Sanjay Tiwari's Blog

ArgoCD : How to access private github repository with ssh key

Sanjay Tiwari's photo
Sanjay Tiwari
·

3 min read

I have been starting with ArgoCD and got stuck with multiple private repository and I really didn't want to setup the configmap, secrets for all my repositories which is a old way of doing things.

Fortunately, ArgoCD new version came to rescue where just by label ArgoCD knows if I need to use the secret.

Like it huh… I just love it.

Here we go with the solution.

How we will be doing it:

  • First all my public repo will be configured with https://github.com url so they don’t interfere with any private repo.

  • All my private repo will be configured with ssh so I can use the same ssh private key for all my repo.

I believe everyone knows how to install ArgoCD. If you don’t just run following command

kubectl create namespace argocd 
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

If you want to use the same credentials for multiple repositories, you can configure credential templates. Credential templates can carry the same credentials information as repositories.

Now we need to create a secret for our private repo with your private ssh key, where the public key is added to your github rpeo. Follow article if you don’t know how to create ssh key and add it to your github.

create a secret private-sshkey-secret.yaml with following content:

apiVersion: v1
kind: Secret
metadata:
  name: private-repo
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repo-creds
stringData:
  type: git
  url: git@github.com:tiwarisanjay
  sshPrivateKey: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    blahblahblah
    -----END OPENSSH PRIVATE KEY-----

In above example The label argocd.argoproj.io/secret-type: repo-creds makes it a credential template.

And replace tiwarisanjay > With your username

and add your private ssh key at blahblahbla

Now run

kubectl apply -f private-ssh-secret.yaml

Now create more than one private repo with sleep pod. You can clone

GitHub - tiwarisanjay/sleeping-pod-test: Test Repo for ArgoCD download

You can't perform that action at this time. You signed in with another tab or window. You signed out in another tab or…

github.com

and create more than one private repo with it. Just copy the test-app under your repo and check-it in.

Now create a Application to sync using ArgoCd as following

create a file sleep-app.yaml with following content:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: sleep-pod
  namespace: argocd
spec:
  project: default
  source:
    repoURL: git@github.com:tiwarisanjay/pod-testing-yamls.git
    targetRevision: HEAD
    path: test-app
  destination:
    server: https://kubernetes.default.svc
    namespace: testns
  syncPolicy:
    retry:
      limit: 2
    automated:
        prune: true 
        selfHeal: true
        allowEmpty: false
    syncOptions:
      - CreateNamespace=true
      - Replace=true

In Above example replace :

tiwraisanjay > With your user

pod-testing-yamls > With your repo name(Which is a private repo)

Run

kubectl apply -f sleep-app.yaml

And this is how it looks as soon as you will apply above yaml

Now any repo accesses via ssh with prefix :tiwarisanjay will use the private ssh key stored in our secret private-repo.

So, more dryness and no more multiple Private key secret.

private github repo with argocdargocd secretArgoCD