update

Syntax3rror404 · Syntax3rror404 · commit b62653854403 · 2024-08-24T21:56:33.000+02:00
diff --git a/chart/templates/configmap.yaml b/chart/templates/configmap.yaml
@@ -0,0 +1,51 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: dev-environment-entrypoint
+data:
+  entrypoint.sh: |
+    #!/bin/bash
+
+    echo "Ensuring SSH keys directory exists at /home/dev/ssh_keys."
+    mkdir -p /home/dev/ssh_keys
+
+    # Generate keys if they do not exist
+    if [ ! -f /home/dev/ssh_keys/ssh_host_rsa_key ]; then
+        echo "Generating new SSH host RSA key."
+        ssh-keygen -t rsa -f /home/dev/ssh_keys/ssh_host_rsa_key -N ''
+    fi
+    if [ ! -f /home/dev/ssh_keys/ssh_host_ecdsa_key ]; then
+        echo "Generating new SSH host ECDSA key."
+        ssh-keygen -t ecdsa -f /home/dev/ssh_keys/ssh_host_ecdsa_key -N ''
+    fi
+    if [ ! -f /home/dev/ssh_keys/ssh_host_ed25519_key ]; then
+        echo "Generating new SSH host ED25519 key."
+        ssh-keygen -t ed25519 -f /home/dev/ssh_keys/ssh_host_ed25519_key -N ''
+    fi
+
+    # Correct permissions for SSH keys
+    chmod 600 /home/dev/ssh_keys/ssh_host_*
+
+    # Ensure the run directory for the PID file exists and has the right permissions
+    echo "Ensuring run directory exists at /home/dev/run."
+    mkdir -p /home/dev/run
+    chown dev:dev /home/dev/run
+
+
+    echo "Starting SSH service with host keys from /home/dev/ssh_keys on port 2222."
+    /usr/sbin/sshd -D -e -f /etc/ssh/sshd_config \
+        -o Port={{ .Values.service.targetPort }} \
+        -o HostKey=/home/dev/ssh_keys/ssh_host_rsa_key \
+        -o HostKey=/home/dev/ssh_keys/ssh_host_ecdsa_key \
+        -o HostKey=/home/dev/ssh_keys/ssh_host_ed25519_key \
+        -o PidFile=/home/dev/run/sshd.pid
+
+    if [ $? -ne 0 ]; then
+        echo "Failed to start SSH service."
+    else
+        echo "SSH service started successfully."
+    fi
+
+    # Keep the container running if no command is provided
+    echo "No additional command provided, container will keep running."
+    tail -f /dev/null
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
@@ -1,4 +1,3 @@
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -13,14 +12,15 @@ spec:
       labels:
         app: {{ .Release.Name }}
     spec:
+      securityContext:
+        fsGroup: 1001
       containers:
       - name: {{ .Release.Name }}
         image: "{{ .Values.image.source }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         ports:
         - containerPort: {{ .Values.service.port }}
         securityContext:
-          fsGroup: 1001
           runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
           runAsUser: {{ .Values.securityContext.runAsUser }}
           allowPrivilegeEscalation: {{ .Values.securityContext.allowPrivilegeEscalation }}
@@ -32,9 +32,17 @@ spec:
         volumeMounts:
         - name: home-volume
           mountPath: /home/dev
+        - name: entrypoint-script
+          mountPath: /usr/local/bin/entrypoint.sh
+          subPath: entrypoint.sh
+          readOnly: true
         resources:
 {{ toYaml .Values.resources | indent 10 }}
       volumes:
+      - name: entrypoint-script
+        configMap:
+          name: dev-environment-entrypoint
+          defaultMode: 0755
       - name: home-volume
         persistentVolumeClaim:
           claimName: {{ .Release.Name }}-pvc
diff --git a/chart/templates/svc.yaml b/chart/templates/svc.yaml
@@ -6,6 +6,6 @@ spec:
   type: {{ .Values.service.type }}
   ports:
   - port: {{ .Values.service.port }}
-    targetPort: 2222
+    targetPort: {{ .Values.service.targetPort }}
   selector:
     app: {{ .Release.Name }}
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -1,12 +1,13 @@
 replicaCount: 1
 
 image:
-  source: ghcr.io/syntax3rror404/k8s-devmachine@sha256:81c192b30a053c37dfa6217be80aa5076ec35a314b9d3cc5c262928cad7e4578
+  source: ghcr.io/syntax3rror404/k8s-devmachine@sha256:9d7bf6ca64f090c46c1bb85fe406a75111ef59207ca6548b72a10f3b5ff3f2a5
   pullPolicy: IfNotPresent
 
 service:
   type: LoadBalancer
-  port: 22
+  port: 2222
+  targetPort: 2222
 
 persistence:
   enabled: true
