You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _docs/administration/codefresh-on-prem.md
+4-122Lines changed: 4 additions & 122 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -23,7 +23,7 @@ Please fill out [this survey](https://docs.google.com/forms/d/e/1FAIpQLSf18sfG4b
23
23
24
24
The`kcfi` tool supports the following operating systems:
25
25
26
-
- Windows 10/7
26
+
- Windows
27
27
- Linux
28
28
- OSX
29
29
@@ -50,123 +50,6 @@ Codefresh will need an outbound connection to the Internet for the following ser
50
50
- GCR - pulling platform images
51
51
- Dockerhub - pulling pipeline images
52
52
53
-
##Security Constraints
54
-
55
-
Codefresh has some security assumptions about the Kubernetes cluster it is installed on.
56
-
57
-
###RBAC for Codefresh
58
-
59
-
The Codefresh installer should be run with a Kubernetes RBAC role that allows object creation in a single namespace. If, by corporate policy, you do not allow the creation of service accounts or roles, a Kubernetes administrator will need to create the role, service account, and binding as shown below. Users with the`codefresh-app` role do not have the ability to create other roles or role bindings.
60
-
61
-
`codefresh-app-service-account.yaml`
62
-
```yaml
63
-
apiVersion:v1
64
-
kind:ServiceAccount
65
-
metadata:
66
-
name:codefresh-app
67
-
namespace:codefresh
68
-
```
69
-
70
-
`codefresh-app-role.yaml`
71
-
```yaml
72
-
apiVersion: rbac.authorization.k8s.io/v1
73
-
kind: Role
74
-
metadata:
75
-
name: codefresh-app
76
-
namespace: codefresh
77
-
rules:
78
-
- apiGroups:
79
-
- ""
80
-
- apps
81
-
- codefresh.io
82
-
- autoscaling
83
-
- extensions
84
-
- batch
85
-
resources:
86
-
- '*'
87
-
verbs:
88
-
- '*'
89
-
- apiGroups:
90
-
- networking.k8s.io
91
-
- route.openshift.io
92
-
- policy
93
-
resources:
94
-
- routes
95
-
- ingresses
96
-
- poddisruptionbudgets
97
-
verbs:
98
-
- '*'
99
-
```
100
-
101
-
`codefresh-app-roleBinding.yaml`
102
-
```yaml
103
-
apiVersion: rbac.authorization.k8s.io/v1
104
-
kind: RoleBinding
105
-
metadata:
106
-
labels:
107
-
app: codefresh
108
-
name: codefresh-app-binding
109
-
namespace: codefresh
110
-
roleRef:
111
-
apiGroup: rbac.authorization.k8s.io
112
-
kind: Role
113
-
name: codefresh-app
114
-
subjects:
115
-
- kind: ServiceAccount
116
-
name: codefresh-app
117
-
```
118
-
119
-
To apply these changes, run:
120
-
121
-
```
122
-
kubectl apply -f [file]
123
-
```
124
-
125
-
### Operator CRD
126
-
127
-
If, due to security rules you are not allowed to create a CRD for a client running `kcfi`, have an Administrator create the RBAC (as instructed above) and the CRD as follows:
128
-
129
-
`codefresh-crd.yaml`
130
-
```yaml
131
-
apiVersion: apiextensions.k8s.io/v1beta1
132
-
kind: CustomResourceDefinition
133
-
metadata:
134
-
name: codefreshes.codefresh.io
135
-
labels:
136
-
app: cf-onprem-operator
137
-
spec:
138
-
group: codefresh.io
139
-
names:
140
-
kind: Codefresh
141
-
listKind: CodefreshList
142
-
plural: codefreshes
143
-
singular: codefresh
144
-
scope: Namespaced
145
-
subresources:
146
-
status: {}
147
-
versions:
148
-
- name: v1alpha1
149
-
served: true
150
-
storage: true
151
-
```
152
-
153
-
To apply these changes, run:
154
-
```
155
-
kubectl apply -f codefresh-crd.yaml
156
-
```
157
-
158
-
You will also need to modify the `config.yaml` for `kcfi` by setting `skipCRD:true` and `serviceAccountName: codefresh-app`:
159
-
160
-
`config.yaml`
161
-
```yaml
162
-
operator:
163
-
#dockerRegistry: gcr.io/codefresh-enterprise
164
-
#image: codefresh/cf-onprem-operator
165
-
#imageTag:
166
-
serviceAccountName: codefresh-app
167
-
skipCRD: true
168
-
```
169
-
170
53
##Download and Install`kcfi`
171
54
172
55
`kcfi` is a single binary and doesn’t have any dependencies.
@@ -203,15 +86,14 @@ Running the init command will create a directory containing a `config.yaml` file
203
86
204
87
Edit the configuration in`config.yaml` and deploy to Kubernetes. The`config.yaml` is very descriptive and it contains an explanation for every parameter.
205
88
206
-
#### Installation Methods (Helm or Codefresh CRD)
89
+
####Installation Methods (Helm)
207
90
208
-
You have the option to install byeither the Codefresh CRD Definition (as described above), or byusing Helm, which will install/upgrade the chart from the client.
209
-
Define either **operator** or **helm** as your preferred installation method in the `config.yaml`:
91
+
You have the option to install by using Helm, which will install/upgrade the chart from the client.
92
+
Define either**helm** as your preferred installation method in the`config.yaml`: