My e-Notes about Cloud, K8s, OpenShift, DataScience, Machine Learning, Python, Data Analytics, DataStage, DWH and ETL Concepts

Breaking

Saturday, 2 January 2021

Building Openshift App from a Private Git Repository

Openshift aka OCP provide s2i (Source2Image) way to deploy an application in its container platform which is easy, pretty and fast way to create application container if it follows standards.

So let's take an example to see how it is done in Openshift - 

Git Repo: git@github.com:atulsingh0/DO180-apps.git
Git Branch: s2i
Application Source Code: php-helloworld
OCP Application Name: hello 
OCP Builder Image: php

In OCP 3.x:

oc new-app \
 --name hello \
 -i php \
 git@github.com:atulsingh0/DO180-apps.git#s2i \
 --context-dir php-helloworld


In OCP 4.x:

 oc new-app \
--as-deployment-config \
 --name hello \
 -i php \
 git@github.com:atulsingh0/DO180-apps.git#s2i \
 --context-dir php-helloworld

As, Git Repo DO180-apps is public repo, OCP is able to download the repo for application hello and deploy the application from source code residing in php-helloworld. But what if, this repo is hosted in private or enterprise git where no repository is public until mean to. 

To access private git repo in s2i command, we need to follow below steps - 

a. Create a git secret:  In this command, we are creating a SSH Key Secret (OCP object) from a file which is holding a SSH key which has access on private git repository.  

oc create secret generic git-cred \
--type=kubernetes.io/ssh-auth \
--from-file=ssh-privatekey=/path/to/ssh/key/file 

b. Linking the secret with Service Account: As OCP is going to use builder service account to build the application, we need to link git secret with that. 

oc secrets link builder git-cred

c. Building the Application: Now, we can build the application from a private by adding --source-secret parameter with our initial commands - 

 oc new-app \
--as-deployment-config \
 --name hello \
 -i php \
 git@github.com:atulsingh0/DO180-apps.git#s2i \
 --context-dir php-helloworld \
 --source-secret git-cred

The above command is going to work if application hello does not exist, if it exist, it will fail. To resolve this issue either you can delete the application hello and re-deploy it above command or add the secret in OCP build object for application hello

To delete the Application hello

oc delete all,pvc -l app=hello

Or, add git/source secret to build definition :

oc set build-secret --source -l app=hello git-cred

Now, you can build -  

oc start-build hello

Personally, I find delete and redeploy way it much easier :-) due to obvious reasons but we can't do the same if we have to maintain the deployment history. So choose wisely.  
Let me know if you have any questions.. feel free to put your thoughts in comments.. till then.. Happy Learning !! 



Like the below page to get the update  
Facebook Page      Facebook Group      Twitter Feed      Telegram Group


No comments:

Post a Comment

Disclaimer

The postings on this site are my own and don't necessarily represent IBM's or other companies positions, strategies or opinions. All content provided on this blog is for informational purposes and knowledge sharing only.
The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of his information.