Skip to content
Snippets Groups Projects
Commit f3c21d20 authored by Hartorn's avatar Hartorn Committed by Rhys Arkins
Browse files

docs: add kubernetes for Gitlab with git over ssh section (#3126)

parent a8a25795
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 130 additions and 0 deletions
docs/self-hosting.md
+ 130
0
View file @ f3c21d20
......@@ -174,3 +174,133 @@ You should save and test out this script manually first, and add it to cron once
See
[deployment docs](https://github.com/renovatebot/renovate/blob/master/docs/deployment.md)
for details.
## Kubernetes for Gitlab, using Git over SSH
This section describes how to use git binary with ssh for Gitlab, to avoid API shortcomings.
You need to first create a ssh key, then add the public part to Gitlab (see this [guide](https://docs.gitlab.com/ee/ssh/))
Then, you need to create the secret to add the ssh key, and the following config to your container
```
host gitlab.com
HostName gitlab.com
StrictHostKeyChecking no
IdentityFile ~/.ssh/id_rsa
User git
```
To easily create the secret, you can do the following (see [docs](https://kubernetes.io/docs/concepts/configuration/secret/#use-case-pod-with-ssh-keys))
```
kubectl create secret generic ssh-key-secret --from-file=config=/path/to/config --from-file=id_rsa=/path/to/.ssh/id_rsa --from-file=id_rsa.pub=/path/to/.ssh/id_rsa.pub
```
It creates something like this
```
apiVersion: v1
data:
config: aG9zdCBnaXRsYWIuY29tCiAgSG9zdE5hbWUgZ2l0bGFiLmNvbQogIFN0cmljdEhvc3RLZXlDaGVja2luZyBubwogIElkZW50aXR5RmlsZSB+Ly5zc2gvaWRfcnNhCiAgVXNlciBnaXQ=
id_rsa: <base64String>
id_rsa.pub: <base64String>
kind: Secret
metadata:
name: ssh-key-secret
namespace: <namespace>
```
Then you just need to add Git author, and mount volumes
The final configuration should look like something like this :
```
---
apiVersion: v1
kind: Namespace
metadata:
name: <namespace, for example renovate>
---
apiVersion: v1
kind: Secret
metadata:
name: renovate-env
namespace: <namespace>
type: Opaque
stringData:
renovate-platform: 'gitlab'
renovate-endpoint: 'https://gitlab.com/api/v4'
renovate-token: <Gitlab Token>
github-token: <Github Token>
renovate-autodiscover: 'false'
---
apiVersion: v1
data:
config: aG9zdCBnaXRsYWIuY29tCiAgSG9zdE5hbWUgZ2l0bGFiLmNvbQogIFN0cmljdEhvc3RLZXlDaGVja2luZyBubwogIElkZW50aXR5RmlsZSB+Ly5zc2gvaWRfcnNhCiAgVXNlciBnaXQ=
id_rsa: <base64String>
id_rsa.pub: <base64String>
kind: Secret
metadata:
name: ssh-key-secret
namespace: <namespace>
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: renovate
namespace: <namespace>
spec:
schedule: '@hourly'
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
volumes:
- name: ssh-key-volume
secret:
secretName: ssh-key-secret
containers:
- name: renovate
# Update this to the latest available and then enable Renovate on the manifest
image: renovate/renovate:14.1.0
volumeMounts:
- name: ssh-key-volume
readOnly: true
mountPath: "/home/ubuntu/.ssh"
args:
- <repository>
# Environment Variables
env:
- name: RENOVATE_GIT_AUTHOR
value: <Git Author, with format 'User <email@email.com>'>
- name: RENOVATE_GIT_FS
value: ssh
- name: RENOVATE_PLATFORM
valueFrom:
secretKeyRef:
key: renovate-platform
name: renovate-env
- name: RENOVATE_ENDPOINT
valueFrom:
secretKeyRef:
key: renovate-endpoint
name: renovate-env
- name: RENOVATE_TOKEN
valueFrom:
secretKeyRef:
key: renovate-token
name: renovate-env
- name: GITHUB_COM_TOKEN
valueFrom:
secretKeyRef:
key: github-token
name: renovate-env
- name: RENOVATE_AUTODISCOVER
valueFrom:
secretKeyRef:
key: renovate-autodiscover
name: renovate-env
restartPolicy: Never
```
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment