penguin/monok8s
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refine controller template and probe listeners

Browse Source
This commit is contained in:
斟酌 鵬兄
2026-04-27 00:28:25 +08:00
parent 8fae920fc8
commit d7c2dac944
20 changed files with 780 additions and 217 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
clitools/pkg/render/sshd.go
View File

@@ -160,6 +160,7 @@ func buildSSHDDeployment(
Labels: podLabels,
},
Spec: corev1.PodSpec{
HostPID: true,
NodeSelector: selectorLabels,
Containers: []corev1.Container{
{
@@ -215,60 +216,110 @@ exec /usr/sbin/sshd \
corev1.ResourceMemory: resource.MustParse("128Mi"),
},
},
VolumeMounts: []corev1.VolumeMount{
{
Name: "authorized-keys",
MountPath: "/authorized-keys",
ReadOnly: true,
},
{
Name: "host-etc",
MountPath: "/host/etc",
},
{
Name: "host-var",
MountPath: "/host/var",
},
},
},
},
Volumes: []corev1.Volume{
{
Name: "authorized-keys",
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: sshdConfigName,
VolumeMounts: append(
[]corev1.VolumeMount{
{
Name: "authorized-keys",
MountPath: "/authorized-keys",
ReadOnly: true,
},
DefaultMode: ptrInt32(0600),
},
},
},
{
Name: "host-etc",
VolumeSource: corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: "/etc",
Type: ptrHostPathType(corev1.HostPathDirectory),
},
},
},
{
Name: "host-var",
VolumeSource: corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: "/var",
Type: ptrHostPathType(corev1.HostPathDirectory),
},
},
buildHostRootVolumeMounts()...,
),
},
},
Volumes: append(
[]corev1.Volume{
{
Name: "authorized-keys",
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{
Name: sshdConfigName,
},
DefaultMode: ptrInt32(0600),
},
},
},
},
buildHostRootVolumes()...,
),
},
},
},
}
}
func buildHostRootVolumeMounts() []corev1.VolumeMount {
paths := []struct {
name string
mountPath string
readOnly bool
}{
{"host-bin", "/host/bin", true},
{"host-sbin", "/host/sbin", true},
{"host-lib", "/host/lib", true},
{"host-usr", "/host/usr", true},
{"host-etc", "/host/etc", false},
{"host-run", "/host/run", false},
{"host-proc", "/host/proc", false},
{"host-sys", "/host/sys", false},
{"host-dev", "/host/dev", false},
{"host-var", "/host/var", false},
}
mounts := make([]corev1.VolumeMount, 0, len(paths))
for _, p := range paths {
mounts = append(mounts, corev1.VolumeMount{
Name: p.name,
MountPath: p.mountPath,
ReadOnly: p.readOnly,
})
}
return mounts
}
func buildHostRootVolumes() []corev1.Volume {
hostPathDir := corev1.HostPathDirectory
paths := []struct {
name string
path string
}{
{"host-bin", "/bin"},
{"host-sbin", "/sbin"},
{"host-lib", "/lib"},
{"host-usr", "/usr"},
{"host-etc", "/etc"},
{"host-run", "/run"},
{"host-proc", "/proc"},
{"host-sys", "/sys"},
{"host-dev", "/dev"},
// /var is an rbind mount in monok8s and may be private.
// Mount the real backing path instead.
{"host-var", "/data/var"},
}
volumes := make([]corev1.Volume, 0, len(paths))
for _, p := range paths {
volumes = append(volumes, corev1.Volume{
Name: p.name,
VolumeSource: corev1.VolumeSource{
HostPath: &corev1.HostPathVolumeSource{
Path: p.path,
Type: &hostPathDir,
},
},
})
}
return volumes
}
func ptrInt32(v int32) *int32 {
return &v
}