我的工作流程是:
我收到此错误:
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Error: exit status 128
Python 脚本运行后如何将更改推送到我的存储库?如何将 ssh 密钥安装到容器?
我尝试使用 https://github.com/argoproj/argo-workflows/blob/main/examples/input-artifact-git.yaml 添加我的 ssh 密钥作为将更改推送到存储库的参考,我是期望它使用 ssh 密钥并推送我的 python 脚本所做的更改
解决了问题,我就是这样做的:
创建秘密后安装 ssh 密钥(例如:
kubectl create secret generic ssh-keys --from-file=id_rsa=ssh-key --from-file=id_rsa.pub=ssh-key.pub- name: ssh-keys
secret:
secretName: ssh-keys
defaultMode: 400
将其安装到需要 ssh 密钥的容器中:
volumeMounts:
- name: ssh-keys
readOnly: true
mountPath: /root/.ssh
在容器的参数上添加一个脚本来创建临时目录 /tmp/ssh 并在其中复制 ssh 密钥,因为 ssh 卷挂载是只读的,您不能使用它在 .ssh 目录中添加已知的主机目录,将私钥更改为只读,因为私钥需要只读,使用 ssh-keyscan 添加您的 git 提供程序主机名并导出私钥和已知主机以及文件(注意:您的容器需要具有 ssh-keyscan,如果它没有将 alpine init 容器添加到您添加 ssh 密钥的步骤中) 如果它确实有 ssh-keyscan 将其添加到参数中:
mkdir -p /tmp/ssh && cp /root/.ssh/id_rsa /tmp/ssh/id_rsa && chmod
600 /tmp/ssh/id_rsa && ssh-keyscan -H <your git provider> >>
/tmp/ssh/known_hosts && export GIT_SSH_COMMAND="ssh -i
/tmp/ssh/id_rsa -o UserKnownHostsFile=/tmp/ssh/known_hosts" && <rest of your arguments>
如果没有 ssh-keyscan 添加此初始化容器:
initContainers:
- name: ssh-setup
image: alpine
command:
- /bin/sh
- '-c'
args:
- >
apk add --no-cache openssh-client && mkdir -p /tmp/ssh && cp
/root/.ssh/id_rsa /tmp/ssh/id_rsa && chmod 600 /tmp/ssh/id_rsa &&
ssh-keyscan -H bitbucket.org >> /tmp/ssh/known_hosts && export
GIT_SSH_COMMAND="ssh -i /tmp/ssh/id_rsa -o
UserKnownHostsFile=/tmp/ssh/known_hosts"
resources: {}
volumeMounts:
- name: ssh-keys
readOnly: true
mountPath: /root/.ssh