In this article, we are going to learn how to clone a private Git repository in Tekton pipeline using SSH. In here we are using GitHub as the Git repository and we are going to use a SSH key to authenticate with the GitHub repository. Let's get started.
Generate SSH key
First, we need to generate a SSH key pair. We can do that by using the following command.
This will ask some questions like passphrase and location to save key pair. You can leave them as default by pressing enter. After that, you will get a public key and a private key in your default location. In my case, it is in the ~/.ssh directory. The public key is id_rsa.pub and the private key is id_rsa.
Encode SSH Key
Before create a secret in Kubernetes, we need to encode the private key. We can do that by using the following command.
cat ~/.ssh/id_rsa | base64
This will give you a base64 encoded string. Copy that string and save it in a file. We will use that in the next step.
Create a secret
Now we need to create a secret in Kubernetes. We are going to use following YAML file to create the secret.
Now we need to apply this YAML file to create the secret.
kubectl create -f secret.yaml
Now we have created the secret. Let’s move on to the next step.
Add Public key to GitHub
Now we need to add the public key to GitHub. You need to copy the public key by below command.
Now goto GitHub and add the public key to your GitHub account. You can do that by following below steps.
Go to your GitHub account settings.
Click on SSH and GPG keys.
Click on New SSH key.
Give a name and paste the public key.
Click on Add SSH key.
Now we have added the public key to GitHub. Let’s move on to the next step.
Create Service Account
Now we need to create a service account to use in the pipeline. We can do that by using the following YAML file.
1 2 3 4 5 6
apiVersion:v1 kind:ServiceAccount metadata: name:git-service-account secrets: -name:git-ssh-key### Secret name we created in previous step
Now we need to apply this YAML file to create the service account.
kubectl create -f service-account.yaml
Now we have finished creating the service account. Now you can use this service account in your pipelineRun to clone the private Git repository. You can find the sample Tekton pipeline, I have created using this approach from this GitHub repository.
In this article, we learned how to clone a private Git repository in Tekton pipeline. I hope you enjoyed this article. You can find the all the related commands for this tutorial from here. If you have any issue regarding this tutorial, mention your issue in the comment section or reach me through my E-mail.