Brigade CI setup

Pre-reqs

• K8s cluster with RBAC enabled
• Helm installed with Tiller using a service account (see Helm set up step below)
• brig cli

Helm set up

kubectl -n kube-system create sa tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin --serviceaccount=kube-system:tiller
helm init --service-account tiller

Install brigade

helm repo add brigade https://brigadecore.github.io/charts
helm install --name brigade-server brigade/brigade --namespace ci --set gw.enabled=true

Generate a values file for a brigade project

helm inspect values brigade/brigade-project > values.yaml 

Customise the values file

You'll notice that the helm inspect command generates alot of output. This can be cut down to something like the following:

project: "bobclarke/gowiki"
repository: "github.com/bobclarke/gowiki"
cloneURL: "https://github.com/bobclarke/gowiki"
sharedSecret: "IBrakeForSeaBeasts"
github:
   token: "github oauth token"
allowPrivilegedJobs: “true"

secrets:
  username: jsmith
  password: mypassword

In practice, you'll probably want to split this into two files (let's call them values.yaml and secret-values.yaml), one of them for sensitive information that you'll want to exclude from Git..

values.yaml

project: "bobclarke/gowiki"
repository: "github.com/bobclarke/gowiki"
cloneURL: "https://github.com/bobclarke/gowiki"
github:
   token: "github oauth token"
allowPrivilegedJobs: “true"

secret-values.yaml

sharedSecret: IBrakeForSeaBeasts
secrets:
  username: jsmith
  password: mypassword

Create brigade project

helm install -n my-project brigade/brigade-project -f values.yaml -f secret-values.yaml  —namespace ci

Check the brigade project

brig project list -n ci
brig project get <project name> -n ci

Get the public IP of the brigade gateway service

kubectl get svc -n ci

Set up a webhook

• Navigate to https://github.com/<org>/<repo>/settings/hooks
• Click "add webhook"
• Set content type to "application/json"
• Set payload url to "http://<gw svc address>:7744/events/github"
• Set secret to the sharedSecret value in your secret-values.yaml (for example "IBrakeForSeaBeasts")