HELM Charts¶
First, you need to get access to the HELM charts. They are hosted in a private Git repository. You’ll get access by sharing a public key with us.
Create a new public/private key (that way, there won’t be a conflict with already registered keys at GitHub):
ssh-keygen -t ed25519 -f my-keySend your new
my-key.pubpublic key to the contact person at Sagemath, Inc. This key will be added as a deployment key.Then, in a new empty directory (e.g.
cocalc-onprem):
git init .
git config --local core.sshCommand "ssh -i ~/path/to/my-key -o IdentitiesOnly=yes -o IdentityAgent=none"
git remote add github [email protected]:sagemathinc/cocalc-onprem-helm.git
git pull github main
git branch --set-upstream-to=github/main
(replace ~/path/to/my-key by the path to the private key generated in step 1.)
Note
The two extra -o flags above are important. Without them, on a system
that already has a running ssh-agent or another GitHub key in
~/.ssh/config, OpenSSH will offer all known keys to GitHub and
GitHub authenticates against the first key it recognizes. If that’s
one of your personal-account keys, GitHub then refuses the deployment
key — even though it’s sitting right there in your core.sshCommand.
The symptom is a confusing Permission denied (publickey) error
despite a working key.
-o IdentitiesOnly=yes— use only the key passed via-i.-o IdentityAgent=none— ignore any runningssh-agent.
If you’d rather configure this once in ~/.ssh/config instead of
per-repository, add a host alias:
Host cocalc-onprem-deploy
HostName github.com
User git
IdentityFile ~/path/to/my-key
IdentitiesOnly yes
and then use that alias in your remote URL:
git remote add github git@cocalc-onprem-deploy:sagemathinc/cocalc-onprem-helm.git
With either approach you can drop the core.sshCommand line.
Once this is done, pull periodically to get updates and update the deployed HELM chart. In particular, the tags for the deployed docker images will change – see Versions for more details.