Git meaning
This section describes how to configure a basic-auth type Secret for use with Git. This section describes how to configure the following authentication schemes for use with Git:Ĭonfiguring basic-auth authentication for Git Manually VolumeMount it into the desired Steps instead of using the proceduresĭescribed later in this document. Others, you must explicitly specify a Volume using the Secret definition and If you want to limit a Secret to only be accessible to specific Steps but not $HOME/tekton/home and makes them available to all Steps within a Task. Limiting Secret access to specific StepsĪs described earlier in this document, Tekton stores supported Secrets in The non-root user’s valid home directory to use SSH authentication for either Git or Docker.įor an example of configuring SSH authentication in a non-root securit圜ontext, The appropriate Secret files from the $HOME directory defined by Tekton ( /tekton/home) to Since SSH authentication ignores the $HOME environment variable, you must either move or symlink.Specifying a UID that has no valid home directory results in authentication failure. ssh-auth for Git requires the user to have a valid home directory configured in /etc/passwd.The following are considerations for executing Runs as a non-root user: Your Task specifies a global non-root securit圜ontext that applies to all Steps in the Task.The Steps in your Task define a non-root securit圜ontext.Your platform randomizes the user and/or groups that your containers use to execute.
In certain scenarios you might need to use Secrets as a non-root user. # Omitting this results in the server's public key being blindly accepted. In the following example, Tekton uses aīasic-auth (username/password pair) Secret to access Git repositories at and Īs well as Docker repositories at gcr.io:ĪpiVersion: v1 kind: Secret metadata: annotations: v/git-0: type: kubernetes.io/ssh-auth stringData: ssh-privatekey: # This is non-standard, but its use is encouraged to make this more secure. URL of the host for which you want Tekton to use that credential. Tekton ignores allĪ credential annotation key must begin with v/git- or v/docker- and its value is the You must properly annotate each Secret to specify theĭomains for which Tekton can use the credentials that the Secret contains. Multiple private Git and Docker repositories. For example, a Run might require access to Understanding credential selectionĪ Run might require multiple types of authentication. Tekton then copies or symlinks files from this directory into the user’s During credential initialization, Tekton accesses each Secret associated with the Run andĪggregates them into a /tekton/creds directory. To consume these Secrets, Tekton performs credential initialization within every Pod it instantiates, before executingĪny Steps in the Run. Tekton follows those rules when merging credentials of each supported type. Docker: Tekton produces a ~/.docker/config.json file.Įach Secret type supports multiple credentials covering multiple domains and establishes specific rules governingĬredential formatting and merging.
Tekton converts properly annotated Secrets of the supported types and stores them in a Step's container as follows: Supported Secret includes a Tekton-specific annotation. GitĪ Run gains access to these Secrets through its associated ServiceAccount. Tekton supports authentication via the Kubernetes first-class Secret types listed below. What are the effects of making this change?.Why would an organization want to do this?.The Step is named image-digest-exporter.A Task employes a read-only-Workspace or Volume for $HOME.A Workspace or Volume is also Mounted for the same credentials.Configuring docker* authentication for Docker.Configuring basic-auth authentication for Docker.Using SSH authentication in git type Tasks.Using a custom port for SSH authentication.Configuring ssh-auth authentication for Git.Configuring basic-auth authentication for Git.Limiting Secret access to specific Steps.Refers to TaskRuns and PipelineRuns as Runs for the sake of brevity. Since authentication concepts and processesĪpply to both of those entities in the same manner, this document collectively This document describes how Tekton handles authentication when executing