如何使用密钥保险库中的SSH密钥将私有Git存储库克隆到Kubernetes Pod中？

我正在尝试使用SSH密钥进行身份验证，将一个私有的Git存储库(GitLab)克隆到一个Kubernetes Pod中。我已经把我的密钥存储在一个secret中。这是执行所需任务的Job的yaml文件。

这里还有同样的问题，但没有给出确切的解决方案：

在Kubernetes Pod中克隆安全的Git仓库

执行后的init容器日志：

fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/community/x86_64/APKINDEX.tar.gz
v3.7.1-66-gfc22ab4fd3 [http://dl-cdn.alpinelinux.org/alpine/v3.7/main]
v3.7.1-55-g7d5f104fa7 [http://dl-cdn.alpinelinux.org/alpine/v3.7/community]
OK: 9064 distinct packages available
OK: 23 MiB in 23 packages
Cloning into '/tmp'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

对于公共仓库完美运行的YAML文件：

apiVersion: batch/v1
kind: Job
metadata:
  name: nest-build-kaniko
  labels:
    app: nest-kaniko-example
spec:
  template:
    spec:
      containers:
        -
          image: 'gcr.io/kaniko-project/executor:latest'
          name: kaniko
          args: ["--dockerfile=/workspace/Dockerfile",
                "--context=/workspace/",
                "--destination=aws.dest.cred"]
          volumeMounts:
            -
              mountPath: /workspace
              name: source
            -
              name: aws-secret
              mountPath: /root/.aws/
            -
              name: docker-config
              mountPath: /kaniko/.docker/
      initContainers:
        -
          name: download
          image: alpine:3.7
          command: ["/bin/sh","-c"]
          args: ['apk add --no-cache git && git clone https://github.com/username/repo.git /tmp/']
          volumeMounts:
            -
              mountPath: /tmp
              name: source
      restartPolicy: Never
      volumes:
        -
          emptyDir: {}
          name: source
        -
          name: aws-secret
          secret:
            secretName: aws-secret
        -
          name: docker-config
          configMap:
            name: docker-config

使用 git-sync 克隆私有存储库后的 YAML 文件：

apiVersion: batch/v1
kind: Job
metadata:
  name: nest-build-kaniko
  labels:
    app: nest-kaniko-example
spec:
  template:
    spec:
      containers:
        -
          image: 'gcr.io/kaniko-project/executor:latest'
          name: kaniko
          args: ["--dockerfile=/workspace/Dockerfile",
                "--context=/workspace/",
                "--destination=aws.dest.cred"]
          volumeMounts:
            -
              mountPath: /workspace
              name: source
            -
              name: aws-secret
              mountPath: /root/.aws/
            -
              name: docker-config
              mountPath: /kaniko/.docker/
      initContainers:
        -
          name: git-sync
          image: gcr.io/google_containers/git-sync-amd64:v2.0.4
          volumeMounts:
            -
              mountPath: /git/tmp
              name: source
            -
              name: git-secret
              mountPath: "/etc/git-secret"
          env:
            - name: GIT_SYNC_REPO
              value: "git@gitlab.com:username/repo.git"
            - name: GIT_SYNC_SSH
              value: "true"
            - name: GIT_SYNC_DEST
              value: "/tmp"
            - name: GIT_SYNC_ONE_TIME
              value: "true"
          securityContext:
            runAsUser: 0
      restartPolicy: Never
      volumes:
        -
          emptyDir: {}
          name: source
        -
          name: aws-secret
          secret:
            secretName: aws-secret
        -
          name: git-secret
          secret:
            secretName: git-creds
            defaultMode: 256
        -
          name: docker-config
          configMap:
            name: docker-config