mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 21:46:22 +01:00
98 lines
3.1 KiB
Plaintext
98 lines
3.1 KiB
Plaintext
// This module is included in the following assembly:
|
|
//
|
|
// *openshift-docs/cicd/pipelines/authenticating-pipelines-using-git-secret.adoc
|
|
|
|
:_content-type: PROCEDURE
|
|
[id="op-configuring-basic-authentication-for-git_{context}"]
|
|
= Configuring basic authentication for Git
|
|
|
|
[role="_abstract"]
|
|
For a pipeline to retrieve resources from password-protected repositories, you must configure the basic authentication for that pipeline.
|
|
|
|
To configure basic authentication for a pipeline, update the `secret.yaml`, `serviceaccount.yaml`, and `run.yaml` files with the credentials from the Git secret for the specified repository. When you complete this process, {pipelines-shortname} can use that information to retrieve the specified pipeline resources.
|
|
|
|
[NOTE]
|
|
====
|
|
For GitHub, authentication using plain password is deprecated. Instead, use a link:https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token[personal access token].
|
|
====
|
|
|
|
.Procedure
|
|
|
|
. In the `secret.yaml` file, specify the username and password or link:https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token[GitHub personal access token] to access the target Git repository.
|
|
+
|
|
[source,yaml,subs="attributes+"]
|
|
----
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: basic-user-pass <1>
|
|
annotations:
|
|
tekton.dev/git-0: https://github.com
|
|
type: kubernetes.io/basic-auth
|
|
stringData:
|
|
username: <2>
|
|
password: <3>
|
|
----
|
|
<1> Name of the secret. In this example, `basic-user-pass`.
|
|
<2> Username for the Git repository.
|
|
<3> Password for the Git repository.
|
|
|
|
+
|
|
. In the `serviceaccount.yaml` file, associate the secret with the appropriate service account.
|
|
+
|
|
[source,yaml,subs="attributes+"]
|
|
----
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: build-bot <1>
|
|
secrets:
|
|
- name: basic-user-pass <2>
|
|
----
|
|
<1> Name of the service account. In this example, `build-bot`.
|
|
<2> Name of the secret. In this example, `basic-user-pass`.
|
|
+
|
|
. In the `run.yaml` file, associate the service account with a task run or a pipeline run.
|
|
+
|
|
* Associate the service account with a task run:
|
|
+
|
|
[source,yaml,subs="attributes+"]
|
|
----
|
|
apiVersion: tekton.dev/v1beta1
|
|
kind: TaskRun
|
|
metadata:
|
|
name: build-push-task-run-2 <1>
|
|
spec:
|
|
serviceAccountName: build-bot <2>
|
|
taskRef:
|
|
name: build-push <3>
|
|
----
|
|
<1> Name of the task run. In this example, `build-push-task-run-2`.
|
|
<2> Name of the service account. In this example, `build-bot`.
|
|
<3> Name of the task. In this example, `build-push`.
|
|
+
|
|
* Associate the service account with a `PipelineRun` resource:
|
|
+
|
|
[source,yaml,subs="attributes+"]
|
|
----
|
|
apiVersion: tekton.dev/v1beta1
|
|
kind: PipelineRun
|
|
metadata:
|
|
name: demo-pipeline <1>
|
|
namespace: default
|
|
spec:
|
|
serviceAccountName: build-bot <2>
|
|
pipelineRef:
|
|
name: demo-pipeline <3>
|
|
----
|
|
<1> Name of the pipeline run. In this example, `demo-pipeline`.
|
|
<2> Name of the service account. In this example, `build-bot`.
|
|
<3> Name of the pipeline. In this example, `demo-pipeline`.
|
|
+
|
|
. Apply the changes.
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ kubectl apply --filename secret.yaml,serviceaccount.yaml,run.yaml
|
|
----
|