From 6df82ede047d46a33f9fbb396e66e8834af72f2c Mon Sep 17 00:00:00 2001
From: Khwezi <khwezi@mngoma.lab>
Date: Sun, 12 Apr 2026 14:08:52 +0200
Subject: [PATCH] Light refactor

---
 kubernetes-templates/semaphoreui.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/kubernetes-templates/semaphoreui.yml b/kubernetes-templates/semaphoreui.yml
index f9e18bf..c5be330 100644
--- a/kubernetes-templates/semaphoreui.yml
+++ b/kubernetes-templates/semaphoreui.yml
@@ -107,12 +107,13 @@ spec:
         fsGroupChangePolicy: "Always"
 
       initContainers:
-        - name: setup-directory
+        - name: fix-ssh-path
           image: busybox:latest
-          command: ["sh", "-c", "mkdir -p /mnt/data/.ssh"]
+          # Ensure the directory exists AND is clean before the subPath mount attempts to anchor
+          command: ["sh", "-c", "mkdir -p /home/semaphore/.ssh && chmod 700 /home/semaphore/.ssh"]
           volumeMounts:
             - name: semaphore-persistent-storage
-              mountPath: /mnt/data
+              mountPath: /home/semaphore
 
       containers:
         - name: semaphore
@@ -158,6 +159,7 @@ spec:
             - name: semaphore-persistent-storage
               mountPath: /tmp/semaphore
               subPath: tmp
+            # Using subPath here is essential to put the file into the existing folder
             - name: ssh-keys-volume
               mountPath: /home/semaphore/.ssh/id_ed25519
               subPath: id_ed25519
@@ -171,7 +173,7 @@ spec:
         - name: ssh-keys-volume
           secret:
             secretName: semaphore-secrets
-            defaultMode: 384
+            defaultMode: 384 # This is octal 0600
             items:
               - key: id_ed25519
                 path: id_ed25519