cd-service/

directory
v1.17.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 22, 2023 License: MIT

README

cd-service

Configuration

Configuration is done using environment variables. The following environment variables are supported:

KUBERPULT_GIT_URL sets the git url of the remote. This can be any url understood by git but currently authentication is only implemented for ssh.

KUBERPULT_PGP_KEY_RING sets the pgp key ring. The pgp key ring is a file containing all public keys in armored form. To export a keyring use gpg --armor --export.

Uploading manifests

The cd-service exposes a REST-endpoint for uploading manifests on /release.

Signing manifests

The cd-service can verify the signatures of manifests uploaded to /release.

In order to have the signature verified, export all valid public keys to an armored keyring.

$> gpg --armor --export ci@yourcompany.com > keyring.gpg 

Start the cd server with the environment variable KUBERPULT_PGP_KEY_RING set to the path of the keyring.gpg file.

If you are using helm you can set the value pgp.keyRing to the content of the keyring.gpg file.

Kuberpult will now reject all mannifests without valid signature.

Now sign your manifest files.

# given that the manifests.yaml contains a valid manifest
$> gpg --armor --detach --sign < manifest.ymal > manifest.yaml.sig
$> curl -F "application=test" -F "manifests[production]=@manifests.yaml" -F "signatures[production]=@manifests.yaml.sig"  https://kuberpult.yourcompany.com/release
$> curl -F "application=test" -F "manifests[production]=@manifests.yaml" -F "signatures[production]=@manifests.yaml.sig"  https://kuberpult.yourcompany.com/release

Directories

Path Synopsis
cmd
server
Main file for microservice cd-service.
Main file for microservice cd-service.
pkg
cmd
fs
sqlitestore
This file is part of kuberpult.
This file is part of kuberpult.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL