Building Openshift App from a Private Git Repository

Openshift aka OCP provide s2i (Source2Image) way to deploy an application in its container platform which is easy, pretty and fast way to create application container if it follows standards.

So let's take an example to see how it is done in Openshift - 

Git Repo: git@github.com:atulsingh0/DO180-apps.git

Git Branch: s2i

Application Source Code: php-helloworld

OCP Application Name: hello 

OCP Builder Image: php

In OCP 3.x:

oc new-app \

 --name hello \

 -i php \

 git@github.com:atulsingh0/DO180-apps.git#s2i \

 --context-dir php-helloworld

In OCP 4.x:

 oc new-app \

--as-deployment-config \

 --name hello \

 -i php \

 git@github.com:atulsingh0/DO180-apps.git#s2i \

 --context-dir php-helloworld

As, Git Repo DO180-apps is public repo, OCP is able to download the repo for application hello and deploy the application from source code residing in php-helloworld. But what if, this repo is hosted in private or enterprise git where no repository is public until mean to. 

To access private git repo in s2i command, we need to follow below steps - 

a. Create a git secret:  In this command, we are creating a SSH Key Secret (OCP object) from a file which is holding a SSH key which has access on private git repository.  

oc create secret generic git-cred \

--type=kubernetes.io/ssh-auth \

--from-file=ssh-privatekey=/path/to/ssh/key/file 

b. Linking the secret with Service Account: As OCP is going to use builder service account to build the application, we need to link git secret with that. 

oc secrets link builder git-cred

c. Building the Application: Now, we can build the application from a private by adding --source-secret parameter with our initial commands - 

 oc new-app \

--as-deployment-config \

 --name hello \

 -i php \

 git@github.com:atulsingh0/DO180-apps.git#s2i \

 --context-dir php-helloworld \

 --source-secret git-cred

The above command is going to work if application hello does not exist, if it exist, it will fail. To resolve this issue either you can delete the application hello and re-deploy it above command or add the secret in OCP build object for application hello. 

To delete the Application hello: 

oc delete all,pvc -l app=hello

Or, add git/source secret to build definition :

oc set build-secret --source -l app=hello git-cred

Now, you can build -  

oc start-build hello

Personally, I find delete and redeploy way it much easier :-) due to obvious reasons but we can't do the same if we have to maintain the deployment history. So choose wisely.  

Let me know if you have any questions.. feel free to put your thoughts in comments.. till then.. Happy Learning !! 

Like the below page to get the update  
Facebook Page      Facebook Group      Twitter Feed      Telegram Group