Has anyone mounted a private GitHub repository into a kubernetes pod volume?
What is the best way to achieve this?
I thought of two possible ways:
Using user / password in HTTPS repository URL
Using private SSH key on the machine
I like the second better, but I couldn't figure which user is pulling the repository to puts the appropriate SSH configuration for it.
Any thoughts?
GitHub allows cloning repositories using an OAuth token in https URLs as such:
$ git clone https://$GH_TOKEN#github.com/owner/repo.git
see
https://help.github.com/articles/creating-an-access-token-for-command-line-use/
Related
Since Github changed their authentication methods to only accept Personal Access Tokens I've had some trouble with getting my GCP Build Trigger to run when I push to the main branch of my repo.
Does anyone know how I can re-authenticate, or change the password that's being used to connect GCP to Github?
On GCP I have tried reconnecting to the repo, 'forgetting' the repo and then reconnecting, I'm not incredibly clued up on this platform, I've only been using it for a few weeks.
"token" would be used for HTTPS URL.
The official GCP documentation uses SSH URLs, which does not need tokens (but SSH keys): that would be one alternative.
According to a note in Cloud Build documentation titled Accessing private GitHub repositories:
When you run builds using Cloud Build triggers, you can automatically connect to any private repository you own without storing your credentials in Secret Manager.
Based on this, I have tried to git clone my private GitHub repo (without piping ssh keys from Secret Manager to ssh files which the doc states is unnecessary using a build trigger) to no avail. Using ssh below in my cloudbuild.yaml file:
steps:
- name: google/cloud-sdk:alpine
id: Clone repo
entrypoint: git
args: ['clone', 'git#github.com:my-org/my-repo.git']
results in error:
Step #0: Host key verification failed.
Step #0: fatal: Could not read from remote repository.
And using https
args: ['clone', 'https://github.com/my-org/my-repo.git']
I get:
Step #0 - "Clone repo": fatal: could not read Username for 'https://github.com': No such device or address
Is there any way to clone a private GitHub repo within cloudbuild.yaml without tediously piping ssh keys from Secret Manager to volumes before the clone? Any tips would be much appreciated.
As mentioned in the note shared, You need to configure your Cloud Build Trigger, if you want to avoid Secret Manager.
The Build Trigger setup step involves authenticating to your source repository with your username and password.
So when you fire this Cloud Build Trigger, it will not ask for your credentials in Secret Manager, as the authentication is already provided in an earlier step (Trigger Setup).
I found a similar case that has been created as an issue in github which can help you to resolve your errors while using ssh.
For https approach, I would recommend you to remove https://github.com from the url.
And I found another issue that has been created in github which can help you to resolve your issue while using https approach.
This one is rather complicated to describe. I have two github accounts, I will refer to them as github A and B.
I had created a local repo X and tried to connect it to a new remote repo I created on github account A. However, my default github login credetials were set for my github account B. I went through this tutorial and was able to add a second key created in my .ssh to allow me access to acct. A at will. This method worked and allowed me to add the new remote repo on github account A to my local repo X. I could then push origin to master just fine.
I then made a clone of the same repo X on github account A and placed it in a new local location (same drive, different folder) which I will refer to as local repo Y. I then tried to push changes to the same remote repo on github A and it denies me saying I'm trying to access using my username for my remote github B account.
I tried re-adding the remote url via the same special .ssh key previously created for repo X and use it for the local repo Y but it says it already exists.
I'm looking for a simple solution here, hopefully one exists. I would appreciate your help on this.
You can test what actual key is used with:
ssh -Tv <yourSSHConfigEntry>
Make sure to use an ssh URL like yourSSHConfigEntry:/ (no need to prefix it with git#: the User should be in your ~/.ssh/config file)
The idea is: your SSH config file should use the right private key, whose public key has been registered to the right GitHub account.
Check the remote URL: git remote -v. If it starts with git#github.com, it won't use the ssh config entry.
Type:
git remote set-url origin <my-github-acct-A>:<user>/<repo>
That will use the SSH config entry, and make sure the User in it is "git".
I'm pretty sure the issues you're running into are a result of managing multiple accounts on the same computer, regardless of the repos being duplicates.
If you haven't already, I'd suggest you take a look at the very detailed answers provided here.
I have been through this trouble many times and have resolved it by setting the ssh config rules or by enforcing the ssh-agent to have the correct ssh key alone.
I have documented the entire process and Freecodecamp published the article.
Here's the link! Hope this will help whenever you come across this use case. :)
I have attempted to add a new repository to github per their usual instructions with an odd rejection...
Owner#Owner-HP ~/Bescrewed
$ git push -u origin master
ERROR: Permission to TangibleDream/Bescrewed.git denied to TangibleDream/demo_app.
fatal: The remote end hung up unexpectedly
Owner#Owner-HP ~/Bescrewed
The problem is, demo_app was my last repository. The one I'm doing presently is bescrewed and should be in no way connected to demo_app.
Has anyone had this issue before?
It might be tied to an ssh issue as described in GitHub help page:
Permission to user/repo2 denied to user/repo1
This error occurs when you attach your key as a deploy key on repo1.
You can push and pull from that repo without issue, but you won’t have access to any other repo with your key.
To solve this, remove the key from repo1’s deploy keys and attach it on your account page instead. This key will now have access to all repos your account has access to.
See Deploy Keys
What are deploy keys?
Deploy keys are ssh keys just like the ones you attach to your account to allow you to push to and pull from your repos.
The only difference is that deploy keys are designed to allow access to a single private repo.
This will allow your staging or production server to pull in from your repo
The other possibility is that somehow your 'origin' remote is incorrect (check what git remote -v returns)
Does github require all cloning, of both public and private repositories, to use an SSH public key? Maybe a better question, is can git clone a github repo without a ssh key at all.
You can use https protocol, as mentioned in "GitHub - Https access".
You would then use your GitHub login/password in a ~/.netrc file (which can be a security concern).
Note: on Windows, that would be an _netrc file.
Since GitHub supports smart http protocol (as detailed here), you can use that for cloning/pulling and for pushing.
SSH Key is used for more safety communication. Is not necessary, although using SSH Key is usefull because encrypte communication and also does not involve password.
No. A SSH key is only needed to push to a public repo on github, not to pull from one (although the easiest method to get a clone you can later push to uses the same key to pull as to push, that isn't the only way to work).