Use cases n4k with venafi for image verification #46
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chipzoller
suggested changes
Nov 8, 2022
Comment on lines
+19
to
+22
| ghcr.io/nirmata/kyverno:v1.8.1-n4kbuild.1 | ||
| ghcr.io/nirmata/kyvernopre:v1.8.1-n4kbuild.1 | ||
| ghcr.io/nirmata/kube-rbac-proxy:v0.13.1 | ||
| ghcr.io/nirmata/nirmata-imagekey-controller:v0.1 |
There was a problem hiding this comment.
Do we really want to specify which exact tags to use in these instructions? When we upgrade, we'll have to come back and maintain this list.
| Please use the below credentials provided to you to access N4K images - | ||
|
|
||
| Username: nirmata-enterprise-for-kyverno | ||
| Password: xx |
There was a problem hiding this comment.
Maybe something else other than "xx" here. Do they know where/how they'll obtain the password? Maybe put that as a sentence.
| ## Kyverno Installation | ||
|
|
||
|
|
||
| Install the Helm charts by following the instructions [here](https://github.com/nirmata/kyverno-charts/tree/main/charts/nirmata#installing-the-chart). The necessary credentials for the image repo must be passed during installation of the Helm repo to authenticate with the customer’s container registry. Set the image registry using the parameters below |
There was a problem hiding this comment.
"...during installation of the Helm chart..."
| Install the Helm charts by following the instructions [here](https://github.com/nirmata/kyverno-charts/tree/main/charts/nirmata#installing-the-chart). The necessary credentials for the image repo must be passed during installation of the Helm repo to authenticate with the customer’s container registry. Set the image registry using the parameters below | ||
| ``` | ||
| --set image.repository=<registry_name>> | ||
| --set image.pullSecrets.registry=<<registry_name>> |
| ``` | ||
|
|
||
|
|
||
| For custom certs, follow the custom cert section in the [installation](https://github.com/nirmata/kyverno-charts/tree/main/charts/venafi-adapter#installation) guide and use the parameters below to set the right ca bundle path and configmap. |
There was a problem hiding this comment.
"Certificates"
"CA" (acronyms are capitalized)
| For custom certs, follow the custom cert section in the [installation](https://github.com/nirmata/kyverno-charts/tree/main/charts/venafi-adapter#installation) guide and use the parameters below to set the right ca bundle path and configmap. | ||
| ``` | ||
| --set systemCertPath=/etc/pki/tls/certs | ||
| --set customCAConfigMap=<<configmap_name>> |
| ## Nirmata Venafi Adapter installation | ||
|
|
||
|
|
||
| Install the Helm charts by following the instructions [here](https://github.com/nirmata/kyverno-charts/tree/main/charts/venafi-adapter). The necessary credentials for the image repo must be passed during installation of the Helm repo to authenticate with the customer’s container registry. Set the image registry using the parameters below |
There was a problem hiding this comment.
Credentials are for the image registry.
"Helm chart"
Comment on lines
+57
to
+60
| --set venafiAdapterImage=<<nirmata-imagekey-controller_image_full_path>> | ||
| --set imagePullSecret.registry=<<registry_name>> | ||
| --set imagePullSecret.username=<<user>> | ||
| --set imagePullSecret.password=<<password>> |
| ``` | ||
|
|
||
|
|
||
| For custom certs, follow the custom cert section in the [installation](https://github.com/nirmata/kyverno-charts/tree/main/charts/venafi-adapter#installation) guide and use the parameters below to set the right ca bundle path and configmap. |
|
|
||
| ``` | ||
| --set systemCertPath=/etc/pki/tls/certs | ||
| --set customCAConfigMap=<<configmap_name>> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.