Open alexfrancavilla opened 6 years ago
arvindsv
commented
6 years ago I see that /home/go is expected to be mounted (according to this). Maybe that's a problem? Since you seem to be mounting /home/go/.ssh.
Maybe @GaneshSPatil or @varshavaradarajan have some idea?
sheroy
commented
6 years ago Hi @alexfrancavilla, this appears to be a defect in the elastic agent implementation to me. We'll take a look and keep this issue updated on the fix.
varshavaradarajan
commented
6 years ago Since you seem to be mounting /home/go/.ssh.
@arvindsv - Its okay to mount any directory for docker. I checked that that worked.
@alexfrancavilla - do you mind sharing the go-server logs? I want to check if there are any errors. One thing that I did run into while checking the volume mounts was the the material update would be stuck with a prompt to add github to known hosts. This would be present in the logs.
I got the following prompt -
The authenticity of host 'github.com (192.30.253.113)' can't be established.
RSA key fingerprint is ...
Are you sure you want to continue connecting (yes/no)?This will be followed by Skipping update of material ... which has been in-progress since .... The dashboard will not show up any errors when you trigger the pipeline because of a known bug on the dashboard - https://github.com/gocd/gocd/issues/4647
If you have got a similar prompt, you can solve this by mounting the known-hosts file.
darkedges
commented
6 years ago Here is the version I have working
apiVersion: v1
kind: Pod
metadata:
name: pod-name-prefix-{{ POD_POSTFIX }}
labels:
app: web
spec:
containers:
- name: gocd-agent-container-{{ CONTAINER_POSTFIX }}
image: {{ GOCD_AGENT_IMAGE }}:{{ LATEST_VERSION }}
securityContext:
privileged: true
volumeMounts:
- name: git-ssh-key
mountPath: /home/go/.ssh/
readOnly: true
volumes:
- name: git-ssh-key
secret:
secretName: git-ssh-keykubernetes secret created this way
kubectl create secret generic git-ssh-key -n gocd --from-file=c:\development\forgerock\tls\id_rsa,c:\development\forgerock\tls\configc:\development\forgerock\tls\config
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
c:\development\forgerock\tls\id_rsa
-----BEGIN RSA PRIVATE KEY-----
xxxxxxxxx
-----END RSA PRIVATE KEY-----
alexfrancavilla
commented
6 years ago @varshavaradarajan Sorry for the late response. I can't provide the logs anymore since they're gone already. My solution was to build my own agent image on top of your official agent image which includes the key as well as a prepared known_hosts file (through ssh-keyscan). This setup runs fine and I haven't a changed a thing until now.
simcomp2003
commented
6 years ago Working solution as proposed:
apiVersion: v1 kind: Pod metadata: name: pod-name-prefix-{{ POD_POSTFIX }} labels: app: web spec: containers:
Problem was mount path with "/" at end.
Hi everyone,
in order to access private git repositories through SSH I was trying to mount a Secret or ConfigMap under
/home/go/.sshwhich contains everything that is required to SSH into our GitLab repositories (private keypair, prefilled known_hosts).Basically what I did is the same what the
images/profile-with-pod-yaml.pngimage is showing on theinstall.mdpage in this repo, but with a different directory. Is this intentional behaviour on the.sshdirectory or am I facing a bug? (yes the secret exists and contains all data, tested it with a busybox mounting the directory in the same way)Here is my pod configuration from the elastic agent profile:
Output of
kubectl describe -n infra pod/k8s-ea-77f0a914-7877-494f-9fb6-872044ab3b5a, which is the elastic agent pod. As you can see no extra volume was mounted:And the output of
kubectl get po -n infra k8s-ea-77f0a914-7877-494f-9fb6-872044ab3b5a -o yaml, which correctly outputs my pod configuration template in the annotation, but is missing the actual mount in the spec down below: