Skip to content

Configure GitRepo with Private Key Authentication via Rancher UI

This document (000021559) is provided subject to the disclaimer at the end of this document.

Environment

Rancher with Fleet Continuous Delivery

Situation

Configuring GitHub and Rancher Fleet Continuous Delivery for a GitRepo Using SSH Key Authentication

Resolution

Create SSH Key Pair:

For private repositories, generate an SSH key pair in PEM format using the following command. Please note that the private key should not have a passphrase. It can be either an RSA or EC private key

ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"

Configure Github:

Now that you have the private and public key pair, add the public key to your Git repository. For example, adding the public key to GitHub is demonstrated below

Github >> Settings >> SSH and GPG keys >> Click button "New SSH key" >> Give Title >> Select the "Authentication Key" from drop down >> Add the public key in the text box >> "Add SSH key" to add it

Now you will be able to use the private key to authenticate to your Github private repository

Create Gitrepo in Rancher:

Go to the Rancher UI >> Continous Delivery >> GitRepos >> Add Repository

Enter a name and Repository URL. For example, in the case of github, the repo URL will be similar to git@github.com:username/repository.git. Enter the Branch name corresponding to the repo

In Github authentication drop-down, Select "Create a SSH Key Secret" and add your Private Key generated in the previous step. Private key alone is sufficient for authentication and you may keep the Public Key field blank.

If you already have a secret created using the kubectl command in either the fleet-local or fleet-default namespace on the local cluster, you can select that secret from the dropdown. If you prefer to create the secret manually via the command line, run the following command on the local cluster

kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth

Note: If you want to create Gitrepo for local cluster, replace fleet-default with fleet-local

If you want to verify the identity of the GitHub when you establish an SSH connection, you can collect the SSH host key using the below command and add it to the secret

ssh-keyscan -H github.com

Get the host key line corresponding to ssh-rsa from previous command results and place it another file and create the secret as below

kubectl create secret generic ssh-key-known-host  -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --from-file=known_hosts=/file/to/known_hosts  --type=kubernetes.io/ssh-auth

Fill in any remaining details, then click on 'Create' . The authentication to the GitHub private repository should be completed successfully

Status

Top Issue

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.