Fix SSH permissions via init container copy

2026-02-02 04:43:47 +00:00
parent 2d1c671e58
commit bf661b5cf7
1 changed files with 17 additions and 4 deletions
--- a/manifests/deployment.yaml
+++ b/manifests/deployment.yaml
@@ -19,15 +19,26 @@ spec:
    spec:
      serviceAccountName: clawd-sa
      initContainers:
-        - name: volume-permissions
+        - name: setup-ssh
          image: docker.io/alpine:latest
          command:
            - sh
            - -c
-            - "chown -R 1000:0 /data && chmod -R 775 /data"
+            - |
+              # 1. Fix data volume permissions
+              chown -R 1000:0 /data && chmod -R 775 /data
+              
+              # 2. Setup writable SSH tirectory from Secret
+              cp /mnt/keys/authorized_keys /working-ssh/
+              chown 1000:0 /working-ssh/authorized_keys
+              chmod 600 /working-ssh/authorized_keys
          volumeMounts:
            - name: data-volume
              mountPath: /data
+            - name: ssh-keys-secret
+              mountPath: /mnt/keys
+              - name: ssh-working
+              mountPath: /working-ssh
      containers:
        - name: clawdbox
          image: default-route-openshift-image-registry.apps.lab.apilab.us/clawdbox/clawdbox:latest
@@ -39,7 +50,7 @@ spec:
            - mountPath: /data
              name: data-volume
            - mountPath: /home/claw/.ssh
-              name: ssh-keys
+              name: ssh-working
          resources:
            limits:
              memory: "2Gi"
@@ -58,7 +69,9 @@ spec:
        - name: data-volume
          persistentVolumeClaim:
            claimName: clawdbox-pvc
-        - name: ssh-keys
+        - name: ssh-keys-secret
          secret:
            secretName: clawdbox-ssh-keys
            defaultMode: 0600
+        - name: ssh-working
+          emptyDir: {}