apiVersion: v1 kind: Secret metadata: name: basic-user-pass annotations: kabanero.io/git-0: https://github.mydomain.com type: kubernetes.io/basic-auth stringData: password: <PAT>
The Kabanero custom resource (CR) instance can be configured to access stack indexes and pipeline zips that are contained within a protected GitHub release. A GitHub Personal Access Token (PAT) is required, and must be stored within a
Secret in the same namespace as the Kabanero CR instance.
Generate a GitHub Personal Access Token (PAT) with sufficient privileges (scope) to read the GitHub release assets that you require. Typically the
read:orgscope is appropriate.
Secretcontaining the PAT that will be used to access the GitHub release. The PAT should be provided in the
datasection, with a key named
password. The secret must also contain an annotation which associates it with the hostname where the GitHub release exists. The format of the annotation is
hostnameis replaced with the GitHub hostname. For example, the following yaml defines a secret that is used to access GitHub releases on github.mydomain.com:
For more information about how Kabanero uses this secret, read the notes at the end of this page.
Modify your Kabanero CR instance to refer to the stack index, or pipeline zip, contained in a GitHub release. The release information is specified in the
gitReleasefield of the Kabanero CR instance. This field is mutually exclusive with the
httpsfield, which is used to specify an unprotected URL. For example, the default stack index for Kabanero 0.6.0 could be specified in the following way (note that this release is unprotected):
apiVersion: kabanero.io/v1alpha2 kind: Kabanero metadata: name: kabanero namespace: kabanero spec: version: "0.9.0" stacks: repositories: - name: central gitRelease: hostname: "github.com" organization: "kabanero-io" project: "kabanero-stack-hub" release: "0.9.0" assetName: "kabanero-stack-hub-index.yaml"
The Kabanero operator will search for a secret where the
kabanero.io/git-0annotation matches the
hostnamedefined in the Kabanero CR instance. If a match is found, the PAT contained within the secret is used to retrieve the asset from the GitHub release.
The example above shows how to access a stack hub index. The same approach is used to access pipeline zips, by replacing the
https field in the pipeline specification, with the
In the unlikely event that the same PAT should be used for more than one hostname, multiple annotations can be added to the secret. For example, if the same PAT should be used for both
github.otherdomain.com, the following annotations are valid:
metadata: name: basic-user-pass annotations: kabanero.io/git-0: https://github.mydomain.com kabanero.io/git-1: https://github.otherdomain.com
If more than one Secret matches a given hostname, the one with the lexically lowest key (kabanero.io/git-*) is used.
If you have questions, we would like to hear from you. You can reach out to the community for assistance on the Kabanero Slack channel.