Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

k8s resources added #327

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
110 changes: 110 additions & 0 deletions kubernetes/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
# SFTP

![GitHub Workflow Status](https://img.shields.io/github/workflow/status/atmoz/sftp/build?logo=github) ![GitHub stars](https://img.shields.io/github/stars/atmoz/sftp?logo=github) ![Docker Stars](https://img.shields.io/docker/stars/atmoz/sftp?label=stars&logo=docker) ![Docker Pulls](https://img.shields.io/docker/pulls/atmoz/sftp?label=pulls&logo=docker)

![OpenSSH logo](https://raw.githubusercontent.com/atmoz/sftp/master/openssh.png "Powered by OpenSSH")

# Supported tags and respective `Dockerfile` links

- [`debian`, `latest` (*Dockerfile*)](https://github.com/atmoz/sftp/blob/master/Dockerfile) ![Docker Image Size (debian)](https://img.shields.io/docker/image-size/atmoz/sftp/debian?label=debian&logo=debian&style=plastic)
- [`alpine` (*Dockerfile*)](https://github.com/atmoz/sftp/blob/master/Dockerfile-alpine) ![Docker Image Size (alpine)](https://img.shields.io/docker/image-size/atmoz/sftp/alpine?label=alpine&logo=Alpine%20Linux&style=plastic)

# Securely share your files

Easy to use SFTP ([SSH File Transfer Protocol](https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol)) server with [OpenSSH](https://en.wikipedia.org/wiki/OpenSSH).

# Usage for Kubernetes cluster

## Creating your own SSH key

Generate your keys with these commands:

```
ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null
```

## Create secret using the keys

Lets create a secret using the generated keys (private key)

```
kubectl create secret generic sftp-key --from-file=ssh_host_ed25519_key --from-file=ssh_host_rsa_key
```

## Store users in config

Create config map with users value `(user:pass[:e][:uid[:gid...]])`. Multiple users can be added.

```
apiVersion: v1
kind: ConfigMap
metadata:
name: sftp-config
data:
users.conf: |
foo:123:1001:100
```

## Sharing a directory from your computer

- ### Add shared location as volume in deployment

Ex: You can mount host directory to share your location. You can also add other types of volumes as well. For more on [volumes](https://kubernetes.io/docs/concepts/storage/volumes/)

```
volumes:
....
- name: location
hostPath:
path: <path-to-host-dir>
```

- ### Mount the volume in the container

```
containers:
- name: sftp-client
volumeMounts:
...
- name: location
mountPath: /home/<user>/<mounted-directory>
```

- ### Expose the service

Add a service for the deployment to access the sftp client outside the cluster. Select a nodeport from the range.

```
apiVersion: v1
kind: Service
metadata:
labels:
app: sftp-client
name: sftp-client
spec:
ports:
- name: ssh
port: 22
targetPort: 22
nodePort: <30000-32767>
selector:
app: sftp-client
type: NodePort
```

## Apply the manifest in the cluster

Create all the resource in the cluster with the command.

```
kubectl apply -f ./kubernetes
```

## Logging in

The OpenSSH server runs by default on port 22, and in this example, we are forwarding the container's port 22 to the service's nodeport. To log in with the OpenSSH client, run:

```
sftp -P <nodeport> <user>@<worker-node-ip>
```
7 changes: 7 additions & 0 deletions kubernetes/sftp-config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: sftp-config
data:
users.conf: |
foo:123:1001:100
44 changes: 44 additions & 0 deletions kubernetes/sftp-deployment.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: sftp-client
name: sftp-client
spec:
replicas: 1
selector:
matchLabels:
app: sftp-client
template:
metadata:
labels:
app: sftp-client
spec:
containers:
- image: atmoz/sftp
name: sftp-client
imagePullPolicy: IfNotPresent
volumeMounts:
- name: authorize
mountPath: /etc/ssh/ssh_host_rsa_key
subPath: ssh_host_rsa_key
- name: authorize
mountPath: /etc/ssh/ssh_host_ed25519_key
subPath: ssh_host_ed25519_key
- name: user
mountPath: /etc/sftp/users.conf
subPath: users.conf
- name: location
mountPath: /home/foo/upload
volumes:
- name: authorize
secret:
secretName: sftp-key
defaultMode: 0400
- name: user
configMap:
name: sftp-config
- name: location
hostPath:
path: /data/upload

14 changes: 14 additions & 0 deletions kubernetes/sftp-svc.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: v1
kind: Service
metadata:
labels:
app: sftp-client
name: sftp-client
spec:
ports:
- name: ssh
port: 22
targetPort: 22
selector:
app: sftp-client
type: NodePort