github - 为什么 openshift oc new-app 没有使用我提供的 --source-secret？

Question

我正在这样启动操作系统:

oc cluster up --public-hostname=julio-oc.10.238.41.233.nip.io

我还有一个私有(private)的 github 存储库，配置了一个部署 key ，只有一个普通的 Dockerfile。

然后我按如下方式添加 secret :

oc secrets new-sshauth sleep-key-rsa --ssh-privatekey=/home/julio/.ssh/sleep-key_rsa

如果我尝试创建应用程序，它会失败:

> oc new-app --source-secret=sleep-key-rsa git@github-isl-01.ca.com:garju09/docker-sleep.git
error: Errors occurred while determining argument types:

git@github-isl-01.ca.com:garju09/docker-sleep.git as a Git repository URL:  Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

但是如果我将 key 添加到 ssh 代理，它现在可以工作了:

> ssh-add ~/.ssh/sleep-key_rsa
Identity added: /home/julio/.ssh/sleep-key_rsa (/home/julio/.ssh/sleep-key_rsa)

> oc new-app --source-secret=sleep-key-rsa git@github-isl-01.ca.com:garju09/docker-sleep.git
--> Found Docker image 3fa8225 (2 weeks old) from Docker Hub for "centos:centos7"

    * An image stream will be created as "centos:centos7" that will track the source image
    * A Docker build using source code from git@github-isl-01.ca.com:garju09/docker-sleep.git will be created
      * The resulting image will be pushed to image stream "docker-sleep:latest"
      * Every time "centos:centos7" changes a new build will be triggered
      * WARNING: this source repository may require credentials.
                 Create a secret with your git credentials and use 'set build-secret' to assign it to the build config.
    * This image will be deployed in deployment config "docker-sleep"
    * The image does not expose any ports - if you want to load balance or send traffic to this component
      you will need to create a service with 'expose dc/docker-sleep --port=[port]' later
    * WARNING: Image "centos:centos7" runs as the 'root' user which may not be permitted by your cluster administrator

--> Creating resources ...
    imagestream "centos" created
    imagestream "docker-sleep" created
    buildconfig "docker-sleep" created
    deploymentconfig "docker-sleep" created
--> Success
    Build scheduled, use 'oc logs -f bc/docker-sleep' to track its progress.
    Run 'oc status' to view your app.

为什么 new-app 没有使用我指定的 --source-secret？

更新:

> oc version
oc v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://127.0.0.1:8443
openshift v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62

我在这里的主要信息来源是以下博客:https://blog.openshift.com/private-git-repositories-part-2a-repository-ssh-keys/

请注意， key 上没有密码，我尝试了各种其他排列，包括以下排列。唯一适用于项目创建的是 ssh-add。奇怪的是，项目创建后，我可以清空 ssh-agent 并毫无问题地构建操作系统:

oc secrets new-sshauth sleep-key-rsa --ssh-privatekey=/home/julio/.ssh/sleep-key_rsa
oc secrets link builder sleep-key-rsa
oc new-app --source-secret=sleep-key-rsa https://github-isl-01.ca.com/garju09/docker-sleep.git

但上面的方法不起作用，因为 https 需要在我们的部署中进行身份验证。

oc secrets new-sshauth sleep-key-rsa --ssh-privatekey=/home/julio/.ssh/sleep-key_rsa
oc secrets link builder sleep-key-rsa
oc new-app git@github-isl-01.ca.com:garju09/docker-sleep.git

同样失败。

更新 2:我创建了一个 github 存储库来复制问题并显示我正在使用的脚本:https://github.com/julio-garcia-fc/docker-sleep

如果您克隆它并拥有 oc 3.7，您应该能够运行 oc.sh，您会看到它失败了。

Answer 1

您需要说明构建器服务帐户可以访问您的 key 。见:

• https://blog.openshift.com/private-git-repositories-part-2b-repository-ssh-keys/

以及该系列中的所有其他博文。

你需要的命令是:

oc secrets link builder sleep-key-rsa