This is the Experimental version (Latest). It is under active development and may change. For the most reliable documentation, use the version selector in the top-right to switch to Stable, or click here to go to the Stable version's homepage.
Create Opstella Core Configuration
Last updated:
Opstella needs configuration for integration and orchestration between components.
You will be creating a YAML-structure information (Opstella Core Configuration) that specify a list of tools in DevSecOps, Observability (That you previously installed and done configurations.), and Kubernetes Cluster.
Alongside with Credentials, to allows Opstella to integrate and orchestrate with tools arcoss system.
Preparation
Section titled “Preparation”-
Ensure
BASE_DOMAIN,K8S_INTERNAL_DOMAINandORGANIZATION_NAMEare defined as per the Shell Variables guide. Additionally, export the following variables: -
Gather your Opstella Company/Organization Short Name
(Ensure
ORGANIZATION_NAMEis loaded from variables)
devopstool kind
Section titled “devopstool kind”-
Compose a
Section titled “Compose a devopstool Object Header”devopstoolObject HeaderTerminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yamlapiVersion: v1kind: devopstoolmeta:name: "devopstool"display_name: "devopstool"description: "DevSecOps Tools, Observability Tools, and Kubernetes Integration List"data:EOF -
Integration with Opstella Keycloak
Section titled “Integration with Opstella Keycloak”Specify your Keycloak Information
Ensure
KEYCLOAK_DOMAIN,KEYCLOAK_REALM,KEYCLOAK_ADMIN_USERNAMEandKEYCLOAK_ADMIN_PASSWORDare defined as per the Shell Variables guide.Create Keycloak Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "keycloak"slug: "keycloak"config:REALM: "${KEYCLOAK_REALM}"API_USER: "${KEYCLOAK_ADMIN_USERNAME}"BASE_URL: "https://${KEYCLOAK_DOMAIN}"API_PASSWORD: "${KEYCLOAK_ADMIN_PASSWORD}"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "OIDC"display_kind: "OIDC"detail:URL_DISPLAY: "https://${KEYCLOAK_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
Integration with DevSecOps
Section titled “Integration with DevSecOps” -
GitLab
Section titled “GitLab”Specify your GitLab Information
-
Domain
-
Access Token
-
Ensure
GITLAB_DOMAINis defined as per the Shell Variables guide.
(Ensure
GITLAB_ACCESS_TOKENis loaded from variables)Create GitLab Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "gitlab"slug: "gitlab"config:API_KEY: "${GITLAB_ACCESS_TOKEN}"API_URL: "https://${GITLAB_DOMAIN}/api/v4"CUSTOM_ATTRIBUTES_KEY: "OPSTEALLA-SLUG"HELM_TYPE: "ONECHART"HELM_REPLACE: "FALSE"HELM_REPO_URL: "https://chart.onechart.dev"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "VCS"display_kind: "VCS"detail:URL_DISPLAY: "https://${GITLAB_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
-
SonarQube
Section titled “SonarQube”Specify your SonarQube Information
- Domain
- Admin User Credentials
- Ensure
SONARQUBE_DOMAIN,SONARQUBE_ADMIN_USERNAMEandSONARQUBE_ADMIN_PASSWORDare defined as per the Shell Variables guide.
Create SonarQube Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "sonarqube"slug: "sonarqube"config:API_URL: "https://${SONARQUBE_DOMAIN}/api"API_USER: "${SONARQUBE_ADMIN_USERNAME}"API_PASSWORD: "${SONARQUBE_ADMIN_PASSWORD}"EDITION_LIST:- name: "DEVSECOPS"status: "COMPLETED"kind: "SECURITY"display_kind: "SAST"detail:URL_DISPLAY: "https://${SONARQUBE_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
Harbor
Section titled “Harbor”Specify your Harbor Information
- Domain
- Admin User Credentials
- Ensure
HARBOR_DOMAIN,HARBOR_ADMIN_USERNAMEandHARBOR_ADMIN_PASSWORDare defined as per the Shell Variables guide.
Create Harbor Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "harbor"slug: "harbor"config:API_URL: "https://${HARBOR_DOMAIN}/api/v2.0"API_USER: "${HARBOR_ADMIN_USERNAME}"SECRET_KEY: "${ORGANIZATION_NAME}-company"API_PASSWORD: "${HARBOR_ADMIN_PASSWORD}"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "ARTIFACT"display_kind: "Artifact"detail:URL_DISPLAY: "https://${HARBOR_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
Specify your Vault Information
- Domain
- Root Token
- Token will be
xyz.AbC123...dEf456format (28 Characters) - See more on: Gathering Vault Root Token from Auto-Unsealing Process
- Token will be
- Ensure
VAULT_DOMAINis defined as per the Shell Variables guide.
(Ensure
VAULT_ROOT_TOKENis loaded from variables)Create Vault Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "vault"slug: "vault"config:API_KEY: "${VAULT_ROOT_TOKEN}"API_URL: "https://${VAULT_DOMAIN}/v1"CUSTOM_ATTRIBUTES_KEY: "OPSTEALLA-SLUG"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "VAULT"display_kind: "Secret Management"detail:URL_DISPLAY: "https://${VAULT_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
DefectDojo
Section titled “DefectDojo”Specify your DefectDojo Information
- Domain
- Access Token
- Starts with
Token abc123... - Retrieve with DefectDojo Installation - Retrieve Access Token
- Starts with
- Ensure
DEFECTDOJO_DOMAINis defined as per the Shell Variables guide.
(Ensure
DEFECTDOJO_ACCESS_TOKENis loaded from variables)Create DefectDojo Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "defectdojo"slug: "defectdojo"config:API_KEY: "Token ${DEFECTDOJO_ADMIN_API_KEY}"API_URL: "https://${DEFECTDOJO_DOMAIN}/api/v2"CUSTOM_ATTRIBUTES_KEY: "OPSTEALLA-SLUG"EDITION_LIST:- name: "DEVSECOPS"status: "COMPLETED"kind: "VULNERABILITY"display_kind: "VULNERABILITY"detail:URL_DISPLAY: "https://${DEFECTDOJO_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
ArgoCD (Non-Production)
Section titled “ArgoCD (Non-Production)”Specify your ArgoCD (Non-Production) Information
- Domain
- Admin User Credentials
- Ensure
ARGOCD_NONPROD_DOMAIN,ARGOCD_NONPROD_ADMIN_USERNAMEandARGOCD_NONPROD_ADMIN_PASSWORDare defined as per the Shell Variables guide.
Create ArgoCD (Non-Production) Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "argocd-nonprod"slug: "argocd-nonprod"config:API_URL: "https://${ARGOCD_NONPROD_DOMAIN}/api/v1"API_USER: "${ARGOCD_NONPROD_ADMIN_USERNAME}"API_PASSWORD: "${ARGOCD_NONPROD_ADMIN_PASSWORD}"NAMESPACE: "devsecops-system"DEFAULT_REPO: "nginx"DEFAULT_PORT: "80"DEFAULT_IMAGE_TAG: "stable-alpine3.19-slim"CHART:NAME: "onechart"HELM_REPO_URL: "https://chart.onechart.dev"HELM_TARGET_REVISION: "0.73.0"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "DEPLOY"display_kind: "Deploy"detail:URL_DISPLAY: "https://${ARGOCD_NONPROD_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
ArgoCD (Production)
Section titled “ArgoCD (Production)”Specify your ArgoCD (Production) Information
- Domain
- Admin User Credentials
- Ensure
ARGOCD_PROD_DOMAIN,ARGOCD_PROD_ADMIN_USERNAMEandARGOCD_PROD_ADMIN_PASSWORDare defined as per the Shell Variables guide.
Create ArgoCD (Production) Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "argocd-prod"slug: "argocd-prod"config:API_URL: "https://${ARGOCD_PROD_DOMAIN}/api/v1"API_USER: "${ARGOCD_PROD_ADMIN_USERNAME}"API_PASSWORD: "${ARGOCD_PROD_ADMIN_PASSWORD}"NAMESPACE: "devsecops-system"DEFAULT_REPO: "nginx"DEFAULT_PORT: "80"DEFAULT_IMAGE_TAG: "stable-alpine3.19-slim"CHART:NAME: "onechart"HELM_REPO_URL: "https://chart.onechart.dev"HELM_TARGET_REVISION: "0.73.0"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "DEPLOY"display_kind: "Deploy"detail:URL_DISPLAY: "https://${ARGOCD_PROD_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
Headlamp (Non-Production)
Section titled “Headlamp (Non-Production)”Specify your Headlamp (Non-Production) Information
- Domain
- Ensure
HEADLAMP_NONPROD_DOMAINis defined as per the Shell Variables guide.
Create Headlamp (Non-Production) Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "headlamp-nonprod"slug: "headlamp-nonprod"config:BASE_URL: "https://${HEADLAMP_NONPROD_DOMAIN}/"WORKER_K8S: "kubernetes"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "CLUSTER"display_kind: "Deploy"cluster: falsedetail:URL_DISPLAY: "https://${HEADLAMP_NONPROD_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
Headlamp (Production)
Section titled “Headlamp (Production)”Specify your Headlamp (Production) Information
- Domain
- Ensure
HEADLAMP_PROD_DOMAINis defined as per the Shell Variables guide.
Create Headlamp (Production) Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "headlamp-prod"slug: "headlamp-prod"config:BASE_URL: "https://${HEADLAMP_PROD_DOMAIN}/"WORKER_K8S: "kubernetes"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "CLUSTER"display_kind: "Deploy"cluster: falsedetail:URL_DISPLAY: "https://${HEADLAMP_PROD_DOMAIN}/"DETAIL_DISPLAY: ""EOF -
Integration with Observability
Section titled “Integration with Observability” -
Grafana Dashboard + Grafana Mimir
Section titled “Grafana Dashboard + Grafana Mimir”Specify your Grafana Dashboard and Grafana Mimir Information
- Ensure
GRAFANA_DASHBOARD_DOMAIN,GRAFANA_MIMIR_DOMAIN,GRAFANA_DASHBOARD_ADMIN_USERNAMEandGRAFANA_DASHBOARD_ADMIN_PASSWORDare defined as per the Shell Variables guide.
(Ensure
GRAFANA_DASHBOARD_URL,GRAFANA_MIMIR_URL, andGRAFANA_MIMIR_HEALTHCHECK_URLare evaluated and loaded from variables)Create Grafana Dashboard and Grafana Mimir Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "grafana"slug: "grafana"config:API_URL: "${GRAFANA_DASHBOARD_URL}/api"API_USER: "${GRAFANA_DASHBOARD_ADMIN_USERNAME}"SECRET_KEY: "${ORGANIZATION_NAME}-company"API_PASSWORD: "${GRAFANA_DASHBOARD_ADMIN_PASSWORD}"DASHBOARD_TEMPLATE: "version8-with-alloy"DATA_SOURCE_CONNECTION:- url: "${GRAFANA_MIMIR_URL}/prometheus/"healthCheckUrl: "${GRAFANA_MIMIR_HEALTHCHECK_URL}"name: "Prometheus"type: "prometheus"user: ""access: "proxy"database: ""jsonData:httpMethod: "POST"httpHeaderName1: "X-Scope-OrgID"password: ""typeName: "Prometheus"basicAuth: falseisDefault: truesecureJsonData:httpHeaderValue1: "opstella-platform"- url: "${GRAFANA_MIMIR_URL}/prometheus/"healthCheckUrl: "${GRAFANA_MIMIR_HEALTHCHECK_URL}"name: "Mimir"type: "prometheus"user: ""access: "proxy"database: ""jsonData:httpMethod: "POST"httpHeaderName1: "X-Scope-OrgID"password: ""typeName: "Prometheus"basicAuth: falseisDefault: falseEDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "METRIC_MONITORING"display_kind: "Monitor"detail:URL_DISPLAY: "${GRAFANA_DASHBOARD_URL}/"DETAIL_DISPLAY: ""EOF - Ensure
-
Grafana Loki
Section titled “Grafana Loki”Specify your Grafana Loki Information
- Ensure
GRAFANA_LOKI_DOMAINandGRAFANA_DASHBOARD_URLare defined as per the Shell Variables guide.
(Ensure
GRAFANA_LOKI_URLand healthchecks are loaded from variables)Specify your Domains for
🟦 Non-Production DEV Workload(Ensure
GRAFANA_ALLOY_NONPROD_URLis loaded from variables)Specify your Domains for
🟥 Production PRD Workload(Ensure
GRAFANA_ALLOY_PROD_URLis loaded from variables)Create Grafana Loki Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "loki"slug: "loki"config:WEB_URL: "${GRAFANA_DASHBOARD_URL}"ENDPOINT: "${GRAFANA_LOKI_URL}"CONFIGMAP_NAME: "grafana-alloy"CONFIGMAP_NAMESPACE: "opstella-platform"DASHBOARD_WORKER_NAME: "grafana"HEALTH_CHECK_DATA:URL_READ: "${GRAFANA_LOKI_READ_HEALTHCHECK_URL}"URL_WRITE: "${GRAFANA_LOKI_WRITE_HEALTHCHECK_URL}"URL_BACKEND: "${GRAFANA_LOKI_BACKEND_HEALTHCHECK_URL}"AGENT_HEALTH_CHECK_URL: "${GRAFANA_ALLOY_NONPROD_URL}/workload/ready"AGENT_URL: "${GRAFANA_ALLOY_NONPROD_URL}"AGENT_EXPORTER_URL: "http://grafana-alloy-workload.observability-agents.svc.${K8S_INTERNAL_DOMAIN}:4317"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "LOG_SERVER"display_kind: "Log_server"detail:URL_DISPLAY: "${GRAFANA_DASHBOARD_URL}"DETAIL_DISPLAY: ""EOF - Ensure
-
Grafana Tempo
Section titled “Grafana Tempo”Specify your Domains for
🟦 Non-Production DEV Workload(Ensure
GRAFANA_ALLOY_NONPROD_URLis loaded from variables)Specify your Domains for
🟥 Production PRD Workload(Ensure
GRAFANA_ALLOY_PROD_URLis loaded from variables)Specify your Grafana Tempo Information
Ensure
GRAFANA_TEMPO_DOMAINandGRAFANA_DASHBOARD_URLare defined as per the Shell Variables guide.(Ensure
GRAFANA_TEMPO_URLand healthchecks are loaded from variables)Create Grafana Tempo Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "tempo"slug: "tempo"config:WEB_URL: "${GRAFANA_DASHBOARD_URL}"ENDPOINT: "${GRAFANA_TEMPO_URL}"AGENT_URL: "${GRAFANA_ALLOY_NONPROD_URL}"CONFIGMAP_NAME: "grafana-alloy-workload"CONFIGMAP_NAMESPACE: "observability-agents"DASHBOARD_WORKER_NAME: "grafana"HEALTH_CHECK_DATA :URL_TEMPO: "${GRAFANA_TEMPO_HEALTHCHECK_URL}"AGENT_EXPORTER_URL: "http://grafana-alloy-workload.observability-agents.svc.${K8S_INTERNAL_DOMAIN}:4317"AGENT_HEALTH_CHECK_URL: "${GRAFANA_ALLOY_NONPROD_HEALTHCHECK_URL}"EDITION_LIST:- name: "CONTAINER"- name: "DEVSECOPS"status: "COMPLETED"kind: "TRACING"display_kind: "Tracing"detail:URL_DISPLAY: "${GRAFANA_DASHBOARD_URL}"DETAIL_DISPLAY: ""EOF -
Integration with Application Deployment (Kubernetes)
Section titled “Integration with Application Deployment (Kubernetes)”Opstella Platform will need to divide into 2 groups, which are
NON-PRODandPRODNON-PRODcan be divided into multiple groups ofDEV,SIT,UATPRODcan be divided into multiple groups ofPREPRD,PRD
Non-Production Group Production Group DEV: Development Environment for DevelopersPRD: Production Environment for Go Live/Use by Actual External Users -
🟦 Non-Production DEV Workload Kubernetes Cluster
Section titled “🟦 Non-Production DEV Workload Kubernetes Cluster”18.1 Specify Information
(Ensure
K8S_DEV_CLUSTER_NAMEandK8S_DEV_API_ENDPOINTare loaded from variables)- Cluster API Certificate
K8S_DEV_API_CERT- Create and Retrieve with
OPSTELLA_ADMIN_CACERTAccessing Kubernetes Cluster(s) - Create Long-lived Access Token to Kubernetes
- Create and Retrieve with
- Cluster API Token
K8S_DEV_API_KEY- Create and Retrieve with
OPSTELLA_ADMIN_TOKENAccessing Kubernetes Cluster(s) - Create Long-lived Access Token to Kubernetes
- Create and Retrieve with
(Ensure
K8S_DEV_API_CERTandK8S_DEV_API_KEYare loaded from variables)18.2 Compose Kubernetes Configuration List
Terminal window export OPSTELLA_KUBECONFIG=$(cat <<EOF- HOST: "${K8S_DEV_API_ENDPOINT}"OIDC_HOST: ""API_KEY: "${K8S_DEV_API_KEY}"CA_CERT: "${K8S_DEV_API_CERT}"ENV: "DEV"GROUP: "NON-PROD"NAME: "${K8S_DEV_CLUSTER_NAME}"DOMAIN_NAME: "${BASE_DOMAIN}"SUB_DOMAIN: "dev"CLUSTER_TYPE: "onpremise"EOF)18.3 Compose Kubernetes Display List
Terminal window export OPSTELLA_KUBE_DISPLAY=$(cat <<EOF- HOST: "${K8S_DEV_API_ENDPOINT}"ENV: "DEV"GROUP: "NON-PROD"NAME: "${K8S_DEV_CLUSTER_NAME}"EOF) - Cluster API Certificate
-
🟥 Production PRD Workload Kubernetes Cluster
Section titled “🟥 Production PRD Workload Kubernetes Cluster”19.1 Specify Information
(Ensure
K8S_PRD_CLUSTER_NAMEandK8S_PRD_API_ENDPOINTare loaded from variables)- Cluster API Certificate
K8S_DEV_API_CERT- Create and Retrieve with
OPSTELLA_ADMIN_CACERTAccessing Kubernetes Cluster(s) - Create Long-lived Access Token to Kubernetes
- Create and Retrieve with
- Cluster API Token
K8S_DEV_API_KEY- Create and Retrieve with
OPSTELLA_ADMIN_TOKENAccessing Kubernetes Cluster(s) - Create Long-lived Access Token to Kubernetes
- Create and Retrieve with
(Ensure
K8S_PRD_API_CERTandK8S_PRD_API_KEYare loaded from variables)19.2 Compose Configuration List
Terminal window export OPSTELLA_KUBECONFIG=$(cat <<EOF${OPSTELLA_KUBECONFIG}- HOST: "${K8S_PRD_API_ENDPOINT}"OIDC_HOST: ""API_KEY: "${K8S_PRD_API_KEY}"CA_CERT: "${K8S_PRD_API_CERT}"ENV: "PRD"GROUP: "PROD"NAME: "${K8S_PRD_CLUSTER_NAME}"DOMAIN_NAME: "${BASE_DOMAIN}"SUB_DOMAIN: ""CLUSTER_TYPE: "onpremise"EOF)19.3 Compose Display Configuration List
Terminal window export OPSTELLA_KUBE_DISPLAY=$(cat <<EOF${OPSTELLA_KUBE_DISPLAY}- HOST: "${K8S_PRD_API_ENDPOINT}"ENV: "PRD"GROUP: "PROD"NAME: "${K8S_PRD_CLUSTER_NAME}"EOF) - Cluster API Certificate
-
🟢 Management Kubernetes Cluster
Section titled “🟢 Management Kubernetes Cluster”20.1 Specify Information
(Ensure
K8S_MGMT_CLUSTER_NAMEandK8S_MGMT_API_SERVERare loaded from variables)- Cluster API Certificate
K8S_DEV_API_CERT- Create and Retrieve with
OPSTELLA_ADMIN_CACERTAccessing Kubernetes Cluster(s) - Create Long-lived Access Token to Kubernetes
- Create and Retrieve with
- Cluster API Token
K8S_DEV_API_KEY- Create and Retrieve with
OPSTELLA_ADMIN_TOKENAccessing Kubernetes Cluster(s) - Create Long-lived Access Token to Kubernetes
- Create and Retrieve with
(Ensure
K8S_DSO_API_CERTandK8S_DSO_API_KEYare loaded from variables)20.2 Compose Configuration List
Terminal window export OPSTELLA_KUBECONFIG=$(cat <<EOF${OPSTELLA_KUBECONFIG}- HOST: "${K8S_MGMT_API_SERVER}"OIDC_HOST: ""API_KEY: "${K8S_MGMT_API_TOKEN}"CA_CERT: "${K8S_MGMT_API_CA_CERT}"ENV: "DEVOPS"GROUP: "NON-PROD"NAME: "${K8S_MGMT_CLUSTER_NAME}"DOMAIN_NAME: "${BASE_DOMAIN}"SUB_DOMAIN: ""CLUSTER_TYPE: "onpremise"EOF)20.3 Compose Display Configuration List
Terminal window export OPSTELLA_KUBE_DISPLAY=$(cat <<EOF${OPSTELLA_KUBE_DISPLAY}- HOST: "${K8S_MGMT_API_SERVER}"ENV: "DEVOPS"GROUP: "NON-PROD"NAME: "${K8S_MGMT_CLUSTER_NAME}"EOF) - Cluster API Certificate
-
Create Kubernetes Configuration Object
Terminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-devopstool.yaml- display_name: "kubernetes"slug: "kubernetes"config_devopstool:COMPANY_NAME: "${ORGANIZATION_NAME}"SECURITY_RULE:"pod-security.kubernetes.io/enforce": "privileged""pod-security.kubernetes.io/enforce-version": "latest""pod-security.kubernetes.io/warn": "baseline""pod-security.kubernetes.io/warn-version": "latest""pod-security.kubernetes.io/audit": "baseline""pod-security.kubernetes.io/audit-version": "latest"kind: "CLUSTER"display_kind: "Deploy"cluster: trueconfig:${OPSTELLA_MGMT_KUBECONFIG}detail:${OPSTELLA_MGMT_KUBE_DISPLAY}EOF
tag kind
Section titled “tag kind”Brief Explaination
tag kind Object of Opstella is used to catagorise a set of tools/instruments.
This is useful in Hybrid Environment configuration, consult further with Opstella Team for more advanced configuration scenarios.
-
Create
Section titled “Create tag Object Header”tagObject HeaderTerminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-tag-on-premise.yamlapiVersion: v1kind: tagmeta:display_name: On-Premisename: on-premisedescription: Component Tag for On-Premisegroups:EOF -
Create
Section titled “Create tag Object Body”tagObject BodyUsing all of the previously specified in
devopstoolkind as reference fromslugof each of tools/instruments -
Create
Section titled “Create gitlab Object/Group code Context”gitlabObject/GroupcodeContextFor this Tag, will interact with
DEVandPRDTerminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-tag-on-premise.yaml- display_name: "Code"color: "#FFB600"slug: "code"subgroups:- slug: "gitlab"env:- DEV- PRDEOF -
Create
Section titled “Create sonarqube, defectdojo Objects/Group pre-build Context”sonarqube,defectdojoObjects/Grouppre-buildContextFor this Tag, will interact with
DEVandPRDTerminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-tag-on-premise.yaml- display_name: "Pre-Build"color: "#D9D9D9CC"slug: "pre-build"subgroups:- slug: "sonarqube"env:- DEV- PRD- slug: "defectdojo"env:- DEV- PRDEOF -
Create
Section titled “Create harbor Object/Group build Context”harborObject/GroupbuildContextFor this Tag, will interact with
DEVandPRDTerminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-tag-on-premise.yaml- display_name: "Build"color: "#E1E6FB"slug: "build"subgroups:- slug: "harbor"env:- DEV- PRDEOF -
Create
Section titled “Create vault Object/Group pre-deploy Context”vaultObject/Grouppre-deployContextFor this Tag, will interact with
DEVandPRDTerminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-tag-on-premise.yaml- display_name: "Pre-Deploy"color: "#054FE259"slug: "pre-deploy"subgroups:- slug: "vault"env:- DEV- PRDEOF -
Create
Section titled “Create argocd-nonprod, argocd-prod, kubernetes Objects/Group deploy Context”argocd-nonprod,argocd-prod,kubernetesObjects/GroupdeployContextFor this Tag, will interact with
DEVandPRDTerminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-tag-on-premise.yaml- display_name: "Deploy"color: "#16D8CA33"slug: "deploy"subgroups:- slug: "argocd-nonprod"env:- DEV- slug: "argocd-prod"env:- PRD- slug: "kubernetes"cluster:- "${K8S_DSO_CLUSTER_NAME}"- "${K8S_DEV_CLUSTER_NAME}"- "${K8S_PRD_CLUSTER_NAME}"env:- DEV- PRDEOF -
Create
Section titled “Create grafana, loki, tempo Objects/Group observability Context”grafana,loki,tempoObjects/GroupobservabilityContextFor this Tag, will interact with
DEVandPRDTerminal window cat <<EOF >> $BASE_WORKING_DIR/assets/opstella-configs/opstella-backend-tag-on-premise.yaml- display_name: "Observability"color: "#E1472A66"slug: "observability"subgroups:- slug: "grafana"env:- DEV- PRD- slug: "loki"env:- DEV- PRD- slug: "tempo"env:- DEV- PRDEOF
Finished?
Use the below navigation to proceed