-
-
Save ToMe25/ff1791bda78792b1827a6191f19e41a0 to your computer and use it in GitHub Desktop.
A improved version of jujhars13s kubernetes pod example for atmoz/sftp.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This kubernetes manifest for http://github.com/atmoz/sftp is made by ToMe25, based on a similar one by jujhars13. | |
| # | |
| # Usage: | |
| # 1. Create the sftp namespace using `kubectl create namespace sftp`. | |
| # 2. Copy your `~/.ssh/id_rsa.pub` file(can be generated with `ssh-keygen` if missing) to a new folder named `client_keys`. | |
| # Also add the `id_rsa.pub` files of all other users you want to be able to log in without a password to this folder. | |
| # 3. Create host keys for the sftp server in a new folder named `host_keys` by running `ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key` | |
| # and `ssh-keygen -t ed25519 -f ssh_host_ed25519_key` in it. | |
| # 4. Create a Kubernetes secret from the client keys by running `kubectl create secret generic sftp-client-public-keys -n sftp --from-file=client_keys`. | |
| # 5. Create another Kubernetes secret from the host keys by running `kubectl create secret generic sftp-host-keys -n sftp --from-file=host_keys`. | |
| # 6. Apply this Kubernetes manifest by running `kubectl apply -f sftp.yaml`. | |
| # Your sftp server should now be fully set up and begin to start up. | |
| # You can check whether your sftp server has finished starting by running `kubectl get pods -n sftp`. | |
| # Once it shows status `RUNNING` for all pods your server should be ready. | |
| # You can now connect to it using `sftp -P 23 myUser@localhost`. | |
| # Note that you can't upload files to the user directory directly, so you have to switch to one of the directories specified below. | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: sftp | |
| --- | |
| kind: Service | |
| apiVersion: v1 | |
| metadata: | |
| name: sftp | |
| namespace: sftp | |
| labels: | |
| environment: production | |
| spec: | |
| type: "LoadBalancer" | |
| ports: | |
| - name: "ssh" | |
| # don't use the default part, to allow the machine this runs on to be accessed using ssh | |
| port: 23 | |
| targetPort: 22 | |
| selector: | |
| app: sftp | |
| status: | |
| loadBalancer: {} | |
| --- | |
| kind: Deployment | |
| apiVersion: apps/v1 | |
| metadata: | |
| name: sftp | |
| namespace: sftp | |
| labels: | |
| environment: production | |
| app: sftp | |
| spec: | |
| # how many pods and indicate which strategy we want for rolling update | |
| replicas: 1 | |
| minReadySeconds: 10 | |
| selector: | |
| matchLabels: | |
| environment: production | |
| app: sftp | |
| template: | |
| metadata: | |
| labels: | |
| environment: production | |
| app: sftp | |
| spec: | |
| # secrets and config | |
| volumes: | |
| - name: sftp-client-public-keys | |
| secret: | |
| secretName: sftp-client-public-keys | |
| defaultMode: 0600 | |
| - name: sftp-host-keys | |
| secret: | |
| secretName: sftp-host-keys | |
| defaultMode: 0600 | |
| # uncomment this and the block below to use a custom sshd_config file. | |
| # - name: sshd-config | |
| # hostPath: | |
| # path: /path/to/your/sshd_config | |
| # type: File | |
| - name: sftp-data | |
| persistentVolumeClaim: | |
| claimName: sftp-data-pvc | |
| containers: | |
| # the sftp server itself | |
| - name: sftp | |
| # use kalioz/sftp:latest instead of atmoz/sftp:latest if you need arm compatibility. | |
| image: atmoz/sftp:latest | |
| imagePullPolicy: IfNotPresent | |
| # create users and dirs | |
| # user:password:uid:gid:directories | |
| args: ["myUser::::incoming,outgoing"] | |
| ports: | |
| - containerPort: 22 | |
| volumeMounts: | |
| - mountPath: /home/myUser/.ssh/keys | |
| name: sftp-client-public-keys | |
| readOnly: true | |
| - mountPath: /etc/ssh/ssh_host_rsa_key | |
| name: sftp-host-keys | |
| subPath: ssh_host_rsa_key | |
| readOnly: true | |
| - mountPath: /etc/ssh/ssh_host_rsa_key.pub | |
| name: sftp-host-keys | |
| subPath: ssh_host_rsa_key.pub | |
| readOnly: true | |
| - mountPath: /etc/ssh/ssh_host_ed25519_key | |
| name: sftp-host-keys | |
| subPath: ssh_host_ed25519_key | |
| readOnly: true | |
| - mountPath: /etc/ssh/ssh_host_ed25519_key.pub | |
| name: sftp-host-keys | |
| subPath: ssh_host_ed25519_key.pub | |
| readOnly: true | |
| # uncomment this and the block above to use a custom sshd_config file. | |
| # - mountPath: /etc/ssh/sshd_config | |
| # name: sshd-config | |
| # readOnly: true | |
| - mountPath: /home/myUser | |
| name: sftp-data | |
| securityContext: | |
| capabilities: | |
| add: ["SYS_ADMIN"] | |
| resources: {} | |
| # uncomment this and remove the '{}' above to add resource limits to the pod. | |
| # requests: | |
| # cpu: 100m | |
| # memory: 64Mi | |
| # limits: | |
| # cpu: 500m | |
| # memory: 128Mi | |
| --- | |
| apiVersion: v1 | |
| kind: PersistentVolumeClaim | |
| metadata: | |
| name: sftp-data-pvc | |
| namespace: sftp | |
| spec: | |
| accessModes: | |
| - ReadWriteOnce | |
| volumeMode: Filesystem | |
| resources: | |
| requests: | |
| storage: 20Gi | |
| storageClassName: local-path |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment