Docker构建期间的SSH代理转发 [英] SSH agent forwarding during docker build
问题描述
在通过dockerfile构建docker映像时,我必须克隆github存储库.我已经将我的公共ssh密钥添加到了我的git hub帐户中,并且能够从我的docker主机中克隆该存储库.虽然我看到我可以通过在docker run时映射 $ SSH_AUTH_SOCK
env变量来使用docker主机的ssh密钥,就像 docker run --rm -it --name container_name \-v $ {dirname $ SSH_AUTH_SOCK):$ {dirname $ SSH_AUTH_SOCK)\-e SSH_AUTH_SOCK = $ SSH_AUTH_SOCK my_image
.
While building up a docker image through dockerfile, I have to clone a github repo. I have added my public ssh keys to my git hub account and i am able to clone the repo from my docker host. While i see that i can use docker host's ssh key by mapping $SSH_AUTH_SOCK
env variable at the time of docker run like docker run --rm -it --name container_name \
-v $(dirname $SSH_AUTH_SOCK):$(dirname $SSH_AUTH_SOCK) \
-e SSH_AUTH_SOCK=$SSH_AUTH_SOCK my_image
.
在docker构建过程中我该怎么做?
How can i do same during docker build ?
推荐答案
对于Docker 18.09及更高版本
您可以使用Docker的新功能将现有的SSH代理连接或密钥转发给构建器.例如,这使您可以在构建过程中克隆您的私有存储库.
For Docker 18.09 and newer
You can use new features of Docker to forward your existing SSH agent connection or a key to the builder. This enables for example to clone your private repositories during build.
步骤:
首先设置环境变量以使用新的BuildKit
First set environment variable to use new BuildKit
export DOCKER_BUILDKIT=1
然后使用新的(实验性)语法创建Dockerfile:
Then create Dockerfile with new (experimental) syntax:
# syntax=docker/dockerfile:experimental
FROM alpine
# install ssh client and git
RUN apk add --no-cache openssh-client git
# download public key for github.com
RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
# clone our private repository
RUN --mount=type=ssh git clone git@github.com:myorg/myproject.git myproject
并使用
docker build --ssh default .
在此处了解更多信息: https://medium.com/@tonistiigi/build-secrets-and-ssh-forwarding-in-docker-18-09-ae8161d066
Read more about it here: https://medium.com/@tonistiigi/build-secrets-and-ssh-forwarding-in-docker-18-09-ae8161d066
这篇关于Docker构建期间的SSH代理转发的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!