openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
bbb545cb0fcaa08f95e0853d83a491c841bbb333
openshift-docs/modules/op-configuring-ssh-authentication-for-git.adoc
Kathryn Alexander 90d985a0bb [enterprise-4.14] changing content type attribute
2023-10-30 10:13:25 -04:00

105 lines
3.4 KiB
Plaintext
Raw Blame History

// This module is included in the following assembly:
//
// *openshift-docs/cicd/pipelines/authenticating-pipelines-using-git-secret.adoc
:_mod-docs-content-type: PROCEDURE
[id="op-configuring-ssh-authentication-for-git_{context}"]
= Configuring SSH authentication for Git
[role="_abstract"]
For a pipeline to retrieve resources from repositories configured with SSH keys, you must configure the SSH-based authentication for that pipeline.
To configure SSH-based authentication for a pipeline, update the `secret.yaml`, `serviceaccount.yaml`, and `run.yaml` files with the credentials from the SSH private key for the specified repository. When you complete this process, {pipelines-shortname} can use that information to retrieve the specified pipeline resources.
[NOTE]
====
Consider using SSH-based authentication rather than basic authentication.
====
.Procedure
. Generate an link:https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent[SSH private key], or copy an existing private key, which is usually available in the `~/.ssh/id_rsa` file.
. In the `secret.yaml` file, set the value of `ssh-privatekey` to the content of the SSH private key file, and set the value of `known_hosts` to the content of the known hosts file.
+
[source,yaml,subs="attributes+"]
----
apiVersion: v1
kind: Secret
metadata:
name: ssh-key <1>
annotations:
tekton.dev/git-0: github.com
type: kubernetes.io/ssh-auth
stringData:
ssh-privatekey: <2>
known_hosts: <3>
----
<1> Name of the secret containing the SSH private key. In this example, `ssh-key`.
<2> The content of the SSH private key file.
<3> The content of the known hosts file.
+
[CAUTION]
====
If you omit the private key, {pipelines-shortname} accepts the public key of any server.
====
+
. Optional: To specify a custom SSH port, add `:<port number>` to the end of the `annotation` value. For example, `tekton.dev/git-0: github.com:2222`.
. In the `serviceaccount.yaml` file, associate the `ssh-key` secret with the `build-bot` service account.
+
[source,yaml,subs="attributes+"]
----
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-bot <1>
secrets:
- name: ssh-key <2>
----
<1> Name of the service account. In this example, `build-bot`.
<2> Name of the secret containing the SSH private key. In this example, `ssh-key`.
+
. In the `run.yaml` file, associate the service account with a task run or a pipeline run.
+
* Associate the service account with a task run:
+
[source,yaml,subs="attributes+"]
----
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: build-push-task-run-2 <1>
spec:
serviceAccountName: build-bot <2>
taskRef:
name: build-push <3>
----
<1> Name of the task run. In this example, `build-push-task-run-2`.
<2> Name of the service account. In this example, `build-bot`.
<3> Name of the task. In this example, `build-push`.
+
* Associate the service account with a pipeline run:
+
[source,yaml,subs="attributes+"]
----
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
name: demo-pipeline <1>
namespace: default
spec:
serviceAccountName: build-bot <2>
pipelineRef:
name: demo-pipeline <3>
----
<1> Name of the pipeline run. In this example, `demo-pipeline`.
<2> Name of the service account. In this example, `build-bot`.
<3> Name of the pipeline. In this example, `demo-pipeline`.
+
. Apply the changes.
+
[source,terminal]
----
$ oc apply --filename secret.yaml,serviceaccount.yaml,run.yaml
----
View Git Blame Copy Permalink