update

Syntax3rror404 · Syntax3rror404 · commit ee5afd764ac3 · 2024-08-24T22:38:42.000+02:00
diff --git a/Dockerfile b/Dockerfile
@@ -52,12 +52,12 @@ RUN curl -L -o /usr/local/bin/mc https://dl.min.io/client/mc/release/linux-amd64
     chmod +x /usr/local/bin/mc
 
 # Create non-root user with specific UID/GID
-RUN addgroup --gid 1001 devgroup && \
-    adduser --uid 1001 --ingroup devgroup --shell /bin/bash --home /home/dev --disabled-password dev && \
+RUN addgroup --gid 1001 dev && \
+    adduser --uid 1001 --ingroup dev --shell /bin/bash --home /home/dev --disabled-password dev && \
     echo "dev ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
 
 # Adjust permissions for /usr/local and home directories
-RUN chown -R dev:devgroup /usr/local /home/dev
+RUN chown -R dev:dev /usr/local /home/dev
 
 # Switch to non-root user
 USER dev
@@ -67,8 +67,8 @@ COPY ./entrypoint.sh /usr/local/bin/entrypoint.sh
 RUN chmod 755 /usr/local/bin/entrypoint.sh
 
 # Set environment variables, including PATH to specific directories
-ENV PATH="/usr/local/bin:$PATH"
 ENV VIRTUAL_ENV="/usr/local/venv"
+ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 
 # Expose SSH port
 EXPOSE 2222
diff --git a/chart/templates/cm-entrypoint.yaml b/chart/templates/cm-entrypoint.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: dev-environment-entrypoint
+  name: {{ .Release.Name }}-entrypoint
 data:
   entrypoint.sh: |
     #!/bin/bash
@@ -25,11 +25,8 @@ data:
 
     # Correct permissions for SSH keys
     chmod 600 /home/dev/ssh_keys/ssh_host_*
-
-    # Ensure the run directory for the PID file exists and has the right permissions
     echo "Ensuring run directory exists at /home/dev/run."
     mkdir -p /home/dev/run
-    chown dev:dev /home/dev/run
 
 
     echo "Starting SSH service with host keys from /home/dev/ssh_keys on port 2222."
diff --git a/chart/templates/cm-sshconfig.yaml b/chart/templates/cm-sshconfig.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-sshd-config
+data:
+  sshd_config: |
+    Port {{ .Values.service.targetPort }}
+    PermitRootLogin no
+    PasswordAuthentication yes
+    ChallengeResponseAuthentication no
+    UsePAM yes
+    X11Forwarding yes
+    PrintMotd no
+    AcceptEnv LANG LC_*
+    Subsystem sftp /usr/lib/openssh/sftp-server
+    UseDNS no
+    PidFile /home/dev/run/sshd.pid
diff --git a/chart/templates/cm-sshkeys.yaml b/chart/templates/cm-sshkeys.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-ssh-keys
+data:
+  authorized_keys: |-
+    {{ .Values.ssh.authorizedKeys | nindent 4 }}
+    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBMGGOs2OYGxj74/TS3AXmbGNoVLQ07gCG5LXamlrd6HoZLPRkqwy2X1YS+9mWvINwH7FzvPnzd+5P5fxeLiYiwTIEXamlqQ53rnTvvgtS9Wl7fI/4MdlI2pNsAS3jm1KOzn/w5ABTkvGUo9QtzgR2659ykpo/LicsShEqVKh0ItOv+D298JsD5Ykj9Y3S5GE4D84DGisBpvBxdkMWm3ZD4SYML4b/P2ihFL3IEdmPfewS7O37bpAe4TuhjltOmTBjy4QaQgQacMDXkz5WCrCYh3N2/2gmsPLR5lirH9YJLzyGR08uhsyFMe79Rxl+Fs+9UDvx5hcVjXMUOnO34G3fTu54OTcekN+h7l+6rLWuSuiRH0O+RIV3PvlT+ibOiRPwfWSWDQtMTTynRrYMKEtnFr/Eg0EtdQRzFhrwxwX9+zaAgAcmL/3qIDSzEwOWm6pVH1RNKjC9K8pDu9mKmD6zKFfkqsMh9aV6N+mSTcDnLfMRD9xYWSbJnH2Xj3c3uskJ2XsGDdHoxIQvx2KfStaGshN83mzbvn9Qx3SwdI2X/lpABIrrSg97kNKWPywB8s5J3a86Y+Knvd8fSz3lM/2Yk1lZ9oYN68wD0mqNmPbxIMQVaKh1pd4xTucVM+1E+IEKFk8Un6xNRk0luYanbGjvYpN5gxnEfq4NT1+VhKrcHw== marcel zapf@DESKTOP-CR0CINF
diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
@@ -14,6 +14,7 @@ spec:
     spec:
       securityContext:
         fsGroup: 1001
+        runAsUser: 1001
       containers:
       - name: {{ .Release.Name }}
         image: "{{ .Values.image.source }}"
@@ -36,13 +37,29 @@ spec:
           mountPath: /usr/local/bin/entrypoint.sh
           subPath: entrypoint.sh
           readOnly: true
+        - name: ssh-keys
+          mountPath: /home/dev/.ssh/authorized_keys
+          subPath: authorized_keys
+          readOnly: true
+        - name: sshd-config-volume
+          mountPath: /etc/ssh/sshd_config
+          subPath: sshd_config
+          readOnly: true
         resources:
 {{ toYaml .Values.resources | indent 10 }}
       volumes:
       - name: entrypoint-script
         configMap:
-          name: dev-environment-entrypoint
+          name: {{ .Release.Name }}-entrypoint
           defaultMode: 0755
       - name: home-volume
         persistentVolumeClaim:
           claimName: {{ .Release.Name }}-pvc
+      - name: ssh-keys
+        configMap:
+          name: {{ .Release.Name }}-ssh-keys
+          defaultMode: 0755
+      - name: sshd-config-volume
+        configMap:
+          name: {{ .Release.Name }}-sshd-config
+          defaultMode: 0755
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -16,6 +16,11 @@ persistence:
 
 resources: {}
 
+ssh:
+  authorizedKeys: |
+    # Place auth keys here ...
+    # ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCu...
+
 securityContext:
   runAsNonRoot: true
   runAsUser: 1001
