Merge pull request #216 from aandryashin/master

Removed wrong hostCertificate implementation.
aerokube · Sep 14, 2023 · f102283 · f102283
2 parents 4fc2b01 + aa8ee49
commit f102283
Show file tree

Hide file tree

Showing 6 changed files with 5 additions and 14 deletions.
diff --git a/boot/templates/config.yaml b/boot/templates/config.yaml
@@ -24,8 +24,5 @@ data:
       GatewayPorts no
       ForceCommand /sbin/nologin
 
-    {{- with .Values.boot.jumphost.hostCertificate }}
-    HostCertificate /etc/ssh/ssh_host_key-cert.pub
-    {{- end }}
     TrustedUserCAKeys /etc/ssh/user_ca.pub
     AuthorizedKeysFile /etc/ssh/authorized_keys
diff --git a/boot/templates/deployment.yaml b/boot/templates/deployment.yaml
@@ -64,6 +64,8 @@ spec:
         {{- end }}
         command:
         - /boot
+        - -ca-secret-name
+        - {{ .Release.Name }}-vm-ssh-host-ca-keys
         securityContext:
           privileged: false
           runAsUser: {{ printf "%d" (int64 .Values.boot.jumphost.user.uid) }}
@@ -141,11 +143,6 @@ spec:
         - name: ssh-host-keys
           mountPath: /etc/ssh/ssh_host_rsa_key
           subPath: ssh_host_rsa_key
-        {{- with .Values.boot.jumphost.hostCertificate }}
-        - name: ssh-keys
-          mountPath: /etc/ssh/ssh_host_key-cert.pub
-          subPath: ssh_host_key-cert.pub
-        {{- end }}
         - name: ssh-keys
           mountPath: /etc/ssh/authorized_keys
           subPath: authorized_keys

diff --git a/boot/templates/generate-ssh-keys.yaml b/boot/templates/generate-ssh-keys.yaml
@@ -17,7 +17,7 @@ metadata:
   name: {{ $.Release.Name }}-generate-ssh-keys
   namespace: {{ $namespace }}
   annotations:
-    helm.sh/hook: "pre-install,pre-upgrade"
+    helm.sh/hook: pre-install,pre-upgrade
     helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
     helm.sh/hook-weight: "1"
 ---

diff --git a/boot/templates/secret.yaml b/boot/templates/secret.yaml
@@ -5,10 +5,6 @@ metadata:
   name: {{ .Release.Name }}-ssh-keys
   namespace: {{ .Release.Namespace }}
 stringData:
-  {{- with .Values.boot.jumphost.hostCertificate }}
-  ssh_host_key-cert.pub:
-  {{- toYaml . | nindent 4 }}
-  {{- end }}
   user_ca.pub: |
   {{- range $k := .Values.boot.jumphost.trustedUserCAKeys }}
     {{ $k }}

diff --git a/boot/templates/service.yaml b/boot/templates/service.yaml
@@ -25,6 +25,7 @@ spec:
   - {{ . }}
   {{- end }}
   {{- end }}
+  type: {{ .Values.boot.service.type | default "LoadBalancer" }}
 {{- $namespaces := .Values.boot.namespaces }}
 {{- if not $namespaces }}
 {{- $namespaces = list .Release.Namespace }}

diff --git a/boot/values.yaml b/boot/values.yaml
@@ -42,11 +42,11 @@ boot:
     port: 2222
     authorizedKeys: []
     trustedUserCAKeys: []
-    hostCertificate:
   service:
     annotations:
     labels:
     externalIPs:
+    type:
   serviceAccount:
     annotations:
     labels: