-
Notifications
You must be signed in to change notification settings - Fork 14.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tasks: add a task for provision an container with a git rep
- Loading branch information
1 parent
ae459c7
commit 8dfb125
Showing
6 changed files
with
211 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
58 changes: 58 additions & 0 deletions
58
content/en/docs/tasks/configure-pod-container/configure-git-repo.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
--- | ||
title: Configure a Pod with a Git Repo | ||
content_template: templates/task | ||
--- | ||
|
||
{{% capture overview %}} | ||
|
||
This page shows how to configure a Pod with a Git repo using an | ||
[Init Container](/docs/concepts/workloads/pods/init-containers/) to provision a | ||
volume before the Pod's primary container runs. While these examples are specific | ||
to Git, the overall strategy can be extended to other version control systems. | ||
|
||
{{% /capture %}} | ||
|
||
{{% capture prerequisites %}} | ||
|
||
* You need to have a Kubernetes cluster, and the kubectl command-line tool must | ||
be configured to communicate with your cluster. If you do not already have a | ||
single-node cluster, you can create one by using | ||
[Minikube](/docs/getting-started-guides/minikube). | ||
|
||
* Familiarize yourself with the material in | ||
[Init Containers](/docs/concepts/workloads/pods/init-containers/). | ||
|
||
{{% /capture %}} | ||
|
||
## Cloning a Git repo | ||
|
||
The [emptyDir](/docs/concepts/storage/volumes/#emptydir) volume type can be used | ||
to share data between multiple containers in a Pod. | ||
|
||
First, define a script for cloning a repo to run in the Init Container: | ||
|
||
{{< code file="git-repo/configmap.yaml" >}} | ||
|
||
Mount this script into the Pod's Init Container and clone to an emptyDir mounted | ||
into both the Init Container and the Pod's primary container: | ||
|
||
{{< code file="git-repo/deployment.yaml" >}} | ||
|
||
## Cloning private repos | ||
|
||
When cloning private repos, use [Secrets](/docs/concepts/configuration/secret/) | ||
to pass credentials to the Init Container. | ||
|
||
For example, to use a [GitHub personal access token]( | ||
https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/) | ||
to clone a private repo, create a secret containing the access token: | ||
|
||
kubectl create secret generic github-access-token --from-file=token=secrets/github-access-token | ||
|
||
Modify the Init Container's script to use the access token: | ||
|
||
{{< code file="git-repo/private-configmap.yaml" >}} | ||
|
||
Finally, expose the access token as an environment variable to the Init Container: | ||
|
||
{{< code file="git-repo/private-deployment.yaml" >}} |
21 changes: 21 additions & 0 deletions
21
content/en/docs/tasks/configure-pod-container/git-repo/configmap.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: git-clone | ||
data: | ||
git-clone.sh: | | ||
#!/bin/sh -e | ||
REPO=$1 | ||
REF=$2 | ||
DIR=$3 | ||
# Init Containers will re-run on Pod restart. Remove the directory's contents | ||
# and reprovision when this happens. | ||
if [ -d "$DIR" ]; then | ||
rm -rf $( find $DIR -mindepth 1 ) | ||
fi | ||
git clone $REPO $DIR | ||
cd $DIR | ||
git reset --hard $REF |
45 changes: 45 additions & 0 deletions
45
content/en/docs/tasks/configure-pod-container/git-repo/deployment.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
apiVersion: apps/v1beta1 | ||
kind: Deployment | ||
metadata: | ||
name: nginx-deployment | ||
labels: | ||
app: nginx | ||
spec: | ||
replicas: 2 | ||
selector: | ||
matchLabels: | ||
app: nginx | ||
template: | ||
metadata: | ||
labels: | ||
app: nginx | ||
spec: | ||
initContainers: | ||
# Use an Init Container to clone the git repo to an empty directory | ||
- name: clone | ||
image: alpine/git # Any image with git will do | ||
command: | ||
- /usr/local/git/git-clone.sh | ||
args: | ||
- "https://github.com/my/repo.git" | ||
- "tags/v1.0.2" | ||
- "/mypath" | ||
volumeMounts: | ||
- name: git-clone | ||
mountPath: /usr/local/git | ||
- name: git-volume | ||
mountPath: /mypath | ||
containers: | ||
# Pod's container now has access to the cloned repo | ||
- image: nginx | ||
name: nginx | ||
volumeMounts: | ||
- mountPath: /mypath | ||
name: git-volume | ||
volumes: | ||
- name: git-volume | ||
emptyDir: {} | ||
- name: git-clone | ||
configMap: | ||
name: git-clone | ||
defaultMode: 0755 |
33 changes: 33 additions & 0 deletions
33
content/en/docs/tasks/configure-pod-container/git-repo/private-configmap.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: git-clone-private | ||
data: | ||
git-clone.sh: | | ||
#!/bin/sh -e | ||
REPO=$1 | ||
REF=$2 | ||
DIR=$3 | ||
# Init Containers will re-run on Pod restart. Remove the directory's contents | ||
# and reprovision when this happens. | ||
if [ -d "$DIR" ]; then | ||
rm -rf $( find $DIR -mindepth 1 ) | ||
fi | ||
if [ -n "$GITHUB_ACCESS_TOKEN" ]; then | ||
git config --global credential.https://github.com.username $GITHUB_ACCESS_TOKEN | ||
# Git Hub access tokens don't use a password but git will still prompt for one | ||
export GIT_ASKPASS='true' | ||
fi | ||
git clone $REPO $DIR | ||
if [ -n "$GITHUB_ACCESS_TOKEN" ]; then | ||
git config --global --unset credential.https://github.com.username | ||
fi | ||
cd $DIR | ||
git reset --hard $REF |
51 changes: 51 additions & 0 deletions
51
content/en/docs/tasks/configure-pod-container/git-repo/private-deployment.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
apiVersion: apps/v1beta1 | ||
kind: Deployment | ||
metadata: | ||
name: nginx-deployment-private | ||
labels: | ||
app: nginx-private | ||
spec: | ||
replicas: 2 | ||
selector: | ||
matchLabels: | ||
app: nginx-private | ||
template: | ||
metadata: | ||
labels: | ||
app: nginx-private | ||
spec: | ||
initContainers: | ||
# Use an Init Container to clone a private git repo to an empty directory | ||
- name: clone | ||
image: alpine/git # Any image with git will do | ||
env: | ||
- name: GITHUB_ACCESS_TOKEN | ||
valueFrom: | ||
secretKeyRef: | ||
name: github-access-token | ||
key: token | ||
command: | ||
- /usr/local/git/git-clone.sh | ||
args: | ||
- "https://github.com/my/private-repo.git" | ||
- "tags/v1.0.2" | ||
- "/mypath" | ||
volumeMounts: | ||
- name: git-clone-private | ||
mountPath: /usr/local/git | ||
- name: git-volume | ||
mountPath: /mypath | ||
containers: | ||
# Pod's container now has access to the cloned repo | ||
- image: nginx | ||
name: nginx | ||
volumeMounts: | ||
- mountPath: /mypath | ||
name: git-volume | ||
volumes: | ||
- name: git-volume | ||
emptyDir: {} | ||
- name: git-clone-private | ||
configMap: | ||
name: git-clone-private | ||
defaultMode: 0755 |