- cert-manager with
Let’s Encryptissuers - contour
- UAA
- Credhub with UAA oauth delegation
- Concourse with UAA oauth delegation and Credhub secrets management
git clone [email protected]:miclip/concourse-uaa-credhub-k8s.git
cd ./concourse-uaa-credhub-k8s
# Update `values.yaml` with at least domain details.
./deploy-all.sh Deploy script will print the ingress IP/DNS that needs to be setup within external DNS e.g. *.ci.mydomain.io.
Note:
Let’s Encryptcan take a while to issue certs, runkubectl get certificates -n concourseand they all should be READY. Have seen it take upwards of an hour.
Test pipeline to verify concourse credhub integration:
credhub login -s https://credhub.mydomain.io -u credhub -p password --skip-tls-validation
credhub set -n /concourse/main/mysecret -v mike -t value
credhub get -n /concourse/main/mysecret jobs:
- name: hello-world-job
plan:
- task: hello-world-task
params:
SECRET_TEST: ((mysecret))
config:
platform: linux
parms:
SECRET_TEST:
image_resource:
type: registry-image
source:
repository: busybox
run:
path: sh
args:
- -ec
- |
echo "HELLO WORLD ${SECRET_TEST}"fly login -t my-main -c https://concourse.mydomain.io -k -b -n main
fly -t my-main sp -p hello-world -c ./hello-world.yml
fly -t my-main unpause-pipeline -p hello-world
fly -t my-main trigger-job -j hello-world/hello-world-job -wExpect:
started hello-world/hello-world-job #2
initializing
selected worker: concourse-worker-0
selected worker: concourse-worker-0
selected worker: concourse-worker-1
running sh -ec echo "HELLO WORLD ${SECRET_TEST}"
HELLO WORLD mike- UAA authorize POST is using HTTP and you'll get an alert when authorizing the client. Still investigating...
- Using
orangeopensource/crehub, had issues withpcfseceng/credhubneed to build my own image for Credhub and UAA.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent