How to build an OpenShift application from a private Github repo
Posted In: Developer, Blog
This guide assumes you have access to the command-line “
oc” client, and have logged in to your OpenShift instance with “
With a private Github repo, you want to ensure it stays hidden from prying eyes, but you also want your OpenShift app to be able to build from the repo. The way around this is to use a Deploy key
First, create an ssh key-pair (don’t use your regular one, and make sure you don’t overwrite your regular one either!!)
ssh-keygen -t rsa -b 4096 -c "email@example.com" -f my_github_deploy_key
This will generate both the private and public key files. The public one will have a “.pub” suffix.
, add the public key to the repo as a Deploy Key
(instructions with screen-shots on Github
Third, add the private key to your OpenShift instance.
oc secrets new-sshauth mygithubsecret --ssh-privatekey=./my_github_deploy_key
Fourth, attempt a build, which will fail, (but will enable you to add the secret in the next step)
oc new-app firstname.lastname@example.org:UKCloud/my-private-repo-name.git
The build will fail, with a message “Fetch source failed”
Fifth, tell OpenShift about your Deploy Key. The private key was added as a ‘secret’ in the Third step above. Now add the secret to the “builder” service account — this will allow the builder to fetch the source properly.
oc secrets link builder mygithubsecret
Sixth add the secret to the buildConfig by editing the file using “
oc edit bc/openshift-simple-monitor
Add the secret to the “source” section, e.g.
Seventh, and finally, start the build.
oc start-build openshift-simple-monitor
Note to generate the build config in a file for future use, use something like:
oc new-app email@example.com:UKCloud/openshift-simple-monitor.git --name openshift-simple-monitor -o json >> a.json
You can then create from the file with:
oc create -f a.json
oc new-app --template <app-name>
We hope this has been useful for you, but for further reading please visit here or here.