image-automation-controller: SSH host key errors with v0.23.0
Updated to Flux v0.31.0 today (from v0.30.2) and as soon as there was something to commit, the image-automation-controller immediately started throwing errors about the SSH host key failing verification. For example:
{"level":"error","ts":"2022-06-07T02:38:41.735Z","logger":"controller.imageupdateautomation","msg":"Reconciler error","reconciler group":"image.toolkit.fluxcd.io","reconciler kind":"ImageUpdateAutomation","name":"flux-system","namespace":"flux-system","error":"unable to fetch-connect to remote 'ssh://git@git.company.com/repo': ssh: handshake failed: hostkey could not be verified"}
For context, our Flux repo is configured to use SSH, and we supply a known_hosts file along with the SSH key in our flux-system secret. In addition, we’ve been running the image-automation-controller (along with the others) with EXPERIMENTAL_GIT_TRANSPORT=true, so I’m a little surprised that things broke with this update instead of back when we enabled this functionality.
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 1
- Comments: 16 (6 by maintainers)
Commits related to this issue
- update KnownKey.Matches to intialize it's own hasher Previously, KnownKey.Matches() accepted a SHA256 hasher as an argument, which could lead to unintended bugs when calling it in a loop. This elimin... — committed to aryan9600/pkg by aryan9600 2 years ago
- update KnownKey.Matches to initialize it's own hasher Previously, KnownKey.Matches() accepted a SHA256 hasher as an argument, which could lead to unintended bugs when calling it in a loop. This elimi... — committed to aryan9600/pkg by aryan9600 2 years ago
- update KnownKey.Matches to initialize it's own hasher Previously, KnownKey.Matches() accepted a SHA256 hasher as an argument, which could lead to unintended bugs when calling it in a loop. This elimi... — committed to aryan9600/pkg by aryan9600 2 years ago
- fix ssh host key verification regression Earlier, host key verification could potentially fail if there were multiple entries in the known_hosts file and if the intended encryption algorithm wasn't t... — committed to aryan9600/source-controller by aryan9600 2 years ago
- libgit2: fix ssh host key verification regression Earlier, host key verification could potentially fail if there were multiple entries in the known_hosts file and if the intended encryption algorithm... — committed to aryan9600/source-controller by aryan9600 2 years ago
- libgit2: fix ssh host key verification regression Earlier, host key verification could potentially fail if there were multiple entries in the known_hosts file and if the intended encryption algorithm... — committed to aryan9600/source-controller by aryan9600 2 years ago
Hello 👋
I’ve tested it and all automations are resolving now 👍 Thank you for the quick fix 😉
We have just released a new image with the fix:
ghcr.io/fluxcd/image-automation-controller:v0.23.2. Please let us know in case it does not fix your issue.