SUSE Support

Here When You Need Us

Configure GitRepo with Private Key Authentication via Rancher UI

This document (000021559) is provided subject to the disclaimer at the end of this document.

Environment

Rancher with Fleet Continuous Delivery

Situation

Configuring GitHub and Rancher Fleet Continuous Delivery for a GitRepo Using SSH Key Authentication

Resolution

Create SSH Key Pair:

For private repositories, generate an SSH key pair in PEM format using the following command. Please note that the private key should not have a passphrase. It can be either an RSA or EC private key
 
ssh-keygen -t rsa -b 4096 -m pem -C "user@email.com"


Configure Github:

Now that you have the private and public key pair, add the public key to your Git repository. For example, adding the public key to GitHub is demonstrated below

Github >> Settings >> SSH and GPG keys >> Click button "New SSH key" >> Give Title >> Select the "Authentication Key" from drop down >> Add the public key in the text box >> "Add SSH key" to add it

Now you will be able to use the private key to authenticate to your Github private repository

Create Gitrepo in Rancher:

Go to the Rancher UI >> Continous Delivery >> GitRepos >> Add Repository
Enter a name and Repository URL. For example, in the case of github, the repo URL will be similar to git@github.com:username/repository.git. Enter the Branch name corresponding to the repo

In Github authentication drop-down, Select "Create a SSH Key Secret" and add your Private Key generated in the previous step. Private key alone is sufficient for authentication and you may keep the Public Key field blank.

If you already have a secret created using the kubectl command in either the fleet-local or fleet-default namespace on the local cluster, you can select that secret from the dropdown. If you prefer to create the secret manually via the command line, run the following command on the local cluster
 

kubectl create secret generic ssh-key -n fleet-default --from-file=ssh-privatekey=/file/to/private/key  --type=kubernetes.io/ssh-auth


Note: If you want to create Gitrepo for local cluster, replace fleet-default with fleet-local

If you want to verify the identity of the GitHub when you establish an SSH connection, you can collect the SSH host key using the below command and add it to the secret
 

ssh-keyscan -H github.com


Get the host key line corresponding to ssh-rsa from previous command results and place it another file and create the secret as below

kubectl create secret generic ssh-key-known-host  -n fleet-default --from-file=ssh-privatekey=/file/to/private/key --from-file=known_hosts=/file/to/known_hosts  --type=kubernetes.io/ssh-auth


Fill in any remaining details, then click on 'Create' . The authentication to the GitHub private repository should be completed successfully

Status

Top Issue

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021559
  • Creation Date: 12-Sep-2024
  • Modified Date:23-Sep-2024
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.