Contents x
    Change Sync Git Authentication
    • 21 Mar 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Change Sync Git Authentication

    • Updated on 21 Mar 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article summary

    Change Sync to use HTTP Authentication

    By default, Greymatter Sync selects the SSH protocol for Git cloning operations. However, Git also supports the use of API tokens over HTTPS for authentication. As such, Sync provides a method to change its authentication method.

    We will add these environment variables to the Sync Kubernetes manifest, populated from a Kubernetes secret, to inject the sensitive information into the application:

    GREYMATTER_GIT_USER
GREYMATTER_GIT_PASSWORD
GREYMATTER_GIT_TLS_SKIP_VERIFY
GREYMATTER_GIT_REMOTE_CA

    Create the Secret

    Without TLS Verification

    1. Create a secret with the following values

    kubectl create secret generic <secret name> \
  --from-literal=GREYMATTER_GIT_REMOTE=https://<git-repo> \
  --from-literal=GREYMATTER_GIT_USER=<user name> \
  --from-literal=GREYMATTER_GIT_PASSWORD=<password or API Token> \
  --from-literal=GREYMATTER_GIT_TLS_SKIP_VERIFY=true

    The Git remote URL can usually be found on the repository page your Git provider shows. The process of obtaining a user and a password or API token will also depend on the Git provider. If your Git provider is self-hosted, you can either skip TLS validation (above) or add a CA certificate like below.

    With TLS Verification

    1. Use existing or generated CA file. echo | openssl s_client -connect <git-repo-domain>:443 | openssl x509 -out <bundle name>

    2. Create Secret

    kubectl create secret generic sync-https-git \
  --from-literal=GREYMATTER_GIT_REMOTE=https://<git-repo> \
  --from-literal=GREYMATTER_GIT_USER=<user> \
  --from-literal=GREYMATTER_GIT_PASSWORD=<password> \
  --from-file=GREYMATTER_GIT_REMOTE_CA=<path to ca bundle> \
  --from-literal=GREYMATTER_GIT_TLS_SKIP_VERIFY=false

    Update the Manifest

    Inside the tenant project, locate the k8s/sync.yaml file. Open it and add these blocks to the env section:

    Ensure that the name key matches the name of the secret created above.

    env:
  - name: GREYMATTER_GIT_REMOTE
    valueFrom:
      secretKeyRef:
        name: <secret name>
        key: GREYMATTER_GIT_REMOTE
  - name: GREYMATTER_GIT_USER
    valueFrom:
      secretKeyRef:
        name: <secret name>
        key: GREYMATTER_GIT_USER
  - name: GREYMATTER_GIT_PASSWORD
    valueFrom:
      secretKeyRef:
        name: <secret name>
        key: GREYMATTER_GIT_PASSWORD
  - name: GREYMATTER_GIT_REMOTE_CA
    valueFrom:
      secretKeyRef:
        name: <secret name>
        key: GREYMATTER_GIT_REMOTE_CA
  - name: GREYMATTER_GIT_TLS_SKIP_VERIFY
    valueFrom:
      secretKeyRef:
        name: <secret name>
        key: GREYMATTER_GIT_TLS_SKIP_VERIFY

    Apply the Changes

    Finally, apply the changes using kubectl:

    kubectl apply -f k8s/sync.yaml

    You may need to restart sync for the changes to take effect.

    Was this article helpful?
    What's Next
    Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy.
    Products
    Company
    Top Features
    Solutions
    Existing Users
    Connect With Us
    Sales and Support
    Copyright © Abc Inc. All Rights Reserved