Skip to main content
Version: Next 🚧

Git Configuration

Overview​

Starting with version 1.10.0, Epinio supports Git configurations.

Configurations enable cloning of private repositories, disabling of SSL verification, and/or extending verification through a custom bundle of certificates.

This is done on a per git host (+user/org, +repository) basis.

Management, including creation, is done through the epinio gitconfig command ensemble.

Matching process​

When importing from a git repository Epinio will use the most specific matching configuration, if there is any.

This means that a matching configuration specifying url, user/organization, and repository has priority over matching configurations specifying only url and user/organization, or even just the url.

If no configuration is found then the cloning from the Git repository will run without any customization.

Github/Gitlab specialities​

The public Github and Gitlab mega repositories support the use of a PAT (Personal Access Token) over a plain combination of user and password.

When using a PAT it has to be set as the password, and the user can be set to anything except empty.

tip

For reference, it is useful to set it to the username used to generate the token.

Detailed specification​

note

This section contains information useful to operators for debugging and inspection. Regular users should not normally need to consult this section.

A Git configuration is a Kubernetes secret with the epinio.io/api-git-credentials: "true" label.

The fields are:

FieldRequiredMeaning
urlyesthe host of the git instance
providerone of github, gitlab, git, github_enterprise, gitlab_enterprise
usernameused during the Basic Authentication
passwordused during the Basic Authentication
userOrgused to restrict the configuration to a specific organization/project
repoused to restrict the configuration to a specific repository
skipSSLused to skip the SSL verification
certificatethe CA bundle to load for the SSL verification with self-signed certificates

All the fields, except for the URL, are optional.

Example:​

Invoking the commands

cat > certfile <<EOF
-----BEGIN CERTIFICATE-----
MIIBaTCCAQ+gAwIBAgIRAN4tvwEOKogvOzT/KccL8t8wCgYIKoZIzj0EAwIwFDES
***************
-----END CERTIFICATE-----
EOF

epinio gitconfig create github-epinio-example-go-configuration https://github.com \
--git-provider github \
--user-org epinio \
--repository example-go \
--skip-ssl \
--username myuser \
--password abcde12345 \
--cert-file certfile

will generate the secret

apiVersion: v1 
kind: Secret
type: Opaque
metadata:
labels:
epinio.io/api-git-credentials: "true"
name: github-epinio-example-go-configuration
namespace: epinio
stringData:
url: https://github.com
provider: github
username: "myuser"
password: "abcde12345"
userOrg: epinio
repo: example-go
skipSSL: true
certificate: |
-----BEGIN CERTIFICATE-----
MIIBaTCCAQ+gAwIBAgIRAN4tvwEOKogvOzT/KccL8t8wCgYIKoZIzj0EAwIwFDES
***************
-----END CERTIFICATE-----

For more examples check the How-to.