How to build an OpenShift application from a private GitHub repository
Overview
With a private GitHub repo, you want to ensure it stays hidden from prying eyes, but you also want your OpenShift application to be able to build from the repository. The way around this is to use a deploy key.
This guide assumes you have access to the command-line oc
client, and have
logged in to your OpenShift cluster with oc login
.
Building an OpenShift application from a private GitHub repository
Create an ssh key-pair
Note
Don't use your regular one, and make sure you don't overwrite your regular one either.
ssh-keygen -t rsa -b 4096 -c "jbloggs@example.com" -f my_GitHub_deploy_key
This will generate both the private and public key files. The public one will have a
.pub
suffix.Add the public key to the repository as a Deploy key (instructions with screenshots on GitHub).
Add the private key to your OpenShift cluster as a secret.
Note
the word
myGitHubsecret
below is the name of your secret, not a password.oc secrets new-sshauth myGitHubsecret --ssh-privatekey=./my_GitHub_deploy_key
Attempt a build, which will fail, but will enable you to add the secret in the next step.
oc new-app git@github.com:UKCloud/my-private-repo-name.git \ --name my-app-name
The build will fail, with a message "Fetch source failed".
Link your deploy key to your service account
The private key was added as a 'secret' in Step 3 above. Now add the secret to the
builder
service account -- this will allow the builder to fetch the source properly.oc secrets link builder myGitHubsecret
Add the secret to the build by editing the
buildConfig
usingoc edit
.oc edit bc/my-app-name
Within the editor, add the secret to the
source
section, for example:source: git: uri: ssh://git@github.com/UKCloud/my-private-repo-name.git sourceSecret: name: myGitHubsecret
Start the build.
oc start-build my-app-name
Generating a buildConfig in a file for future use.
This is optional.
To generate the buildConfig
in a file for future use, use the -o
flag
to oc new-app
, like this:
oc new-app git@github.com:UKCloud/my-private-repo-name.git \
--name my-app-name -o json >> buildConfigDefinition.json
you can then create from the file with:
oc create -f buildConfigDefinition.json
oc new-app --template <app-name>
Sources and further reading
Feedback
If you find a problem with this article, click Improve this Doc to make the change yourself or raise an issue in GitHub. If you have an idea for how we could improve any of our services, send an email to feedback@ukcloud.com.