New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(Query) How can I clone GitLab private repository to my k8s container safely(ssh or https no matter)? #126
Comments
There are a couple ways to auth.
You can use `-username` and `-password`, you can use `-ssh`, or you can use
`-cookie-file`. I don't know which are available in gitlab.
For username/password you can create a kubernetes Secret and load that via
an environment variable and `valueFrom` (so it doesn't appear in your pod
spec, and so you can update the password dynamically).
For SSH you need to have uploaded the key to your git server. You can
create a Secret again, but this time use it as a volume. when you clone
via SSH (e.g. ssh://user@host/path or user@host:path), git will try to use
the key pair to authenticate you.
I don't know much about cookie file, honestly. It seems to be poorly
documented even on the web at large and site-specific.
You say you tried SSH, but you didn't say how it "didn't work".
…On Mon, Jan 14, 2019 at 5:18 AM 최준영 ***@***.***> wrote:
I want to cloning git repository to my k8s container.
I can get success with github repository. The yaml file likes below:
apiVersion: v1kind: Podmetadata:
name: syncrepo-volume-pod-testspec:
containers:
- image: k8s.gcr.io/git-sync:v3.0.1
name: test-server
volumeMounts:
- name: git-source
mountPath: /tmp/git
env:
- name: GIT_SYNC_REPO
value: https://github.com/myrepo.git ##Changing value
- name: GIT_SYNC_DEST
value: git-sync
volumes:
- name: git-source
emptyDir: {}
But when I change GIT_SYNC_REPO to GitLab repository the error comes out:
apiVersion: v1kind: Podmetadata:
name: syncrepo-volume-pod-testspec:
containers:
- image: k8s.gcr.io/git-sync:v3.0.1
name: test-server
volumeMounts:
- name: git-source
mountPath: /tmp/git
env:
- name: GIT_SYNC_REPO
value: https://gitlab.privatedomain.com/myrepo.git ##Changing value
- name: GIT_SYNC_DEST
value: git-sync
volumes:
- name: git-source
emptyDir: {}
kubectl logs syncrepo-volume-pod-test says:
I0114 13:05:33.800696 1 main.go:179] starting up: ["/git-sync"]
E0114 13:05:33.841060 1 main.go:186] error syncing repo: error running command: exit status 128: "Cloning into '/tmp/git'...\nfatal: could not read Username for 'https://gitlab.privatedomain.com': No such device or address\n"
I can pass my gitlab account and gitlab password like below, but I think
it's very insecure:
apiVersion: v1kind: Podmetadata:
name: syncrepo-volume-pod-testspec:
containers:
- image: k8s.gcr.io/git-sync:v3.0.1
name: test-server
volumeMounts:
- name: git-source
mountPath: /tmp/git
env:
- name: GIT_SYNC_REPO
value: ***@***.***/myrepo.git ##Changing value
- name: GIT_SYNC_DEST
value: git-sync
volumes:
- name: git-source
emptyDir: {}
I can see my account and password information at the pod description:
kubectl describe pod syncrepo-volume-pod-test
Name: syncrepo-volume-pod-test
Namespace: default
..
.
..
Restart Count: 0
Requests:
cpu: 100m
Environment:
GIT_SYNC_REPO: ***@***.***/myrepo.git
GIT_SYNC_DEST: git-sync
Mounts:
/tmp/git from git-source (rw)
..
.
..
I read the docs about ssh
https://github.com/kubernetes/git-sync/blob/master/docs/ssh.md
but it didn't work...
Also tried to https, but I don't know what the gitcookie is...
Sorry, my English is bad.
Can you please give me some hints or help?
Thanks!
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#126>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AFVgVG2KrZfXU1QCXdjli2HYFdcRQd-vks5vDIOkgaJpZM4Z-Oyp>
.
|
@thockin First, I scanned known_hosts from my GitLab server: Second, made a k8s secret: Write a yaml file: apiVersion: v1
kind: Pod
metadata:
name: syncrepo-volume-pod-test
spec:
containers:
- image: k8s.gcr.io/git-sync:v3.0.1
name: test-server
volumeMounts:
- name: git-source
mountPath: /tmp/git
- name: git-secret
mountPath: /etc/git-secret
env:
- name: GIT_SYNC_REPO
value: https://gitlab.privatedomain.com/myrepo.git ##Changing value
- name: GIT_SYNC_DEST
value: git-sync
- name: GIT_SYNC_SSH
value: "true"
volumes:
- name: git-secret
secret:
secretName: git-creds
defaultMode: 256
- name: git-source
emptyDir: {} make a pod: describing pod:
logging pod:
How can I debug more? |
My GitLab server runs on the Docker. I think it could be a cause of matter. And then, how can I |
Don't use the |
my mistake... I’ll try using ssh url and follow up the issue. |
After I changed my yaml to use apiVersion: v1
kind: Pod
metadata:
name: syncrepo-volume-pod-test
spec:
containers:
- image: k8s.gcr.io/git-sync:v3.0.1
name: test-server
volumeMounts:
- name: git-source
mountPath: /tmp/git
- name: git-secret
mountPath: /etc/git-secret
env:
- name: GIT_SYNC_REPO
value: git@gitlab.privatedomain.com/myrepo.git
- name: GIT_SYNC_DEST
value: git-sync
- name: GIT_SYNC_SSH
value: "true"
volumes:
- name: git-secret
secret:
secretName: git-creds
defaultMode: 256
- name: git-source
emptyDir: {} the pod runs normally... But I can't see my Nothing comes out... 😢 |
What do your logs ( |
|
oh, and pod died again... |
Can't reproduce this last failure. Seems to work with my test setup. |
No, I can't cloning my repo to alpine linux..
I added a
I think my git repo has a problem... In my company, we made the GitLab server by Docker.
|
apiVersion: v1
kind: Pod
metadata:
name: syncrepo-volume-pod-test
spec:
containers:
- image: k8s.gcr.io/git-sync:v3.0.1
name: test-server
volumeMounts:
- name: git-source
mountPath: /tmp/git
env:
- name: GIT_SYNC_REPO
value: https://gitlab.privatedomain.com/myrepo.git ##Changing value
- name: GIT_SYNC_BRANCH
value: production
- name: GIT_SYNC_DEPTH
value: "1"
- name: GIT_SYNC_DEST
value: git-sync
- name: GIT_SYNC_USERNAME
valueFrom:
secretKeyRef:
name: git-creds
key: username
- name: GIT_SYNC_PASSWORD
valueFrom:
secretKeyRef:
name: git-creds
key: password
volumes:
- name: git-source
emptyDir: {} |
I want to cloning git repository to my k8s container.
I can get success with
github
repository. The yaml file likes below:But when I change
GIT_SYNC_REPO
to GitLab repository the error comes out:kubectl logs syncrepo-volume-pod-test
says:I can pass my gitlab account and gitlab password like below, but I think it's very insecure:
I can see my account and password information at the pod description:
kubectl describe pod syncrepo-volume-pod-test
I read the docs about
ssh
https://github.com/kubernetes/git-sync/blob/master/docs/ssh.mdbut it didn't work...
Also tried to
https
, but I don't know what thegitcookie
is...Sorry, my English is bad.
Can you please give me some hints or help?
Thanks!
The text was updated successfully, but these errors were encountered: