dmc5179/quay_fips_deploy.sh

## quay_fips_deploy.sh
#!/bin/bash

WORKING_DIR=/tmp/
QUAY_NAMESPACE='quay-enterprise'
S3BUCKET=''
ACCESS_KEY=''
SECRET_KEY=''

mkdir -p "${WORKING_DIR}"
pushd "${WORKING_DIR}"

git clone https://github.com/quay/quay-operator

pushd quay-operator

oc new-project ${QUAY_NAMESPACE}
oc project ${QUAY_NAMESPACE}

oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'
echo "Disabling built in operator catalogs"
sleep 20

oc create -n openshift-marketplace -f ./deploy/quay-operator.catalogsource.yaml

# Wait for the operator catalog to deploy
echo "Waiting for the operator catalog to deploy"
sleep 20

oc create -n ${QUAY_NAMESPACE} -f ./deploy/quay-operator.operatorgroup.yaml

oc create -n ${QUAY_NAMESPACE} -f ./deploy/quay-operator.subscription.yaml

oc adm policy add-scc-to-user nonroot system:serviceaccount:${QUAY_NAMESPACE}:default

cat << EOF > quay-enterprise-redhat-pull-secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
  namespace: quay-enterprise
  name: redhat-pull-secret
data:
  .dockerconfigjson: 'eyJhdXRocyI6eyJxdWF5LmlvIjp7ImF1dGgiOiJjbVZrYUdGMEszRjFZWGs2VHpneFYxTklVbE5LVWpFMFZVRmFRa3MxTkVkUlNFcFRNRkF4VmpSRFRGZEJTbFl4V0RKRE5GTkVOMHRQTlRsRFVUbE9NMUpGTVRJMk1USllWVEZJVWc9PSIsImVtYWlsIjoiIn19fQo='
type: kubernetes.io/dockerconfigjson
EOF

oc create -n ${QUAY_NAMESPACE} -f quay-enterprise-redhat-pull-secret.yaml

cat << EOF > config.yaml
DISTRIBUTED_STORAGE_CONFIG:
  default:
  - S3Storage
  - s3_access_key: ${ACCESS_KEY}
    s3_bucket: ${S3BUCKET}
    s3_secret_key: ${SECRET_KEY}
    storage_path: /datastorage/registry
DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: []
DISTRIBUTED_STORAGE_PREFERENCE:
- default
EOF

oc create secret generic --from-file config.yaml=./config.yaml quay-config-bundle-abc123

cat << EOF > quay_registry.yaml
apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
  name: fipsmode
spec:
  configBundleSecret: quay-config-bundle-abc123
  components:
    - kind: postgres
      managed: true
    - kind: redis
      managed: true
    - kind: clair
      managed: true
    - kind: objectstorage
      managed: false
EOF

oc create -n ${QUAY_NAMESPACE} -f ./quay_registry.yaml
	#!/bin/bash

	WORKING_DIR=/tmp/
	QUAY_NAMESPACE='quay-enterprise'
	S3BUCKET=''
	ACCESS_KEY=''
	SECRET_KEY=''

	mkdir -p "${WORKING_DIR}"
	pushd "${WORKING_DIR}"

	git clone https://github.com/quay/quay-operator

	pushd quay-operator

	oc new-project ${QUAY_NAMESPACE}
	oc project ${QUAY_NAMESPACE}

	oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'
	echo "Disabling built in operator catalogs"
	sleep 20

	oc create -n openshift-marketplace -f ./deploy/quay-operator.catalogsource.yaml

	# Wait for the operator catalog to deploy
	echo "Waiting for the operator catalog to deploy"
	sleep 20

	oc create -n ${QUAY_NAMESPACE} -f ./deploy/quay-operator.operatorgroup.yaml

	oc create -n ${QUAY_NAMESPACE} -f ./deploy/quay-operator.subscription.yaml

	oc adm policy add-scc-to-user nonroot system:serviceaccount:${QUAY_NAMESPACE}:default

	cat << EOF > quay-enterprise-redhat-pull-secret.yaml
	---
	apiVersion: v1
	kind: Secret
	metadata:
	namespace: quay-enterprise
	name: redhat-pull-secret
	data:
	.dockerconfigjson: 'eyJhdXRocyI6eyJxdWF5LmlvIjp7ImF1dGgiOiJjbVZrYUdGMEszRjFZWGs2VHpneFYxTklVbE5LVWpFMFZVRmFRa3MxTkVkUlNFcFRNRkF4VmpSRFRGZEJTbFl4V0RKRE5GTkVOMHRQTlRsRFVUbE9NMUpGTVRJMk1USllWVEZJVWc9PSIsImVtYWlsIjoiIn19fQo='
	type: kubernetes.io/dockerconfigjson
	EOF

	oc create -n ${QUAY_NAMESPACE} -f quay-enterprise-redhat-pull-secret.yaml

	cat << EOF > config.yaml
	DISTRIBUTED_STORAGE_CONFIG:
	default:
	- S3Storage
	- s3_access_key: ${ACCESS_KEY}
	s3_bucket: ${S3BUCKET}
	s3_secret_key: ${SECRET_KEY}
	storage_path: /datastorage/registry
	DISTRIBUTED_STORAGE_DEFAULT_LOCATIONS: []
	DISTRIBUTED_STORAGE_PREFERENCE:
	- default
	EOF

	oc create secret generic --from-file config.yaml=./config.yaml quay-config-bundle-abc123

	cat << EOF > quay_registry.yaml
	apiVersion: quay.redhat.com/v1
	kind: QuayRegistry
	metadata:
	name: fipsmode
	spec:
	configBundleSecret: quay-config-bundle-abc123
	components:
	- kind: postgres
	managed: true
	- kind: redis
	managed: true
	- kind: clair
	managed: true
	- kind: objectstorage
	managed: false
	EOF

	oc create -n ${QUAY_NAMESPACE} -f ./quay_registry.yaml