91 lines
2.7 KiB
YAML
91 lines
2.7 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: clawdbox
|
|
namespace: clawdbox
|
|
labels:
|
|
app: clawdbox
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: clawdbox
|
|
strategy:
|
|
type: Recreate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: clawdbox
|
|
spec:
|
|
serviceAccountName: clawd-sa
|
|
initContainers:
|
|
- name: setup-ssh
|
|
image: docker.io/alpine:latest
|
|
command:
|
|
- sh
|
|
- -c
|
|
- |
|
|
# 1. Fix data volume permissions
|
|
chown -R 1000:0 /data && chmod -R 775 /data
|
|
|
|
# 2. Setup writable SSH tirectory from Secret
|
|
cp /mnt/keys/authorized_keys /working-ssh/
|
|
chown 1000:0 /working-ssh/authorized_keys
|
|
chmod 600 /working-ssh/authorized_keys
|
|
volumeMounts:
|
|
- name: data-volume
|
|
mountPath: /data
|
|
- name: ssh-keys-secret
|
|
mountPath: /mnt/keys
|
|
- name: ssh-working
|
|
mountPath: /working-ssh
|
|
containers:
|
|
- name: clawdbox
|
|
image: default-route-openshift-image-registry.apps.lab.apilab.us/clawdbox/clawdbox:latest
|
|
imagePullPolicy: Always
|
|
command:
|
|
- /bin/bash
|
|
- "-c"
|
|
- |
|
|
mkdir -p /data/ssh
|
|
if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
|
|
echo 'Generating persistent host keys...'
|
|
ssh-keygen -f /data/ssh/ssh_host_rsa_key -N '' -t rsa
|
|
ssh-keygen -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
|
|
ssh-keygen -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519
|
|
fi
|
|
chmod 600 /data/ssh/ssh_host_*_key
|
|
# Run sshd with PAM disabled and logging to stderr
|
|
/usr/sbin/sshd -D -e -f /etc/ssh/sshd_config -o UsePAM=no
|
|
ports:
|
|
- containerPort: 2222
|
|
name: ssh
|
|
volumeMounts:
|
|
- mountPath: /data
|
|
name: data-volume
|
|
- mountPath: /home/claw/.ssh
|
|
name: ssh-working
|
|
resources:
|
|
limits:
|
|
memory: "2Gi"
|
|
cpu: "1000m"
|
|
requests:
|
|
memory: "512Mi"
|
|
cpu: "250m"
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
volumes:
|
|
- name: data-volume
|
|
persistentVolumeClaim:
|
|
claimName: clawdbox-pvc
|
|
- name: ssh-keys-secret
|
|
secret:
|
|
secretName: clawdbox-ssh-keys
|
|
defaultMode: 0600
|
|
- name: ssh-working
|
|
emptyDir: {} |