oidc.md | 2 +- {hack => docs}/configure-self-signed-cluster.md | 2 +- .../enable-grafana-monitoring.md | 0 keycloak-example.md => docs/keycloak-example.md | 4 ++-- .../quick-start-with-keycloak.md | 4 ++-- .../requirements-keys-certs.md | 4 ++-- sign-verify.md => docs/sign-verify.md | 2 +- 12 files changed, 24 insertions(+), 22 deletions(-) rename configure-oidc.md => docs/configure-oidc.md (89%) rename {hack => docs}/configure-self-signed-cluster.md (96%) rename enable-grafana-monitoring.md => docs/enable-grafana-monitoring.md (100%) rename keycloak-example.md => docs/keycloak-example.md (85%) rename quick-start-with-keycloak.md => docs/quick-start-with-keycloak.md (84%) rename requirements-keys-certs.md => docs/requirements-keys-certs.md (89%) rename sign-verify.md => docs/sign-verify.md (98%) diff --git a/README.md b/README.md index 90153aac..f20cc781 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ This chart extends all the features in the upstream chart in addition to includi ### Installing from the Chart Repository For a quickstart on how to install Sigstore components on OpenShift refer to the -[quickstart quide](./quick-start-with-keycloak.md) +[quickstart quide](docs/quick-start-with-keycloak.md) ## Scaffolding Chart diff --git a/charts/trusted-artifact-signer/Chart.yaml b/charts/trusted-artifact-signer/Chart.yaml index 855709f4..07c1a19a 100644 --- a/charts/trusted-artifact-signer/Chart.yaml +++ b/charts/trusted-artifact-signer/Chart.yaml @@ -33,4 +33,4 @@ sources: # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.26 +version: 0.1.27 diff --git a/charts/trusted-artifact-signer/README.md b/charts/trusted-artifact-signer/README.md index 8fe6dfea..d857fb37 100644 --- a/charts/trusted-artifact-signer/README.md +++ b/charts/trusted-artifact-signer/README.md @@ -3,7 +3,7 @@ A Helm chart for deploying Sigstore scaffold chart that is opinionated for OpenShift -![Version: 0.1.26](https://img.shields.io/badge/Version-0.1.26-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) +![Version: 0.1.27](https://img.shields.io/badge/Version-0.1.27-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ## Overview @@ -11,7 +11,7 @@ This wrapper chart builds on top of the [Scaffold](https://github.com/sigstore/h chart from the Sigstore project to both simplify and satisfy the requirements for deployment within an OpenShift If you have already read this document and want a quick no-fail path to installing a Sigstore stack with RH SSO, -follow [quick start](../../quick-start-with-keycloak.md) +follow [quick start](../../docs/quick-start-with-keycloak.md) The chart enhances the scaffold chart by taking care of the following: @@ -40,9 +40,9 @@ scaffold: The following must be satisfied prior to deploying the sample implementation: * Fulcio root CA certificate and signing keys - * More information in [requirements-keys-certs.md](../../requirements-keys-certs.md) + * More information in [requirements-keys-certs.md](../../docs/requirements-keys-certs.md) * OpenID Token Issuer endpoint - * Keycloak/RHSSO requirements can be followed and deployed in OpenShift with [keycloak-example.md](../../keycloak-example.md) + * Keycloak/RHSSO requirements can be followed and deployed in OpenShift with [keycloak-example.md](../../docs/keycloak-example.md) #### Update the values file @@ -66,11 +66,11 @@ OPENSHIFT_APPS_SUBDOMAIN=apps.$(oc get dns cluster -o jsonpath='{ .spec.baseDoma ### Monitor Sigstore Components with Grafana -For real-time analytics through Grafana, refer to our [enable-grafana-monitoring.md](../../enable-grafana-monitoring.md) guide. +For real-time analytics through Grafana, refer to our [enable-grafana-monitoring.md](../../docs/enable-grafana-monitoring.md) guide. ### Sign and/or verify artifacts! -Follow [this](../../sign-verify.md) to sign and/or verify artifacts. +Follow [this](../../docs/sign-verify.md) to sign and/or verify artifacts. ## Requirements diff --git a/charts/trusted-artifact-signer/README.md.gotmpl b/charts/trusted-artifact-signer/README.md.gotmpl index 62b0f1b3..f25cb8ad 100644 --- a/charts/trusted-artifact-signer/README.md.gotmpl +++ b/charts/trusted-artifact-signer/README.md.gotmpl @@ -9,7 +9,7 @@ This wrapper chart builds on top of the [Scaffold](https://github.com/sigstore/h chart from the Sigstore project to both simplify and satisfy the requirements for deployment within an OpenShift If you have already read this document and want a quick no-fail path to installing a Sigstore stack with RH SSO, -follow [quick start](../../quick-start-with-keycloak.md) +follow [quick start](../../docs/quick-start-with-keycloak.md) The chart enhances the scaffold chart by taking care of the following: @@ -38,9 +38,9 @@ scaffold: The following must be satisfied prior to deploying the sample implementation: * Fulcio root CA certificate and signing keys - * More information in [requirements-keys-certs.md](../../requirements-keys-certs.md) + * More information in [requirements-keys-certs.md](../../docs/requirements-keys-certs.md) * OpenID Token Issuer endpoint - * Keycloak/RHSSO requirements can be followed and deployed in OpenShift with [keycloak-example.md](../../keycloak-example.md) + * Keycloak/RHSSO requirements can be followed and deployed in OpenShift with [keycloak-example.md](../../docs/keycloak-example.md) #### Update the values file @@ -64,11 +64,11 @@ OPENSHIFT_APPS_SUBDOMAIN=apps.$(oc get dns cluster -o jsonpath='{ .spec.baseDoma ### Monitor Sigstore Components with Grafana -For real-time analytics through Grafana, refer to our [enable-grafana-monitoring.md](../../enable-grafana-monitoring.md) guide. +For real-time analytics through Grafana, refer to our [enable-grafana-monitoring.md](../../docs/enable-grafana-monitoring.md) guide. ### Sign and/or verify artifacts! -Follow [this](../../sign-verify.md) to sign and/or verify artifacts. +Follow [this](../../docs/sign-verify.md) to sign and/or verify artifacts. {{ template "chart.requirementsSection" . }} diff --git a/charts/trusted-artifact-signer/values.yaml b/charts/trusted-artifact-signer/values.yaml index 69926da0..be384fed 100644 --- a/charts/trusted-artifact-signer/values.yaml +++ b/charts/trusted-artifact-signer/values.yaml @@ -15,6 +15,8 @@ configs: pullPolicy: IfNotPresent rolebindings: - segment-backup-job + name: segment-backup-job + namespace: trusted-artifact-signer-monitoring clientserver: # -- Whether to create the OpenShift resource 'ConsoleCLIDownload' for each binary. # -- This can only be enabled if the OpenShift CRD is registered. diff --git a/configure-oidc.md b/docs/configure-oidc.md similarity index 89% rename from configure-oidc.md rename to docs/configure-oidc.md index e4e411f3..ef0a8707 100644 --- a/configure-oidc.md +++ b/docs/configure-oidc.md @@ -55,7 +55,7 @@ The OIDC issuer environment variable must point to Google rather than Keycloak i ``` export OIDC_ISSUER_URL=https://accounts.google.com ``` -This value overrides what is specified in the [sign-verify documentation](https://github.com/securesign/sigstore-ocp/blob/main/sign-verify.md). Be careful to avoid resetting `OIDC_ISSUER_URL` when using the `sign-verify` documentation steps or sourcing the `tas-env-variables.sh` script. You can check what the environment variable's value is by issuing +This value overrides what is specified in the [sign-verify documentation](sign-verify.md). Be careful to avoid resetting `OIDC_ISSUER_URL` when using the `sign-verify` documentation steps or sourcing the `tas-env-variables.sh` script. You can check what the environment variable's value is by issuing ``` $ echo $OIDC_ISSUER_URL diff --git a/hack/configure-self-signed-cluster.md b/docs/configure-self-signed-cluster.md similarity index 96% rename from hack/configure-self-signed-cluster.md rename to docs/configure-self-signed-cluster.md index 289c9452..8cd5c751 100644 --- a/hack/configure-self-signed-cluster.md +++ b/docs/configure-self-signed-cluster.md @@ -31,4 +31,4 @@ fulcio to trust the ingress certificate for the keycloak OIDC endpoint. oc patch deployment/fulcio-server -n fulcio-system --patch-file /path/to/securesign/sigstore-ocp/hack/fulcio-patch-self-signed-oidc.yaml ``` -Now wait for all jobs to complete, then sign as usual. Refer to [the sign and verify doc](../sign-verify.md). +Now wait for all jobs to complete, then sign as usual. Refer to [the sign and verify doc](sign-verify.md). diff --git a/enable-grafana-monitoring.md b/docs/enable-grafana-monitoring.md similarity index 100% rename from enable-grafana-monitoring.md rename to docs/enable-grafana-monitoring.md diff --git a/keycloak-example.md b/docs/keycloak-example.md similarity index 85% rename from keycloak-example.md rename to docs/keycloak-example.md index de931269..8c59c8d4 100644 --- a/keycloak-example.md +++ b/docs/keycloak-example.md @@ -23,14 +23,14 @@ oc apply --kustomize keycloak/resources/base ### Add keycloak user and/or credentials -Refer to the [user custom resource](./keycloak/resources/base/user.yaml) +Refer to the [user custom resource](../keycloak/resources/base/user.yaml) for how to create a keycloak user. For testing, a user `jdoe@redhat.com` with password: `secure` is created. You can access the keycloak route and login as the admin user to set credentials in the keycloak admin console. To get the keycloak admin credentials, run `oc extract secret/credential-keycloak -n keycloak-system`. This will create an `ADMIN_PASSWORD` file with which to login. -The example custom resource defined in [example-user.yaml](./keycloak/resources/example-user.yaml) can be modified and created: +The example custom resource defined in [example-user.yaml](../keycloak/resources/example-user.yaml) can be modified and created: ```bash # modify to include user details diff --git a/quick-start-with-keycloak.md b/docs/quick-start-with-keycloak.md similarity index 84% rename from quick-start-with-keycloak.md rename to docs/quick-start-with-keycloak.md index 594eda62..9f3abf69 100644 --- a/quick-start-with-keycloak.md +++ b/docs/quick-start-with-keycloak.md @@ -1,7 +1,7 @@ ## Quick Start with Keycloak OIDC No-Fail steps to get a working sigstore stack with OpenShift -Note: [This script](tas-easy-install.sh) will alternatively automate the following workflow. It will create and configure RHSSO and the Sigstore stack. It requires a connection to OpenShift with cluster-admin privileges. +Note: [This script](../tas-easy-install.sh) will alternatively automate the following workflow. It will create and configure RHSSO and the Sigstore stack. It requires a connection to OpenShift with cluster-admin privileges. 1. Install RHSSO Operator and deploy Sigstore Keycloak @@ -37,4 +37,4 @@ OPENSHIFT_APPS_SUBDOMAIN=apps.$(oc get dns cluster -o jsonpath='{ .spec.baseDoma A good way to tell if things are progressing well is to watch `oc get jobs -A` and when the tuf-system job is complete, things should be ready. -Once complete, move to the [Sign & Verify document](./sign-verify.md) to test the Sigstore stack. +Once complete, move to the [Sign & Verify document](sign-verify.md) to test the Sigstore stack. diff --git a/requirements-keys-certs.md b/docs/requirements-keys-certs.md similarity index 89% rename from requirements-keys-certs.md rename to docs/requirements-keys-certs.md index 71792820..f4809b6c 100644 --- a/requirements-keys-certs.md +++ b/docs/requirements-keys-certs.md @@ -3,7 +3,7 @@ Utilize the following commands and configurations to inject Fulcio root secret: First, generate a root key. -Open [fulcio-create-CA script](./fulcio-create-root-ca-openssl.sh) to check out the commands before running it. +Open [fulcio-create-CA script](../fulcio-create-root-ca-openssl.sh) to check out the commands before running it. The `openssl` commands are interactive. ```shell @@ -36,7 +36,7 @@ configs: ## Rekor Signer Key -Open [rekor create signer script](./rekor-create-signer-key.sh) to check out the commands before running it. +Open [rekor create signer script](../rekor-create-signer-key.sh) to check out the commands before running it. Generate a signer key: ```shell diff --git a/sign-verify.md b/docs/sign-verify.md similarity index 98% rename from sign-verify.md rename to docs/sign-verify.md index 6109f55b..7c090df6 100644 --- a/sign-verify.md +++ b/docs/sign-verify.md @@ -1,6 +1,6 @@ ## Signing a Container From the Local System -Utilize the following steps to sign a container that has been published to an OCI registry, with the cosign client running on your local system and the RHTAS stack running in an OpenShift cluster as documented [here](../quick-start-with-keycloak.md). +Utilize the following steps to sign a container that has been published to an OCI registry, with the cosign client running on your local system and the RHTAS stack running in an OpenShift cluster as documented [here](quick-start-with-keycloak.md). 1. Export the following environment variables substituting `base_hostname` with the value used as part of the provisioning