Comments (12)
Is there plan to look at implementing this? Support for cloning over SSH in envbuilder will be very useful.
Some developers has preference using SSH over HTTP/S for interacting with git. To them, it is not expected that a devcontainer workspace fail to build due to this, given that they have already configure a SSH key within Coder and that they are force to fallback to use HTTP/S for cloning.
In addition, to support cloning private repos, we specifically need to add additional terraform logic or uses coder_external_auth to configure GIT environment variables in the workspace template.
from envbuilder.
We don't support cloning over SSH in envbuilder currently, but it's not something I'm opposed to adding.
Does cloning over HTTP(s) not work for your scenario?
from envbuilder.
Would it be sufficient to drop an coder agent binary into the envbuilder image and set GIT_SSH_COMMAND=/.envbuilder/coder gitssh --
?
from envbuilder.
I think that might work, but it'd need the agent env vars as well.
from envbuilder.
This would be useful!
from envbuilder.
Those are in the user profile right?
from envbuilder.
Adding support for this, would also provide a simple and secure workaround for #60
from envbuilder.
+1 for adding support for this. This is the top reason our company isn't using coder yet
from envbuilder.
There are two main cases to consider here:
- Local container runtime (for example, local Docker daemon): we can simply use
SSH_AUTH_SOCK
to get the required credentials, or pass a local SSH key in. - Remote container runtime (Kubernetes etc.): we will need some external method of getting git credentials. We can't necessarily expect folks to go storing SSH keys or other credentials in secrets, and I don't see an easy way of magically passing an SSH auth socket to a container running in a Kubernetes cluster. Integrating with Coder using the
coder gitssh
workflow would seem to be the way to go here.
In the second case, there is a circular dependency where we need the agent to get the git credentials to clone the repo and build the container, but we need to build the container to start the agent. To work around this, we can possibly have envbuilder perform step of getting the git SSH key from Coder using the agent token directly.
from envbuilder.
Plan:
- Add support for reading a SSH private key from a file (SSH_PRIVATE_KEY_PATH) #170
-
Add support for passing in a known_hosts file (SSH_KNOWN_HOSTS_BASE64)(Edit: users can simply mount in a known_hosts file and set SSH_KNOWN_HOSTS if required) #170 -
Add support for performing a SSH keyscan and generating a known_hosts file if no known_hosts file provided(Edit: we can simply use a custom HostKeysCallback that logs and accepts all host keys) #170 - Add support for SSH key authentication using SSH_PRIVATE_KEY_PATH #170
-
Add support for fetching an SSH key from Coder if CODER_AGENT_URL and CODER_AGENT_TOKEN are provided using coder/agentsdk and no SSH_PRIVATE_KEY_PATH is provided. #174 - Add support for injecting Coder-generated SSH keys to the Coder terraform provider coder/terraform-provider-coder#219
from envbuilder.
Agreed with @johnstcn to resolve it.
from envbuilder.
Closing this issue out. A follow-up issue will provide the capability for the Coder terraform provider to inject the user's SSH private key into workspace resources. However, there should be no further changes required in envbuilder to support this.
from envbuilder.
Related Issues (20)
- Dev Containers: Support volume mounts of devcontainer spec HOT 2
- Dev Containers: Script init and Entrypoint
- Error running devcontainer with container registry kubernetes secret volume mounted HOT 2
- Add support for feature order definition in devcontainer definitions
- usability: fix ownership of Docker volume mounts to /home HOT 1
- coder/kaniko: support multi-stage builds with DoCacheProbe HOT 1
- devcontainer: support multi-stage build with dangling build stage
- devcontainer: support docker-compose
- Implement devcontainer-lock.json
- Envbuilder create git repo folder with a trailing `.git`
- bug: lifecycle script `OnCreateCommand` is not executed.
- coder/kaniko: support caching ENV and ARG directives HOT 1
- Stop using deprecated codersdk.LogsSender function
- 401 error for requests to coder.example.com after "Update" option following template change HOT 3
- question: Ability to add features and/or modify feature parameters HOT 3
- feat: Add a way to select a specific branch before building the devcontainer HOT 2
- kubernetes: build with an initContainer or a Job HOT 2
- envbuilder - pass ssh key HOT 1
- envbuilder: fetch upstream changes from repo if local copy is not dirty HOT 5
- Add support for starting envbuilder from a built image
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from envbuilder.