How to build an OpenShift application from a private Github repo

This guide assumes you have access to the command-line “oc” client, and have logged in to your OpenShift instance with “oc login


With a private Github repo, you want to ensure it stays hidden from prying eyes, but you also want your OpenShift app to be able to build from the repo. The way around this is to use a Deploy key.


First, create an ssh key-pair (don’t use your regular one, and make sure you don’t overwrite your regular one either!!)

ssh-keygen -t rsa -b 4096 -c "" -f my_github_deploy_key

This will generate both the private and public key files. The public one will have a “.pub” suffix.

Second, add the public key to the repo as a Deploy Key (instructions with screen-shots on Github)


Third, add the private key to your OpenShift instance.
oc secrets new-sshauth mygithubsecret --ssh-privatekey=./my_github_deploy_key


Fourth, attempt a build, which will fail, (but will enable you to add the secret in the next step)

oc new-app
The build will fail, with a message “Fetch source failed”


Fifth, tell OpenShift about your Deploy Key. The private key was added as a ‘secret’ in the Third step above. Now add the secret to the “builder” service account — this will allow the builder to fetch the source properly.
oc secrets link builder mygithubsecret

Sixth add the secret to the buildConfig by editing the file using “oc edit

oc edit bc/my-private-repo-name
Add the secret to the “source” section, e.g.
            uri: ssh://
            name: mygithubsecret
Seventh, and finally, start the build.
oc start-build my-private-repo-name

Note to generate the build config in a file for future use, use something like:

oc new-app --name my-private-repo-name -o json >> a.json

You can then create from the file with:

        oc create -f a.json
        oc new-app --template <app-name>


We hope this has been useful for you, but for further reading please visit here or here.


Post A Comment