From bf661b5cf78748e13ec842f13ba0f8611197757f Mon Sep 17 00:00:00 2001 From: Conan Scott Date: Mon, 2 Feb 2026 04:43:47 +0000 Subject: [PATCH] Fix SSH permissions via init container copy --- manifests/deployment.yaml | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml index d72cae5..52e8fa6 100644 --- a/manifests/deployment.yaml +++ b/manifests/deployment.yaml @@ -19,15 +19,26 @@ spec: spec: serviceAccountName: clawd-sa initContainers: - - name: volume-permissions + - name: setup-ssh image: docker.io/alpine:latest command: - sh - -c - - "chown -R 1000:0 /data && chmod -R 775 /data" + - | + # 1. Fix data volume permissions + chown -R 1000:0 /data && chmod -R 775 /data + + # 2. Setup writable SSH tirectory from Secret + cp /mnt/keys/authorized_keys /working-ssh/ + chown 1000:0 /working-ssh/authorized_keys + chmod 600 /working-ssh/authorized_keys volumeMounts: - name: data-volume mountPath: /data + - name: ssh-keys-secret + mountPath: /mnt/keys + - name: ssh-working + mountPath: /working-ssh containers: - name: clawdbox image: default-route-openshift-image-registry.apps.lab.apilab.us/clawdbox/clawdbox:latest @@ -39,7 +50,7 @@ spec: - mountPath: /data name: data-volume - mountPath: /home/claw/.ssh - name: ssh-keys + name: ssh-working resources: limits: memory: "2Gi" @@ -58,7 +69,9 @@ spec: - name: data-volume persistentVolumeClaim: claimName: clawdbox-pvc - - name: ssh-keys + - name: ssh-keys-secret secret: secretName: clawdbox-ssh-keys defaultMode: 0600 + - name: ssh-working + emptyDir: {} \ No newline at end of file