• Improve this Doc

    Show / Hide Table of Contents

    How to build an OpenShift application from a private GitHub repository

    Overview

    With a private GitHub repo, you want to ensure it stays hidden from prying eyes, but you also want your OpenShift application to be able to build from the repository. The way around this is to use a deploy key.

    This guide assumes you have access to the command-line oc client, and have logged in to your OpenShift cluster with oc login.

    Building an OpenShift application from a private GitHub repository

    1. Create an ssh key-pair

      Note

      Don't use your regular one, and make sure you don't overwrite your regular one either.

      ssh-keygen -t rsa -b 4096 -c "jbloggs@example.com" -f my_GitHub_deploy_key
      

      This will generate both the private and public key files. The public one will have a .pub suffix.

    2. Add the public key to the repository as a Deploy key (instructions with screenshots on GitHub).

    3. Add the private key to your OpenShift cluster as a secret.

      Note

      the word myGitHubsecret below is the name of your secret, not a password.

      oc secrets new-sshauth myGitHubsecret --ssh-privatekey=./my_GitHub_deploy_key
      
    4. Attempt a build, which will fail, but will enable you to add the secret in the next step.

      oc new-app git@github.com:UKCloud/my-private-repo-name.git \
           --name my-app-name
      

      The build will fail, with a message "Fetch source failed".

    5. Link your deploy key to your service account

      The private key was added as a 'secret' in Step 3 above. Now add the secret to the builder service account -- this will allow the builder to fetch the source properly.

      oc secrets link builder myGitHubsecret
      
    6. Add the secret to the build by editing the buildConfig using oc edit.

      oc edit bc/my-app-name
      

      Within the editor, add the secret to the source section, for example:

      source:
        git:
          uri: ssh://git@github.com/UKCloud/my-private-repo-name.git
        sourceSecret:
          name: myGitHubsecret
      
    7. Start the build.

      oc start-build my-app-name
      

    Generating a buildConfig in a file for future use.

    This is optional.

    To generate the buildConfig in a file for future use, use the -o flag to oc new-app, like this:

    oc new-app git@github.com:UKCloud/my-private-repo-name.git \
      --name my-app-name -o json >> buildConfigDefinition.json
    

    you can then create from the file with:

    oc create -f buildConfigDefinition.json
    oc new-app --template <app-name>
    

    Sources and further reading

    • blog.openshift.com

    • blog.lucywyman.me

    • Openshift documentation on source-clone-secrets

    Feedback

    If you find a problem with this article, click Improve this Doc to make the change yourself or raise an issue in GitHub. If you have an idea for how we could improve any of our services, send an email to feedback@ukcloud.com.

    ☀
    ☾
    Generated by DocFX
    Back to top
    © UKCloud Ltd, 2022. All Rights Reserved.
    Privacy Policy. Terms of Use. Contribute.

    The UKCloud Knowledge Centre uses cookies to ensure that we give you the best experience on our website. If you continue we assume that you consent to receive all cookies on this website.