I have an helm-chart that references sftp key string:
apiVersion: v1
kind: Pod
metadata:
name: envar-demo
labels:
purpose: demonstrate-envars
spec:
containers:
- name: envar-demo-container
image: gcr.io/google-samples/node-hello:1.0
env:
- name: PUBLIC_KEY
value: secretFromVault
- name: PRIVATE_KEY
value: secretFromVault
I have a DockerFile
that sets up my user and creates an .ssh
directory
RUN adduser -D -s /bin/bash -h /test_user test_user &&\
mkdir /test_user/.ssh/ &&\
chmod 700 /test_usr/.ssh/ &&
In this directory, I want to create the id_rsa
file and input the private key string and create a knownhost
file and input the reference of the public key so I can establishing remote connection target server?
How can I do this using dockerfile? Or is there a better way to do this? My sftp client code references these two files.
You could add VOLUME /test_usr/.ssh
to your Dockerfile and then mount a local directory to that volume. In the local directory you can generate the keys with ssh-keygen
and the knownhosts
if needed.
Instead of making your secrets as environment variable, you need to mount them as a file.
apiVersion: v1
kind: Pod
metadata:
name: envar-demo
labels:
purpose: demonstrate-envars
spec:
containers:
- name: envar-demo-container
image: gcr.io/google-samples/node-hello:1.0
volumeMounts:
- name: keys
mountPath: /home/test_user/.ssh
subPath: id_rsa.pub
- name: keys
mountPath: /home/test_user/.ssh
subPath: id_rsa
volumes:
- name: keys
secret:
secretName: secretFromVault
defaultMode: 384
You will need to update the secret name from PUBLIC_KEY
and PRIVATE_KEY
to id_rsa.pub
and id_rsa
in this case.