update

Marcel Zapf · Marcel Zapf · commit 9e1865d87197 · 2025-06-10T20:45:50.000+02:00
diff --git a/Dockerfile b/Dockerfile
@@ -28,13 +28,13 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     && apt-get clean && rm -rf /var/lib/apt/lists/*
 
 # Install Terraform CLI
-ARG TERRAFORM_VERSION=1.9.5
+ARG TERRAFORM_VERSION=1.12.1
 RUN curl -L "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" -o terraform.zip && \
     unzip -o terraform.zip -d /usr/local/bin/ && \
     rm terraform.zip
 
 # Install Packer
-ARG PACKER_VERSION=1.11.2
+ARG PACKER_VERSION=1.13.1
 RUN curl -L "https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip" -o packer.zip && \
     unzip -o packer.zip -d /usr/local/bin/ && \
     rm packer.zip
@@ -45,13 +45,12 @@ RUN git clone -b ${TFHELPER_VERSION} https://github.com/hashicorp-community/tf-h
     cp /usr/local/tf-helper/tfh/bin/tfh /usr/local/bin/ && \
     rm -rf /usr/local/tf-helper
 
-# Set up Python environment in /usr/local/venv
-COPY ./requirements.txt /tmp/requirements.txt
-RUN python3 -m venv /usr/local/venv && \
-    /usr/local/venv/bin/pip install --upgrade pip && \
-    /usr/local/venv/bin/pip install -r /tmp/requirements.txt && \
+# Set up Python environment
+RUN pip3 install --upgrade pip && \
+    pip3 install -r /tmp/requirements.txt && \
     rm /tmp/requirements.txt
 
+
 # Install MinIO Client
 RUN curl -L -o /usr/local/bin/mc https://dl.min.io/client/mc/release/linux-amd64/mc && \
     chmod +x /usr/local/bin/mc
@@ -76,10 +75,6 @@ USER dev
 COPY ./entrypoint.sh /usr/local/bin/entrypoint.sh
 RUN chmod 755 /usr/local/bin/entrypoint.sh
 
-# Set environment variables, including PATH to specific directories
-ENV VIRTUAL_ENV="/usr/local/venv"
-ENV PATH="$VIRTUAL_ENV/bin:$PATH"
-
 # Expose SSH port
 EXPOSE 2222
 
diff --git a/chart/templates/cm-bashprofile.yaml b/chart/templates/cm-bashprofile.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-bash-profile
+data:
+  .bash_profile: |
+    if [ -f ~/.bashrc ]; then
+      . ~/.bashrc
+    fi
diff --git a/chart/templates/cm-bashrc.yaml b/chart/templates/cm-bashrc.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-bashrc
+data:
+  .bashrc: |
+    # ~/.bashrc for dev user
+
+    export PATH="$HOME/.local/bin:/usr/local/venv/bin:$PATH"
+    export PYTHONUSERBASE="$HOME/.local"
+
+    # Colors
+    export LS_OPTIONS='--color=auto'
+    eval "$(dircolors)"
+    alias ls='ls $LS_OPTIONS'
+    alias ll='ls $LS_OPTIONS -l'
+    alias la='ls $LS_OPTIONS -la'
+
+    # Prompt
+    PS1='\u@\h:\w\$ '
diff --git a/chart/templates/cm-entrypoint.yaml b/chart/templates/cm-entrypoint.yaml
@@ -5,45 +5,74 @@ metadata:
 data:
   entrypoint.sh: |
     #!/bin/bash
+    set -euo pipefail
 
-    echo "Ensuring SSH keys directory exists at /home/dev/ssh_keys."
-    mkdir -p /home/dev/ssh_keys
+    SSH_KEYS_DIR=/home/dev/ssh_keys
+    RUN_DIR=/home/dev/run
+    PID_FILE=$RUN_DIR/sshd.pid
+    PORT=2222
 
-    # Generate keys if they do not exist
-    if [ ! -f /home/dev/ssh_keys/ssh_host_rsa_key ]; then
-        echo "Generating new SSH host RSA key."
-        ssh-keygen -t rsa -f /home/dev/ssh_keys/ssh_host_rsa_key -N ''
-    fi
-    if [ ! -f /home/dev/ssh_keys/ssh_host_ecdsa_key ]; then
-        echo "Generating new SSH host ECDSA key."
-        ssh-keygen -t ecdsa -f /home/dev/ssh_keys/ssh_host_ecdsa_key -N ''
-    fi
-    if [ ! -f /home/dev/ssh_keys/ssh_host_ed25519_key ]; then
-        echo "Generating new SSH host ED25519 key."
-        ssh-keygen -t ed25519 -f /home/dev/ssh_keys/ssh_host_ed25519_key -N ''
-    fi
+    echo "Ensuring SSH keys directory exists at $SSH_KEYS_DIR."
+    mkdir -p "$SSH_KEYS_DIR"
+
+    # Generate keys if missing
+    for keytype in rsa ecdsa ed25519; do
+      keyfile="$SSH_KEYS_DIR/ssh_host_${keytype}_key"
+      if [ ! -f "$keyfile" ]; then
+        echo "Generating new SSH host $keytype key."
+        ssh-keygen -t "$keytype" -f "$keyfile" -N '' >/dev/null
+      fi
+    done
 
-    chmod 600 /home/dev/ssh_keys/ssh_host_*
+    chmod 600 "$SSH_KEYS_DIR"/ssh_host_*
 
-    echo "Ensuring run directory exists at /home/dev/run."
-    mkdir -p /home/dev/run
+    echo "Ensuring run directory exists at $RUN_DIR."
+    mkdir -p "$RUN_DIR"
 
     echo "Currently running sshd processes:"
-    ps aux | grep sshd
+    pgrep sshd || echo "No sshd processes found."
 
     echo "Killing any existing sshd processes..."
-    for pid in $(ps aux | grep sshd | grep -v grep | awk '{print $2}'); do
-    echo "Killing sshd pid $pid"
-    kill $pid
-    done
+    pids=$(pgrep sshd || true)
+    if [ -n "$pids" ]; then
+      echo "Found sshd PIDs: $pids"
+      kill $pids
+      # Wait max 5s for sshd to stop
+      timeout=5
+      while pgrep sshd >/dev/null && [ $timeout -gt 0 ]; do
+        sleep 1
+        timeout=$((timeout-1))
+      done
+      if pgrep sshd >/dev/null; then
+        echo "sshd still running, sending SIGKILL"
+        pkill -9 sshd
+      fi
+    else
+      echo "No sshd processes to kill."
+    fi
 
     echo "Removing stale PID file if exists..."
-    rm -f /home/dev/run/sshd.pid
+    rm -f "$PID_FILE"
+
+    # Check if port is free (requires netstat or ss)
+    if command -v ss >/dev/null; then
+      if ss -tuln | grep -q ":$PORT "; then
+        echo "ERROR: Port $PORT is still in use, aborting start."
+        exit 1
+      fi
+    elif command -v netstat >/dev/null; then
+      if netstat -tuln | grep -q ":$PORT "; then
+        echo "ERROR: Port $PORT is still in use, aborting start."
+        exit 1
+      fi
+    else
+      echo "WARNING: Could not check port usage (no ss/netstat found)."
+    fi
 
-    echo "Starting SSH service..."
+    echo "Starting SSH service on port $PORT..."
     exec /usr/sbin/sshd -D -f /etc/ssh/sshd_config \
-    -o Port=2222 \
-    -o HostKey=/home/dev/ssh_keys/ssh_host_ed25519_key \
-    -o HostKey=/home/dev/ssh_keys/ssh_host_rsa_key \
-    -o HostKey=/home/dev/ssh_keys/ssh_host_ecdsa_key \
-    -o PidFile=/home/dev/run/sshd.pid
+      -o Port=$PORT \
+      -o HostKey=$SSH_KEYS_DIR/ssh_host_ed25519_key \
+      -o HostKey=$SSH_KEYS_DIR/ssh_host_rsa_key \
+      -o HostKey=$SSH_KEYS_DIR/ssh_host_ecdsa_key \
+      -o PidFile=$PID_FILE
diff --git a/chart/templates/statefulset.yaml b/chart/templates/statefulset.yaml
@@ -53,6 +53,14 @@ spec:
           mountPath: /etc/pam.d/sshd
           subPath: sshd
           readOnly: true
+        - name: bashrc
+          mountPath: /home/dev/.bashrc
+          subPath: .bashrc
+          readOnly: true
+        - name: bash-profile
+          mountPath: /home/dev/.bash_profile
+          subPath: .bash_profile
+          readOnly: true
         resources: {{ toYaml .Values.resources | indent 10 }}
       volumes:
       - name: entrypoint-script
@@ -71,6 +79,14 @@ spec:
         configMap:
           name: {{ .Release.Name }}-pam-config
           defaultMode: 0755
+      - name: bashrc
+        configMap:
+          name: {{ .Release.Name }}-bashrc
+          defaultMode: 0644
+      - name: bash-profile
+        configMap:
+          name: {{ .Release.Name }}-bash-profile
+          defaultMode: 0644
   volumeClaimTemplates:
   - metadata:
       name: home-volume
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -20,6 +20,7 @@ ssh:
   authorizedKeys: |
     # Place auth keys here ...
     # ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCu...
+
 securityContext:
   runAsNonRoot: true
   runAsUser: 1001
