Updated wetty

2021-02-24 21:29:04 +08:00 · 2021-02-24 21:29:04 +08:00 · e371b229a9
commit e371b229a9
parent 6b7dd00624
5 changed files with 95 additions and 24 deletions
--- a/wetty/Chart.yaml
+++ b/wetty/Chart.yaml
@ -14,10 +14,10 @@ type: application

 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.1.1
+version: 0.1.2

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 1.3
+appVersion: 2.0.2

 icon: https://git.ervine.org/jonny/x86_64-alpine-wetty/raw/branch/master/tty.png
--- a/wetty/templates/configmap.yaml
+++ b/wetty/templates/configmap.yaml
@ -1,11 +1,39 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ include "wetty.fullname" . }}
+  name: wetty-config
  #name: {{ .Values.config.configMapName }}
  labels:
    {{- include "wetty.labels" . | nindent 4 }}
 data:
-{{- range $k, $v := .Values.config }}
-  {{ $k }}: {{ $v | quote }}
-{{- end }}
+  config.json: "{ \n    \"ssh\": {\n        \"user\": \"{{ .Values.config.remote_ssh_user }}\", // default user to
+    use when ssh-ing\n        \"host\": \"{{ .Values.config.remote_ssh_server }}\", // Server to ssh
+    to\n        \"auth\": \"{{ .Values.config.remote_ssh_auth }}\", // shh authentication, method. Defaults
+    to \"password\", you can use \"publickey,password\" instead'\n        \"key\":
+    \"/src/.ssh/id_ecdsa\", // path to an optional client private key, connection
+    will be password-less and insecure!\n        \"port\": {{ .Values.config.remote_ssh_port }}, // Port to ssh to\n
+    \   },\n    \"server\": {\n        \"base\": \"{{ .Values.config.wetty_base }}\", // URL base to serve resources
+    from\n        \"port\": 3000, // Port to listen on\n        \"host\": \"0.0.0.0\",
+    // listen on all interfaces or can be 127.0.0.1 with nginx\n        \"title\":
+    \"WeTTy - The Web Terminal Emulator\", // Page title\n        \"bypassHelmet\":
+    false // Disable Helmet security checks\n    },\n    \"forceSSH\": false, // Force
+    sshing to local machine over login if running as root\n    \"command\": \"login\",
+    // Command to run on server. Login will use ssh if connecting to different server\n}\n"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: wetty-key-copy
+  #name: {{ .Values.config.configMapName }}
+  labels:
+    {{- include "wetty.labels" . | nindent 4 }}
+data:
+  key-copy.sh: |
+    #/bin/sh
+    ## Script to copy shared keys into correct location
+    cd /src
+    cp id_ecdsa .ssh/
+    cp id_ecdsa.pub  .ssh/
+    chmod 400 .ssh/*
+    chmod 700 .ssh
+    chown -R 1001:1001 .ssh
--- a/wetty/templates/deployment.yaml
+++ b/wetty/templates/deployment.yaml
@ -45,26 +45,55 @@ spec:
            periodSeconds: 5
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
-          env:
-          - name: REMOTE_SSH_SERVER
-            valueFrom:
-              configMapKeyRef:
-                name: {{ include "wetty.fullname" . }}
-                key: remote_ssh_server
-          - name: REMOTE_SSH_PORT
-            valueFrom:
-              configMapKeyRef:
-                name: {{ include "wetty.fullname" . }}
-                key: remote_ssh_port
-          - name: REMOTE_SSH_USER
-            valueFrom:
-              configMapKeyRef:
-                name: {{ include "wetty.fullname" . }}
-                key: remote_ssh_user
+          volumeMounts:
+          - mountPath: /src/.ssh
+            name: ssh
+          - mountPath: /usr/src/app/config.json
+            name: config
+            subPath: config.json
+      initContainers:
+        - command:
+          - /bin/sh
+          - /tmp/key-copy.sh
+          image: alpine
+          imagePullPolicy: Always
+          name: init
+          resources:
+            limits:
+              cpu: 100m
+              memory: 64Mi
+            requests:
+              cpu: 10m
+              memory: 16Mi
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          volumeMounts:
+          - mountPath: /src/.ssh
+            name: ssh
+          - mountPath: /src
+            name: sshkeys
+          - mountPath: /tmp/key-copy.sh
+            name: wetty-key-copy
+            subPath: key-copy.sh
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
+      volumes:
+        - emptyDir: {}
+          name: ssh
+        - name: sshkeys
+          secret:
+            defaultMode: 400
+            secretName: wetty-ssh-keys
+        - configMap:
+            defaultMode: 420
+            name: wetty-config
+          name: config
+        - configMap:
+            defaultMode: 0755
+            name: wetty-key-copy
+          name: wetty-key-copy
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
--- a/wetty/templates/secret.yml
+++ b/wetty/templates/secret.yml
@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wetty-ssh-keys
+  labels:
+    {{- include "wetty.labels" . | nindent 4 }}
+data:
+  # apiAddress: {{ printf "http://%s:%.0f" .Values.service.name .Values.service.externalPort | b64enc | quote }}
+  id_ecdsa: {{ .Values.config.privkey | b64enc | quote }}
+  id_ecdsa.pub: {{ .Values.config.pubkey | b64enc | quote }}
--- a/wetty/values.yaml
+++ b/wetty/values.yaml
@ -26,7 +26,7 @@ securityContext:
  # capabilities:
  #   drop:
  #   - ALL
-  readOnlyRootFilesystem: true
+  #readOnlyRootFilesystem: true
  #runAsNonRoot: true
  #runAsUser: 1001

@ -68,6 +68,10 @@ affinity: {}
 configMapName: wetty-config

 config:
-  remote_ssh_server: "athena"
+  wetty_base: "/"
+  remote_ssh_auth: "publickey,password"
+  remote_ssh_server: "perseus.ipa.champion"
  remote_ssh_port: "22"
  remote_ssh_user: "jonny"
+  pubkey: ""
+  privkey: ""