From 862461d16a6fec98de61095b18373fca7975511b Mon Sep 17 00:00:00 2001 From: Brian Innes Date: Mon, 25 Oct 2021 14:09:57 +0100 Subject: [PATCH 1/6] document -p and --tekton flags to oc sync command Signed-off-by: Brian Innes --- docs/learning/fast-ci.md | 5 ++++- docs/reference/cli.md | 13 +++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/docs/learning/fast-ci.md b/docs/learning/fast-ci.md index 1b794a9046..50ed6ab774 100644 --- a/docs/learning/fast-ci.md +++ b/docs/learning/fast-ci.md @@ -50,9 +50,12 @@ Before getting started, the development namespace/project needs to be created an This step copies the common `secrets` and `configMaps` that contain the CI/CD configuration from the `tools` namespace into the development namespace/project. This enables the pipelines to reference the values easily for your project. ```shell -oc sync ${DEV_NAMESPACE} +oc sync -p ${DEV_NAMESPACE} ``` +!!!Info + The **-p** or **--tekton** flag adds additional privileges to the tekton pipeline service account. The equivalent command is `oc adm policy add-scc-to-user privileged -z pipeline`. In OpenShift 4.7, and later versions, this additional privilege is needed for the buildah task. + ### 3. Open the Developer Dashboard The [Developer Dashboard](../reference/dashboard.md) makes it easy for you to navigate to the tools, including a section that allows you to select a set of pre-configured [Starter Kits](../reference/starter-kit/starter-kit.md) that make seeding your development project very easy. diff --git a/docs/reference/cli.md b/docs/reference/cli.md index c136d3e7ae..b29e781d54 100644 --- a/docs/reference/cli.md +++ b/docs/reference/cli.md @@ -317,6 +317,8 @@ The command will setup the "development" namespace where DevOps pipelines can be The "development" namespace will have the `ConfigMaps` and `Secrets` copied over. +The command can also add additional privileges to the tekton pipeline service account. These privileges are needed to run the buildah task in OpenShift 4.7 + ```text Positionals: namespace The namespace that will be created and/or prepared @@ -328,6 +330,8 @@ Options: config [string] [default: "tools"] -z, --serviceAccount the service account that will be used within the namespace [string] [default: "default"] + -p, --tekton flag indicating the tekton pipeline service account + should be given privileged scc --verbose flag to produce more verbose logging [boolean] ``` @@ -337,14 +341,14 @@ Options: Create a `dev` namespace for development ```shell - igc sync myapp-dev + igc sync -p myapp-dev ``` === "OpenShift" Create a `dev` namespace for development ```shell - oc sync myapp-dev + oc sync -p myapp-dev ``` === "Kubernetes" @@ -372,7 +376,12 @@ Options: kubectl get secret ${cm} --namespace ${TEMPLATE_NAMESPACE} --export -o yaml | \ kubectl apply --namespace $NAMESPACE -f - done + ``` + The **-p** or **--tekton** flag performs the same function as command: + + ```shell + oc adm policy add-scc-to-user privileged -z pipeline ``` ### pull-secret From da11853c0ff17b8b4da78a3d496093fec124ec34 Mon Sep 17 00:00:00 2001 From: Brian Innes Date: Tue, 1 Feb 2022 16:50:58 +0000 Subject: [PATCH 2/6] icc install instructions Signed-off-by: Brian Innes --- docs/learning/dev-setup.md | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/docs/learning/dev-setup.md b/docs/learning/dev-setup.md index d8bb410580..1dd2814975 100644 --- a/docs/learning/dev-setup.md +++ b/docs/learning/dev-setup.md @@ -97,6 +97,28 @@ npm i -g @ibmgaragecloud/cloud-native-toolkit-cli ``` !!!Note - If you have access to multiple IBM Cloud accounts you may find the [IBM Cloud cluster fast-switching tool (icc)](../resources/ibm-cloud/icc.md){: target=_blank} of use. The **icc** tool is installed as part of the Cloud-Native Toolkit CLI. + If you have access to multiple IBM Cloud accounts you may find the [IBM Cloud cluster fast-switching tool (icc)](../resources/ibm-cloud/icc.md){: target=_blank} of use. See the [Shell Command section](#ibm-cloud-shell-command) below to install icc. If you are working on the IBM Cloud there is a browser based shell environment you can use. Information about setting up and accessing the browser based shell to work with the Cloud-Native Toolkit can be found in the [resources section](../resources/ibm-cloud/cloud-shell.md){: target=_blank} + +## IBM Cloud Shell Command + +There is a useful [IBM Cloud Shell Command](https://github.com/cloud-native-toolkit/cloud-shell-commands){target=_blank} utility which can install a number of command line tools, including: + +- IBM Garage Cloud CLI (igc) +- ArgoCD cli (argocd) +- Tekton cli (tkn) +- IBM Cloud fast switching (icc) +- kube-ps1 prompt +- OpenShift cli (oc) +- Kubernetes cli (kubectl) +- JSON cli (jq) +- IBM Cloud cli (ibmcloud) + +To run the utility use command: + +```shell +curl -sL shell.cloudnativetoolkit.dev | sh - +``` + +See the [git repository readme](https://github.com/cloud-native-toolkit/cloud-shell-commands/blob/main/README.md){target=_blank} for more details From 7447848db9f027385e96eb4b5c7ebfa204781e33 Mon Sep 17 00:00:00 2001 From: Brian Innes Date: Tue, 1 Feb 2022 17:58:46 +0000 Subject: [PATCH 3/6] sonarqube refactor due to sonarQube doc changes Signed-off-by: Brian Innes --- docs/reference/tools/sonar-qube.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/tools/sonar-qube.md b/docs/reference/tools/sonar-qube.md index 211500f8a2..f58873d170 100644 --- a/docs/reference/tools/sonar-qube.md +++ b/docs/reference/tools/sonar-qube.md @@ -10,9 +10,9 @@ SonarQube performs static code analysis to evaluate code quality, using analysis - **Application Security**: Detect vulnerabilities and hot spots that can be exploited to compromise the program - **Technical Debt**: Keep you codebase maintainable to increase developer velocity -SonarQube [plugs into the application lifecycle management (ALM)](https://docs.sonarqube.org/latest/architecture/architecture-integration/#header-2) process to make continuous inspection part of continuous integration. Adding code analysis to ALM provides regular, timely feedback on the quality of the code being produced. The goal is to detect problems as soon as possible so that they can be resolved before they can impact production end users. +SonarQube makes continuous inspection of code part of continuous integration to provide regular, timely feedback on the quality of the code being produced. The goal is to detect problems as soon as possible so that they can be resolved before they can impact production end users. -The continuous integration (CI) server integrates SonarQube into the ALM.The SonarQube solution consists of several components: The central component is the SonarQube Server, which runs the SonarScanner, processes the resulting analysis reports, stores the reports in SonarQube Database, and displays the reports in the SonarQube UI. A CI server uses a stage/goal/task in its build automation to trigger the language-specific SonarScanner to scan the code being built. Developers can view the resulting analysis report in the SonarQube UI. +The SonarQube solution consists of several components: The central component is the SonarQube Server, which runs the SonarScanner, processes the resulting analysis reports, stores the reports in SonarQube Database, and displays the reports in the SonarQube UI. A CI server uses a stage/goal/task in its build automation to trigger the language-specific SonarScanner to scan the code being built. Developers can view the resulting analysis report in the SonarQube UI. ## Code Analysis in the Pipeline From 7db7eadadf8ee479d7b9071a4848b4a63b61b025 Mon Sep 17 00:00:00 2001 From: Brian Innes Date: Tue, 1 Feb 2022 18:11:06 +0000 Subject: [PATCH 4/6] remove github.com links from linkchecker due to rate limit failures Signed-off-by: Brian Innes --- linkcheckerrc | 1 + 1 file changed, 1 insertion(+) diff --git a/linkcheckerrc b/linkcheckerrc index 9a6ec41f5b..fb9524bf2b 100644 --- a/linkcheckerrc +++ b/linkcheckerrc @@ -6,6 +6,7 @@ ignore= xml.gz$ ^https://ccp-ui.csplab.intranet.ibm.com ^https://ccp-ui.apps.labprod.ocp.csplab.local + ^https://github.com/IBM fonts.gstatic.com nofollow= From 687aed6e898d3c7cda5653d47ee8bad6286c9832 Mon Sep 17 00:00:00 2001 From: Brian Innes Date: Tue, 1 Feb 2022 18:17:31 +0000 Subject: [PATCH 5/6] updated ocp download location Signed-off-by: Brian Innes --- docs/learning/dev-setup.md | 2 +- docs/setup/fast-start.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/learning/dev-setup.md b/docs/learning/dev-setup.md index 1dd2814975..b200b33bcd 100644 --- a/docs/learning/dev-setup.md +++ b/docs/learning/dev-setup.md @@ -40,7 +40,7 @@ To install the IBM Cloud CLI follow the instructions in the [IBM Cloud documenta The oc command is available from all installations of RedHat OpenShift or CodeReady Containers. Navigate and log into the web console for the cluster, then in the dropdown accessed by clicking the help icon (a question mark next to you username at the top of the web console) you will find a link to the install images for various operating systems. -The install images are also available to download from [RedHat](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/){: target=_blank}. Be sure to get the latest version of the oc command. +The install images are also available to download from [RedHat](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/){: target=_blank}. Be sure to get the latest version of the oc command. ## User accounts diff --git a/docs/setup/fast-start.md b/docs/setup/fast-start.md index 1cc8800665..e9a47bb807 100644 --- a/docs/setup/fast-start.md +++ b/docs/setup/fast-start.md @@ -103,7 +103,7 @@ Select the option you want for your cluster, then follow the instructions. Add any additional post install configuration steps needed here - storage class? 2. Once installed you need to ensure you can sign onto the OpenShift cluster using the web console (see the Web console section in the docs for details on how to access the console). - 3. Once you are signed into the console you can download and install the OpenShift Command Line Interface (CLI) tools. The CLI tools are available from the question mark icon next to you login name at the top of the OpenShift console, or from [Red Hat](https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/){: target="_blank" .external }. + 3. Once you are signed into the console you can download and install the OpenShift Command Line Interface (CLI) tools. The CLI tools are available from the question mark icon next to you login name at the top of the OpenShift console, or from [Red Hat](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/){: target="_blank" .external }. 4. On your local workstation or laptop open a command prompt and sign in to your OpenShift cluster. The exact command needed is available from the OpenShift web console, select your name at the top of the screen, then in the dropdown select the **Copy login command** link. This will open a screen where you can select **Display Token** (you may be asked to authenticate again before the token is displayed) then you can copy the command line command needed to login to the cluster. === "CodeReady Containers" @@ -115,7 +115,7 @@ Select the option you want for your cluster, then follow the instructions. !!!Warning CodeReady Containers needs to adjust your laptop networking, so on some platforms it will not work alongside VPN clients needed to access corporate networks. If you need to run a VPN client, then you can install CodeReady Containers in a virtual machine on your laptop and work inside the virtual machine to access CodeReady Containers. - 3. Download and install the OpenShift Command Line Interface (CLI) tools. The CLI tools are available from the question mark icon next to you login name at the top of the OpenShift console - see [section 3.3.1 in the CodeReady Containers Getting Started Guide](https://access.redhat.com/documentation/en-us/red_hat_codeready_containers/1.25.0/html/getting_started_guide/using-codeready-containers_gsg#accessing-the-openshift-web-console_gsg), or from [Red Hat](https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/){: target="_blank" .external }. + 3. Download and install the OpenShift Command Line Interface (CLI) tools. The CLI tools are available from the question mark icon next to you login name at the top of the OpenShift console - see [section 3.3.1 in the CodeReady Containers Getting Started Guide](https://access.redhat.com/documentation/en-us/red_hat_codeready_containers/1.25.0/html/getting_started_guide/using-codeready-containers_gsg#accessing-the-openshift-web-console_gsg), or from [Red Hat](https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/){: target="_blank" .external }. 4. Once you have the CodeReady Containers CLI installed you need to login to the cluster - this is covered in the [CodeReady Containers Getting Started Guide - section 3.3.2](https://access.redhat.com/documentation/en-us/red_hat_codeready_containers/1.25.0/html/getting_started_guide/using-codeready-containers_gsg#accessing-the-openshift-cluster-with-oc_gsg){: target="_blank" .external } 5. Move onto the next section to install the Cloud-Native Toolkit From 057a3d3d62365f58682f549f5900d4887af0a2ce Mon Sep 17 00:00:00 2001 From: Brian Innes Date: Tue, 1 Feb 2022 18:21:46 +0000 Subject: [PATCH 6/6] remove ocp download site from linkchecker as consistently fails even though URL is correct Signed-off-by: Brian Innes --- linkcheckerrc | 1 + 1 file changed, 1 insertion(+) diff --git a/linkcheckerrc b/linkcheckerrc index fb9524bf2b..faaf990e3a 100644 --- a/linkcheckerrc +++ b/linkcheckerrc @@ -7,6 +7,7 @@ ignore= ^https://ccp-ui.csplab.intranet.ibm.com ^https://ccp-ui.apps.labprod.ocp.csplab.local ^https://github.com/IBM + ^https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable/ fonts.gstatic.com nofollow=