Jenkins Kubernetes Plugin - sshagent to git clone terraform module

Question

我正在尝试使用Jenkins中的sshagent将我的私钥传递到terraform容器中，以允许terraform在私有repo中获取模块。

stage('TF Plan') {
  steps {
    container('terraform') {
      sshagent (credentials: ['6c92998a-bbc4-4f27-b925-b50c861ef113']){
        sh 'ssh-add -L'
        sh 'terraform init'
        sh 'terraform plan -out myplan'
      }
    }
  }      
}

在运行作业时，它会失败，并显示以下输出：

[ssh-agent] Using credentials (id_rsa_jenkins)
[ssh-agent] Looking for ssh-agent implementation...
[ssh-agent]   Exec ssh-agent (binary ssh-agent on a remote machine)
Executing shell script inside container [terraform] of pod [gcp-tf-builder-h79rb-h5f3m]
Executing command: "ssh-agent" 
exit
SSH_AUTH_SOCK=/tmp/ssh-2xAa2W04uQV6/agent.20; export SSH_AUTH_SOCK;
SSH_AGENT_PID=21; export SSH_AGENT_PID;
echo Agent pid 21;
SSH_AUTH_SOCK=/tmp/ssh-2xAa2W04uQV6/agent.20
SSH_AGENT_PID=21
Running ssh-add (command line suppressed)
Identity added: /home/jenkins/agent/workspace/demo@tmp/private_key_2729797926.key (user@workstation.local)
[ssh-agent] Started.
[Pipeline] {
[Pipeline] sh
+ ssh-add -L
ssh-rsa REDACTED user@workstation.local
[Pipeline] sh
+ terraform init
[0m[1mInitializing modules...[0m
- module.demo_proj
  Getting source "git::ssh://git@bitbucket.org/company/terraform-module"
[31mError downloading modules: Error loading modules: error downloading 'ssh://git@bitbucket.org/company/deploy-kickstart-project': /usr/bin/git exited with 128: Cloning into '.terraform/modules/e11a22f40c64344133a98e564940d3e4'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
[0m[0m
[Pipeline] }
Executing shell script inside container [terraform] of pod [gcp-tf-builder-h79rb-h5f3m]
Executing command: "ssh-agent" "-k" 
exit
unset SSH_AUTH_SOCK;
unset SSH_AGENT_PID;
echo Agent pid 21 killed;
[ssh-agent] Stopped.

我已经检查了三次，我确定使用了正确的密钥对。我能够从我的mac本地git克隆到repo，没有任何问题。

需要注意的是，这个Jenkins部署是在Kubernetes中运行的。Master保持并使用Kubernetes插件来生成代理。

Host key verification failed.错误是什么意思？根据我的研究，这可能是由于known_hosts没有正确设置。ssh-agent会对此负责吗？

Answer 1

事实证明，这是known_hosts未设置的问题。作为一种解决方法，我们将此代码添加到jenkinsfile中

  environment {
    GIT_SSH_COMMAND = "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
  }