Updated wetty

wetty/Chart.yaml

@@ -14,10 +14,10 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.1.1
+version: 0.1.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 1.3
+appVersion: 2.0.2
 
 icon: https://git.ervine.org/jonny/x86_64-alpine-wetty/raw/branch/master/tty.png

wetty/templates/configmap.yaml

@@ -1,11 +1,39 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "wetty.fullname" . }}
+  name: wetty-config
   #name: {{ .Values.config.configMapName }}
   labels:
     {{- include "wetty.labels" . | nindent 4 }}
 data:
-{{- range $k, $v := .Values.config }}
+  config.json: "{ \n    \"ssh\": {\n        \"user\": \"{{ .Values.config.remote_ssh_user }}\", // default user to
-  {{ $k }}: {{ $v | quote }}
+    use when ssh-ing\n        \"host\": \"{{ .Values.config.remote_ssh_server }}\", // Server to ssh
-{{- end }}
+    to\n        \"auth\": \"{{ .Values.config.remote_ssh_auth }}\", // shh authentication, method. Defaults
+    to \"password\", you can use \"publickey,password\" instead'\n        \"key\":
+    \"/src/.ssh/id_ecdsa\", // path to an optional client private key, connection
+    will be password-less and insecure!\n        \"port\": {{ .Values.config.remote_ssh_port }}, // Port to ssh to\n
+    \   },\n    \"server\": {\n        \"base\": \"{{ .Values.config.wetty_base }}\", // URL base to serve resources
+    from\n        \"port\": 3000, // Port to listen on\n        \"host\": \"0.0.0.0\",
+    // listen on all interfaces or can be 127.0.0.1 with nginx\n        \"title\":
+    \"WeTTy - The Web Terminal Emulator\", // Page title\n        \"bypassHelmet\":
+    false // Disable Helmet security checks\n    },\n    \"forceSSH\": false, // Force
+    sshing to local machine over login if running as root\n    \"command\": \"login\",
+    // Command to run on server. Login will use ssh if connecting to different server\n}\n"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: wetty-key-copy
+  #name: {{ .Values.config.configMapName }}
+  labels:
+    {{- include "wetty.labels" . | nindent 4 }}
+data:
+  key-copy.sh: |
+    #/bin/sh
+    ## Script to copy shared keys into correct location
+    cd /src
+    cp id_ecdsa .ssh/
+    cp id_ecdsa.pub  .ssh/
+    chmod 400 .ssh/*
+    chmod 700 .ssh
+    chown -R 1001:1001 .ssh

wetty/templates/deployment.yaml

@@ -45,26 +45,55 @@ spec:
             periodSeconds: 5
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-          env:
+          volumeMounts:
-          - name: REMOTE_SSH_SERVER
+          - mountPath: /src/.ssh
-            valueFrom:
+            name: ssh
-              configMapKeyRef:
+          - mountPath: /usr/src/app/config.json
-                name: {{ include "wetty.fullname" . }}
+            name: config
-                key: remote_ssh_server
+            subPath: config.json
-          - name: REMOTE_SSH_PORT
+      initContainers:
-            valueFrom:
+        - command:
-              configMapKeyRef:
+          - /bin/sh
-                name: {{ include "wetty.fullname" . }}
+          - /tmp/key-copy.sh
-                key: remote_ssh_port
+          image: alpine
-          - name: REMOTE_SSH_USER
+          imagePullPolicy: Always
-            valueFrom:
+          name: init
-              configMapKeyRef:
+          resources:
-                name: {{ include "wetty.fullname" . }}
+            limits:
-                key: remote_ssh_user
+              cpu: 100m
+              memory: 64Mi
+            requests:
+              cpu: 10m
+              memory: 16Mi
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          volumeMounts:
+          - mountPath: /src/.ssh
+            name: ssh
+          - mountPath: /src
+            name: sshkeys
+          - mountPath: /tmp/key-copy.sh
+            name: wetty-key-copy
+            subPath: key-copy.sh
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      volumes:
+        - emptyDir: {}
+          name: ssh
+        - name: sshkeys
+          secret:
+            defaultMode: 400
+            secretName: wetty-ssh-keys
+        - configMap:
+            defaultMode: 420
+            name: wetty-config
+          name: config
+        - configMap:
+            defaultMode: 0755
+            name: wetty-key-copy
+          name: wetty-key-copy
     {{- with .Values.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}

wetty/templates/secret.yml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wetty-ssh-keys
+  labels:
+    {{- include "wetty.labels" . | nindent 4 }}
+data:
+  # apiAddress: {{ printf "http://%s:%.0f" .Values.service.name .Values.service.externalPort | b64enc | quote }}
+  id_ecdsa: {{ .Values.config.privkey | b64enc | quote }}
+  id_ecdsa.pub: {{ .Values.config.pubkey | b64enc | quote }}

wetty/values.yaml

@@ -26,7 +26,7 @@ securityContext:
   # capabilities:
   #   drop:
   #   - ALL
-  readOnlyRootFilesystem: true
+  #readOnlyRootFilesystem: true
   #runAsNonRoot: true
   #runAsUser: 1001
 
@@ -68,6 +68,10 @@ affinity: {}
 configMapName: wetty-config
 
 config:
-  remote_ssh_server: "athena"
+  wetty_base: "/"
+  remote_ssh_auth: "publickey,password"
+  remote_ssh_server: "perseus.ipa.champion"
   remote_ssh_port: "22"
   remote_ssh_user: "jonny"
+  pubkey: ""
+  privkey: ""