Configure HTTP Artifact Credentials
If the files are hidden behind basic auth, you can configure an artifact
account with the needed credentials to read your artifact. If not, no further
configuration is needed, Spinnaker can automatically add a
no-auth-http-account for this purpose.
You can configure more than one artifact account, each with separate credentials. Specify which account to use in the configuration for the stage that reads the data. If you have only one such account configured, the stage config for this is hidden, and the single account is automatically used.
Download credentials
-
Collect your basic auth
$USERNAMEand$PASSWORD -
Pick a
$USERNAME_PASSWORD_FILElocation on your disk -
Run:
echo ${USERNAME}:${PASSWORD} > $USERNAME_PASSWORD_FILE
Add the credentials either to a secrets manager for use by reference or to a volume mounted into the clouddriver pods by modifying the deployment.yaml for clouddriver.
Add the account and enable it
Add the following to clouddriver-local.yml
artifacts:
enabled: true
http:
enabled: true
accounts:
- name: some-account
username-password-file: </mnt/file|secretReference>
There are more options in the code including the ability to set restrictions on endpoints receiving these requests. IT IS HIGHLY recommended that you limit these requests to specific trusted URLs since it will send credentials to these URLs.