Add GitLab HTTPS auth to bootstrap options
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan
@@ -26,6 +26,8 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
|
corev1 "k8s.io/api/core/v1"
|
||||||
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
|
|
||||||
"github.com/fluxcd/pkg/git"
|
"github.com/fluxcd/pkg/git"
|
||||||
)
|
)
|
||||||
@@ -41,9 +43,12 @@ the bootstrap command will perform an upgrade if needed.`,
|
|||||||
Example: ` # Create a GitLab API token and export it as an env var
|
Example: ` # Create a GitLab API token and export it as an env var
|
||||||
export GITLAB_TOKEN=<my-token>
|
export GITLAB_TOKEN=<my-token>
|
||||||
|
|
||||||
# Run bootstrap for a private repo owned by a GitLab group
|
# Run bootstrap for a private repo using HTTPS token authentication
|
||||||
gotk bootstrap gitlab --owner=<group> --repository=<repo name>
|
gotk bootstrap gitlab --owner=<group> --repository=<repo name>
|
||||||
|
|
||||||
|
# Run bootstrap for a private repo using SSH authentication
|
||||||
|
gotk bootstrap gitlab --owner=<group> --repository=<repo name> --ssh-hostname=gitlab.com
|
||||||
|
|
||||||
# Run bootstrap for a repository path
|
# Run bootstrap for a repository path
|
||||||
gotk bootstrap gitlab --owner=<group> --repository=<repo name> --path=dev-cluster
|
gotk bootstrap gitlab --owner=<group> --repository=<repo name> --path=dev-cluster
|
||||||
|
|
||||||
@@ -77,7 +82,7 @@ func init() {
|
|||||||
bootstrapGitLabCmd.Flags().BoolVar(&glPrivate, "private", true, "is private repository")
|
bootstrapGitLabCmd.Flags().BoolVar(&glPrivate, "private", true, "is private repository")
|
||||||
bootstrapGitLabCmd.Flags().DurationVar(&glInterval, "interval", time.Minute, "sync interval")
|
bootstrapGitLabCmd.Flags().DurationVar(&glInterval, "interval", time.Minute, "sync interval")
|
||||||
bootstrapGitLabCmd.Flags().StringVar(&glHostname, "hostname", git.GitLabDefaultHostname, "GitLab hostname")
|
bootstrapGitLabCmd.Flags().StringVar(&glHostname, "hostname", git.GitLabDefaultHostname, "GitLab hostname")
|
||||||
bootstrapGitLabCmd.Flags().StringVar(&glSSHHostname, "ssh-hostname", "", "GitLab SSH hostname, defaults to hostname if not specified")
|
bootstrapGitLabCmd.Flags().StringVar(&glSSHHostname, "ssh-hostname", "", "GitLab SSH hostname, when specified a deploy key will be added to the repository")
|
||||||
bootstrapGitLabCmd.Flags().StringVar(&glPath, "path", "", "repository path, when specified the cluster sync will be scoped to this path")
|
bootstrapGitLabCmd.Flags().StringVar(&glPath, "path", "", "repository path, when specified the cluster sync will be scoped to this path")
|
||||||
|
|
||||||
bootstrapCmd.AddCommand(bootstrapGitLabCmd)
|
bootstrapCmd.AddCommand(bootstrapGitLabCmd)
|
||||||
@@ -172,10 +177,14 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
logger.Successf("install completed")
|
logger.Successf("install completed")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
repoURL := repository.GetURL()
|
||||||
|
|
||||||
|
if glSSHHostname != "" {
|
||||||
// setup SSH deploy key
|
// setup SSH deploy key
|
||||||
|
repoURL = repository.GetSSH()
|
||||||
if shouldCreateDeployKey(ctx, kubeClient, namespace) {
|
if shouldCreateDeployKey(ctx, kubeClient, namespace) {
|
||||||
logger.Actionf("configuring deploy key")
|
logger.Actionf("configuring deploy key")
|
||||||
u, err := url.Parse(repository.GetSSH())
|
u, err := url.Parse(repoURL)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("git URL parse failed: %w", err)
|
return fmt.Errorf("git URL parse failed: %w", err)
|
||||||
}
|
}
|
||||||
@@ -196,10 +205,26 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
logger.Successf("deploy key configured")
|
logger.Successf("deploy key configured")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
// setup HTTPS token auth
|
||||||
|
secret := corev1.Secret{
|
||||||
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
|
Name: namespace,
|
||||||
|
Namespace: namespace,
|
||||||
|
},
|
||||||
|
StringData: map[string]string{
|
||||||
|
"username": "git",
|
||||||
|
"password": glToken,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
if err := upsertSecret(ctx, kubeClient, secret); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// configure repo synchronization
|
// configure repo synchronization
|
||||||
logger.Actionf("generating sync manifests")
|
logger.Actionf("generating sync manifests")
|
||||||
if err := generateSyncManifests(repository.GetSSH(), bootstrapBranch, namespace, namespace, glPath, tmpDir, glInterval); err != nil {
|
if err := generateSyncManifests(repoURL, bootstrapBranch, namespace, namespace, glPath, tmpDir, glInterval); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -20,9 +20,12 @@ gotk bootstrap gitlab [flags]
|
|||||||
# Create a GitLab API token and export it as an env var
|
# Create a GitLab API token and export it as an env var
|
||||||
export GITLAB_TOKEN=<my-token>
|
export GITLAB_TOKEN=<my-token>
|
||||||
|
|
||||||
# Run bootstrap for a private repo owned by a GitLab group
|
# Run bootstrap for a private repo using HTTPS token authentication
|
||||||
gotk bootstrap gitlab --owner=<group> --repository=<repo name>
|
gotk bootstrap gitlab --owner=<group> --repository=<repo name>
|
||||||
|
|
||||||
|
# Run bootstrap for a private repo using SSH authentication
|
||||||
|
gotk bootstrap gitlab --owner=<group> --repository=<repo name> --ssh-hostname=gitlab.com
|
||||||
|
|
||||||
# Run bootstrap for a repository path
|
# Run bootstrap for a repository path
|
||||||
gotk bootstrap gitlab --owner=<group> --repository=<repo name> --path=dev-cluster
|
gotk bootstrap gitlab --owner=<group> --repository=<repo name> --path=dev-cluster
|
||||||
|
|
||||||
@@ -48,7 +51,7 @@ gotk bootstrap gitlab [flags]
|
|||||||
--personal is personal repository
|
--personal is personal repository
|
||||||
--private is private repository (default true)
|
--private is private repository (default true)
|
||||||
--repository string GitLab repository name
|
--repository string GitLab repository name
|
||||||
--ssh-hostname string GitLab SSH hostname, defaults to hostname if not specified
|
--ssh-hostname string GitLab SSH hostname, when specified a deploy key will be added to the repository
|
||||||
```
|
```
|
||||||
|
|
||||||
### Options inherited from parent commands
|
### Options inherited from parent commands
|
||||||
|
|||||||
@@ -154,6 +154,22 @@ gotk bootstrap gitlab \
|
|||||||
--personal
|
--personal
|
||||||
```
|
```
|
||||||
|
|
||||||
|
To run the bootstrap for a repository using deploy keys for authentication, you have to specify the SSH hostname:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
gotk bootstrap gitlab \
|
||||||
|
--ssh-hostname=gitlab.com \
|
||||||
|
--owner=my-gitlab-username \
|
||||||
|
--repository=my-repository \
|
||||||
|
--branch=master \
|
||||||
|
--path=my-cluster
|
||||||
|
```
|
||||||
|
|
||||||
|
!!! hint "Authentication"
|
||||||
|
When providing the `--ssh-hostname`, a readonly deploy key will be added
|
||||||
|
to your repository, otherwise your GitLab personal token will be used to
|
||||||
|
authenticate against the HTTPS endpoint instead of SSH.
|
||||||
|
|
||||||
Run the bootstrap for a repository owned by a GitLab group:
|
Run the bootstrap for a repository owned by a GitLab group:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
|
|||||||
Reference in New Issue
Block a user