SSH

Using the SSH protocol, you can connect and authenticate to remote servers and services. You can connect to GitHub, GitLab, and bitbucket using SSH keys instead of entering your username and personal access token each time. When you configure SSH, you must generate a new SSH key and add it to the SSH agent. Before you use the SSH key to authenticate, you must first add it to your GitHub, GitLab, or bitbucket account.

Creating SSH Key

To create an SSH key for GitHub, GitLab, bitbucket, and in general follow the steps below.

Generate the SSH key on your local machine. (You can also use the repo's links, and the steps are the same for all repos).

SSH Configuration to the Github account
https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
SSH Configuration to the GitLab account
https://docs.gitlab.com/ee/ssh/#generate-an-ssh-key-pair
SSH Configuration to the bitbucket account
https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/

Generating SSH key in local
$ ssh-keygen It will generate the ssh key in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub
Add the public key (id rsa.pub) to the repository
$ cat ~/.ssh/id_rsa.pub # copy the content
- For Github
  Github Profile photo —>Settings —>SSH and GPG keys —>Click New SSH key or Add SSH key —> Click Save.
- For GitLab
  Select your avatar —>Preferences or (user settings)—>SSH keys—>Paste the key in the Key field—>Add a descriptive text in the title—>Click Add Key
- For Bitbucket
  Personal settings from your avatar —> SSH keys —> click Add key —>Enter a Label —> Paste the public key in the field —>Click Save.

Creating “Known_Hosts” file

Generate the known_hosts file
# ssh-keyscan github.com >> ~/.ssh/known_hosts

Configuring ISD using values.yaml

Part A: Assuming you have a private key and a known hosts file to create a secret before installing the ISD.

Enable SSH option in the Values.yaml
sshkeysecret: true sshsecretName: ssh-secret
Create a secret using the SSH private key and the known hosts for the github/gitlab/bitbucket.com to be installed in the ISD namespace.
# copy the private key(id_rsa/id_ed25519) to ssh file
Make sure the RSA private key is present in the SSH file.
# kubectl create secret generic ssh-secret --from-file=ssh --from-file=known_hosts -n <namespace>

Configuring ISD Pipeline Promotion Manually to use SSH

Part B: Assuming you've already finished ISD configuration and use SSH for pipeline promotion

Edit the secret called git-token
kubectl edit secret git-token -n
It contains the key-value as below (Fill out only git_secret_sshkey )

apiVersion: v1
stringData:
  # Git token to access repo where pipeline stuff is stored
  git_secret_token: ""
  git_secret_sshkey: "<base64 encoded ssh private key>"
  git_pr_token: ""
kind: Secret
metadata:
  name: git-token
type: Opaque

Note: Leave the git secret token and git pr token values empty to use SSH.

3. Provide base64 encoded id_rsa private key for the git_secret_sshkey.

Use the command below to encode the private key # cat ~/.ssh/id_rsa | base64 | tr '\n' ' '

PreviousHow to set up Mutual TLS (mTLS) Authentication for Spinnaker Services NextX.509

Last updated 2 years ago