SSH

Using the SSH protocol, you can connect and authenticate to remote servers and services. You can connect to GitHub, GitLab, and bitbucket using SSH keys instead of entering your username and personal access token each time. When you configure SSH, you must generate a new SSH key and add it to the SSH agent. Before you use the SSH key to authenticate, you must first add it to your GitHub, GitLab, or bitbucket account.
Creating SSH Key
To create an SSH key for GitHub, GitLab, bitbucket, and in general follow the steps below. 
Generate the SSH key on your local machine. (You can also use the repo's links, and the steps are the same for all repos).
SSH Configuration to  the Github account
​https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
​
SSH Configuration to  the GitLab account
​https://docs.gitlab.com/ee/ssh/#generate-an-ssh-key-pair​
SSH Configuration to  the bitbucket account 
​https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/​
1. Generating SSH key in local
$ ssh-keygen                                                                                                                                                                         It will generate the ssh key in  ~/.ssh/id_rsa and  ~/.ssh/id_rsa.pub
2. Add the public key (id rsa.pub) to the repository
$ cat ~/.ssh/id_rsa.pub  # copy the content
For Github
Github Profile photo —>Settings —>SSH and GPG keys —>Click New SSH key or Add SSH key —> Click Save.
For GitLab
Select your avatar —>Preferences or (user settings)—>SSH keys—>Paste the key in the Key field—>Add a descriptive text in the title—>Click Add Key
For Bitbucket
Personal settings from your avatar —> SSH keys  —> click Add key  —>Enter a Label —> Paste the public key in the field —>Click Save.
Creating “Known_Hosts” file
Generate the known_hosts file
# ssh-keyscan github.com >> ~/.ssh/known_hosts
Configuring ISD using values.yaml
Part A: Assuming you have a private key and a known hosts file to create a secret before installing the ISD. 
1. Enable SSH option in the Values.yaml
sshkeysecret: true                                                                                                                                                             sshsecretName: ssh-secret
2.Create a secret using the SSH private key and the known hosts for the github/gitlab/bitbucket.com to be installed in the ISD namespace.
# copy the private key(id_rsa/id_ed25519) to ssh file
3. Make sure the RSA private key is present in the SSH file.
# kubectl create secret generic ssh-secret --from-file=ssh --from-file=known_hosts -n <namespace>
Configuring ISD Pipeline Promotion Manually to use SSH
Part B: Assuming you've already finished ISD configuration and use SSH for pipeline promotion
1.Edit the secret called git-token
kubectl edit secret git-token -n
2.It contains the key-value as below (Fill out only git_secret_sshkey )
apiVersion: v1
stringData:
  # Git token to access repo where pipeline stuff is stored
  git_secret_token: ""
  git_secret_sshkey: "<base64 encoded ssh private key>"
  git_pr_token: ""
kind: Secret
metadata:
  name: git-token
type: Opaque
Note: Leave the git secret token and git pr token values empty to use SSH.
3.  Provide base64 encoded id_rsa private key for the git_secret_sshkey. 
      Use the command below to encode the private key                                                                                                                                           # cat ~/.ssh/id_rsa | base64 |  tr '\n' ' '

How to set up Mutual TLS (mTLS) Authentication for Spinnaker Services

X.509

Last modified 11mo ago