SSH

Using the SSH protocol, you can connect and authenticate to remote servers and services. You can connect to GitHub, GitLab, and bitbucket using SSH keys instead of entering your username and personal access token each time. When you configure SSH, you must generate a new SSH key and add it to the SSH agent. Before you use the SSH key to authenticate, you must first add it to your GitHub, GitLab, or bitbucket account.

Creating SSH Key

To create an SSH key for GitHub, GitLab, bitbucket, and in general follow the steps below.

Generate the SSH key on your local machine. (You can also use the repo's links, and the steps are the same for all repos).

• SSH Configuration to the Github account

• SSH Configuration to the GitLab account

• SSH Configuration to the bitbucket account

1. Generating SSH key in local

   $ ssh-keygen It will generate the ssh key in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub

2. Add the public key (id rsa.pub) to the repository

   $ cat ~/.ssh/id_rsa.pub # copy the content

   • For Github

     Github Profile photo —>Settings —>SSH and GPG keys —>Click New SSH key or Add SSH key —> Click Save.

   • For GitLab

     Select your avatar —>Preferences or (user settings)—>SSH keys—>Paste the key in the Key field—>Add a descriptive text in the title—>Click Add Key

   • For Bitbucket

     Personal settings from your avatar —> SSH keys —> click Add key —>Enter a Label —> Paste the public key in the field —>Click Save.

Creating “Known_Hosts” file

• Generate the known_hosts file

  # ssh-keyscan github.com >> ~/.ssh/known_hosts

Configuring ISD using values.yaml

Part A: Assuming you have a private key and a known hosts file to create a secret before installing the ISD.

1. Enable SSH option in the Values.yaml

   sshkeysecret: true sshsecretName: ssh-secret

2. Create a secret using the SSH private key and the known hosts for the github/gitlab/bitbucket.com to be installed in the ISD namespace.

   # copy the private key(id_rsa/id_ed25519) to ssh file

3. Make sure the RSA private key is present in the SSH file.

   # kubectl create secret generic ssh-secret --from-file=ssh --from-file=known_hosts -n <namespace>

Configuring ISD Pipeline Promotion Manually to use SSH

Part B: Assuming you've already finished ISD configuration and use SSH for pipeline promotion

1. Edit the secret called git-token

   kubectl edit secret git-token -n

2. It contains the key-value as below (Fill out only git_secret_sshkey )

apiVersion: v1
stringData:
  # Git token to access repo where pipeline stuff is stored
  git_secret_token: ""
  git_secret_sshkey: "<base64 encoded ssh private key>"
  git_pr_token: ""
kind: Secret
metadata:
  name: git-token
type: Opaque

3. Provide base64 encoded id_rsa private key for the git_secret_sshkey.

Use the command below to encode the private key # cat ~/.ssh/id_rsa | base64 | tr '\n' ' '