setup ftp .ssh directory with public/private key info with docker

1/11/2021

I have an helm-chart that references sftp key string:

apiVersion: v1
kind: Pod
metadata:
  name: envar-demo
  labels:
    purpose: demonstrate-envars
spec:
  containers:
  - name: envar-demo-container
    image: gcr.io/google-samples/node-hello:1.0
    env:
    - name: PUBLIC_KEY
      value: secretFromVault
    - name: PRIVATE_KEY
      value: secretFromVault

I have a DockerFile that sets up my user and creates an .ssh directory

RUN adduser -D -s /bin/bash -h /test_user test_user &&\
mkdir /test_user/.ssh/ &&\
chmod 700 /test_usr/.ssh/ &&

In this directory, I want to create the id_rsa file and input the private key string and create a knownhost file and input the reference of the public key so I can establishing remote connection target server?

How can I do this using dockerfile? Or is there a better way to do this? My sftp client code references these two files.

-- M06H
docker
java
kubernetes
kubernetes-helm
spring

2 Answers

1/11/2021

You could add VOLUME /test_usr/.ssh to your Dockerfile and then mount a local directory to that volume. In the local directory you can generate the keys with ssh-keygen and the knownhosts if needed.

-- Alvaro Flaño Larrondo
Source: StackOverflow

1/11/2021

Instead of making your secrets as environment variable, you need to mount them as a file.

apiVersion: v1
kind: Pod
metadata:
  name: envar-demo
  labels:
    purpose: demonstrate-envars
spec:
  containers:
  - name: envar-demo-container
    image: gcr.io/google-samples/node-hello:1.0
    volumeMounts:
    - name: keys
      mountPath: /home/test_user/.ssh
      subPath: id_rsa.pub
    - name: keys
      mountPath: /home/test_user/.ssh
      subPath: id_rsa
  volumes:
  - name: keys
    secret:
      secretName: secretFromVault
      defaultMode: 384

You will need to update the secret name from PUBLIC_KEY and PRIVATE_KEY to id_rsa.pub and id_rsa in this case.

-- Ryan Siu
Source: StackOverflow