kubernetes
/
git-sync
mirror of https://github.com/kubernetes/git-sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
A sidecar app which clones a git repo and keeps it in sync with the upstream.
406 Commits 5 Branches 57 Tags 19 MiB
Shell 49.8%
Go 45.9%
Makefile 3%
Dockerfile 1.3%
Go to file
Tim Hockin 45b28530a7 Fix exit non-zero exit codes when running as pid1 
(v4 branch)

Prior to this we would swallow the exit code and always exit(0).
 		2021-03-15 09:28:26 -07:00
_test_tools Use docker to run helper servers in e2e 2021-01-23 15:59:24 -08:00
build Use vendor and build automatic build cache 2019-03-25 08:54:44 -07:00
cmd/git-sync Fix exit non-zero exit codes when running as pid1 2021-03-15 09:28:26 -07:00
demo Don't allow --dest to start with a dot 2020-11-09 08:36:10 -08:00
docs Add an example pod YAML 2021-01-20 16:28:57 -08:00
pkg Fix exit non-zero exit codes when running as pid1 2021-03-15 09:28:26 -07:00
vendor Add help and manual flags, use pflag 2020-10-31 00:50:51 -07:00
.gitignore Fix multi-arch build support 2020-09-04 23:01:45 -07:00
CONTRIBUTING.md Change CONTRIBUTING.md to CNCF CLA 2020-12-23 10:59:38 -08:00
Dockerfile.in Update git from backports 2021-03-11 22:11:35 -08:00
LICENSE Initial commit 2016-08-20 14:09:57 -07:00
Makefile Build container without cache 2021-03-11 19:25:01 -08:00
OWNERS OWNERS wants 'approvers' not 'maintainers' 2019-01-15 08:39:42 -08:00
README.md Add the `--root` flag into the Usage section 2020-11-17 18:44:35 -08:00
RELEASING.md Clean up / document build and release 2019-01-25 10:45:09 -08:00
SECURITY.md Add SECURITY.md 2020-07-27 16:00:54 -06:00
SECURITY_CONTACTS Update embargo doc link in SECURITY_OWNERS and changes PST to PSC 2019-03-08 10:23:48 -07:00
askpass_git.sh Fix askpass tests 2019-12-30 15:32:52 -08:00
code-of-conduct.md Update code-of-conduct.md 2017-12-20 13:32:20 -05:00
go.mod Add help and manual flags, use pflag 2020-10-31 00:50:51 -07:00
go.sum Add help and manual flags, use pflag 2020-10-31 00:50:51 -07:00
slow_git.sh Make health check meaningful 2020-01-09 17:20:11 -08:00
test_e2e.sh Fix exit non-zero exit codes when running as pid1 2021-03-15 09:28:26 -07:00
test_sync_hook_command.sh add e2e test for --sync-hook-command 2020-10-02 19:29:21 +09:00

README.md

git-sync

git-sync is a simple command that pulls a git repository into a local directory. It is a perfect "sidecar" container in Kubernetes - it can periodically pull files down from a repository so that an application can consume them.

git-sync can pull one time, or on a regular interval. It can pull from the HEAD of a branch, from a git tag, or from a specific git hash. It will only re-pull if the target of the run has changed in the upstream repository. When it re-pulls, it updates the destination directory atomically. In order to do this, it uses a git worktree in a subdirectory of the --root and flips a symlink.

git-sync can pull over HTTP(S) (with authentication or not) or SSH.

git-sync can also be configured to make a webhook call upon successful git repo synchronization. The call is made after the symlink is updated.

Building it

We use docker buildx to build images.

# build the container
make container REGISTRY=registry VERSION=tag

# build the container behind a proxy
make container REGISTRY=registry VERSION=tag \
    HTTP_PROXY=http://<proxy_address>:<proxy_port> \
    HTTPS_PROXY=https://<proxy_address>:<proxy_port>

# build the container for an OS/arch other than the current (e.g. you are on
# MacOS and want to run on Linux)
make container REGISTRY=registry VERSION=tag \
    GOOS=linux GOARCH=amd64

Usage

# run the container
docker run -d \
    -v /tmp/git-data:/tmp/git \
    registry/git-sync:tag \
        --repo=https://github.com/kubernetes/git-sync \
        --branch=master \
        --root=/tmp/git/root \
        --period=30s

# run an nginx container to serve the content
docker run -d \
    -p 8080:80 \
    -v /tmp/git-data:/usr/share/nginx/html \
    nginx

Webhooks

Webhooks are executed asynchronously from the main git-sync process. If a webhook-url is configured, when a change occurs to the local git checkout a call is sent using the method defined in webhook-method (default to POST). git-sync will continually attempt this webhook call until it succeeds (based on webhook-success-status). If unsuccessful, git-sync will wait webhook-backoff (default 3s) before re-attempting the webhook call.

Usage

A webhook is configured using a set of CLI flags. At its most basic only webhook-url needs to be set.

docker run -d \
    -v /tmp/git-data:/tmp/git \
    registry/git-sync:tag \
        --repo=https://github.com/kubernetes/git-sync \
        --branch=master \
        --root=/tmp/git/root \
        --period=30s \
        --webhook-url="http://localhost:9090/-/reload"

Parameters

Environment Variable Flag Description Default
GIT_SYNC_REPO --repo the git repository to clone ""
GIT_SYNC_BRANCH --branch the git branch to check out "master"
GIT_SYNC_REV --rev the git revision (tag or hash) to check out "HEAD"
GIT_SYNC_DEPTH --depth use a shallow clone with a history truncated to the specified number of commits 0
GIT_SYNC_SUBMODULES --submodules git submodule behavior: one of 'recursive', 'shallow', or 'off' recursive
GIT_SYNC_ROOT --root the root directory for git-sync operations, under which --link will be created ""
GIT_SYNC_LINK --link the name of a symlink, under --root, which points to a directory in which --repo is checked out (defaults to the leaf dir of --repo) ""
GIT_SYNC_PERIOD --period how long to wait between syncs, must be >= 10ms "10s"
GIT_SYNC_SYNC_TIMEOUT --sync-timeout the total time allowed for one complete sync, must be >= 10ms "120s"
GIT_SYNC_ONE_TIME --one-time exit after the first sync false
GIT_SYNC_MAX_SYNC_FAILURES --max-sync-failures the number of consecutive failures allowed before aborting (the first sync must succeed, -1 will retry forever after the initial sync) 0
GIT_SYNC_PERMISSIONS --change-permissions the file permissions to apply to the checked-out files (0 will not change permissions at all) 0
GIT_SYNC_HOOK_COMMAND --sync-hook-command an optional command to be executed after syncing a new hash of the remote repository
GIT_SYNC_WEBHOOK_URL --webhook-url the URL for a webook notification when syncs complete ""
GIT_SYNC_WEBHOOK_METHOD --webhook-method the HTTP method for the webhook "POST"
GIT_SYNC_WEBHOOK_SUCCESS_STATUS --webhook-success-status the HTTP status code indicating a successful webhook (-1 disables success checks to make webhooks fire-and-forget) 200
GIT_SYNC_WEBHOOK_TIMEOUT --webhook-timeout the timeout for the webhook 1 (second)
GIT_SYNC_WEBHOOK_BACKOFF --webhook-backoff the time to wait before retrying a failed webhook 3 (seconds)
GIT_SYNC_USERNAME --username the username to use for git auth ""
GIT_SYNC_PASSWORD --password the password or personal access token to use for git auth (prefer env vars for passwords) ""
GIT_SYNC_SSH --ssh use SSH for git operations false
GIT_SSH_KEY_FILE --ssh-key-file the SSH key to use "/etc/git-secret/ssh"
GIT_KNOWN_HOSTS --ssh-known-hosts enable SSH known_hosts verification true
GIT_SSH_KNOWN_HOSTS_FILE --ssh-known-hosts-file the known_hosts file to use "/etc/git-secret/known_hosts"
GIT_SYNC_ADD_USER --add-user add a record to /etc/passwd for the current UID/GID (needed to use SSH with a different UID) false
GIT_COOKIE_FILE --cookie-file use git cookiefile false
GIT_ASKPASS_URL --askpass-url the URL for GIT_ASKPASS callback ""
GIT_SYNC_GIT --git the git command to run (subject to PATH search, mostly for testing "git"
GIT_SYNC_HTTP_BIND --http-bind the bind address (including port) for git-sync's HTTP endpoint ""
GIT_SYNC_HTTP_METRICS --http-metrics enable metrics on git-sync's HTTP endpoint true
GIT_SYNC_HTTP_PPROF --http-pprof enable the pprof debug endpoints on git-sync's HTTP endpoint false

Analytics