Hangs on 'waiting for GitRepository reconciliation' because github.com ED25519 key fingerprint is not in known_hosts.

[EarthlingDavey]

Hi, I have a fresh install

Alma Linux 9, K3S, FluxV2

My bootstra pcommand is

flux bootstrap github \
  --owner=$GITHUB_ORGANIZATION \
  --repository=ual-flux \
  --branch=main \
  --path=./clusters/${project}

It install ok, but when I run flux reconcile kustomization flux-system --with-source for the firs time, it hangs on the step waiting for GitRepository reconciliation.

After some troubleshooting, I exec'd into the kustomize-controller- pod. And tested the connection to github, with ssh -T -v [email protected].

I got the following output:

OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 22: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: Connecting to github.com [140.82.121.3] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_ecdsa type -1
debug1: identity file /.ssh/id_ecdsa-cert type -1
debug1: identity file /.ssh/id_ecdsa_sk type -1
debug1: identity file /.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /.ssh/id_ed25519 type -1
debug1: identity file /.ssh/id_ed25519-cert type -1
debug1: identity file /.ssh/id_ed25519_sk type -1
debug1: identity file /.ssh/id_ed25519_sk-cert type -1
debug1: identity file /.ssh/id_xmss type -1
debug1: identity file /.ssh/id_xmss-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.6
debug1: Remote protocol version 2.0, remote software version babeld-8405f9f3
debug1: compat_banner: no match: babeld-8405f9f3
debug1: Authenticating to github.com:22 as 'git'
debug1: load_hostkeys: fopen /.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU
debug1: load_hostkeys: fopen /.ssh/known_hosts: No such file or directory
debug1: load_hostkeys: fopen /.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: hostkeys_find_by_key_hostfile: hostkeys file /.ssh/known_hosts does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /.ssh/known_hosts2 does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exist
The authenticity of host 'github.com (140.82.121.3)' can't be established.
ED25519 key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

When I entered yes:

Could not create directory '/.ssh' (Read-only file system).
Failed to add the host to the list of known hosts (/.ssh/known_hosts).
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_ext_info_client_parse: server-sig-algs=<[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Will attempt key: /.ssh/id_rsa 
debug1: Will attempt key: /.ssh/id_ecdsa 
debug1: Will attempt key: /.ssh/id_ecdsa_sk 
debug1: Will attempt key: /.ssh/id_ed25519 
debug1: Will attempt key: /.ssh/id_ed25519_sk 
debug1: Will attempt key: /.ssh/id_xmss 
debug1: Will attempt key: /.ssh/id_dsa 
debug1: Trying private key: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_ecdsa
debug1: Trying private key: /.ssh/id_ecdsa_sk
debug1: Trying private key: /.ssh/id_ed25519
debug1: Trying private key: /.ssh/id_ed25519_sk
debug1: Trying private key: /.ssh/id_xmss
debug1: Trying private key: /.ssh/id_dsa
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

I then checked the other tab, and it had passed the waiting for GitRepository reconciliation step.

Is there a way to avoid manually adding the github public key like this?