Accessing Private Repositories
Accessing Images in Private Repositories
The Konflux integration Tekton pipelines use the konflux-integration-runner
service account.
Tekton automatically mounts all secrets which are linked to that service accounts to the PipelineRuns and Tasks. All your component image registry secrets are automatically linked to this service account.
If your integration pipeline needs to use special credentials to registries other than ones for your component images (e.g. the ones for the registry.redhat.io or similar), you will need to manually link the secret containing them to the konflux-integration-runner
service account.
-
Create the registry pull secret in your tenant namespace - consult the guide for pull secret creation.
-
Manually link the new secret to the
konflux-integration-runner
service account - consult the guide for linking secrets to service account.
Accessing Pipelines and Tasks in Private Git Repositories
Integration Test Scenarios point to their corresponding pipeline with a Git Resolver. The Git Resolver schema is inherited from Tekton and functions in the same way. Users should create an access token for their repository in Github or Gitlab then store that token in a secret in their namespace.
Once this is done, the Resolver should be updated with the fields token
and tokenKey
, which provide the name of the secret and the key within the data
section of that secret in which the access token is stored.
Example of Resolver in IntegrationTestScenario
apiVersion: appstudio.redhat.com/v1beta2
kind: IntegrationTestScenario
metadata:
name: example-pass
namespace: default
spec:
application: application-sample
contexts:
- description: Application testing
name: application
resolverRef:
resolver: git
params:
- name: org
value: konflux-ci
- name: repo
value: sample-private-repo
- name: serverURL
value: https://github.com
- name: revision
value: main
- name: pathInRepo
value: pipelines/integration_pipeline_pass.yaml
- name: token
value: ${SECRET_NAME}
- name: tokenKey
value: ${SECRET_KEY}
Example of Resolver in Pipeline
This is an example of how tasks in private repos can be accessed with the Git Resolver using the same method as above.
apiVersion: tekton.dev/v1
kind: Pipeline
metadata:
name: deploy-and-test
spec:
description: |
Demonstrates the use of Git Resolvers to access tasks in private repos
tasks:
- name: parse-metadata
taskRef:
resolver: git
params:
- name: org
value: konflux-ci
- name: repo
value: sample-private-repo
- name: serverURL
value: https://github.com
- name: revision
value: main
- name: pathInRepo
value: tasks/test_metadata.yaml
- name: token
value: ${SECRET_NAME}
- name: tokenKey
value: ${SECRET_KEY}
params:
- name: SNAPSHOT
value: $(params.SNAPSHOT)