Docker构建期间的SSH代理转发 [英] SSH agent forwarding during docker build

问题描述

在通过dockerfile构建docker映像时，我必须克隆github存储库.我已经将我的公共ssh密钥添加到了我的git hub帐户中，并且能够从我的docker主机中克隆该存储库.虽然我看到我可以通过在docker run时映射 $ SSH_AUTH_SOCK env变量来使用docker主机的ssh密钥，就像 docker run --rm -it --name container_name \-v $ {dirname $ SSH_AUTH_SOCK):$ {dirname $ SSH_AUTH_SOCK)\-e SSH_AUTH_SOCK = $ SSH_AUTH_SOCK my_image .

While building up a docker image through dockerfile, I have to clone a github repo. I have added my public ssh keys to my git hub account and i am able to clone the repo from my docker host. While i see that i can use docker host's ssh key by mapping $SSH_AUTH_SOCK env variable at the time of docker run like docker run --rm -it --name container_name \ -v $(dirname $SSH_AUTH_SOCK):$(dirname $SSH_AUTH_SOCK) \ -e SSH_AUTH_SOCK=$SSH_AUTH_SOCK my_image.

在docker构建过程中我该怎么做?

How can i do same during docker build ?

推荐答案

对于Docker 18.09及更高版本

您可以使用Docker的新功能将现有的SSH代理连接或密钥转发给构建器.例如，这使您可以在构建过程中克隆您的私有存储库.

For Docker 18.09 and newer

You can use new features of Docker to forward your existing SSH agent connection or a key to the builder. This enables for example to clone your private repositories during build.

步骤:

首先设置环境变量以使用新的BuildKit

First set environment variable to use new BuildKit

export DOCKER_BUILDKIT=1

然后使用新的(实验性)语法创建Dockerfile:

Then create Dockerfile with new (experimental) syntax:

# syntax=docker/dockerfile:experimental

FROM alpine

# install ssh client and git
RUN apk add --no-cache openssh-client git

# download public key for github.com
RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts

# clone our private repository
RUN --mount=type=ssh git clone git@github.com:myorg/myproject.git myproject

并使用

docker build --ssh default .

在此处了解更多信息: https://medium.com/@tonistiigi/build-secrets-and-ssh-forwarding-in-docker-18-09-ae8161d066

Read more about it here: https://medium.com/@tonistiigi/build-secrets-and-ssh-forwarding-in-docker-18-09-ae8161d066

这篇关于Docker构建期间的SSH代理转发的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！