SSH
Using the SSH protocol, you can connect and authenticate to remote servers and services. You can connect to GitHub, GitLab, and bitbucket using SSH keys instead of entering your username and personal access token each time. When you configure SSH, you must generate a new SSH key and add it to the SSH agent. Before you use the SSH key to authenticate, you must first add it to your GitHub, GitLab, or bitbucket account.
To create an SSH key for GitHub, GitLab, bitbucket, and in general follow the steps below.
Generate the SSH key on your local machine. (You can also use the repo's links, and the steps are the same for all repos).
- SSH Configuration to the Github account
- SSH Configuration to the GitLab account
- SSH Configuration to the bitbucket account
- 1.Generating SSH key in local
$ ssh-keygen
It will generate the ssh key in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub - 2.Add the public key (id rsa.pub) to the repository
$ cat ~/.ssh/id_rsa.pub # copy the content
- For GithubGithub Profile photo —>Settings —>SSH and GPG keys —>Click New SSH key or Add SSH key —> Click Save.
- For GitLabSelect your avatar —>Preferences or (user settings)—>SSH keys—>Paste the key in the Key field—>Add a descriptive text in the title—>Click Add Key
- For BitbucketPersonal settings from your avatar —> SSH keys —> click Add key —>Enter a Label —> Paste the public key in the field —>Click Save.
- Generate the known_hosts file
# ssh-keyscan github.com >> ~/.ssh/known_hosts
Part A: Assuming you have a private key and a known hosts file to create a secret before installing the ISD.
- 1.Enable SSH option in the Values.yaml
sshkeysecret: true
sshsecretName: ssh-secret
- 2.Create a secret using the SSH private key and the known hosts for the github/gitlab/bitbucket.com to be installed in the ISD namespace.
# copy the private key(id_rsa/id_ed25519) to ssh file
- 3.Make sure the RSA private key is present in the SSH file.
# kubectl create secret generic ssh-secret --from-file=ssh --from-file=known_hosts -n <namespace>
Part B: Assuming you've already finished ISD configuration and use SSH for pipeline promotion
- 1.Edit the secret called git-token
kubectl edit secret git-token -n
- 2.It contains the key-value as below (Fill out only git_secret_sshkey )
apiVersion: v1
stringData:
# Git token to access repo where pipeline stuff is stored
git_secret_token: ""
git_secret_sshkey: "<base64 encoded ssh private key>"
git_pr_token: ""
kind: Secret
metadata:
name: git-token
type: Opaque
Note: Leave the git secret token and git pr token values empty to use SSH.
3. Provide base64 encoded id_rsa private key for the git_secret_sshkey.
Use the command below to encode the private key
# cat ~/.ssh/id_rsa | base64 | tr '\n' ' '
Last modified 11mo ago