How to build an OpenShift application from a private GitHub repository
With a private GitHub repo, you want to ensure it stays hidden from prying eyes, but you also want your OpenShift application to be able to build from the repository. The way around this is to use a deploy key.
This guide assumes you have access to the command-line
oc client, and have
logged in to your OpenShift cluster with
Building an OpenShift application from a private GitHub repository
Create an ssh key-pair
Don't use your regular one, and make sure you don't overwrite your regular one either.
ssh-keygen -t rsa -b 4096 -c "firstname.lastname@example.org" -f my_GitHub_deploy_key
This will generate both the private and public key files. The public one will have a
Add the public key to the repository as a Deploy key (instructions with screenshots on GitHub).
Add the private key to your OpenShift cluster as a secret.
myGitHubsecretbelow is the name of your secret, not a password.
oc secrets new-sshauth myGitHubsecret --ssh-privatekey=./my_GitHub_deploy_key
Attempt a build, which will fail, but will enable you to add the secret in the next step.
oc new-app email@example.com:UKCloud/my-private-repo-name.git \ --name my-app-name
The build will fail, with a message "Fetch source failed".
Link your deploy key to your service account
The private key was added as a 'secret' in Step 3 above. Now add the secret to the
builderservice account -- this will allow the builder to fetch the source properly.
oc secrets link builder myGitHubsecret
Add the secret to the build by editing the
oc edit bc/my-app-name
Within the editor, add the secret to the
sourcesection, for example:
source: git: uri: ssh://firstname.lastname@example.org/UKCloud/my-private-repo-name.git sourceSecret: name: myGitHubsecret
Start the build.
oc start-build my-app-name
Generating a buildConfig in a file for future use.
This is optional.
To generate the
buildConfig in a file for future use, use the
oc new-app, like this:
oc new-app email@example.com:UKCloud/my-private-repo-name.git \ --name my-app-name -o json >> buildConfigDefinition.json
you can then create from the file with:
oc create -f buildConfigDefinition.json oc new-app --template <app-name>
Sources and further reading
If you find a problem with this article, click Improve this Doc to make the change yourself or raise an issue in GitHub. If you have an idea for how we could improve any of our services, send an email to firstname.lastname@example.org.