From 04e31e0fd8d124282bb28c863c422ebaa56bf8c1 Mon Sep 17 00:00:00 2001 From: yy Date: Mon, 11 Nov 2024 17:12:51 +0800 Subject: [PATCH 1/2] change ssh key mode, mount key by subpath. --- .../internal/controller/devbox_controller.go | 2 +- .../internal/controller/helper/devbox.go | 27 ++++++++++++++----- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/controllers/devbox/internal/controller/devbox_controller.go b/controllers/devbox/internal/controller/devbox_controller.go index 99a377e09fe..76fcb82d9da 100644 --- a/controllers/devbox/internal/controller/devbox_controller.go +++ b/controllers/devbox/internal/controller/devbox_controller.go @@ -543,7 +543,7 @@ func (r *DevboxReconciler) generateDevboxPod(devbox *devboxv1alpha1.Devbox, runt volumes = append(volumes, devbox.Spec.ExtraVolumes...) volumeMounts := runtime.Spec.Config.VolumeMounts - volumeMounts = append(volumeMounts, helper.GenerateSSHVolumeMounts()) + volumeMounts = append(volumeMounts, helper.GenerateSSHVolumeMounts()...) volumeMounts = append(volumeMounts, devbox.Spec.ExtraVolumeMounts...) containers := []corev1.Container{ diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index 7180a0210ab..0c7a13d704e 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -348,11 +348,26 @@ func GetLastSuccessCommitImageName(devbox *devboxv1alpha1.Devbox, runtime *devbo return commit.Image } -func GenerateSSHVolumeMounts() corev1.VolumeMount { - return corev1.VolumeMount{ - Name: "devbox-ssh-keys", - MountPath: "/usr/start/.ssh", - ReadOnly: true, +func GenerateSSHVolumeMounts() []corev1.VolumeMount { + return []corev1.VolumeMount{ + { + Name: "devbox-ssh-keys", + MountPath: "/usr/start/.ssh/authorized_keys", + SubPath: "authorized_keys", + ReadOnly: true, + }, + { + Name: "devbox-ssh-keys", + MountPath: "/usr/start/.ssh/id", + SubPath: "id", + ReadOnly: true, + }, + { + Name: "devbox-ssh-keys", + MountPath: "/usr/start/.ssh/id.pub", + SubPath: "id.pub", + ReadOnly: true, + }, } } @@ -377,7 +392,7 @@ func GenerateSSHVolume(devbox *devboxv1alpha1.Devbox) corev1.Volume { Path: "authorized_keys", }, }, - DefaultMode: ptr.To(int32(0644)), + DefaultMode: ptr.To(int32(420)), }, }, } From a8cedbfe5d746c4b97df039e16fdfd532daf1e38 Mon Sep 17 00:00:00 2001 From: yy Date: Tue, 12 Nov 2024 14:42:24 +0800 Subject: [PATCH 2/2] remove private key mount. --- .../devbox/internal/controller/helper/devbox.go | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/controllers/devbox/internal/controller/helper/devbox.go b/controllers/devbox/internal/controller/helper/devbox.go index 0c7a13d704e..c9791ded077 100644 --- a/controllers/devbox/internal/controller/helper/devbox.go +++ b/controllers/devbox/internal/controller/helper/devbox.go @@ -356,12 +356,6 @@ func GenerateSSHVolumeMounts() []corev1.VolumeMount { SubPath: "authorized_keys", ReadOnly: true, }, - { - Name: "devbox-ssh-keys", - MountPath: "/usr/start/.ssh/id", - SubPath: "id", - ReadOnly: true, - }, { Name: "devbox-ssh-keys", MountPath: "/usr/start/.ssh/id.pub", @@ -379,10 +373,6 @@ func GenerateSSHVolume(devbox *devboxv1alpha1.Devbox) corev1.Volume { Secret: &corev1.SecretVolumeSource{ SecretName: devbox.Name, Items: []corev1.KeyToPath{ - { - Key: "SEALOS_DEVBOX_PRIVATE_KEY", - Path: "id", - }, { Key: "SEALOS_DEVBOX_PUBLIC_KEY", Path: "id.pub",