I have an helm-chart that references sftp key string:
apiVersion: v1
kind: Pod
metadata:
name: envar-demo
labels:
purpose: demonstrate-envars
spec:
containers:
- name: envar-demo-container
image: gcr.io/google-samples/node-hello:1.0
env:
- name: PUBLIC_KEY
value: secretFromVault
- name: PRIVATE_KEY
value: secretFromVaultI have a DockerFile that sets up my user and creates an .ssh directory
RUN adduser -D -s /bin/bash -h /test_user test_user &&\
mkdir /test_user/.ssh/ &&\
chmod 700 /test_usr/.ssh/ &&In this directory, I want to create the id_rsa file and input the private key string and create a knownhost file and input the reference of the public key so I can establishing remote connection target server?
How can I do this using dockerfile? Or is there a better way to do this? My sftp client code references these two files.
You could add VOLUME /test_usr/.ssh to your Dockerfile and then mount a local directory to that volume. In the local directory you can generate the keys with ssh-keygen and the knownhosts if needed.
Instead of making your secrets as environment variable, you need to mount them as a file.
apiVersion: v1
kind: Pod
metadata:
name: envar-demo
labels:
purpose: demonstrate-envars
spec:
containers:
- name: envar-demo-container
image: gcr.io/google-samples/node-hello:1.0
volumeMounts:
- name: keys
mountPath: /home/test_user/.ssh
subPath: id_rsa.pub
- name: keys
mountPath: /home/test_user/.ssh
subPath: id_rsa
volumes:
- name: keys
secret:
secretName: secretFromVault
defaultMode: 384You will need to update the secret name from PUBLIC_KEY and PRIVATE_KEY to id_rsa.pub and id_rsa in this case.