How to build an OpenShift application from a private Github repo

How to build an OpenShift application from a private Github repo

This guide assumes you have access to the command-line oc client, and have logged in to your openshift instance with oc login

With a private Github repo, you want to ensure it stays hidden from prying eyes, but you also want your Openshift app to be able to build from the repo. The way around this is to use a Deploy key.

Steps:

First create an ssh key-pair (don’t use your regular one, and make sure you don’t overwrite your regular one either!!)

ssh-keygen -t rsa -b 4096 -c "jbloggs@mycompany.com" -f my_github_deploy_key

This will generate both the private and public key files. The public one will have a “.pub” suffix.

Second, add the public key to the repo as a Deploy Key (instructions with screen-shots on Github)

Third, add the private key to your OpenShift instance. Note that the word “mygithubsecret” is the name of your secret, not a password.

oc secrets new-sshauth mygithubsecret --ssh-privatekey=./my_github_deploy_key

Fourth, attempt a build, which will fail, (but will enable you to add the secret in the next step)

oc new-app git@github.com:UKCloud/my-private-repo-name.git

The build will fail, with a message “Fetch source failed”

Fifth, tell Openshift about your Deploy Key. The private key was added as a ‘secret’ in the Third step above. Now add the secret to the “builder” service account – this will allow the builder to fetch the source properly.

oc secrets link builder mygithubsecret

Sixth add the secret to the buildConfig by editing the file using oc edit

oc edit bc/openshift-simple-monitor

Add the secret to the “source” section, e.g.

source:
  git:
    uri: ssh://git@github.com/UKCloud/openshift-simple-monitor.git
  sourceSecret:
    name: mygithubsecret

Seventh and finally, start the build.

oc start-build openshift-simple-monitor

Note to generate the build config in a file for future use, use something like:

oc new-app git@github.com:UKCloud/openshift-simple-monitor.git \
  --name openshift-simple-monitor -o json >> a.json

you can then create from the file with

oc create -f a.json
oc new-app --template <app-name>

Sources and further reading:

blog.openshift.com and blog.lucywyman.me.