diff --git a/content/blog/2023-12-20-private-repos.md b/content/blog/2023-12-20-private-repos.md index 6eb7904e35..2a283830ba 100644 --- a/content/blog/2023-12-20-private-repos.md +++ b/content/blog/2023-12-20-private-repos.md @@ -16,64 +16,6 @@ - repository access --- -We're excited to announce that support for private repositories is now -available. This feature is accessible when using VP operator version 0.0.36 or -higher, in conjunction with the latest common/ clustergroup 0.8.2 chart. With -this update, you can deploy patterns from git repositories that are either -password-protected or secured with an SSH key. +We're excited to announce that support for private repositories is now available. You can deploy patterns from git repositories that are either password-protected or secured with an SSH key. -To enable this feature, follow these steps: - -1. Create a Secret for Repository Access: Generate a secret that holds the - credentials for accessing your repository. This secret should be formatted - according to ArgoCD's guidelines, which you can find [here](https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories). - For instance, your secret might look like this: - ```yaml - apiVersion: v1 - kind: Secret - metadata: - name: private-repo - namespace: openshift-operators - labels: - argocd.argoproj.io/secret-type: repository - stringData: - type: git - url: git@github.com:mbaldessari/mcg-private.git - sshPrivateKey: | - -----BEGIN OPENSSH PRIVATE KEY----- - a3... - ... - ... - -----END OPENSSH PRIVATE KEY----- - ``` -2. Deploy the Pattern with the Secret: Point your pattern's Custom Resource to - the secret you created in the first step. Ensure that both tokenSecret and - tokenSecretNamespace fields are correctly set to reference your new secret. - Here's an example of how this might be configured: - ```yaml - apiVersion: gitops.hybrid-cloud-patterns.io/v1alpha1 - kind: Pattern - metadata: - name: pattern-sample - namespace: openshift-operators - spec: - clusterGroupName: hub - gitSpec: - targetRepo: git@github.com:mbaldessari/mcg-private.git - targetRevision: private-repo - tokenSecret: private-repo - tokenSecretNamespace: openshift-operators - ``` - -Following these steps ensures that the pattern's framework efficiently manages -the necessary configurations, allowing all Argo instances to access the private -repository. - -To do this entirely via CLI you can simply run the following: -```bash -./pattern.sh make TOKEN_SECRET=private-repo TOKEN_NAMESPACE=openshift-operators install -``` - -The above command assumes that the `private-repo` secret exists and that the -`origin` remote of the repository points to -`git@github.com:mbaldessari/mcg-private.git` as specified in the secret above. +For setup instructions, see [Installing Patterns in Private Repos](/learn/private-repos/). diff --git a/content/learn/private-repos.adoc b/content/learn/private-repos.adoc new file mode 100644 index 0000000000..902ae9261e --- /dev/null +++ b/content/learn/private-repos.adoc @@ -0,0 +1,105 @@ +--- +menu: + learn: + parent: Patterns quick start +title: Installing Patterns in Private Repos +weight: 51 +aliases: /learn/private-repos/ +--- + +:toc: +:_content-type: ASSEMBLY +include::modules/comm-attributes.adoc[] + +[id="private-repos"] +== Deploying patterns from private repositories + +You can deploy patterns from git repositories that are either password-protected or secured with an SSH key. + +== Using an SSH key + +To deploy a pattern from an SSH-secured private repository, create a secret for repository access and then reference it in your pattern's Custom Resource. + +=== Create a secret for repository access + +Generate a secret containing the credentials for accessing your repository. This secret should be formatted according to link:https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories[ArgoCD's declarative setup guidelines]. + +[source,yaml] +---- +apiVersion: v1 +kind: Secret +metadata: + name: private-repo + namespace: openshift-operators + labels: + argocd.argoproj.io/secret-type: repository +stringData: + type: git + url: git@github.com:mbaldessari/mcg-private.git + sshPrivateKey: | + -----BEGIN OPENSSH PRIVATE KEY----- + a3... + ... + ... + -----END OPENSSH PRIVATE KEY----- +---- + +=== Deploy the pattern with the secret + +Reference the secret you created by passing `TOKEN_SECRET` and `TOKEN_NAMESPACE` to the install command: + +[source,terminal] +---- +./pattern.sh make TOKEN_SECRET=private-repo TOKEN_NAMESPACE=openshift-operators install +---- + +This command assumes that the `private-repo` secret exists and that the `origin` remote of the repository points to `git@github.com:mbaldessari/mcg-private.git` as specified in the secret. The install sets the `tokenSecret` and `tokenSecretNamespace` fields on the pattern's Custom Resource, which ensures that all Argo instances can access the private repository. + +If you need to create the pattern CR manually instead, set those fields directly: + +[source,yaml] +---- +apiVersion: gitops.hybrid-cloud-patterns.io/v1alpha1 +kind: Pattern +metadata: + name: pattern-sample + namespace: patterns-operator +spec: + clusterGroupName: hub + gitSpec: + targetRepo: git@github.com:mbaldessari/mcg-private.git + targetRevision: private-repo + tokenSecret: private-repo + tokenSecretNamespace: openshift-operators +---- + +== Using a GitLab private repository with a PAT + +First, make sure your PAT has at least Read and Download permissions for your private repository. + +As with the SSH example above, create a secret before running the install: + +[source,yaml] +---- +apiVersion: v1 +kind: Secret +metadata: + name: private-repo + namespace: openshift-operators + labels: + argocd.argoproj.io/secret-type: repository +stringData: + type: git + url: https://gitlab.com/dminnear-rh/mcg-private.git + username: oauth2 + password: glpat-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +---- + +NOTE: The username must be `oauth2`, not your GitLab handle. + +Then reference the secret in the install: + +[source,terminal] +---- +./pattern.sh make TOKEN_SECRET=private-repo TOKEN_NAMESPACE=openshift-operators install +----