From 20f4c73cb796c2945118e4c7cac224ea8c0ab33d Mon Sep 17 00:00:00 2001 From: Steve Jernigan Date: Fri, 17 Feb 2017 11:08:25 -0500 Subject: [PATCH] Update ssh.md Adding requirement for runAsRoot and suggested configuration for defaultMode. These are required after previous change to remove the chmod on the key. --- docs/ssh.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/ssh.md b/docs/ssh.md index 63ee25d..a97eff7 100644 --- a/docs/ssh.md +++ b/docs/ssh.md @@ -40,7 +40,8 @@ volumes: [ { "name": "git-secret", "secret": { - "secretName": "git-creds" + "secretName": "git-creds", + "defaultMode": 256 } }, ... @@ -71,6 +72,9 @@ In your git-sync container configuration, mount the Secret Volume at "/etc/git-s }, ... ], + securityContext: { + "runAsUser": 0 + } } ``` -**Note:** Kubernetes mounts the Secret with permissions 0444 by default (not restrictive enough to be used as an SSH key), so make sure you use secret volume with `defaultMode: 256` (decimal number for octal 0400). +**Note:** Kubernetes mounts the Secret with permissions 0444 by default (not restrictive enough to be used as an SSH key), so make sure you use secret volume with `defaultMode: 256` (decimal number for octal 0400) and run the container as root.