Prerequisites for provisioning DevSecOps toolchain operations
Use these steps to provision DevSecOps toolchain operations. These steps are not required for a Terraform deployment of the DevSecOps toolchains.
Create a continuous delivery service
Continuous delivery supports the repositories and pipelines in the toolchain. To create a continuous delivery service, see Continuous Delivery.
You can evaluate the continuous delivery service for 30 days by using the lite plan.
Create a Kubernetes cluster
If you are using the Kubernetes variation of the DevSecOps Application Lifestyle Management deployable architecture, you need to create either a Kubernetes cluster, or a Red Hat OpenShift cluster.
While you are evaluating the service, you can use the free pricing plan. The cluster might take some time to provision. As the cluster is created, it progresses through the following stages: Deploying, Pending, and Ready. For more information, see Getting started with Container Registry.
Code Engine project
If you are using the Code Engine variation of the DevSecOps Application Lifestyle Management deployable architecture, you must have an account with permissions to create a Code Engine project. You can use an existing project, otherwise a project will be created automatically. For more information, see Managing user access and Managing projects.
Create a Container Registry namespace
- Create a Container Registry namespace. Container Registry provides a multi-tenant private image registry that you can use to store and share your container images with users in your IBM Cloud account.
- Select the location for your namespace, and click Create.
For more information, see Getting started with Container Registry.
Create a GPG signing key
Create an image signing key with the proper encoding to sign your application Docker images.
This key is required for the CI pipeline. The default secret name entry is signing_key
. For more information, see Generating a GPG key.
Create a GPG public key
This can be created using an existing GPG private key. It is required for the artifact signature validation step as part of the CD pipeline run. Alternatively this can be generated during a CI pipeline run by adding the print-code-signing-certificate
property and setting the value to 1
. The output should then be stored in a secrets provider. This is set by default from version 1.1.0
. For more information, see Generating a GPG public key.
Create an IBM Cloud API key
Create an API key.
Save the API key value by either copying, downloading it, or adding it to your vault. The default secret name entry is ibmcloud_api_key
.
Create an IBM Cloud® Object Storage instance (optional)
Create an IBM Cloud Object Storage instance and bucket.
For more information, see Configuring IBM Cloud Object Storage for storing evidence, and What is IBM Cloud Object Storage?
The default IBM Cloud Object Storage API key is cos_api_key
.