Deploying From Private Git Repositories

The content in this post may be outdated. For the most recent post concerning private Git repositories, please visit the Private Git Repositories series.

Many times you will find yourself in a situation where you can not use public repository for your code, e.g. free public hosted git repository at Github, because your code is private. In such case, you simply follow the previous steps, but the build is going to fail, because OpenShift will not be able to download the source code as it will not have the credentials to authenticate itself against the git repository.

But do not worry, there is a solution.

You can upload some private key to OpenShift and authorize its public counterpart at the git hosting, and with those in place, OpenShift will be able to access your private git repository. I do not want to go into too many details here, you can read more in the documentation linked earlier.

First, generate an RSA key that is going to be uploaded to OpenShift (be careful not to overwrite your current keys)

ssh-keygen -t rsa -C "my_secret_key_for_OpenShift"

Then, you upload the key to OpenShift:

oc secrets new-sshauth sshsecret --ssh-privatekey=$HOME/.ssh/id_rsa

After that, you provide this key to the builder service account:

oc secrets add serviceaccount/builder secrets/sshsecret

Finally, you need to update your build configuration:

oc patch buildConfig myapp -p '{"spec":{"source":{"sourceSecret":{"name":"sshsecret"}}}}'

And that’s it! Authorize the public key for your repository and you are ready to go!

News, OpenShift Online
, , ,

11 Responses to “Deploying From Private Git Repositories”

  1. VIS

    Thank you for your sharing, but I got error while try this command: oc patch buildConfig myapp -p ‘{“spec”:{“source”:{“sourceSecret”:{“name”:”sshsecret”}}}}’

    -> Error from server: Invalid JSON document

    Please help to check it.

    • sglebs

      Try escaping the double quotes:

      oc patch bc namoro-core-dev -p ‘{“spec”:{“triggers”:{“generic”:{“secret”:”scmsecret”}}}}’

  2. esthrim

    Same with @disqus_kwHczWSq9S:disqus , Error From Server : Invalid JSON document

    • esthrim

      i found another way to put the secret name to the configuration by performing this command
      oc edit bc

    • sglebs

      See my comment further down about escaping the double quotes.

  3. sglebs

    This solution fails for me if –strategy=docker. I believe this line must be different:
    oc patch buildConfig myapp -p ‘{“spec”:{“source”:{“sourceSecret”:{“name”:”sshsecret”}}}}’
    only when –strategy=source does it work for me. Ideas?

    • sglebs

      To make things work:
      oc secrets link builder scmsecret

      This fixed it for me.

  4. Bodurin Mayaki

    Hi Marek, great post thanks for sharing!

  5. Steven Lawler

    >oc patch buildConfig blog-fe -p ‘{“spec”:{“source”:{“sourceSecret”:{“name”:”sshsecret”}}}}’
    Error from server: json: cannot unmarshal string into Go value of type map[string]interface {}

    Tried escaping the double quotes, but didn’t help.

  6. Samuel Carlsson

    This is poison. Do not under any circumstances give someone your private key. This violates the terms of use for github. Moreover it’s an insult to security, morals, and good taste.

  7. Lean Dros

    Thanks Marek.

Comments are closed.