diff --git a/Dockerfile b/Dockerfile index 2f4ea53..f3c598a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -56,12 +56,11 @@ RUN addgroup --gid 1001 devgroup && \ adduser --uid 1001 --ingroup devgroup --shell /bin/bash --home /home/dev --disabled-password dev && \ echo "dev ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers -# SSH configuration for rootless container -RUN mkdir -p /etc/ssh/keys /var/run/sshd && \ +# Ensure SSH configuration and host keys are set up +RUN mkdir -p /var/run/sshd && \ ssh-keygen -A && \ - cp /etc/ssh/ssh_host_* /etc/ssh/keys/ && \ - chown -R root:root /etc/ssh/keys && \ - chmod 600 /etc/ssh/keys/* && \ + chown -R root:root /etc/ssh && \ + chmod 600 /etc/ssh/ssh_host_* && \ echo 'dev:dev' | chpasswd && \ sed -i 's|#PermitRootLogin prohibit-password|PermitRootLogin no|' /etc/ssh/sshd_config && \ sed -i 's|#PasswordAuthentication yes|PasswordAuthentication no|' /etc/ssh/sshd_config diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 197a830..e6f31a9 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -20,6 +20,7 @@ spec: ports: - containerPort: {{ .Values.service.port }} securityContext: + fsGroup: 1001 runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} runAsUser: {{ .Values.securityContext.runAsUser }} allowPrivilegeEscalation: {{ .Values.securityContext.allowPrivilegeEscalation }} diff --git a/chart/values.yaml b/chart/values.yaml index 81197c7..9cc903a 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,7 +1,7 @@ replicaCount: 1 image: - source: ghcr.io/syntax3rror404/k8s-devmachine@sha256:0579081ba89ffeda377518c26fbf9a6454caec2039a41dc9262372c7dce186f0 + source: ghcr.io/syntax3rror404/k8s-devmachine@sha256:3c87b57891380491fcb251e01aa86bfbee89b18f09cc003289ccb7df094951c5 pullPolicy: IfNotPresent service: diff --git a/entrypoint.sh b/entrypoint.sh index 5002a81..b71fe82 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,7 +2,7 @@ # Ensure SSH host keys are available; generate them if they do not exist if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then - echo "SSH host keys not found, generating new keys." + echo "Generating new SSH host keys." ssh-keygen -A fi