RHDEVDOCS-4233| Documented guidance on authentication strategies for pipelines #57140
Conversation
openshift-ci
bot
added
the
size/L
|
🤖 Updated build preview is available at: Build log: https://circleci.com/gh/ocpdocs-previewbot/openshift-docs/13649 |
cicd/pipelines/authenticating-pipelines-and-tasks-using-secrets.adoc
Outdated
Show resolved
Hide resolved
…(git, image registry)
gtrivedi88
force-pushed
the
RHDEVDOCS-4233
branch
from
851bff9
to
29e04b7
Compare
|
@ppitonak @VeereshAradhya This PR is ready for QE review. |
|
|
||
| . Create a Task called `git-clone` that clones a git repository using SSH authentication. | ||
|
|
||
| . Define workspaces, describe the process to create a secret, and bind it to the workspace. For example: |
There was a problem hiding this comment.
- I don't understand this part
describe the process to create a secret - I split this point into two - one would only talk about how to create a secret, another one would talk about workspace declaration in task and binding.
| + | ||
| [NOTE] | ||
| ==== | ||
| To create the above secret, run `$ kubectl create secret generic my-github-ssh-credentials \ |
|
|
||
| == git-clone Task | ||
|
|
||
| This approach involves creating a task called `git-clone`, which clones a git repository using SSH authentication. The following are the steps to use Secrets and Workspace in Tekton Pipelines: |
There was a problem hiding this comment.
We already ship git-clone clustertask, can't we just show how it looks like and describe how to use secrets with it?
There was a problem hiding this comment.
Hello @vdemeester , can we use the already existing git-clone clustertask in this case?
There was a problem hiding this comment.
@ppitonak , according to tekton documentation, clustertasks are deprecated. As Red Hat, are we still shipping them downstream? (CC @mramendi )
| --param url=git@github.com:<username>/buildkit-tekton \ | ||
| --workspace name=output,emptyDir="" \ | ||
| --workspace name=ssh-directory,secret=my-github-ssh-credentials \ | ||
| --use-param-defaults --showlog` |
There was a problem hiding this comment.
This command is rendered on a single line, in that case backslashes are not necessary
|
|
||
| Following are the steps involved in using a Docker configuration file inside a Tekton pipeline task. | ||
|
|
||
| . Define a Tekton Task in your Kubernetes cluster with a reference to Skopeo image that copies a docker image to a specified repository. |
There was a problem hiding this comment.
Kubernetes cluster -> OpenShift cluster
| mountPath: /optional-workspace | ||
| ---- | ||
|
|
||
| .Example: A modified git clone task to incorporate the optional Workspace feature. |
| cp "$(workspaces.basic_auth.path)/.gitconfig" "${HOME}/.gitconfig" | ||
| chmod 400 "${HOME}/.git-credentials" | ||
| chmod 400 "${HOME}/.gitconfig" | ||
| fi |
There was a problem hiding this comment.
This is basically a code from our own task but I miss the context here.
|
|
||
| * kubernetes.io/basic-auth : basic authentications | ||
|
|
||
| * kubernetes.io/dockercfg : serialized ~/.dockercfg file kubernetes.io/dockerconfigjson : serialized ~/.docker/config.json file |
There was a problem hiding this comment.
kubernetes.io/dockerconfigjson should be a new bullet point
| ---- | ||
| # For a TaskRun | ||
|
|
||
| apiVersion: tekton.dev/v1beta1 |
| metadata: | ||
| name: build-with-basic-auth | ||
| spec: | ||
| serviceAccountName: build-bot |
There was a problem hiding this comment.
v1 API uses different syntax https://tekton.dev/docs/pipelines/migrating-v1beta1-to-v1/#changes-to-fields
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci
bot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
openshift-ci
bot
removed
the
lifecycle/stale
openshift-merge-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
This PR is now being tracked with this PR-66069 |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci
bot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
openshift-ci
bot
added
lifecycle/rotten
|
/remove-lifecycle rotten |
openshift-ci
bot
removed
the
lifecycle/rotten
|
@gtrivedi88 I mistakenly removed the rotten lifecycle. Could you please close this PR? Teh up-to-date PR on this issue is #70384 |
|
@mramendi As you suggested. I've closed this PR. |
enterprise-4.10,enterprise-4.11,enterprise-4.12, andenterprise-4.13