README
¶
Konflux Apply
The Konflux manifests are applied automatically via the konflux-apply Github Workflow.
For this workflow, we use a token for Konflux setup as described in the docs. Therefor we need to setup a service account, role & rolebinding:
- Service account
gh-action:kubectl apply -f ./cmd/konflux-apply/manifests/gh-action-serviceaccount.yaml - Role with minimal permissions to apply the Konflux manifests:
kubectl apply -f ./cmd/konflux-apply/manifests/gh-action-role.yaml - Rolebinding
kubectl apply -f ./cmd/konflux-apply/manifests/gh-action-rolebinding.yaml - Use the token from the
gh-actionService account as theKONFLUX_SA_TOKENrepository secret used by the Github workflowkubectl create token gh-action --duration $((6*30*24))h
Revoke and Recreate Token
As we use by default Tokens with a validity of 6 months, we need to recreate them periodically. This is done via the following:
- Make sure, you're logged in to Konflux via the CLI and have access to the
ocp-serverlessworkspace. Check for example the Konflux kickstart recording or the Konflux docs - Recreate the
gh-actionservice account:kubectl delete -f https://raw.githubusercontent.com/openshift-knative/hack/main/cmd/konflux-apply/manifests/gh-action-serviceaccount.yaml kubectl apply -f https://raw.githubusercontent.com/openshift-knative/hack/main/cmd/konflux-apply/manifests/gh-action-serviceaccount.yaml - Create a new Token for 6 months and update the
KONFLUX_SA_TOKENsecret with its value:kubectl create token gh-action --duration $((6*30*24))h
Documentation
¶
There is no documentation for this package.
Source Files
Click to show internal directories.
Click to hide internal directories.