Pour tout problème contactez-nous par mail : support@froggit.fr | La FAQ :grey_question: | Rejoignez-nous sur le Chat :speech_balloon:

Skip to content
Snippets Groups Projects
Verified Commit 3caf2d56 authored by Benoît's avatar Benoît
Browse files

Fixes images

parent 31f20bcb
No related branches found
No related tags found
No related merge requests found
Pipeline #22841 passed
......@@ -24,7 +24,7 @@ stages:
- export CHART=$(ls ${CHART_NAME}-*.tgz)
- helm registry login lab.frogg.it:5050 --username gitlab-ci-token --password ${CI_JOB_TOKEN}
- helm push ${CHART} oci://lab.frogg.it:5050/captnbp/
- helm registry login registry-1.docker.io --username ${DOCKER_USERNAME} --password ${DOCKER_PASSWORD}
- helm registry login registry-1.docker.io --username ${DOCKER_USERNAME} --password "${DOCKER_PASSWORD}"
- helm push ${CHART} oci://registry-1.docker.io/captnbp/
tags:
- server
......
......@@ -2,13 +2,13 @@ annotations:
category: developpment
artifacthub.io/images: |
- name: code-server
image: lab.frogg.it:5050/doca/codehub-container-images/code-server:1.8.12
image: lab.frogg.it:5050/doca/codehub-container-images/code-server:4.16.1
- name: jupyterhub
image: docker.io/bitnami/jupyterhub:4.0.1-debian-11-r46
- name: oauth
image: lab.frogg.it:5050/doca/codehub-container-images/oauth:1.8.12
image: lab.frogg.it:5050/doca/codehub-container-images/oauth:4.16.1
- name: nginx
image: lab.frogg.it:5050/doca/codehub-container-images/nginx:1.8.12
image: lab.frogg.it:5050/doca/codehub-container-images/nginx:4.16.1
- name: configurable-http-proxy
image: docker.io/bitnami/configurable-http-proxy:4.5.5-debian-11-r155
artifacthub.io/license: MIT
......@@ -40,4 +40,4 @@ sources:
- https://github.com/bitnami/containers/tree/main/bitnami/jupyterhub
- https://github.com/jupyterhub/jupyterhub
- https://github.com/coder/code-server
version: 4.1.9
version: 4.1.10
......@@ -25,6 +25,59 @@ This chart bootstraps a Codehub Deployment in a [Kubernetes](https://kubernetes.
- Helm 3.2.0+
- PV provisioner support in the underlying infrastructure
## Verifying Signed Codehub Images
Codehub images are signed using [Cosign](https://docs.sigstore.dev/cosign/overview/)!
To verify a public image, [install cosign](https://docs.sigstore.dev/cosign/installation/) and use the provided public key:
```bash
$ cat cosign.pub
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1er+5JMY/P0+R8wiW3HSjGUohoMf
GEVe7kEAkv1mARM+NyeR5Cd2PpEZnlmNhb2jvyWczfAyj09oA/H47VCQnA==
-----END PUBLIC KEY-----
$ cosign verify -key ./cosign.pub lab.frogg.it:5050/doca/codehub-container-images/code-server:4.16.1
```
You can also set the following Kyverno Cluster Policy :
```yaml
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: check-codehub-images
spec:
background: false
failurePolicy: Fail
rules:
- match:
any:
- resources:
kinds:
- Pod
name: check-image
verifyImages:
- attestors:
- count: 1
entries:
- keys:
publicKeys: |-
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1er+5JMY/P0+R8wiW3HSjGUohoMf
GEVe7kEAkv1mARM+NyeR5Cd2PpEZnlmNhb2jvyWczfAyj09oA/H47VCQnA==
-----END PUBLIC KEY-----
signatureAlgorithm: sha256
imageReferences:
- lab.frogg.it:5050/doca/*
- lab.frogg.it:5050/captnbp/*
- registry-1.docker.io/captnbp/*
mutateDigest: true
required: true
verifyDigest: true
```
## Installing the Chart
To install the chart with the release name `my-release`:
......
......@@ -1547,7 +1547,7 @@ singleuser:
image:
registry: lab.frogg.it:5050
repository: doca/codehub-container-images/code-server
tag: 1.8.12
tag: 4.16.1
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
......@@ -1656,7 +1656,7 @@ singleuser:
## @skip singleuser.sidecars[1]
sidecars:
- name: nginx
image: lab.frogg.it:5050/doca/codehub-container-images/nginx:1.8.12
image: lab.frogg.it:5050/doca/codehub-container-images/nginx:4.16.1
resources:
requests:
cpu: 100m
......@@ -1674,7 +1674,7 @@ singleuser:
drop:
- ALL
- name: oauth
image: lab.frogg.it:5050/doca/codehub-container-images//oauth:1.8.12
image: lab.frogg.it:5050/doca/codehub-container-images//oauth:4.16.1
ports:
- containerPort: 9095
name: oauth
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment