Helm Chart: SSH Issue in Openshift Rootless

API/SDK/Tea/HelmChart/Terraform

wethinkagile April 29, 2025, 5:07pm 1

The following error during git push to a freshly created Repo: I offer Public Key, then it says no public key offered.

debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss>
debug1: kex_input_ext_info: ping@openssh.com (unrecognised)
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: ./traefik-ssh-key-cluster ED25519 SHA256:4jmj8WazqsByaR5OdQ5s0rlfEPVelPbJkx8YwIm10jE explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
git@gitea-core-ssh.gitea.svc.cluster.local: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

These are the configs in the Openshift Cluster:

NAME                      TYPE           CLUSTER-IP      EXTERNAL-IP    PORT(S)        AGE
service/gitea-core-http   ClusterIP      None            <none>         3000/TCP       99s
service/gitea-core-ssh    LoadBalancer   100.68.30.255   172.17.4.171   22:30355/TCP   99s

We connect directly to servicename internally.

These are helm chart configs:

image:
  tag: "1.23.4"
  repository: gitea
  pullPolicy: IfNotPresent
  rootless: true

podSecurityContext:
  fsGroup: null

containerSecurityContext:
  allowPrivilegeEscalation: false
  privileged: false
  runAsNonRoot: true
  runAsUser: 1000770001

gitea:
  config:
    server:
      SSH_PORT: 22 # rootful image
      SSH_DOMAIN: gitea-core-ssh.gitea.svc.cluster.local
      SSH_LISTEN_PORT: 2222 # rootless image

service:
  ssh:
    type: LoadBalancer
    port: 2222
    clusterIP:

It works in one cluster with above config, but in this one not. I tried to change ports, but then it does not even offer pubkey. How to troubleshoot further, what is wrong in my config?