diff --git a/content/for-delivery-engineers/tutorials/04-preparing-pac-env/adding-github-token.md b/content/for-delivery-engineers/tutorials/04-preparing-pac-env/adding-github-token.md index 6f866653..ec0cdb72 100644 --- a/content/for-delivery-engineers/tutorials/04-preparing-pac-env/adding-github-token.md +++ b/content/for-delivery-engineers/tutorials/04-preparing-pac-env/adding-github-token.md @@ -16,7 +16,8 @@ You can check secrets documentation to read more on these secrets. ## Prerequisites * Infra GitOps Repository is configured. -* Delivery Engineer added as the owner of root-tenant. The root tenant makes sure that the delivery engineer is able to login to Vault with OIDC and is able to view the ArgoCD application created for bootstrapping Infra repository. +* Delivery Engineer added as the owner of root-tenant. +* Delivery Engineer added as a member of customer admin group. The customer admin group provides permission to deploy ArgoCD application in ArgoCD namespace. ## Tutorial @@ -57,15 +58,16 @@ You can check secrets documentation to read more on these secrets.
- !!! note - Save the token cautiously, you'll need to save it in `Vault`. +!!! note + Save the token cautiously, you'll need to save it in `Vault`. ### Adding Token to Vault Now that we have created the GitHub Token, we will store it in Vault. - !!! note - The delivery engineer should be part of the root-tenant. Please contact SAAP team if you are unable to access Vault using OIDC method +!!! note + The delivery engineer should be part of the root-tenant. The root tenant makes sure that the delivery engineer is able to login to Vault with OIDC and is able to view the ArgoCD application created for bootstrapping Infra repository. + Please contact SAAP team if you are unable to access Vault using OIDC method Login to Vault to view path. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/03-create-webhook.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/03-create-webhook.md index eb22f274..75a50149 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/03-create-webhook.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/03-create-webhook.md @@ -88,6 +88,54 @@ The webhook setup acts as a bridge between your code repository and the CI/CD pi
-Congratulations! You have successfully configured GitHub access. Let's move to next tutorial. +### Add External Secret + +1. Head over to the `apps-gitops-config` repository. + +1. If you have followed the tutorial on configuring `apps-gitops-config` repository correctly, you should already have your tenant folder at the root of this repository. Open the tenant folder. + +1. Navigate to the application folder. In our case it will be `stakater-nordmart-review-api` + +1. Now open up the `build` folder. + +1. Create a file named `github-webhook-config.yaml` and add in the below content. Replace the Url with your application repository's Url. + + ```yaml + apiVersion: external-secrets.io/v1beta1 + kind: ExternalSecret + metadata: + name: github-webhook-config + spec: + secretStoreRef: + name: tenant-vault-secret-store + kind: SecretStore + refreshInterval: "1m0s" + target: + name: github-webhook-config + creationPolicy: 'Owner' + template: + data: + provider.token: "{{ .password | toString }}" + webhook.secret: "{{ .secret | toString }}" + data: + - secretKey: password + remoteRef: + key: github-webhook-config + property: provider.token + - secretKey: secret + remoteRef: + key: github-webhook-config + property: webhook.secret + ``` + +
+ +1. Now open up ArgoCD and look for this External Secret. If everything was added correctly, you will see a secret created from this External Secret. + +
+ +1. You can also check this secret by navigation to `-build` namespace and searching for the secret. + +
-Great! Now that you added a Webhook to your repository, let's move on to create secret for it in the next tutorial. +Great! We have everything set up for creating the Repository CR. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/04-add-repository-secret.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/04-add-repository-secret.md deleted file mode 100644 index ddfb4433..00000000 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/04-add-repository-secret.md +++ /dev/null @@ -1,64 +0,0 @@ -# Add External Secret - -Let's add the External Secret CR for the secret that we just stored in Vault. This will allow us to fetch the secret from Vault and distribute it to the build namespace of our tenant. - -## Objectives - -* Deploy the `github-webhook-config` secret to build namespace. - -## Key Results - -* External Secret CR created in the build namespace -* Secret fetch from Vault and deployed in build namespace. - -## Tutorial - -1. Head over to the `apps-gitops-config` repository that we have already created. - -1. If you have followed the tutorial on configuring `apps-gitops-config` repository correctly, you should already have this your tenant folder at the root of this repository. - -1. Navigate to the application folder. In our case it will be `stakater-nordmart-review-api` - -1. Now open up the `build` folder. - -1. Create a file named `github-webhook-config.yaml` and add in the below content. Replace the Url with your application repository's Url. - - ```yaml - apiVersion: external-secrets.io/v1beta1 - kind: ExternalSecret - metadata: - name: github-webhook-config - spec: - secretStoreRef: - name: tenant-vault-secret-store - kind: SecretStore - refreshInterval: "1m0s" - target: - name: github-webhook-config - creationPolicy: 'Owner' - template: - data: - provider.token: "{{ .password | toString }}" - webhook.secret: "{{ .secret | toString }}" - data: - - secretKey: password - remoteRef: - key: github-webhook-config - property: provider.token - - secretKey: secret - remoteRef: - key: github-webhook-config - property: webhook.secret - ``` - -
- -1. Now open up ArgoCD and look for this External Secret. If everything was added correctly, you will see a secret created from this External Secret. - -
- -1. You can also check this secret by navigation to `-build` namespace and searching for the secret. - -
- -Great! We have everything set up for creating the Repository CR. diff --git a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/05-create-repository.md b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/05-create-repository.md index a79d8ab5..bb2c1dca 100644 --- a/content/for-developers/tutorials/outer-loop/add-ci-pipeline/05-create-repository.md +++ b/content/for-developers/tutorials/outer-loop/add-ci-pipeline/05-create-repository.md @@ -26,7 +26,7 @@ In this tutorial, you'll create secrets containing your GitHub access credential 1. Create a file named `repository.yaml` and add the following content: ```yaml - apiVersion: "pipelinesascode..dev/v1alpha1" + apiVersion: "pipelinesascode.tekton.dev/v1alpha1" kind: Repository metadata: name: diff --git a/mkdocs.yml b/mkdocs.yml index ef6f0f86..77340b5d 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -148,7 +148,6 @@ nav: - Configure Pipeline for your application: - for-developers/tutorials/outer-loop/add-ci-pipeline/01-overview.md - for-developers/tutorials/outer-loop/add-ci-pipeline/03-create-webhook.md - - for-developers/tutorials/outer-loop/add-ci-pipeline/04-add-repository-secret.md - for-developers/tutorials/outer-loop/add-ci-pipeline/05-create-repository.md - Add PipelineRun: - for-developers/tutorials/outer-loop/add-ci-pipeline/06-adding-pipeline.md