From 10ee3646129cbee19198c4b173343b2feb3dc998 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 10 Dec 2022 12:19:33 -0600 Subject: [PATCH] jenkins: Add ssh_known_hosts ConfigMap When cloning/fetching a Git repository in a Jenkins pipeline, the Git Client plugin uses the configured *Host Key Verification Strategy* to verify the SSH host key of the remote Git server. Unfortunately, there does not seem to be any way to use the configured strategy from the `git` command line in a Pipeline job, so e.g. `git push` does not respect it. This causes jobs to fail to push changes to the remote if the container they're using does not already have the SSH host key for the remote in its known hosts database. This commit adds a ConfigMap to the *jenkins-jobs* namespace that can be mounted in containers to populate the SSH host key database. --- jenkins/kustomization.yaml | 8 ++++++++ jenkins/ssh_known_hosts | 6 ++++++ 2 files changed, 14 insertions(+) create mode 100644 jenkins/ssh_known_hosts diff --git a/jenkins/kustomization.yaml b/jenkins/kustomization.yaml index 3e7cccd..feb12a6 100644 --- a/jenkins/kustomization.yaml +++ b/jenkins/kustomization.yaml @@ -10,3 +10,11 @@ secretGenerator: type: kubernetes.io/dockerconfigjson files: - .dockerconfigjson + +configMapGenerator: +- name: ssh-known-hosts + namespace: jenkins-jobs + files: + - ssh_known_hosts + options: + disableNameSuffixHash: true diff --git a/jenkins/ssh_known_hosts b/jenkins/ssh_known_hosts new file mode 100644 index 0000000..b9d60f1 --- /dev/null +++ b/jenkins/ssh_known_hosts @@ -0,0 +1,6 @@ +git.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF1tB0KeyMStHKbnuminTQ2xwjjxyES/DBSlZZH0c7F25Lu6TfvxEEs/7YUtZKAnwFGLfuqW5gaS3eWV1eA3w7WtEGYoBAD6VFZUjN0vfmhNYWC85DMcY+gqkOkBQy1/SvyYSPHrtkgTJRPMG/MdWGaYEN+w/znr1HETPnj4qm7bFC8yxXKU2PXzKlUeY+ynY3hhlzAVwG4Ay7hgH+nO071eoAQtYq9zBdYTifXxoTzatLgU8ib3EYuC3/LDNXkFhYhxDhfp9iwPCNZRi49AccMlL323/Vp8x/Jy/iY5A60Fk8cIYtneEihRkIpzpyTudEK0MXyJ+FJ0vmjiEX5ZY9 +git.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJPLXOT4j+jYAIGfuGbtG8ea3oBZwtvOEYNzUHpsQBF9VO9E9nTQBswSRzc+otPzZhr5lJ+BlGo439hHGkbOIo8= +git.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEF/IXycjT/sSIpFLRDEVZUu95QA3i7d5LZvB/RncHN +git.pyrocufflink.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF1tB0KeyMStHKbnuminTQ2xwjjxyES/DBSlZZH0c7F25Lu6TfvxEEs/7YUtZKAnwFGLfuqW5gaS3eWV1eA3w7WtEGYoBAD6VFZUjN0vfmhNYWC85DMcY+gqkOkBQy1/SvyYSPHrtkgTJRPMG/MdWGaYEN+w/znr1HETPnj4qm7bFC8yxXKU2PXzKlUeY+ynY3hhlzAVwG4Ay7hgH+nO071eoAQtYq9zBdYTifXxoTzatLgU8ib3EYuC3/LDNXkFhYhxDhfp9iwPCNZRi49AccMlL323/Vp8x/Jy/iY5A60Fk8cIYtneEihRkIpzpyTudEK0MXyJ+FJ0vmjiEX5ZY9 +git.pyrocufflink.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJPLXOT4j+jYAIGfuGbtG8ea3oBZwtvOEYNzUHpsQBF9VO9E9nTQBswSRzc+otPzZhr5lJ+BlGo439hHGkbOIo8= +git.pyrocufflink.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEF/IXycjT/sSIpFLRDEVZUu95QA3i7d5LZvB/RncHN