Validated Patterns

Deploying patterns from private repositories

You can deploy patterns from git repositories that are either password-protected or secured with an SSH key.

Using an SSH key

To deploy a pattern from an SSH-secured private repository, create a secret for repository access and then reference it in your pattern’s Custom Resource.

Create a secret for repository access

Generate a secret containing the credentials for accessing your repository. This secret should be formatted according to ArgoCD’s declarative setup guidelines.

apiVersion: v1
kind: Secret
metadata:
  name: private-repo
  namespace: openshift-operators
  labels:
    argocd.argoproj.io/secret-type: repository
stringData:
  type: git
  url: git@github.com:mbaldessari/mcg-private.git
  sshPrivateKey: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    a3...
    ...
    ...
    -----END OPENSSH PRIVATE KEY-----

This secret can now be created with the bootstrap_secrets feature like so:

version: "2.0"

bootstrap_secrets:
  - name: private-repo
    targetNamespaces:
      - openshift-operators
    labels:
      argocd.argoproj.io/secret-type: repository
    fields:
      - name: type
        value: git
      - name: sshPrivateKey
        path: |
          -----BEGIN OPENSSH PRIVATE KEY-----
          a3...
          ...
          ...
          -----END OPENSSH PRIVATE KEY-----
       - name: url
         value: git@github.com:mbaldessari/mcg-private.git

Deploy the pattern with the secret

Reference the secret you created by passing TOKEN_SECRET and TOKEN_NAMESPACE to the install command:

./pattern.sh make TOKEN_SECRET=private-repo TOKEN_NAMESPACE=openshift-operators install

This command assumes that the private-repo secret exists and that the origin remote of the repository points to git@github.com:mbaldessari/mcg-private.git as specified in the secret. The install sets the tokenSecret and tokenSecretNamespace fields on the pattern’s Custom Resource, which ensures that all Argo instances can access the private repository.

If you need to create the pattern CR manually instead, set those fields directly:

apiVersion: gitops.hybrid-cloud-patterns.io/v1alpha1
kind: Pattern
metadata:
  name: pattern-sample
  namespace: patterns-operator
spec:
  clusterGroupName: hub
  gitSpec:
    targetRepo: git@github.com:mbaldessari/mcg-private.git
    targetRevision: private-repo
    tokenSecret: private-repo
    tokenSecretNamespace: openshift-operators

Using a GitLab private repository with a PAT

First, make sure your PAT has at least Read and Download permissions for your private repository.

As with the SSH example above, create a secret before running the install:

apiVersion: v1
kind: Secret
metadata:
  name: private-repo
  namespace: openshift-operators
  labels:
    argocd.argoproj.io/secret-type: repository
stringData:
  type: git
  url: https://gitlab.com/dminnear-rh/mcg-private.git
  username: oauth2
  password: glpat-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Using the bootstrap_secrets feature, this can be created as follows:

version: "2.0"

bootstrap_secrets:
  - name: private-repo
    targetNamespaces:
      - openshift-operators
    labels:
      argocd.argoproj.io/secret-type: repository
    fields:
      - name: type
        value: git
       - name: url
         value: https://gitlab.com/dminnear-rh/mcg-private.git
      - name: username
        value: oauth2
      - name: password
        value: glpat-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The username must be oauth2, not your GitLab handle.

Then reference the secret in the install:

./pattern.sh make TOKEN_SECRET=private-repo TOKEN_NAMESPACE=openshift-operators install
Edit this page Open a documentation issue

QUICKLINKS

CONTRIBUTE

STAY IN TOUCH

Validated Patterns

Validated Patterns are an evolution of how you deploy applications in a hybrid cloud. With a pattern, you can automatically deploy a full application stack through a GitOps-based framework. With this framework, you can create business-centric solutions while maintaining a level of Continuous Integration (CI) over your application.