lcarva/chains-kind-create.sh

## chains-kind-create.sh
#!/bin/bash

set -euo pipefail

# Start from a clean slate
kind delete cluster

# Start a new kind cluster
# kind create cluster --image kindest/node:v1.24.13
kind create cluster

# Install Tekton
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
# kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.3/release.yaml

# Enable Useful Tekton Features
kubectl -n tekton-pipelines patch cm feature-flags -p '{"data":{
  "enable-tekton-oci-bundles": "true",
  "enable-api-fields": "alpha"
}}'

# Install Chains
# kubectl apply --filename https://storage.googleapis.com/tekton-releases/chains/previous/v0.14.0/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/chains/latest/release.yaml

# Configure Chains

kubectl -n tekton-chains patch cm chains-config -p '{"data": {
  "artifacts.oci.storage": "oci",
  "artifacts.pipelinerun.format": "in-toto",
  "artifacts.pipelinerun.storage": "oci",
  "artifacts.taskrun.format": "in-toto",
  "artifacts.taskrun.storage": "oci"
}}'

# Generate Signing Secret
COSIGN_PASSWORD=password cosign generate-key-pair k8s://tekton-chains/signing-secrets

## Namespace Setup

# Create a new namespace.
kubectl create namespace minimal-container

# Upload image registry secret and link to default service account.
kubectl -n default create secret docker-registry $USER \
  --from-file=.dockerconfigjson=$HOME/.docker/config.json

# Wait for default ServiceAccount
while true; do
    output="$(oc -n default get ServiceAccount default --ignore-not-found)"
    if [ -n "$output" ]; then
        break
    fi
done

# Link secret to service account
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "'$USER'"}]}'
kubectl patch serviceaccount default -p '{"secrets": [{"name": "'$USER'"}]}'
	#!/bin/bash

	set -euo pipefail

	# Start from a clean slate
	kind delete cluster

	# Start a new kind cluster
	# kind create cluster --image kindest/node:v1.24.13
	kind create cluster

	# Install Tekton
	kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
	# kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.41.3/release.yaml

	# Enable Useful Tekton Features
	kubectl -n tekton-pipelines patch cm feature-flags -p '{"data":{
	"enable-tekton-oci-bundles": "true",
	"enable-api-fields": "alpha"
	}}'

	# Install Chains
	# kubectl apply --filename https://storage.googleapis.com/tekton-releases/chains/previous/v0.14.0/release.yaml
	kubectl apply --filename https://storage.googleapis.com/tekton-releases/chains/latest/release.yaml

	# Configure Chains

	kubectl -n tekton-chains patch cm chains-config -p '{"data": {
	"artifacts.oci.storage": "oci",
	"artifacts.pipelinerun.format": "in-toto",
	"artifacts.pipelinerun.storage": "oci",
	"artifacts.taskrun.format": "in-toto",
	"artifacts.taskrun.storage": "oci"
	}}'

	# Generate Signing Secret
	COSIGN_PASSWORD=password cosign generate-key-pair k8s://tekton-chains/signing-secrets

	## Namespace Setup

	# Create a new namespace.
	kubectl create namespace minimal-container

	# Upload image registry secret and link to default service account.
	kubectl -n default create secret docker-registry $USER \
	--from-file=.dockerconfigjson=$HOME/.docker/config.json

	# Wait for default ServiceAccount
	while true; do
	output="$(oc -n default get ServiceAccount default --ignore-not-found)"
	if [ -n "$output" ]; then
	break
	fi
	done

	# Link secret to service account
	kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "'$USER'"}]}'
	kubectl patch serviceaccount default -p '{"secrets": [{"name": "'$USER'"}]}'