4

Accessing GitHub in Tekton Tasks on OpenShift

 3 years ago
source link: http://heidloff.net/article/accessing-github-in-tekton-tasks-on-openshift/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Accessing GitHub in Tekton Tasks on OpenShift

This article explains how to access GitHub repositories from Tekton tasks on behalf of specific users via ssh.

In my application modernization example I use Tekton pipelines to deploy the modernized cloud-native application. In order to access GitHub, you need to follow these four steps:

  1. Key Creation
  2. GitHub Configuration
  3. Kubernetes Secret Creation
  4. Usage in Tasks

Key Creation

First you need to create the public and private ssh keys.

$ ssh-keygen -t rsa -b 4096 -C "[email protected]"

Enter the file name, for example ‘/Users/niklasheidloff/.ssh/tekton’ and define no password.

GitHub Configuration

The public key needs to be defined in your GitHub settings.

Get the public key via a command like this and copy the key to the clipboard:

$ cat /Users/niklasheidloff/.ssh/tekton.pub

Open your GitHub settings https://github.com/settings/keys, create a new SSH key and paste it. Call the entry ‘tekton’.

Kubernetes Secret Creation

The private key needs to be put in a Kubernetes secret.

$ cat /Users/niklasheidloff/.ssh/tekton \| base64
$ export GITHUB_SSH_KEY_PRIVATE=your_private_key

This is a template yaml file for the secret:

apiVersion: v1
kind: Secret
metadata:
name: git-ssh-key
namespace: app-mod-argocd-pipelines
annotations:
tekton.dev/git-0: github.com
type: kubernetes.io/ssh-auth
data:
ssh-privatekey: <base64data>

Next the resource in the yaml file needs to be applied.

$ sed "s/<base64data>/${GITHUB_SSH_KEY_PRIVATE}/g" ${ROOT_FOLDER}/scripts-openshift-argocd/argocd-config/tekton-git-ssh-secret.yaml.template > ${ROOT_FOLDER}/scripts-openshift-argocd/argocd-config/tekton-git-ssh-secret.yaml
$ oc apply -f ${ROOT_FOLDER}/scripts-openshift-argocd/argocd-config/tekton-git-ssh-secret.yaml

Usage in Tasks

Check out the sample tasks:

The following snippet shows how to write changes to GitHub. The trick is to use the two lines ‘eval …’ and ‘ssh-add …’ which refer to the private key in the secret. Read the Tekton documentation for more details.

steps:
- name: commit-push-changes-gitops
image: alpine/git:v2.30.2
workingDir: "$(workspaces.config-source.path)"
script: |
#!/usr/bin/env sh
set -e
eval $(ssh-agent)
ssh-add ~/.ssh/id_*
git config --global user.email "[email protected]"
git config --global user.name "Tekton Pipeline"
git add .
git commit --allow-empty -m "[Tekton] updating $(params.environment)"
git push origin main

Note: The working directory needs to be the root path, for example “$(workspaces.config-source.path)”. Other directories cause some weird behaviour and access issues.

Next Steps

To learn more about Tekton, ArgoCD and application modernization, check out my repo.

Share this:


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK