You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree:
a211ea3d1e
act-normal-mode
fluxctl-build
gh-pages
issue/2043-config-file
kube-1.16
master
release/1.17.x
reproduce-flakey-tests
build/e2e-testing
cache-tool
chart/certs-mount
decouple/bearer-tokens
derot-integration-tests
docs/faq-https-git
docs/faq-on-ignore
feature-table
feature/1560-helm-op-add-tests
fix-sync-marker-name
fluxctl/install-additional-args
gitops-engine-poc
helm-metrics
improve-install-docs
issue/1558-chart-walking-skip-error
kustomize-ignore-unlinky-patches
listservices-controller-podstatus
log-skipped-directories
policies-not-annotations
pr/1101
refactor/bytes-to-readers
refactor/update-and-release
release/1.10.x
release/1.11.x
release/1.12.x
release/1.13.1
release/1.13.2
release/1.13.x
release/1.14.2
release/1.14.x
release/1.15.x
release/1.16.x
release/1.7.x
release/1.8.x
release/1.9.x
release/helm-0.10.x
release/helm-0.5.x
release/helm-0.6.x
release/helm-0.7.x
release/helm-0.8.x
release/helm-0.9.x
show-rollout-progress-in-fluxctl-release
v1.17.1
v1.17.0
v1.16.0
v1.15.0
pre-split
master-ccb9a99
master-6cc08e4
master-0d109dd
helm-0.10.1
helm-0.10.0
helm-0.9.2
helm-0.9.1
helm-0.9.0
helm-0.8.0
helm-0.7.1
helm-0.7.0
helm-0.6.0
helm-0.5.3
helm-0.5.2
helm-0.5.1
helm-0.5.0
helm-0.4.0
helm-0.3.0
helm-0.2.1
helm-0.2.0
helm-0.1.1-alpha
helm-0.1.0-alpha
chart-1.1.0
chart-1.0.0
chart-0.16.0
chart-0.15.0
chart-0.14.1
chart-0.14.0
chart-0.13.0
chart-0.12.0
chart-0.11.0
chart-0.10.2
chart-0.10.1
chart-0.10.0
chart-0.9.5
chart-0.9.4
chart-0.9.3
chart-0.9.2
chart-0.9.1
chart-0.9.0
chart-0.8.0
chart-0.7.0
chart-0.6.3
chart-0.6.2
chart-0.6.1
chart-0.6.0
chart-0.5.2
chart-0.5.1
chart-0.5.0
chart-0.4.1
chart-0.4.0
chart-0.3.4
chart-0.3.3
chart-0.3.2
chart-0.3.0
chart-0.2.2
chart-0.2.1
chart-0.2.0
1.17.1
1.17.0
1.16.0
1.15.0
1.14.2
1.14.1
1.14.0
1.13.3
1.13.2
1.13.1
1.13.0
1.12.3
1.12.2
1.12.1
1.12.0
1.11.1
1.11.0
1.10.1
1.10.0
1.9.0
1.8.2
1.8.1
1.8.0
1.7.1
1.7.0
1.6.0
1.5.0
1.4.2
1.4.1
1.4.0
1.3.1
1.3.0
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.0
1.0.2
1.0.1
1.0.0-beta
1.0.0
0.3.0
0.2.0
0.1.0
flux/ssh
Michael Bridgen
24e3e6061c
Generate keys in a separate tmpfs volume
In Kubernetes >= 1.10, secrets (and config-maps) will be mounted read-only. This means we cannot use the tmpfs volume used for the deploy secret as a workspace for generating new keys (and that we have to mount the secret with the right mode, since we won't be able to `chmod` it). Instead, require _another_ tmpfs to be mounted, and use that. The new, mandatory flag `--ssh-keygen-dir` is for providing the path. It's mandatory so that it's harder to accidentally just use a "regular" bit of the filesystem to generate keys and thereby put them on disk. So we can still use stable paths, both possible stable locations of the private key are mentioned in ~/.ssh/config (in the Docker image). |
1 year ago | |
|---|---|---|
| .. | ||
| keygen.go | Generate keys in a separate tmpfs volume | 1 year ago |
| keyring.go | SSH keyring backed by k8s secret resource | 2 years ago |