diff --git a/git-ssh/README.md b/git-ssh/README.md new file mode 100644 index 0000000000..ce965ad4ed --- /dev/null +++ b/git-ssh/README.md @@ -0,0 +1,35 @@ +git-clone ssh +==== + +Prepare secrets for ssh authentication. + +### Prepare known_hosts file +Example using github.com as host + +1. Create file with known_hosts (you may also want to verify this further) + + ssh-keyscan github.com > ssh_known_hosts + +2. Create secret from file + + kubectl create secret generic github-known-hosts --from-file=ssh_known_hosts + +### Generate and distribute SSH key pair +Generate a separate SSH key pair for Tekton + +1. Generate keypair to local file + + ssh-keygen -t rsa -b 4096 -f id_rsa -q -N "" + +2. Create a secret from the private key + + kubectl create secret generic github-private-key --from-file=id_rsa + +3. Upload the public key id_rsa.pub to GitHub + + Start with copying the content of the public key with + + pbcopy < id_rsa.pub + + And follow [Adding a new SSH key to your GitHub account](https://help.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account) +~ \ No newline at end of file diff --git a/git-ssh/git-clone-ssh.yaml b/git-ssh/git-clone-ssh.yaml new file mode 100644 index 0000000000..ebf6a60aa2 --- /dev/null +++ b/git-ssh/git-clone-ssh.yaml @@ -0,0 +1,28 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: git-clone-ssh +spec: + workspaces: + - name: output + description: The git repo will be cloned onto the volume backing this workspace + params: + - name: url + type: string + description: git url to clone + steps: + - name: git-clone + image: bitnami/git:2.26.2 + command: ['git', '-c', 'core.sshCommand=ssh -i /etc/ssh/id_rsa', 'clone', '$(params.url)', '$(workspaces.output.path)'] + volumeMounts: + - mountPath: /etc/ssh + name: ssh-auth + volumes: + - name: ssh-auth + projected: + defaultMode: 0400 + sources: + - secret: + name: github-known-hosts + - secret: + name: github-private-key