The needed application manifests for the cluster are defined in the components/apps, while the configuration manifests for the cluster are defined in the components/configs.
Operator installed:
- openshift-gitops-operator (pre-installed)
- openshift-cert-manager-operator
- openshift-pipelines-operator
- customized
TektonConfigfor Tekton Chains
- customized
- rhtas-operator (Red Hat Trusted Artifact Signer)
- the
securesignresource is defined
- the
Other applications:
- cert-manager-webhook-for-hetzner
- SPIFFE/SPIRE (https://github.com/spiffe/helm-charts-hardened/)
- Argo Workflows (with a Dex server)
Configuration:
- basic RBAC for groups and users
- Certificates
- NTP configuration
- OAuth config
Note:
To configure spiffe as OIDC issuer for RHTAS (specifically for Fulcio), currently
needs to set ClientID to be Sigstore