|
| 1 | +`rhtap-cli`: Container Image |
| 2 | +---------------------------- |
| 3 | + |
| 4 | +# Abstract |
| 5 | + |
| 6 | +The `rhtap-cli` container image is a portable and easy-to-use tool to deploy RHTAP (Red Hat Trusted Application Pipeline) from a container manager running on your local machine. The container image is designed to enable the deployment process on Kubernetes Jobs, ArgoCD (GitOps), and other container orchestration tools. |
| 7 | + |
| 8 | + |
| 9 | +# Usage |
| 10 | + |
| 11 | +The installer needs access to the target OpenShift/Kubernetes instance, therefore you either need to mount the local `~/.kube/config` file or provide the necessary environment variables to authenticate with the target cluster. |
| 12 | + |
| 13 | +## Podman |
| 14 | + |
| 15 | +For the `rhtap-cli integration github-app` you need to expose the callback port, used on the GitHub App registration, to the container. The GitHub App registration requires a personal access token, which should be created for the specific organization RHTAP will work on. In the example below, the token is passed as an environment variable `RHTAP_GITHUB_TOKEN`. |
| 16 | + |
| 17 | +The OpenShift configuration and credentials are passed to the container by mounting the local `~/.kube` directory to the container's `/root/.kube` directory. And the user `root` is employed to avoid permission issues, although the mounted directory is read-only. |
| 18 | + |
| 19 | +A interactive shell is started in the container, where you can run the `rhtap-cli` commands. |
| 20 | + |
| 21 | +```bash |
| 22 | +podman run \ |
| 23 | + --name="rhtap-cli" \ |
| 24 | + --rm \ |
| 25 | + --interactive \ |
| 26 | + --tty \ |
| 27 | + --env="RHTAP_GITHUB_TOKEN=${RHTAP_GITHUB_TOKEN}" \ |
| 28 | + --publish="127.0.0.1:8228:8228" \ |
| 29 | + --entrypoint="/bin/bash" \ |
| 30 | + --user="root" \ |
| 31 | + --volume="${HOME}/.kube:/root/.kube:ro" \ |
| 32 | + ghcr.io/redhat-appstudio/rhtap-cli:latest |
| 33 | +``` |
| 34 | + |
| 35 | +Before the installation you should review the [`config.yaml`](../README.md#configuration) file to decide what's appropriate for your environment, in this example we are using the default configuration. |
| 36 | + |
| 37 | +In the container, you can run the `rhtap-cli` commands, for example, creating a GitHub App integration on the organization `rhtap-ex`, and using the same name for the GitHub App: |
| 38 | + |
| 39 | +```bash |
| 40 | +rhtap-cli integration github-app \ |
| 41 | + --config="config.yaml" \ |
| 42 | + --create \ |
| 43 | + --token="${RHTAP_GITHUB_TOKEN}" \ |
| 44 | + --org="rhtap-ex" \ |
| 45 | + --webserver-addr="0.0.0.0" \ |
| 46 | + rhtap-ex |
| 47 | +``` |
| 48 | + |
| 49 | +After configuring the integrations, you can proceed with the deployment: |
| 50 | + |
| 51 | +```bash |
| 52 | +rhtap-cli deploy |
| 53 | +``` |
0 commit comments