In Kubernetes >= 1.10, secrets (and config-maps) will be mounted
read-only. This means we cannot use the tmpfs volume used for the
deploy secret as a workspace for generating new keys (and that we have
to mount the secret with the right mode, since we won't be able to
Instead, require _another_ tmpfs to be mounted, and use that. The new,
mandatory flag `--ssh-keygen-dir` is for providing the path. It's
mandatory so that it's harder to accidentally just use a "regular" bit
of the filesystem to generate keys and thereby put them on disk.
So we can still use stable paths, both possible stable locations of
the private key are mentioned in ~/.ssh/config (in the Docker image).
This commit remove the SSH key handling from the git package, instead
writing an SSH config that will be used by git+ssh.
This accomplishes two things:
1. it decouples the git operations from SSH key handling; and,
2. it makes using a third-party git library easier, since that won't
need special SSH key handling either.
The 'AtomicWriter' used by k8s to project secrets into a tmpfs volume
periodically removes any files whose names do not match existing keys in
the secret, unfortunately including the temporary directories into which
we generate keys. This can be avoided by prefixing our temporary
directories with '..', effectively placing them in the namespace
reserved by the AtomicWriter for non-user-visible files; since we are
intruding into this namespace, we also include 'weave-' in the prefix in
an attempt to avoid collisions.