From d082215984bf79438c2dd1ad47323cf8a2960881 Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Wed, 7 Aug 2024 12:43:26 +1000 Subject: [PATCH] feat: support for static hostkeys in ssh core --- charts/lagoon-core/Chart.yaml | 16 +------------- .../lagoon-core/templates/ssh.deployment.yaml | 21 ++++++++++++++++++ charts/lagoon-core/templates/ssh.secret.yaml | 22 +++++++++++++++++++ charts/lagoon-core/values.yaml | 6 +++++ 4 files changed, 50 insertions(+), 15 deletions(-) create mode 100644 charts/lagoon-core/templates/ssh.secret.yaml diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index 9c2c75185..c4e5191ba 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -41,18 +41,4 @@ dependencies: annotations: artifacthub.io/changes: | - kind: changed - description: update values for local development - - kind: changed - description: bump minimum Kubernetes version to 1.25 - - kind: changed - description: added api-sidecar-handler container to api and webhooks2tasks - - kind: changed - description: update ssh-portal components to v0.37.0 - links: - - name: ssh-portal release - url: https://github.com/uselagoon/lagoon-ssh-portal/releases/tag/v0.37.0 - - kind: changed - description: update Lagoon appVersion to v2.20.0 - links: - - name: lagoon v2.20.0 release notes - url: https://docs.lagoon.sh/releases/2.20.0/ + description: add support for injecting hostkeys in core ssh service diff --git a/charts/lagoon-core/templates/ssh.deployment.yaml b/charts/lagoon-core/templates/ssh.deployment.yaml index 94c5e8141..c5c5b4ba1 100644 --- a/charts/lagoon-core/templates/ssh.deployment.yaml +++ b/charts/lagoon-core/templates/ssh.deployment.yaml @@ -68,6 +68,27 @@ spec: port: ssh resources: {{- toYaml .Values.ssh.resources | nindent 10 }} + volumeMounts: + {{- with .Values.ssh.hostKeys.ecdsa }} + - name: {{ include "lagoon-core.ssh.fullname" $ }} + mountPath: "/etc/ssh/ssh_host_ecdsa_key" + subPath: HOST_KEY_ECDSA + {{- end }} + {{- with .Values.ssh.hostKeys.ed25519 }} + - name: {{ include "lagoon-core.ssh.fullname" $ }} + mountPath: "/etc/ssh/ssh_host_ed25519_key" + subPath: HOST_KEY_ED25519 + {{- end }} + {{- with .Values.ssh.hostKeys.rsa }} + - name: {{ include "lagoon-core.ssh.fullname" $ }} + mountPath: "/etc/ssh/ssh_host_rsa_key" + subPath: HOST_KEY_RSA + {{- end }} + volumes: + - secret: + defaultMode: 420 + secretName: {{ include "lagoon-core.ssh.fullname" . }} + name: {{ include "lagoon-core.ssh.fullname" . }} {{- with .Values.ssh.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/lagoon-core/templates/ssh.secret.yaml b/charts/lagoon-core/templates/ssh.secret.yaml new file mode 100644 index 000000000..76f29f568 --- /dev/null +++ b/charts/lagoon-core/templates/ssh.secret.yaml @@ -0,0 +1,22 @@ +{{- if .Values.ssh.enabled -}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "lagoon-core.ssh.fullname" . }} + labels: + {{- include "lagoon-core.ssh.labels" . | nindent 4 }} +stringData: + {{- with .Values.ssh.hostKeys.ecdsa }} + HOST_KEY_ECDSA: |- + {{- . | nindent 4 }} + {{- end }} + {{- with .Values.ssh.hostKeys.ed25519 }} + HOST_KEY_ED25519: |- + {{- . | nindent 4 }} + {{- end }} + {{- with .Values.ssh.hostKeys.rsa }} + HOST_KEY_RSA: |- + {{- . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index bab048c94..8902dbec8 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -778,6 +778,12 @@ ssh: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 + # host keys, PEM encoded + hostKeys: + ecdsa: "" + ed25519: "" + rsa: "" + workflows: enabled: true replicaCount: 2