mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-06 15:46:57 +01:00
93e5e2b271
draft side frills minor corrections refactoring modifying aaaitional resources some more tweaks to xref anchors intermediate changes based on comments incorporating review comments incorporating review comments removed vale related stuff from gitignore small correction
97 lines
3.0 KiB
Plaintext
97 lines
3.0 KiB
Plaintext
// This module is included in the following assembly:
|
|
//
|
|
// *openshift-docs/cicd/pipelines/authenticating-pipelines-using-git-secret.adoc
|
|
|
|
[id="op-configuring-basic-authentication-for-git_{context}"]
|
|
= Configuring basic authentication for Git
|
|
|
|
[role="_abstract"]
|
|
For a pipeline to retrieve resources from password-protected repositories, you must configure the basic authentication for that pipeline.
|
|
|
|
To configure basic authentication for a pipeline, update the `secret.yaml`, `serviceaccount.yaml`, and `run.yaml` files with the credentials from the Git secret for the specified repository. When you complete this process, {pipelines-shortname} can use that information to retrieve the specified pipeline resources.
|
|
|
|
[NOTE]
|
|
====
|
|
For GitHub, authentication using plain password is deprecated. Instead, use a link:https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token[personal access token].
|
|
====
|
|
|
|
.Procedure
|
|
|
|
. In the `secret.yaml` file, specify the username and password or link:https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token[GitHub personal access token] to access the target Git repository.
|
|
+
|
|
[source,yaml,subs="attributes+"]
|
|
----
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: basic-user-pass <1>
|
|
annotations:
|
|
tekton.dev/git-0: https://github.com
|
|
type: kubernetes.io/basic-auth
|
|
stringData:
|
|
username: <2>
|
|
password: <3>
|
|
----
|
|
<1> Name of the secret. In this example, `basic-user-pass`.
|
|
<2> Username for the Git repository.
|
|
<3> Password for the Git repository.
|
|
|
|
+
|
|
. In the `serviceaccount.yaml` file, associate the secret with the appropriate service account.
|
|
+
|
|
[source,yaml,subs="attributes+"]
|
|
----
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: build-bot <1>
|
|
secrets:
|
|
- name: basic-user-pass <2>
|
|
----
|
|
<1> Name of the service account. In this example, `build-bot`.
|
|
<2> Name of the secret. In this example, `basic-user-pass`.
|
|
+
|
|
. In the `run.yaml` file, associate the service account with a task run or a pipeline run.
|
|
+
|
|
* Associate the service account with a task run:
|
|
+
|
|
[source,yaml,subs="attributes+"]
|
|
----
|
|
apiVersion: tekton.dev/v1beta1
|
|
kind: TaskRun
|
|
metadata:
|
|
name: build-push-task-run-2 <1>
|
|
spec:
|
|
serviceAccountName: build-bot <2>
|
|
taskRef:
|
|
name: build-push <3>
|
|
----
|
|
<1> Name of the task run. In this example, `build-push-task-run-2`.
|
|
<2> Name of the service account. In this example, `build-bot`.
|
|
<3> Name of the task. In this example, `build-push`.
|
|
+
|
|
* Associate the service account with a `PipelineRun` resource:
|
|
+
|
|
[source,yaml,subs="attributes+"]
|
|
----
|
|
apiVersion: tekton.dev/v1beta1
|
|
kind: PipelineRun
|
|
metadata:
|
|
name: demo-pipeline <1>
|
|
namespace: default
|
|
spec:
|
|
serviceAccountName: build-bot <2>
|
|
pipelineRef:
|
|
name: demo-pipeline <3>
|
|
----
|
|
<1> Name of the pipeline run. In this example, `demo-pipeline`.
|
|
<2> Name of the service account. In this example, `build-bot`.
|
|
<3> Name of the pipeline. In this example, `demo-pipeline`.
|
|
+
|
|
. Apply the changes.
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ kubectl apply --filename secret.yaml,serviceaccount.yaml,run.yaml
|
|
----
|