How to deploy a private GitHub repository in OpenShift

You are ready to deploy your new fancy app in an OpenShift cluster (or k8s for that matter) but your code is in GitHub in a private repository, how can you give the cluster access to it? Here we go.

This article assumes that the application that will be deployed has a Dockerfile checked into the Git repository but other options should follow the same process.

GitHub Setup

Let’s start by generating a “Deploy Key”, which is basically an SSH key that grants access to a single repository (public or private) and that by default, has read-only access to your project.

In your local machine generate a new SSH key, give it the name oc_github_rsa and leave the passphrase empty (you won’t be able to add it when setting up your OpenShift application).

$ cd ~
$ ssh-keygen -t rsa -b 4096 -C "your.email@email.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/user/.ssh/id_rsa): oc_github_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in oc_github_rsa.
Your public key has been saved in oc_github_rsa.pub.
The key fingerprint is:
SHA256:HCHOb0C8Cby0UQeEtwXYljk0RS3czKQ3w2CaR/Vhb7U your.email@email.com
The key's randomart image is:
+---[RSA 4096]----+
|   ..O@XXB  o   .|
|    *=BXo==o o ..|
|   . *B++.= . OE |
|    o o= o o .   |
|        S        |
|       .         |
|                 |
|                 |
|                 |
+----[SHA256]-----+

Proceed to copy the public key into your clipboard and navigate to the repository Settings in GitHub. Select Deploy Keys, then click Add deploy key. Give it a name and paste the content of your clipboard into the Key field. Do NOT select the write access and click Add key. GitHub will very likely prompt you to re-enter your password to perform this action.

$ cat oc_github_rsa.pub | pbcopy

It should looks something like this:

The GitHub side is good to go, now to OpenShift.

OpenShift Setup

We are using the web console for this section but the same process can be achieved via the oc CLI.

If you haven’t done already, create a new project.

On the left menu, click on Developer to access the developer console.

The first page that you land should be the Topology page. Click on the option From Dockerfile.

Add the GitHub URL in SSH format (not HTTPS) and click on Show Advanced Git Options - scroll down to Source Secret and select Create New Secret. Give it a name (do not include spaces) and select the private key file from your machine.

Proceed to add an application name, a resource name and if desired keep the checked box to create a route to the application. Click on Create

Of course there is a ton of configurations that can (and should) be made for the specifics of the application but that’s not the topic of this article.

By now OpenShift will have created a Deployment Config (DC) resource that will pull from GitHub your code and deploy your application.

That’s it. Have fun!

Troubleshooting:

Error: error: failed to fetch requested repository ”https://github.com/org/project” with provided credentials

Make sure you use the ssh url for your repo and not the https meaning, use git@github.com:org/my-repo.git instead of https://github.com/org/my-repo

Why? I have no idea, it took me almost 2 hours to figure that out.