Integrating OpenShift and Bitbucket
You might have bumped into this article because you are looking at ways to integrate OpenShift or vanilla Kubernetes with Bitbucket, I must confess that I spent some hours trying to figure it out, despite being so simple.
So, since I gathered the information from different sources, the goal of this post is to put everything in one place so that you can nail this down right away.
Let me divide this procedure in a few steps so that we can create a roadmap of what we need to do.
- Create your account and repository on Bitbucket
- Spin-up your OpenShift cluster
- Generate your SSL keys (private and public)
- Import SSL public key on Bitbucket
- Import SSL private key in your OpenShift cluster
- Test your configuration by deploying a application
Creating your account and repository on Bitbucket
Bitbucket is a SCM (Source Control Management) tool which has many features which allows us to create teams and collaborate on code, deploy and test.
Creating your account and repository on Bitbucket is very straightforward, you just need to go here and follow the get started steps.
Spinning up your OpenShift cluster
You can create your OpenShift cluster in many ways
a. Going to IBM Cloud (you may need to pay for it)
b. You can download Minishift (small OpenShift with a subset of features, no charges)
c. You can use Katacoda as a playground to play with OpenShift (free)
Generating the SSL keys
In order to generate your SSL keys, you will need to use OpenSSL to accomplish this task.
$ cd /tmp$ ssh-keygen -C "openshift-source-builder/repo@bitbucket" -f repo-at-bitbucket -N ''
The important bit regarding the aforementioned command is the section -N ‘’, because when the OpenShift build process tries to connect to Bitbucket this will avoid prompting for passphrase.
After running the above command the keys will be available in the current directory where you performed it.
Some troubleshooting steps for SSH, if needed:
Is your SSH correctly added to your SSH agent? You can check that by running the following command on your terminal:
$ ssh-add -L
If your key is not there, you can add it by doing:
$ ssh-add <path_to_private_key>
If your key is there, you can check if it’s associated to the right Bitbucket account by running:
$ ssh -Tv git@bitbucket.org
Importing SSL public key on Bitbucket
We need to import the public key in the Bitbucket account.
After login in the account, we need to go in the preferences option as shown below:
Copy and paste as shown in the image below.
Importing SSL private key in your OpenShift cluster
In order to import the private key in the OpenShift cluster, it is required to create a secret, please check how to do it as shown below.
# creating a secret$ oc create secret generic repo-at-bitbucket --from-file=ssh-privatekey=/tmp/id_rsa --type=kubernetes.io/ssh-auth#Enabling access to the secret from the builder service account$ oc secrets link builder repo-at-bitbucket
After issuing the above command, we can check in the OpenShift console as well or create from there.
Testing your configuration by deploying an application
Now it is time to test our configuration. The easiest way is to deploy an application hosted on Bitbucket into OpenShift. Let's see how to do that;
$ oc new-app git@bitbucket.org:victorpalmeida/ibm-openshift.git --source-secret repo-at-bitbucket --name myace01 --context-dir=aceAs you can see, we are deploying an application based on a repository we have created on Bitbucket and since we are providing the source-secret parameter as the name of our secret "repo-at-bitbucket".
Appendix — Troubleshooting
In this section, I'll share some screenshots related to the issues I faced when not providing the correct information.
When the Build process cannot find a secret, you cannot see any logs at all since the process is not able to start.
When the Build process is able to find the secret, but the content is wrong or the SSL handshake is not finished correctly then you will see the message as shown below.
References:
