From 4e15f69bee0b889ee48417e824a3c0bb3c602cde Mon Sep 17 00:00:00 2001 From: SarthakB11 Date: Thu, 30 Apr 2026 19:42:46 +0000 Subject: [PATCH] fix(skills-init): install openssh-client so ssh-keyscan is available the skills-init image runs ssh-keyscan to populate ~/.ssh/known_hosts when an agent uses ssh-based git auth (gitAuthSecretRef -> kubernetes.io/ssh-auth). the alpine base only had git, so the binary was missing and the init container exited with 'ssh-keyscan: not found' under set -e, leaving the agent pod in crashloopbackoff. add openssh-client to the apk install list and verify ssh-keyscan resolves at build time so the same regression cannot ship silently again. closes #1770 Signed-off-by: SarthakB11 --- docker/skills-init/Dockerfile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docker/skills-init/Dockerfile b/docker/skills-init/Dockerfile index e884f34cf..032281e47 100644 --- a/docker/skills-init/Dockerfile +++ b/docker/skills-init/Dockerfile @@ -17,7 +17,13 @@ FROM alpine:3.23 ARG PYTHON_UID=1001 ARG PYTHON_GID=1001 -RUN apk upgrade --no-cache && apk add --no-cache git +RUN apk upgrade --no-cache && apk add --no-cache git openssh-client + +# ssh-keyscan is required by skills-init.sh when an Agent uses SSH-based git +# auth (gitAuthSecretRef -> kubernetes.io/ssh-auth). Verify it is on PATH so a +# future package change cannot silently reintroduce the missing-binary regression. +RUN command -v ssh-keyscan >/dev/null + COPY --from=krane-builder /build/krane /usr/local/bin/krane # Run as the same UID/GID as the main agent container (python user) so that