참조 : https://tekton.dev/docs/how-to-guides/clone-repository/
- Settings에 들어가자
- Developer settings에 들어가자
- Generate new token을 누르고 Token ( classic ) 를 생성하자
참조 : https://tekton.dev/docs/pipelines/auth/#configuring-authentication-for-git
apiVersion: v1
kind: Secret
metadata:
name: github-secret
namespace: hongspace
annotations:
tekton.dev/git-0: https://github.com
type: kubernetes.io/basic-auth
stringData:
username: lijahong
password: 'github access token'
- Secret을 생성하자
- stringData에 GitHub username과 생성한 Access Token 값을 입력하자
[ec2-user@ip-100-0-1-19 auth]$ cat git-sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: build-bot
secrets:
- name: git-secret
- Service Account를 생성하고, 위에서 생성한 Secret을 할당해주자
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
generateName: clone-read-run- # make name automate with random index ( for re use pipelinerun yaml )
spec:
serviceAccountName: build-bot # sa for git credientials -> pipeline will use for clone private repo
pipelineRef: # select pipeline
name: clone-read
podTemplate: # setting taskpod
securityContext: # pod security
fsGroup: 65532 # set volume owner gid = 65532
workspaces: # volume for clone code
- name: shared-data
volumeClaimTemplate: # automatically create pvc -> create pv
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
params: # git address
- name: repo-url
value: "https://github.com/lijahong/tektontest"
- PipelineRun은 위와 같다. serviceAccountName에 생성한 Service Account를 지정하면 된다. 이는 Pipeline 실행 간에 생성되는 TaskRun Pod에 할당할 Service Account를 설정하는 옵션이다
[ec2-user@ip-100-0-1-19 tektontest]$ tkn pr list
NAME STARTED DURATION STATUS
clone-read-run-nqrxb 38 minutes ago 27s Succeeded
[ec2-user@ip-100-0-1-19 tektontest]$ k get pr
NAME SUCCEEDED REASON STARTTIME COMPLETIONTIME
clone-read-run-nqrxb True Succeeded 38m 38m
[ec2-user@ip-100-0-1-19 tektontest]$ tkn pr logs clone-read-run-nqrxb
[fetch-source : clone] + '[' false '=' true ]
[fetch-source : clone] + '[' false '=' true ]
[fetch-source : clone] + '[' false '=' true ]
[fetch-source : clone] + CHECKOUT_DIR=/workspace/output/
.
.
.
[show-readme : read] # tektontest
[show-readme : read] welcome to private repo by lijahong
[show-readme : read] this is a clone test
- PipelineRun 실행 결과와 log를 확인하자
- README.md 내용이 잘 출력됬는지 확인하자