K
Q

Openshift/Kubernetes ssh Secret doesn't work with Camel SFTP component

11/21/2019

Long story short --->

While passing an ssh-key, which is retrieved from a secret in Openshift to apache-camel SFTP component its not able to connect the server; whereas if I directly pass a path of the actual ssh-key file w/o creating secret to the same component, it works just fine. The exception is, invalid key. I tried to read the key file in java and pass it as ByteArray as a privateKey parameter but no luck. Seems like passing the key as byte is not working as all possible means.

SFTP-COMPONENT Properties->

sftp:

host: my.sftp.server

port: 22

fileDirectory: /to

fileName: /app/home/file.txt

username: sftp-user

privateKeyFilePath: /var/run/secret/secret-volume/ssh-privatekey **(Also tried privateKey param with byte array)**

knownHostsFile: resource:classpath:keys/known_hosts

binary: true

Application Detail: I am using Openshift 3.11. Developing Camel-SpringBoot Micro-Integration services configured with fabric8 and spring-cloud-kubernetes plugins for deployment.

I am creating the secret as,

oc secrets new-sshauth sshsecret --ssh-privatekey=$HOME/.ssh/id_rsa

I have tried to refer secret with deployment.yml and bootstrap.yml

Using as env variable with secret-key-ref->

deployment.yml->

- name: SSH_SECRET

  valueFrom:

    secretKeyRef:

      name: sshsecret

      key: ssh-privatekey

bootstrap.yml->

spring:

  cloud:

    kubernetes:

      secrets:


        enabled: true

        enableApi: true

        name: sshsecret

Using as mounted volume->

deployment.yml->

volumeMounts:

- mountPath: /var/run/secret/secret-volume

  name: secret-volume

volumes:

- name: secret-volume

   secret:

      secretName: sshsecret

bootstrap.yml->

spring:

  cloud:

    kubernetes:

      secrets:

        enabled: true

        paths: /var/run/secret/secret-volume

Note: Once the service is deployed I can see the mounted volume is attached with the container and can even bash into the POD and go to the same directory and locate the private key, which completely intact.

Any help will be appreciated. Ask me all questions you need to know to solve this.

-- Rito
apache-camel
kubernetes
openshift
spring-boot

Similar Questions

Is there a performance advantage to mounting a volume as readonly?
Creating a Kubernetes Service with Pulumi up results in error Could not create watcher for Endpoint objects associated with Service
Use single config file into 2 subCharts in helm
Kustomize configMapGenerator

1 Answer

11/22/2019

It was a very bad mistake from my side. I was using privateKeyUri in camel SFTP component instead of privateKeyFile. I didn't rectify this and always changing those SFTP parameters in config-map directly.

By the way, for those trying to implement similar usecase; use the second option which is, mounting the secret into a volume and then refer the volume path inside Camel. Don't use the secret as ENV variable, so you need not enable secret API inside bootstrap.yml.

Thanks anyway, cheers!

Rito

-- Rito
Source: StackOverflow