You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree:
a211ea3d1e
bug/2963
deprecate-install-for-base-config
gitops-engine
master
release/1.19.0
release/1.19.x
release/1.20.0
release/1.20.1
release/1.20.x
rfc-image-automation
build/e2e-testing
build/install-submodule
cache-tool
chart/certs-mount
decouple/bearer-tokens
derot-integration-tests
docs/faq-https-git
docs/faq-on-ignore
feature-table
feature/1560-helm-op-add-tests
fix-sync-marker-name
fluxctl-build
fluxctl/install-additional-args
gh-pages
gitops-engine-poc
helm-metrics
improve-install-docs
issue/2043-config-file
kube-1.16
kubectl-1.15
listservices-controller-podstatus
log-skipped-directories
policies-not-annotations
pr/1101
refactor/bytes-to-readers
refactor/update-and-release
release/1.10.x
release/1.11.x
release/1.12.x
release/1.13.1
release/1.13.2
release/1.13.x
release/1.14.2
release/1.14.x
release/1.15.x
release/1.16.x
release/1.17.x
release/1.18.x
release/1.7.x
release/1.8.x
release/1.9.x
release/helm-0.10.x
release/helm-0.5.x
release/helm-0.6.x
release/helm-0.7.x
release/helm-0.8.x
release/helm-0.9.x
reproduce-flakey-tests
show-rollout-progress-in-fluxctl-release
v1.20.1
v1.20.0
v1.19.0
v1.18.0
v1.17.1
v1.17.0
v1.16.0
v1.15.0
pre-split
master-ccb9a99
master-6cc08e4
master-0d109dd
helm-0.10.1
helm-0.10.0
helm-0.9.2
helm-0.9.1
helm-0.9.0
helm-0.8.0
helm-0.7.1
helm-0.7.0
helm-0.6.0
helm-0.5.3
helm-0.5.2
helm-0.5.1
helm-0.5.0
helm-0.4.0
helm-0.3.0
helm-0.2.1
helm-0.2.0
helm-0.1.1-alpha
helm-0.1.0-alpha
chart-1.4.1
chart-1.4.0
chart-1.3.0
chart-1.2.0
chart-1.1.0
chart-1.0.0
chart-0.16.0
chart-0.15.0
chart-0.14.1
chart-0.14.0
chart-0.13.0
chart-0.12.0
chart-0.11.0
chart-0.10.2
chart-0.10.1
chart-0.10.0
chart-0.9.5
chart-0.9.4
chart-0.9.3
chart-0.9.2
chart-0.9.1
chart-0.9.0
chart-0.8.0
chart-0.7.0
chart-0.6.3
chart-0.6.2
chart-0.6.1
chart-0.6.0
chart-0.5.2
chart-0.5.1
chart-0.5.0
chart-0.4.1
chart-0.4.0
chart-0.3.4
chart-0.3.3
chart-0.3.2
chart-0.3.0
chart-0.2.2
chart-0.2.1
chart-0.2.0
1.20.1
1.20.0
1.19.0
1.18.0
1.17.1
1.17.0
1.16.0
1.15.0
1.14.2
1.14.1
1.14.0
1.13.3
1.13.2
1.13.1
1.13.0
1.12.3
1.12.2
1.12.1
1.12.0
1.11.1
1.11.0
1.10.1
1.10.0
1.9.0
1.8.2
1.8.1
1.8.0
1.7.1
1.7.0
1.6.0
1.5.0
1.4.2
1.4.1
1.4.0
1.3.1
1.3.0
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.0
1.0.2
1.0.1
1.0.0-beta
1.0.0
0.3.0
0.2.0
0.1.0
flux/ssh
Michael Bridgen
24e3e6061c
Generate keys in a separate tmpfs volume
In Kubernetes >= 1.10, secrets (and config-maps) will be mounted read-only. This means we cannot use the tmpfs volume used for the deploy secret as a workspace for generating new keys (and that we have to mount the secret with the right mode, since we won't be able to `chmod` it). Instead, require _another_ tmpfs to be mounted, and use that. The new, mandatory flag `--ssh-keygen-dir` is for providing the path. It's mandatory so that it's harder to accidentally just use a "regular" bit of the filesystem to generate keys and thereby put them on disk. So we can still use stable paths, both possible stable locations of the private key are mentioned in ~/.ssh/config (in the Docker image). |
2 years ago | |
|---|---|---|
| .. | ||
| keygen.go | Generate keys in a separate tmpfs volume | 2 years ago |
| keyring.go | SSH keyring backed by k8s secret resource | 3 years ago |