kubernetes
/
git-sync
mirror of https://github.com/kubernetes/git-sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add gitcookie configuration option 

Add an option to specify a git http cookie file in the k8s yaml
that will be configured as the global git cookie file in the git-sync
client.

This is a useful access mechanism for some some hosted repositories
where SSH and passwords are not easily available, such as Google Cloud
Source Repositories.
This commit is contained in:
Bryce Cronkite-Ratcliff 2018-05-15 09:27:47 -07:00 committed by Tim Hockin
parent 71ea5e8473
commit f69e8fb2c0
2 changed files with 87 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
cmd/git-sync/main.go
View File

@ -69,6 +69,9 @@ var flSSH = flag.Bool("ssh", envBool("GIT_SYNC_SSH", false),
var flSSHKnownHosts = flag.Bool("ssh-known-hosts", envBool("GIT_KNOWN_HOSTS", true), var flSSHKnownHosts = flag.Bool("ssh-known-hosts", envBool("GIT_KNOWN_HOSTS", true),
"enable SSH known_hosts verification") "enable SSH known_hosts verification")
var flCookieFile = flag.Bool("cookie-file", envBool("GIT_COOKIE_FILE", false),
"use git cookiefile")
var log = newLoggerOrDie() var log = newLoggerOrDie()
func newLoggerOrDie() logr.Logger { func newLoggerOrDie() logr.Logger {
@ -160,6 +163,13 @@ func main() {
} }
} }
if *flCookieFile {
if err := setupGitCookieFile(); err != nil {
fmt.Fprintf(os.Stderr, "ERROR: can't set git cookie file: %v\n", err)
os.Exit(1)
}
}
// From here on, output goes through logging. // From here on, output goes through logging.
log.V(0).Infof("starting up: %q", os.Args) log.V(0).Infof("starting up: %q", os.Args)
@ -503,3 +513,22 @@ func setupGitSSH(setupKnownHosts bool) error {
return nil return nil
} }
func setupGitCookieFile() error {
log.V(1).Infof("configuring git cookie file")
var pathToCookieFile = "/etc/git-secret/cookie_file"
_, err := os.Stat(pathToCookieFile)
if err != nil {
return fmt.Errorf("error: could not find git cookie file: %v", err)
}
cmd := exec.Command("git", "config", "--global", "http.cookiefile", pathToCookieFile)
output, err := cmd.CombinedOutput()
if err != nil {
return fmt.Errorf("error configuring git cookie file %v: %s", err, string(output))
}
return nil
}

58
docs/cookie-file.md Normal file
View File

@ -0,0 +1,58 @@
# Using an Http Cookie File with git-sync
Git-sync supports use of an HTTP Cookie File for accessing git content.
# Step 1: Create Secret
First, create a secret file from the git cookie file you wish to
use.
```
kubectl create secret generic git-cookie-file --from-file=cookie_file=~/.gitcookies
```
# Step 2: Configure Pod/Deployment Volume
In your Pod or Deployment configuration, specify a Volume for mounting the
cookie-file Secret. Make sure to use the same name you used to create the
secret (`git-cookie-file` in the example above).
```
volumes: [
{
"name": "git-secret",
"secret": {
"secretName": "git-cookie-file",
}
},
...
],
```
# Step 2: Configure git-sync container
In your git-sync container configuration, mount your cookiefile at
"/etc/git-secret". Ensure that the environment variable GIT_COOKIE_FILE
is set to true, and that GIT_SYNC_REPO is set to use a URL with the HTTP
protocol.
```
{
name: "git-sync",
...
env: [
{
name: "GIT_SYNC_REPO",
value: "https://github.com/kubernetes/kubernetes.git"
}, {
name: "GIT_COOKIE_FILE",
value: "true",
},
...
]
volumeMounts: [
{
"name": "git-secret",
"mountPath": "/etc/git-secret"
},
...
],
}
```