在 DockerFile 中使用主机 SSH 密钥访问私有 Git 存储库 [英] Use Host SSH keys for private Git repo access in DockerFile
问题描述
我是 Docker 新手,正在尝试让我的 Angular Web 应用程序在容器中构建和运行.
我在项目的根目录中有一个非常基本的 Dockerfile,如下所示:
# 基于Dockerhub官方Node 10.13.0镜像创建镜像FROM node:10.13.0 作为节点# 复制依赖定义复制 package.json .# 使用 npm 安装依赖运行 npm 安装# TODO - 复制应用程序的其余部分并运行 angular-cli 构建命令来提供应用程序在针对它运行构建命令时,我遇到了以下错误:
通过查找此错误,我意识到我尚未从我的主机提供任何主机密钥详细信息,因此这些可用于访问私有存储库.
我在这里遇到了一些关于提供主机密钥详细信息的方法的旧答案,例如 这个,但我没有没有更进一步,仍然得到同样的错误.
我能够通过在我的 dockerfile 中回显这些内容并在我的终端中查看详细信息来确认我正确引用了我的主机密钥.
无论如何,我不确定这样做的正确或官方方式是什么.
我正在运行 Docker 2.0.0.0-maxc78 和 macOS High sierra
任何人都可以请我指出正确的方法吗?
谢谢!
这种场景会受益于最近的docker build secret.
docker build --secret id=mysite.key,src=path/to/mysite.key .在您的 Dockerfile 中用作:
# syntax=docker/dockerfile:1.0.0-experimental来自高山RUN --mount=type=secret,id=mysite.key 命令运行查看更多在 Docker 18.09 中构建 secrets 和 SSH 转发"(你的 docker 2.0.0 应该支持它)
在你的情况下,你的 Dockerfile 应该包括:
RUN --mount=type=ssh git clone git@github.com:myorg/myproject.git myproject<块引用>
在 docker 客户端,您需要使用 --ssh 标志定义此构建允许 SSH 转发.
docker build --ssh default .该标志接受定义本地 SSH 代理套接字或私钥位置的键值对.
I am new to Docker and having a go at getting my Angular web app to build and run in a container.
I have a very basic Dockerfile at the root of the project like so:
# Create the image based on the official Node 10.13.0 image from Dockerhub
FROM node:10.13.0 as node
# Copy dependency definitions
COPY package.json .
# Install dependencies using npm
RUN npm install
# TODO - copy rest of app and run angular-cli build commands to serve up the app
And upon running a build command against it I am hitting the following error:
I realise from looking up this error, that I haven't yet supplied any host key details from my host machine so these can be used for accessing private repo's.
I came across some old answers here on approaches to supplying my host key details such as this one, but I didn't get much further, still getting the same error.
I was able to confirm I was referencing my host key correctly by echoing these out in my dockerfile and seeing the details in my terminal.
Anyway, I am unsure what the correct or official way is of doing this.
I am running Docker 2.0.0.0-maxc78 and on macOS High sierra
Can anyone please point me in the right direction as to what the correct approach is here please?
Thanks!
This kind of scenario would benefit from the recent docker build secret.
docker build --secret id=mysite.key,src=path/to/mysite.key .
That is used in your Dockerfile as:
# syntax=docker/dockerfile:1.0.0-experimental
FROM alpine
RUN --mount=type=secret,id=mysite.key command-to-run
See more with "Build secrets and SSH forwarding in Docker 18.09" (your docker 2.0.0 should support it)
In your case, your Dockerfile should include:
RUN --mount=type=ssh git clone git@github.com:myorg/myproject.git myproject
On the docker client side, you need to define that SSH forwarding is allowed for this build by using the
--sshflag.docker build --ssh default .The flag accepts a key-value pair defining the location for the local SSH agent socket or the private keys.
这篇关于在 DockerFile 中使用主机 SSH 密钥访问私有 Git 存储库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
