mount ssh-key to separate directory, cp, and fix permissions

Author: cognifloyd

templates/configmaps_post-start-script.yaml

@@ -18,4 +18,8 @@ data:
   # see: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
   post-start.sh: |
     #!/bin/bash
+    mkdir -p /home/stanley/.ssh
+    cp -L /home/stanley/.ssh{-key-vol,}/stanley_rsa
     chown -R stanley:stanley /home/stanley/.ssh/
+    chmod 400 /home/stanley/.ssh/stanley_rsa
+    chmod 500 /home/stanley/.ssh

templates/deployments.yaml

@@ -1020,8 +1020,7 @@ spec:
         volumeMounts:
         {{- include "st2-config-volume-mounts" . | nindent 8 }}
         - name: st2-ssh-key-vol
-          mountPath: /home/stanley/.ssh/
-          #readOnly: true
+          mountPath: /home/stanley/.ssh-key-vol/
         {{- if .Values.st2.datastore_crypto_key }}
         - name: st2-encryption-key-vol
           mountPath: /etc/st2/keys
@@ -1064,9 +1063,7 @@ spec:
             - key: private_key
               path: stanley_rsa
               # 0400 file permission
-              #mode: 256
-              # 0600 file permission
-              mode: 384
+              mode: 256
         {{- if .Values.st2.packs.images }}
 {{- include "packs-volumes" . | indent 8 }}
         {{- end }}
@@ -1271,8 +1268,7 @@ spec:
         - name: st2client-config-vol
           mountPath: /root/.st2/
         - name: st2-ssh-key-vol
-          mountPath: /home/stanley/.ssh/
-          #readOnly: true
+          mountPath: /home/stanley/.ssh-key-vol/
         {{- if .Values.st2.datastore_crypto_key }}
         - name: st2-encryption-key-vol
           mountPath: /etc/st2/keys
@@ -1335,9 +1331,7 @@ spec:
             - key: private_key
               path: stanley_rsa
               # 0400 file permission
-              #mode: 256
-              # 0600 file permission
-              mode: 384
+              mode: 256
         {{- if .Values.st2.packs.images }}
 {{- include "packs-volumes" . | indent 8 }}
         {{- end }}