Skip to main content

GitStateStore

Kratix supports writing to Git repositories. See below for the API documentation:

apiVersion: platform.kratix.io/v1alpha1
kind: GitStateStore
metadata:
name: default
spec:
# The branch to write to: optional, defaults to main
branch: main
# The top-level path in the git repository to write to: optional
path: destinations/
# Valid options: basicAuth, and ssh; defaults to basicAuth
authMethod: basicAuth
# Optional
gitAuthor:
# The name of the author to use when committing: optional, defaults to kratix
name: kratix
# The email of the author to use when committing: optional, defaults to empty
email:
# Required
secretRef:
# The name and namespace of the secret to use to authenticate: required
name: gitea-credentials
namespace: default
# The address of the git repository. If auth method is basic auth, use `http`/`https` format: required
# if your using ssh auth then ensure its of the format git@github.com:<org>/<repo>.git
url: https://github.com/syntasso/kratix-repo

Auth

Kratix uses the credentials contained in the secretRef to authenticate with the Git storage. Kratix currently supports using basicAuth or ssh.

SSH

When authMethod is equal to ssh Kratix will check the secret for sshPrivateKey and knownHosts to authenticate. The secret should be in the following format:

apiVersion: v1
kind: Secret
metadata:
name: # name
namespace: # namespace
type: Opaque
data:
sshPrivateKey: # base64 encoded private key
knownHosts: # base64 encoded known hosts

Kratix supports any Git provider that supports ssh auth. Depending on the provider you are using you may be able to use an per-repo ssh key in-place of user's ssh key. See below for further details.

GitHub

GitHub supports per-repo ssh keys using deploy keys.

GitLab

GitLab supports per-repo ssh keys using deploy keys.

Basic Auth

When authMethod is equal to basicAuth Kratix will check the secret for username and password to authenticate. The secret should be in the following format:

apiVersion: v1
kind: Secret
metadata:
name: # name
namespace: # namespace
type: Opaque
data:
username: # base64 encoded username
password: # base64 encoded password

Kratix supports any Git provider that supports basic auth. Depending on the provider you are using you may be able to use an access token in-place of an actual password. See below for further details.

GitHub

GitHub supports using personal access tokens instead of user passwords for authenticating with GitHub. Create a personal access token with read and write permissions to the repository. Populate the username and password fields with the GitHub username and token value.

GitLab

GitLab supports using project access tokens instead of user passwords for authenticating with GitLab. Create a project access token with read and write permissions to the repository. The token is created on the project, and is therefore not related to any individual user. Populate the username field with any value and the password field with the token value.

AWS CodeCommit

AWS CodeCommit supports using basic auth to authenticate with the repository. Populate the username and password field with the values generated for the HTTPS Git credentials.


Require a different method of authentication? Get in touch with us at feedback@syntasso.io or open a GitHub Issue.