Update ssh.md
Adding requirement for runAsRoot and suggested configuration for defaultMode. These are required after previous change to remove the chmod on the key.
This commit is contained in:
Steve Jernigan
GitHub
parent
cf2f9135f1
commit
20f4c73cb7
|
|
@ -40,7 +40,8 @@ volumes: [
|
||||||
{
|
{
|
||||||
"name": "git-secret",
|
"name": "git-secret",
|
||||||
"secret": {
|
"secret": {
|
||||||
"secretName": "git-creds"
|
"secretName": "git-creds",
|
||||||
|
"defaultMode": 256
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
...
|
...
|
||||||
|
|
@ -71,6 +72,9 @@ In your git-sync container configuration, mount the Secret Volume at "/etc/git-s
|
||||||
},
|
},
|
||||||
...
|
...
|
||||||
],
|
],
|
||||||
|
securityContext: {
|
||||||
|
"runAsUser": 0
|
||||||
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
**Note:** Kubernetes mounts the Secret with permissions 0444 by default (not restrictive enough to be used as an SSH key), so make sure you use secret volume with `defaultMode: 256` (decimal number for octal 0400).
|
**Note:** Kubernetes mounts the Secret with permissions 0444 by default (not restrictive enough to be used as an SSH key), so make sure you use secret volume with `defaultMode: 256` (decimal number for octal 0400) and run the container as root.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue