kubernetes
/
git-sync
mirror of https://github.com/kubernetes/git-sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update some docs to retrigger the scan

This commit is contained in:
Chuanying Du 2019-12-17 11:24:03 -08:00
parent 1f67515afa
commit 34daaefbb8
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
docs/ssh.md
View File

@ -11,7 +11,7 @@ This can be done one of two ways:
Obtain the host keys for your git server: Obtain the host keys for your git server:
``` ```bash
ssh-keyscan $YOUR_GIT_HOST > /tmp/known_hosts ssh-keyscan $YOUR_GIT_HOST > /tmp/known_hosts
``` ```
@ -19,8 +19,7 @@ Use the `kubectl create secret` command and point to the file on your
filesystem that stores the key. Ensure that the file is mapped to "ssh" as filesystem that stores the key. Ensure that the file is mapped to "ssh" as
shown (the file can be located anywhere). shown (the file can be located anywhere).
```bash
```
kubectl create secret generic git-creds \ kubectl create secret generic git-creds \
--from-file=ssh=$HOME/.ssh/id_rsa \ --from-file=ssh=$HOME/.ssh/id_rsa \
--from-file=known_hosts=/tmp/known_hosts --from-file=known_hosts=/tmp/known_hosts
@ -31,7 +30,7 @@ kubectl create secret generic git-creds \
Write a config file for a Secret that holds your SSH private key, with the key Write a config file for a Secret that holds your SSH private key, with the key
(pasted in base64 encoded plaintext) mapped to the "ssh" field. (pasted in base64 encoded plaintext) mapped to the "ssh" field.
``` ```json
{ {
"kind": "Secret", "kind": "Secret",
"apiVersion": "v1", "apiVersion": "v1",
@ -47,7 +46,7 @@ Write a config file for a Secret that holds your SSH private key, with the key
Create the Secret using `kubectl create -f`. Create the Secret using `kubectl create -f`.
``` ```bash
kubectl create -f /path/to/secret-config.json kubectl create -f /path/to/secret-config.json
``` ```
@ -57,7 +56,7 @@ In your Pod or Deployment configuration, specify a volume for mounting the
Secret. Ensure that secretName matches the name you used when creating the Secret. Ensure that secretName matches the name you used when creating the
Secret (e.g. "git-creds" used in both above examples). Secret (e.g. "git-creds" used in both above examples).
``` ```yaml
# ... # ...
volumes: volumes:
- name: git-secret - name: git-secret
@ -76,7 +75,7 @@ git@github.com/foo/bar) , and set the `-ssh` flags (or set GIT_SYNC_SSH to
"true"). You will also need to set your container's `securityContext` to run "true"). You will also need to set your container's `securityContext` to run
as user ID "65533" which is created for running git-sync as non-root. as user ID "65533" which is created for running git-sync as non-root.
``` ```yaml
# ... # ...
containers: containers:
- name: git-sync - name: git-sync
@ -97,7 +96,7 @@ as user ID "65533" which is created for running git-sync as non-root.
Lastly, you need to tell your Pod to run with the git-sync FS group. Note Lastly, you need to tell your Pod to run with the git-sync FS group. Note
that this is a Pod-wide setting, unlike the container `securityContext` above. that this is a Pod-wide setting, unlike the container `securityContext` above.
``` ```yaml
# ... # ...
securityContext: securityContext:
fsGroup: 65533 # to make SSH key readable fsGroup: 65533 # to make SSH key readable
@ -113,7 +112,7 @@ restrictive enough to be used as an SSH key), so make sure you set the
In case the above YAML snippets are confusing (because whitespace matters in In case the above YAML snippets are confusing (because whitespace matters in
YAML), here is a full example: YAML), here is a full example:
``` ```yaml
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata: