Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit7836b2f

Browse files
2 parentsce8b77d +6aa6010 commit7836b2f

File tree

9 files changed

+113
-43
lines changed

9 files changed

+113
-43
lines changed

‎_docs/codefresh-yaml/steps/git-clone.md‎

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,33 @@ steps:
178178
{% endraw %}
179179
{% endhighlight %}
180180

181+
##Checkout code using the Codefresh Runner
182+
183+
If you are using the[Hybrid version]({{site.baseurl}}/docs/enterprise/installation-security/#hybrid-installation) of Codefresh and a have a[Codefresh runner]({{site.baseurl}}/docs/enterprise/codefresh-runner/) installed, you need to use
184+
the fully qualified path of the git repository:
185+
186+
`codefresh.yml`
187+
{% highlight yaml %}
188+
{% raw %}
189+
version: '1.0'
190+
steps:
191+
main_clone:
192+
title: 'Cloning main repository...'
193+
type: git-clone
194+
repo:https://github-internal.example.com/my-username/my-app
195+
revision: '${{CF_REVISION}}'
196+
git: my-internal-git-provider
197+
PrintFileList:
198+
title: 'Listing files'
199+
image: alpine:latest
200+
commands:
201+
- 'ls -l'
202+
{% endraw %}
203+
{% endhighlight %}
204+
205+
More details can be found in the[private Git instructions page]({{site.baseurl}}/docs/enterprise/behind-the-firewall/#checking-out-code-from-a-private-git-repository).
206+
207+
181208
##Checking multiple git repositories
182209

183210
It is very easy to checkout additional repositories in a single pipeline by adding more`git-clone` steps.

‎_docs/enterprise/behind-the-firewall.md‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,7 @@ steps:
110110
type: git-clone
111111
description: Step description
112112
repo:https://github-internal.example.com/my-username/my-app
113-
git: my-internal-git-repo
113+
git: my-internal-git-provider
114114
BuildingDockerImage:
115115
title: Building Docker Image
116116
type: build

‎_docs/enterprise/codefresh-runner.md‎

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -312,7 +312,64 @@ Update your runtime environment with the [patch command](https://codefresh-io.gi
312312
codefresh patch runtime-environment ivan@wawa-ebs.us-west-2.eksctl.io/codefresh-runtime -f codefresh-runner.yaml
313313
```
314314

315+
###Injecting AWS arn roles into the cluster
315316

317+
Step 1 - Make sure the OIDC provider is connected to the cluster
318+
319+
See:
320+
321+
*[https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html)
322+
*[https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/](https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/)
323+
324+
Step 2 - Create IAM role and policy as explained in[https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html](https://docs.aws.amazon.com/eks/latest/userguide/create-service-account-iam-policy-and-role.html)
325+
326+
Here, in addition to the policy explained, you need a Trust Relationship established between this role and the OIDC entity.
327+
328+
{% include image.html
329+
lightbox="true"
330+
file="/images/enterprise/runner/edit-trust-relationship.png"
331+
url="/images/enterprise/runner/edit-trust-relationship.png"
332+
alt="IAM Role trust establishment with OIDC provider"
333+
caption="IAM Role trust establishment with OIDC provider"
334+
max-width="90%"
335+
%}
336+
337+
Step 3 - Create a new namespace where the runner will be instlled (e.g.`codefresh-runtime`) and annotate the default Kubernetes Service Account on the newly created namespace with the proper IAM role
338+
339+
{% include image.html
340+
lightbox="true"
341+
file="/images/enterprise/runner/sa-annotation.png"
342+
url="/images/enterprise/runner/sa-annotation.png"
343+
alt="Service Account annotation"
344+
caption="Service Account annotation"
345+
max-width="90%"
346+
%}
347+
348+
Step 4 - Install the Codefresh runner using the instructions of the previous section
349+
350+
Step 5 - Using the AWS assumed role identity
351+
352+
After the Codefresh runner is installed run a pipeline to test the AWS resource access:
353+
354+
{% highlight yaml %}
355+
{% raw %}
356+
RunAwsCli:
357+
title : Communication with AWS
358+
image : mesosphere/aws-cli
359+
stage: "build"
360+
commands :
361+
- apk update
362+
- apk add jq
363+
- env
364+
- cat /codefresh/volume/sensitive/.kube/web_id_token
365+
- aws sts assume-role-with-web-identity --role-arn $AWS_ROLE_ARN --role-session-name mh9test --web-identity-token file://$AWS_WEB_IDENTITY_TOKEN_FILE --duration-seconds 1000 > /tmp/irp-cred.txt
366+
- export AWS_ACCESS_KEY_ID="$(cat /tmp/irp-cred.txt | jq -r ".Credentials.AccessKeyId")"
367+
- export AWS_SECRET_ACCESS_KEY="$(cat /tmp/irp-cred.txt | jq -r ".Credentials.SecretAccessKey")"
368+
- export AWS_SESSION_TOKEN="$(cat /tmp/irp-cred.txt | jq -r ".Credentials.SessionToken")"
369+
- rm /tmp/irp-cred.txt
370+
- aws s3api get-object --bucket jags-cf-eks-pod-secrets-bucket --key eks-pod2019-12-10-21-18-32-560931EEF8561BC4 getObjectNotWorks.txt
371+
{% endraw %}
372+
{% endhighlight %}
316373

317374
###Security roles
318375

‎_docs/yaml-examples/examples/git-checkout.md‎

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -104,6 +104,32 @@ max-width="50%"
104104

105105
This is the recommended way of creating re-usable pipelines in Codefresh.
106106

107+
##Cloning a repository using the Codefresh runner
108+
109+
If you are using the[Hybrid version]({{site.baseurl}}/docs/enterprise/installation-security/#hybrid-installation) of Codefresh and a have a[Codefresh runner]({{site.baseurl}}/docs/enterprise/codefresh-runner/) installed, you need to use
110+
the fully qualified path of the git repository:
111+
112+
`codefresh.yml`
113+
{% highlight yaml %}
114+
{% raw %}
115+
version: '1.0'
116+
steps:
117+
main_clone:
118+
title: 'Cloning main repository...'
119+
type: git-clone
120+
repo:https://github-internal.example.com/my-username/my-app
121+
revision: '${{CF_REVISION}}'
122+
git: my-internal-git-provider
123+
PrintFileList:
124+
title: 'Listing files'
125+
image: alpine:latest
126+
commands:
127+
- 'ls -l'
128+
{% endraw %}
129+
{% endhighlight %}
130+
131+
More details can be found in the[private Git instructions page]({{site.baseurl}}/docs/enterprise/behind-the-firewall/#checking-out-code-from-a-private-git-repository).
132+
107133

108134
##Working inside the cloned directory
109135

‎assets/css/docs.min.css‎

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎assets/css/docs.min.css.map‎

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more aboutcustomizing how changed files appear on GitHub.

‎assets/scss/_content.scss‎

Lines changed: 0 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -210,46 +210,6 @@
210210
// List number styling
211211
>ol {
212212
padding-left:1.3rem;
213-
list-style:none;
214-
counter-reset: item;
215-
216-
li {
217-
position:relative;
218-
counter-increment: item;
219-
220-
&::before {
221-
position:absolute;
222-
left:-1.3rem;
223-
font-weight:700;
224-
content:counter(item)".";
225-
}
226-
227-
>ol {
228-
counter-reset: item-nested-1;
229-
230-
li {
231-
list-style:none;
232-
counter-increment: item-nested-1;
233-
234-
&::before {
235-
content:counter(item-nested-1)".";
236-
}
237-
238-
>ol {
239-
list-style:none;
240-
counter-reset: item-nested-2;
241-
242-
li {
243-
counter-increment: item-nested-2;
244-
245-
&::before {
246-
content:counter(item-nested-2)".";
247-
}
248-
}
249-
}
250-
}
251-
}
252-
}
253213
}
254214

255215
.bd-content-top-controls {
236 KB
Loading
130 KB
Loading

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp