How to build an OpenShift application from a private GitHub repository

Overview

With a private GitHub repo, you want to ensure it stays hidden from prying eyes, but you also want your OpenShift application to be able to build from the repository. The way around this is to use a deploy key.

This guide assumes you have access to the command-line oc client, and have logged in to your OpenShift cluster with oc login.

Building an OpenShift application from a private GitHub repository

1. Create an ssh key-pair

   Note

   Don't use your regular one, and make sure you don't overwrite your regular one either.

   ssh-keygen -t rsa -b 4096 -c "jbloggs@example.com" -f my_GitHub_deploy_key
   

   This will generate both the private and public key files. The public one will have a .pub suffix.

2. Add the public key to the repository as a Deploy key (instructions with screenshots on GitHub).

3. Add the private key to your OpenShift cluster as a secret.

   Note

   the word myGitHubsecret below is the name of your secret, not a password.

   oc secrets new-sshauth myGitHubsecret --ssh-privatekey=./my_GitHub_deploy_key
   

4. Attempt a build, which will fail, but will enable you to add the secret in the next step.

   oc new-app git@github.com:UKCloud/my-private-repo-name.git \
        --name my-app-name
   

   The build will fail, with a message "Fetch source failed".

5. Link your deploy key to your service account

   The private key was added as a 'secret' in Step 3 above. Now add the secret to the builder service account -- this will allow the builder to fetch the source properly.

   oc secrets link builder myGitHubsecret
   

6. Add the secret to the build by editing the buildConfig using oc edit.

   oc edit bc/my-app-name
   

   Within the editor, add the secret to the source section, for example:

   source:
     git:
       uri: ssh://git@github.com/UKCloud/my-private-repo-name.git
     sourceSecret:
       name: myGitHubsecret
   

7. Start the build.

   oc start-build my-app-name
   

Generating a buildConfig in a file for future use.

This is optional.

To generate the buildConfig in a file for future use, use the -o flag to oc new-app, like this:

oc new-app git@github.com:UKCloud/my-private-repo-name.git \
  --name my-app-name -o json >> buildConfigDefinition.json

you can then create from the file with:

oc create -f buildConfigDefinition.json
oc new-app --template <app-name>

Sources and further reading

• blog.openshift.com

• blog.lucywyman.me

• Openshift documentation on source-clone-secrets

Feedback

If you find a problem with this article, click Improve this Doc to make the change yourself or raise an issue in GitHub. If you have an idea for how we could improve any of our services, send an email to feedback@ukcloud.com.