jimsnab
commented
8 months ago One way you can repro this is to use a private github.com/username repo in a hello world go project.
Then try building with this... replace the ARGs according to your private ssh url for the repo. Also the executable name below is apiserver.
FROM golang:alpine
RUN apk update && apk add --no-cache git && apk add openssh
# Private repo
ARG PRIVATE_SCM_HOST
ARG PRIVATE_SCM_SSH_PORT
ENV GOPRIVATE=$PRIVATE_SCM_HOST
# SSH Key setup
RUN mkdir -p /root/.ssh && \
chmod 0700 /root/.ssh && \
ssh-keyscan -p $PRIVATE_SCM_SSH_PORT -H $PRIVATE_SCM_HOST > /root/.ssh/known_hosts
# Configure https to ssh mapping
RUN git config --global url."ssh://git@$PRIVATE_SCM_HOST:$PRIVATE_SCM_SSH_PORT".insteadOf "https://$PRIVATE_SCM_HOST/scm"
# Create app directory
WORKDIR /opt/apiserver
# Bring source into the container and build
COPY . .
RUN --mount=type=ssh go mod download
RUN --mount=type=ssh go build -o /opt/apiserver/apiserver -buildvcs=false
CMD [ "/opt/apiserver/apiserver" ]docker build --build-arg PRIVATE_SCM_HOST=github.com/username/repo --build-arg PRIVATE_SCM_SSH_PORT=22 --build-arg --ssh default .
Actual behavior I've not found a way to securely use the host's ssh keys from within a Dockerfile using kaniko.
Expected behavior Provide compatibility with
docker build --ssh, which enables the docker file to run commands that use ssh keys.To Reproduce Steps to reproduce the behavior:
--ssh. It is not recognized as a switch (expected; it is not documented to be supported).Additional Information
Ordinary Dockerfile fragment that builds a go container and uses a private scm
Kaniko Image (fully qualified with digest)
Triage Notes for the Maintainers
--cacheflag