kubernetes
/
git-sync
mirror of https://github.com/kubernetes/git-sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix docs

This commit is contained in:
Chuanying Du 2019-12-18 10:52:02 -08:00
parent 34daaefbb8
commit c57553a2eb
3 changed files with 35 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
docs/askpass-url.md
View File

@ -2,9 +2,9 @@
## Step 1: Create a GIT_ASKPASS HTTP Service
The GIT ASKPASS Service expose via HTTP and provide the answer to GIT_ASKPASS.
The GIT ASKPASS Service is exposed via HTTP and provide the answer to GIT_ASKPASS.
Example of the servcie's output, see more at <https://git-scm.com/docs/gitcredentials>
Example of the service's output, see more at <https://git-scm.com/docs/gitcredentials>
```json
username=xxx@example.com
@ -18,23 +18,19 @@ In your git-sync container configuration, specify the GIT_ASKPASS_URL
The credentials will pass in plain text, make sure the connection between git-sync
and GIT ASKPASS Service are secure.
The recommended way is the ASKPASS Service running within the same pod as git-sync.
The recommended situation are:
See <https://github.com/cydu-cloud/git-askpass-gce-node> as a full example which use GCE Node Service Account credential to access Google Cloud Source Repo.
* ASKPASS Service running within the same pod as git-sync.
* ASKPASS Service rely on [GCE metadata](https://cloud.google.com/compute/docs/storing-retrieving-metadata) to get service account's credential to access Google Cloud Source Repo.
```json
{
name: "git-sync",
See <https://github.com/cydu-cloud/git-askpass-gce-node> as a full example.
```yaml
name: "git-sync"
...
env: [
{
name: "GIT_SYNC_REPO",
env:
- name: "GIT_SYNC_REPO",
value: "https://source.developers.google.com/p/[GCP PROJECT ID]/r/[REPO NAME]"
}, {
name: "GIT_ASKPASS_URL",
- name: "GIT_ASKPASS_URL",
value: "http://localhost:9102/git_askpass",
},
...
]
}
```

48
docs/cookie-file.md
View File

@ -22,16 +22,12 @@ In your Pod or Deployment configuration, specify a Volume for mounting the
cookie-file Secret. Make sure to set `secretName` to the same name you used to
create the secret (`git-cookie-file` in the example above).
```json
volumes: [
{
"name": "git-secret",
"secret": {
"secretName": "git-cookie-file",
}
},
...
],
```yaml
volumes:
- name: git-secret
secret:
secretName: git-cookie-file
defaultMode: 0440
```
## Step 3: Configure git-sync container
@ -42,26 +38,16 @@ environment variable `GIT_COOKIE_FILE` to "true", and to use a git repo
(`--repo` flag or `GIT_SYNC_REPO` env) is set to use a URL with the HTTP
protocol.
```json
{
name: "git-sync",
```yaml
name: "git-sync"
...
env: [
{
name: "GIT_SYNC_REPO",
value: "https://github.com/kubernetes/kubernetes.git"
}, {
name: "GIT_COOKIE_FILE",
value: "true",
},
...
]
volumeMounts: [
{
"name": "git-secret",
"mountPath": "/etc/git-secret"
},
...
],
}
env:
- name: GIT_SYNC_REPO
value: https://github.com/kubernetes/kubernetes.git
- name: GIT_COOKIE_FILE
value: true
volumeMounts:
- name: git-secret
mountPath: /etc/git-secret
readOnly: true
```

3
docs/ssh.md
View File

@ -130,7 +130,7 @@ spec:
- name: git-secret
secret:
secretName: git-creds
defaultMode: 288 # = mode 0440
defaultMode: 0440
containers:
- name: git-sync
image: k8s.gcr.io/git-sync:v3.1.1
@ -145,6 +145,7 @@ spec:
volumeMounts:
- name: git-secret
mountPath: /etc/git-secret
readOnly: true
securityContext:
fsGroup: 65533 # to make SSH key readable
```