为什么openshift的新应用不使用我提供的--源代码-机密?
我是这样开始操作系统的:
oc cluster up --public-hostname=julio-oc.10.238.41.233.nip.io我还有一个私有的github,配置了一个部署密钥,只有一个普通的Dockerfile。
然后,我将秘密添加如下:
oc secrets new-sshauth sleep-key-rsa --ssh-privatekey=/home/julio/.ssh/sleep-key_rsa如果我试图创建这个应用程序,它就失败了:
> oc new-app --source-secret=sleep-key-rsa git@github-isl-01.ca.com:garju09/docker-sleep.git
error: Errors occurred while determining argument types:
git@github-isl-01.ca.com:garju09/docker-sleep.git as a Git repository URL: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.但是,如果我将密钥添加到ssh代理中,它现在就能工作了:
> ssh-add ~/.ssh/sleep-key_rsa
Identity added: /home/julio/.ssh/sleep-key_rsa (/home/julio/.ssh/sleep-key_rsa)
> oc new-app --source-secret=sleep-key-rsa git@github-isl-01.ca.com:garju09/docker-sleep.git
--> Found Docker image 3fa8225 (2 weeks old) from Docker Hub for "centos:centos7"
* An image stream will be created as "centos:centos7" that will track the source image
* A Docker build using source code from git@github-isl-01.ca.com:garju09/docker-sleep.git will be created
* The resulting image will be pushed to image stream "docker-sleep:latest"
* Every time "centos:centos7" changes a new build will be triggered
* WARNING: this source repository may require credentials.
Create a secret with your git credentials and use 'set build-secret' to assign it to the build config.
* This image will be deployed in deployment config "docker-sleep"
* The image does not expose any ports - if you want to load balance or send traffic to this component
you will need to create a service with 'expose dc/docker-sleep --port=[port]' later
* WARNING: Image "centos:centos7" runs as the 'root' user which may not be permitted by your cluster administrator
--> Creating resources ...
imagestream "centos" created
imagestream "docker-sleep" created
buildconfig "docker-sleep" created
deploymentconfig "docker-sleep" created
--> Success
Build scheduled, use 'oc logs -f bc/docker-sleep' to track its progress.
Run 'oc status' to view your app.为什么new-app不使用我指定的--source-secret?
更新:
> oc version
oc v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth GSSAPI Kerberos SPNEGO
Server https://127.0.0.1:8443
openshift v3.7.0+7ed6862
kubernetes v1.7.6+a08f5eeb62这里我的主要信息来源是以下博客:https://blog.openshift.com/private-git-repositories-part-2a-repository-ssh-keys/
请注意,密钥上没有密码,我尝试了其他各种排列,包括以下内容。唯一适用于项目创建的东西是ssh-add。奇怪的是,一旦创建了项目,我就可以清空ssh-agent和OS构建,没有问题:
oc secrets new-sshauth sleep-key-rsa --ssh-privatekey=/home/julio/.ssh/sleep-key_rsa
oc secrets link builder sleep-key-rsa
oc new-app --source-secret=sleep-key-rsa https://github-isl-01.ca.com/garju09/docker-sleep.git但是,由于https需要在我们的部署中进行身份验证,所以上面的内容不起作用。
oc secrets new-sshauth sleep-key-rsa --ssh-privatekey=/home/julio/.ssh/sleep-key_rsa
oc secrets link builder sleep-key-rsa
oc new-app git@github-isl-01.ca.com:garju09/docker-sleep.git也失败了。
更新2:我创建了一个github,它复制了问题并显示了我正在使用的脚本:https://github.com/julio-garcia-fc/docker-sleep
如果您克隆它并拥有oc 3.7,您应该能够运行oc.sh,并且可以看到它失败了。
回答 1
Stack Overflow用户
发布于 2017-12-15 20:53:08
您需要说构建者服务帐户可以访问您的秘密。请参见:
以及该系列中的所有其他博客文章。
您需要的命令是:
oc secrets link builder sleep-key-rsahttps://stackoverflow.com/questions/47839117
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号