From db32982c300c08c56069fc48193907ae3a900a07 Mon Sep 17 00:00:00 2001 From: Khwezi Date: Sun, 12 Apr 2026 14:19:28 +0200 Subject: [PATCH] Reconfigured semaphore secrets --- kubernetes-templates/semaphoreui.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/kubernetes-templates/semaphoreui.yml b/kubernetes-templates/semaphoreui.yml index c5be330..9eabc6d 100644 --- a/kubernetes-templates/semaphoreui.yml +++ b/kubernetes-templates/semaphoreui.yml @@ -57,8 +57,8 @@ data: db-password: c2VYbk42RGt1cFJaN0Y= admin-password: QmxhY2tzdGFyMkBob21l access-key-encryption: NHZKMm1LMnBMNW5COHhSMnpRN3dFM3RZNnVJMG9QOWE= - id_ed25519: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNEbkRQMDZzbmM0Q2k3M0ZPSW1nTmszTWJsc25vNTNoajZYRDJTSzE1ZFpiQUFBQUpnZWwvMndIcGY5CnNBQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDRG5EUDA2c25jNENpNzNGT0ltZ05rM01ibHNubzUzaGo2WEQyU0sxNWRaYkEKQUFBRUJUaHFjcnNXZWVVWnpFeVdWWmJoRGlKZE9FQkZYSkg4NXNhMUNjK1dXQ0krY00vVHF5ZHpnS0x2Y1U0aWFBMlRjeAp1V3llam5lR1BwY1BaSXJYbDFsc0FBQUFEbXRvZDJWNmFVQkVRVkpMVTFWT0FRSURCQVVHQnc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0= - id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXppQERBUktTVU4= + id_ed25519: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNEbkRQMDZzbmM0Q2k3M0ZPSW1nTmszTWJsc25vNTNoajZYRDJTSzE1ZFpiQUFBQUpnZWwvMndIcGY5CnNBQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDRG5EUDA2c25jNENpNzNGT0ltZ05rM01ibHNubzUzaGo2WEQyU0sxNWRaYkEKQUFBRUJUaHFjcnNXZWVVWnpFeVdWWmJoRGlKZE9FQkZYSkg4NXNhMUNjK1dXQ0krY00vVHF5ZHpnS0x2Y1U0aWFBMlRjeAp1V3llam5lR1BwY1BaSXJYbDFsc0FBQUFEbXRvZDJWNmFVQkVRVkpMVTFWT0FRSURCQVVHQnc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K + id_ed25519.pub: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU9jTS9UcXlkemdLTHZjVTRpYUEyVGN4dVd5ZWpuZUdQcGNQWklyWGwxbHMga2h3ZXppQERBUktTVU4K --- apiVersion: v1 kind: ConfigMap @@ -107,9 +107,10 @@ spec: fsGroupChangePolicy: "Always" initContainers: - - name: fix-ssh-path + - name: fix-ssh-permissions image: busybox:latest - # Ensure the directory exists AND is clean before the subPath mount attempts to anchor + # We ensure the directory exists and has 700. + # We don't touch the files yet because they are mounted by the main container. command: ["sh", "-c", "mkdir -p /home/semaphore/.ssh && chmod 700 /home/semaphore/.ssh"] volumeMounts: - name: semaphore-persistent-storage @@ -159,13 +160,14 @@ spec: - name: semaphore-persistent-storage mountPath: /tmp/semaphore subPath: tmp - # Using subPath here is essential to put the file into the existing folder - name: ssh-keys-volume mountPath: /home/semaphore/.ssh/id_ed25519 subPath: id_ed25519 + readOnly: true - name: ssh-keys-volume mountPath: /home/semaphore/.ssh/id_ed25519.pub subPath: id_ed25519.pub + readOnly: true volumes: - name: semaphore-persistent-storage persistentVolumeClaim: @@ -173,7 +175,7 @@ spec: - name: ssh-keys-volume secret: secretName: semaphore-secrets - defaultMode: 384 # This is octal 0600 + defaultMode: 384 # 0600 items: - key: id_ed25519 path: id_ed25519 -- 2.47.3