From 47814ed78be632f3a15bcda5f12ba075ccfa6189 Mon Sep 17 00:00:00 2001 From: Samuel Gaist Date: Thu, 22 Aug 2024 13:39:59 +0200 Subject: [PATCH] feat: known_hosts support initial implementation In order to clone a git repository using the ssh protocol, one must accept to connect to the remote service as must be done when using ssh alone. Since it's an interactive operation that is not possible when in an init container, one solution is to provide the known_hosts files through a ConfigMap containing a list of validated hosts. --- api/v1alpha1/amaltheasession_children.go | 27 ++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/api/v1alpha1/amaltheasession_children.go b/api/v1alpha1/amaltheasession_children.go index eddb9c66..4a20b64d 100644 --- a/api/v1alpha1/amaltheasession_children.go +++ b/api/v1alpha1/amaltheasession_children.go @@ -25,6 +25,7 @@ const servicePortName string = prefix + "http" const servicePort int32 = 80 const sessionVolumeName string = prefix + "volume" const shmVolumeName string = prefix + "dev-shm" +const sshKnownHostsName string = "ssh-known-hosts" // StatefulSet returns a AmaltheaSession StatefulSet object func (cr *AmaltheaSession) StatefulSet() appsv1.StatefulSet { @@ -371,6 +372,32 @@ func (cr *AmaltheaSession) initClones() ([]v1.Container, []v1.Volume) { vols := []v1.Volume{} containers := []v1.Container{} + vols = append( + vols, + v1.Volume{ + Name: sshKnownHostsName, + VolumeSource: v1.VolumeSource{ + ConfigMap: &v1.ConfigMapVolumeSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: sshKnownHostsName, + }, + Items: []v1.KeyToPath{ + { + Key: "known_hosts", + Path: "ssh_known_hosts", + }, + }, + Optional: ptr.To(true), + }, + }, + }, + ) + volMounts = append(volMounts, v1.VolumeMount{ + Name: sshKnownHostsName, + MountPath: "/etc/ssh", + }, + ) + for irepo, repo := range cr.Spec.CodeRepositories { args := []string{"clone", "--remote", repo.Remote, "--path", cr.Spec.Session.Storage.MountPath + "/" + repo.ClonePath}