diff --git a/cmd/git-sync/main.go b/cmd/git-sync/main.go index c79b58e..7af34b5 100644 --- a/cmd/git-sync/main.go +++ b/cmd/git-sync/main.go @@ -69,6 +69,9 @@ var flSSH = flag.Bool("ssh", envBool("GIT_SYNC_SSH", false), var flSSHKnownHosts = flag.Bool("ssh-known-hosts", envBool("GIT_KNOWN_HOSTS", true), "enable SSH known_hosts verification") +var flCookieFile = flag.Bool("cookie-file", envBool("GIT_COOKIE_FILE", false), + "use git cookiefile") + var log = newLoggerOrDie() func newLoggerOrDie() logr.Logger { @@ -160,6 +163,13 @@ func main() { } } + if *flCookieFile { + if err := setupGitCookieFile(); err != nil { + fmt.Fprintf(os.Stderr, "ERROR: can't set git cookie file: %v\n", err) + os.Exit(1) + } + } + // From here on, output goes through logging. log.V(0).Infof("starting up: %q", os.Args) @@ -503,3 +513,22 @@ func setupGitSSH(setupKnownHosts bool) error { return nil } + +func setupGitCookieFile() error { + log.V(1).Infof("configuring git cookie file") + + var pathToCookieFile = "/etc/git-secret/cookie_file" + + _, err := os.Stat(pathToCookieFile) + if err != nil { + return fmt.Errorf("error: could not find git cookie file: %v", err) + } + + cmd := exec.Command("git", "config", "--global", "http.cookiefile", pathToCookieFile) + output, err := cmd.CombinedOutput() + if err != nil { + return fmt.Errorf("error configuring git cookie file %v: %s", err, string(output)) + } + + return nil +} diff --git a/docs/cookie-file.md b/docs/cookie-file.md new file mode 100644 index 0000000..2b1d9fb --- /dev/null +++ b/docs/cookie-file.md @@ -0,0 +1,58 @@ +# Using an Http Cookie File with git-sync + +Git-sync supports use of an HTTP Cookie File for accessing git content. + +# Step 1: Create Secret + +First, create a secret file from the git cookie file you wish to +use. +``` +kubectl create secret generic git-cookie-file --from-file=cookie_file=~/.gitcookies +``` + +# Step 2: Configure Pod/Deployment Volume + +In your Pod or Deployment configuration, specify a Volume for mounting the +cookie-file Secret. Make sure to use the same name you used to create the +secret (`git-cookie-file` in the example above). +``` +volumes: [ + { + "name": "git-secret", + "secret": { + "secretName": "git-cookie-file", + } + }, + ... +], +``` + +# Step 2: Configure git-sync container + +In your git-sync container configuration, mount your cookiefile at +"/etc/git-secret". Ensure that the environment variable GIT_COOKIE_FILE +is set to true, and that GIT_SYNC_REPO is set to use a URL with the HTTP +protocol. +``` +{ + name: "git-sync", + ... + env: [ + { + name: "GIT_SYNC_REPO", + value: "https://github.com/kubernetes/kubernetes.git" + }, { + name: "GIT_COOKIE_FILE", + value: "true", + }, + ... + ] + volumeMounts: [ + { + "name": "git-secret", + "mountPath": "/etc/git-secret" + }, + ... + ], +} +```