In this article, we are going to learn how to clone a private Git repository in Tekton pipeline using SSH. In here we are using GitHub as the Git repository and we are going to use a SSH key to authenticate with the GitHub repository. Let's get started.

Generate SSH key

First, we need to generate a SSH key pair. We can do that by using the following command.

1
ssh-keygen -t rsa -b 4096 -C "[email protected]"

This will ask some questions like passphrase and location to save key pair. You can leave them as default by pressing enter. After that, you will get a public key and a private key in your default location. In my case, it is in the ~/.ssh directory. The public key is id_rsa.pub and the private key is id_rsa.

Encode SSH Key

Before create a secret in Kubernetes, we need to encode the private key. We can do that by using the following command.

1
cat ~/.ssh/id_rsa | base64

This will give you a base64 encoded string. Copy that string and save it in a file. We will use that in the next step.

Create a secret

Now we need to create a secret in Kubernetes. We are going to use following YAML file to create the secret.

1
2
3
4
5
6
7
8
9
apiVersion: v1
kind: Secret
metadata:
  name: git-ssh-key
  annotations:
    tekton.dev/git-0: github.com
type: kubernetes.io/ssh-auth
data:
  ssh-privatekey: <base64 encoded private key> ### Base64 encoded private key

Now we need to apply this YAML file to create the secret.

1
kubectl create -f secret.yaml

Now we have created the secret. Let’s move on to the next step.

Add Public key to GitHub

Now we need to add the public key to GitHub. You need to copy the public key by below command.

1
cat ~/.ssh/tekton_rsa.pub

Now goto GitHub and add the public key to your GitHub account. You can do that by following below steps.

  1. Go to your GitHub account settings.
  2. Click on SSH and GPG keys.
  3. Click on New SSH key.
  4. Give a name and paste the public key.
  5. Click on Add SSH key.

Now we have added the public key to GitHub. Let’s move on to the next step.

Create Service Account

Now we need to create a service account to use in the pipeline. We can do that by using the following YAML file.

1
2
3
4
5
6
apiVersion: v1
kind: ServiceAccount
metadata:
  name: git-service-account
secrets:
  - name: git-ssh-key ### Secret name we created in previous step

Now we need to apply this YAML file to create the service account.

1
kubectl create -f service-account.yaml

Now we have finished creating the service account. Now you can use this service account in your pipelineRun to clone the private Git repository. You can find the sample Tekton pipeline, I have created using this approach from this GitHub repository.

Conclusion

In this article, we learned how to clone a private Git repository in Tekton pipeline. I hope you enjoyed this article. You can find the all the related commands for this tutorial from here. If you have any issue regarding this tutorial, mention your issue in the comment section or reach me through my E-mail.

Happy Coding