review updates

Author: fghanmi

README.md

@@ -100,8 +100,7 @@ The `deployment/` directory contains Kubernetes manifests organized into a `base
 
 - `console-backend-deploy.yaml`: Deployment configuration for the console backend.
 - `console-backend-service.yaml`: Service definition for the backend.
-- `console-db-deploy.yaml`: Deployment configuration for the console database.
-- `console-db-pvc.yaml`: Persistent Volume Claim for the database.
+- `console-db-statefulset.yaml`: StatefulSet configuration for the console database.
 - `console-db-secret.yaml`: Secrets for database credentials.
 - `console-db-service.yaml`: Service definition for the database.
 - `console-serviceaccounts.yaml`: Service accounts for the console components.
@@ -120,30 +119,30 @@ The `overlays/dev/` directory contains a `kustomization.yaml` for environment-sp
 
 ### Deployment Steps
 
-1. **Update the TUF Repository URL**:
-
-   Before deploying, update the `TUF_REPO_URL` environment variable in `deployment/base/console-backend-deploy.yaml`. The default value is `https://tuf-repo-cdn.sigstore.dev`, but it must be replaced with the actual TUF route URL from your running RHTAS instance. To retrieve the correct URL, run:
+1. **Set TUF_REPO_URL using a ConfigMap**:
 
+   Before deploying, you need to retrieve the TUF repository URL from your running RHTAS instance. This value should be stored in a ConfigMap that the console backend can consume.
+  
+   * Retrieve the TUF route URL from your running RHTAS instance:
    ```bash
    oc get tuf -o jsonpath='{.items[0].status.url}'
    ```
-   Edit `deployment/base/console-backend-deploy.yaml` and replace the TUF_REPO_URL value with the output from the above command.
-
-2. **Set Environment Variables**:
-   The `.env` file contains the required image variables (`CONSOLE_IMAGE, CONSOLE_UI_IMAGE, CONSOLE_DB_IMAGE`). Load the environment variables:
-
+   
+   * Create a ConfigMap with the retrieved URL:
    ```bash
-   export $(grep -v '^#' .env | xargs)
+   oc create configmap tuf-repo-config \
+   --from-literal=TUF_REPO_URL=<output-from-above-command> \
+   -n trusted-artifact-signer
    ```
 
-3. **Apply the Deployment**:
+2. **Apply the Deployment**:
 
    Ensure that an RHTAS instance is properly deployed and running in the `trusted-artifact-signer` namespace.
 
-   Deploy the console using Kustomize with environment variable substitution:
+   Deploy the console using Kustomize:
 
    ```bash
-   oc kustomize deployment/overlays/dev | envsubst '${CONSOLE_IMAGE} ${CONSOLE_UI_IMAGE} ${CONSOLE_DB_IMAGE}' | oc apply -f -
+   oc apply -k deployment/overlays/dev/
    ```
 
 4. **Verify the Deployment**:
@@ -164,5 +163,5 @@ The `overlays/dev/` directory contains a `kustomization.yaml` for environment-sp
    To delete the deployed resources:
 
    ```bash
-   oc kustomize deployment/overlays/dev | envsubst '${CONSOLE_IMAGE} ${CONSOLE_UI_IMAGE} ${CONSOLE_DB_IMAGE}' | oc delete -f -
+   oc delete -k deployment/overlays/dev/
    ```

deployment/base/console-backend-deploy.yaml

@@ -28,7 +28,7 @@ spec:
       serviceAccountName: console-backend
       initContainers:
       - name: wait-for-console-db
-        image: ${CONSOLE_DB_IMAGE}
+        image: default/console-db-image
         command:
         - /bin/sh
         - -c
@@ -39,11 +39,14 @@ spec:
           done
       containers:
       - name: console-backend
-        image: ${CONSOLE_IMAGE}
+        image: default/console-image
         imagePullPolicy: IfNotPresent
         env:
         - name: TUF_REPO_URL
-          value: https://tuf-repo-cdn.sigstore.dev
+          valueFrom:
+            configMapKeyRef:
+              name: tuf-repo-config
+              key: TUF_REPO_URL
         - name: DB_DSN
           valueFrom:
             secretKeyRef:

deployment/base/console-db-statefulset.yaml

@@ -28,7 +28,7 @@ spec:
       serviceAccountName: console-db
       containers:
       - name: console-db
-        image: ${CONSOLE_DB_IMAGE}
+        image: default/console-db-image
         imagePullPolicy: IfNotPresent
         command: ["run-mysqld"]
         env:

deployment/base/console-ui-deploy.yaml

@@ -26,7 +26,7 @@ spec:
       serviceAccountName: console-ui
       initContainers:
       - name: wait-for-backend
-        image: ${CONSOLE_UI_IMAGE}
+        image: default/console-ui-image
         command:
         - /bin/sh
         - -c
@@ -44,7 +44,7 @@ spec:
           done
       containers:
       - name: console-ui
-        image: ${CONSOLE_UI_IMAGE}
+        image: default/console-ui-image
         imagePullPolicy: IfNotPresent
         env:
         - name: CONSOLE_API_URL

deployment/overlays/dev/kustomization.yaml

@@ -3,3 +3,14 @@ kind: Kustomization
 
 resources:
   - ../../base
+
+images:
+- name: default/console-image
+  newName: quay.io/securesign/rhtas-console
+  digest: sha256:75966d60ed709af33efd48c53b96ea7b2fcd4608f90ccc56885bf224e34b55f5
+- name: default/console-ui-image
+  newName: quay.io/securesign/rhtas-console-ui
+  digest: sha256:c0b0b2d76548c05efadb2425baf93609cf6c40180f170cb531fbb7689a91db31
+- name: default/console-db-image
+  newName: registry.redhat.io/rhel9/mariadb-105
+  digest: sha256:050dd5a7a32395b73b8680570e967e55050b152727412fdd73a25d8816e62d53