开发者社区> 问答> 正文

如何使用密钥中的ssh密钥将私有git存储库克隆到kubernetes pod?

我正在尝试使用SSH密钥进行身份验证,将私有git存储库(gitLab)克隆到kubernetes pod中。我秘密存储了我的钥匙。这是执行所需任务的作业的yaml文件。

执行后初始化容器的日志:

fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/community/x86_64/APKINDEX.tar.gz
v3.7.1-66-gfc22ab4fd3 [http://dl-cdn.alpinelinux.org/alpine/v3.7/main]
v3.7.1-55-g7d5f104fa7 [http://dl-cdn.alpinelinux.org/alpine/v3.7/community]
OK: 9064 distinct packages available
OK: 23 MiB in 23 packages
Cloning into '/tmp'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
适用于公共回购的yaml文件:

apiVersion: batch/v1
kind: Job
metadata:
name: nest-build-kaniko
labels:

app: nest-kaniko-example

spec:
template:

spec:
  containers:
    -
      image: 'gcr.io/kaniko-project/executor:latest'
      name: kaniko
      args: ["--dockerfile=/workspace/Dockerfile",
            "--context=/workspace/",
            "--destination=aws.dest.cred"]
      volumeMounts:
        -
          mountPath: /workspace
          name: source
        -
          name: aws-secret
          mountPath: /root/.aws/
        -
          name: docker-config
          mountPath: /kaniko/.docker/
  initContainers:
    -
      name: download
      image: alpine:3.7
      command: ["/bin/sh","-c"]
      args: ['apk add --no-cache git && git clone https://github.com/username/repo.git /tmp/']
      volumeMounts:
        -
          mountPath: /tmp
          name: source
  restartPolicy: Never
  volumes:
    -
      emptyDir: {}
      name: source
    -
      name: aws-secret
      secret:
        secretName: aws-secret
    -
      name: docker-config
      configMap:
        name: docker-config

使用git-sync克隆私有存储库后的yaml文件:

apiVersion: batch/v1
kind: Job
metadata:
name: nest-build-kaniko
labels:

app: nest-kaniko-example

spec:
template:

spec:
  containers:
    -
      image: 'gcr.io/kaniko-project/executor:latest'
      name: kaniko
      args: ["--dockerfile=/workspace/Dockerfile",
            "--context=/workspace/",
            "--destination=aws.dest.cred"]
      volumeMounts:
        -
          mountPath: /workspace
          name: source
        -
          name: aws-secret
          mountPath: /root/.aws/
        -
          name: docker-config
          mountPath: /kaniko/.docker/
  initContainers:
    -
      name: git-sync
      image: gcr.io/google_containers/git-sync-amd64:v2.0.4
      volumeMounts:
        -
          mountPath: /git/tmp
          name: source
        -
          name: git-secret
          mountPath: "/etc/git-secret"
      env:
        - name: GIT_SYNC_REPO
          value: "git@gitlab.com:username/repo.git"
        - name: GIT_SYNC_SSH
          value: "true"
        - name: GIT_SYNC_DEST
          value: "/tmp"
        - name: GIT_SYNC_ONE_TIME
          value: "true"
      securityContext:
        runAsUser: 0
  restartPolicy: Never
  volumes:
    -
      emptyDir: {}
      name: source
    -
      name: aws-secret
      secret:
        secretName: aws-secret
    -
      name: git-secret
      secret:
        secretName: git-creds
        defaultMode: 256
    -
      name: docker-config
      configMap:
        name: docker-config

展开
收起
k8s小能手 2018-12-14 14:41:18 3053 0
1 条回答
写回答
取消 提交回答
  • 整合最优质的专家资源和技术资料,问答解疑

    initContainers:

    -
      name: git-sync
      image: gcr.io/google_containers/git-sync-amd64:v2.0.4
      volumeMounts:
        -
          mountPath: /workspace
          name: source
        -
          name: git-secret
          mountPath: "/etc/git-secret"
      env:
        - name: GIT_SYNC_REPO
          value: "git@gitlab.com:username/repo.git"
        - name: GIT_SYNC_SSH
          value: "true"
        - name: GIT_SYNC_ROOT
          value: /workspace
        - name: GIT_SYNC_DEST
          value: "tmp"
        - name: GIT_SYNC_ONE_TIME
          value: "true"
    2019-07-17 23:20:57
    赞同 展开评论 打赏
问答排行榜
最热
最新

相关电子书

更多
新一代高效Git协同模型 立即下载
AGit-Flow:新一代高效Git协同模型 立即下载
AGit-flow:新一代高效Git协同模型 立即下载

相关镜像