Skip to content

Commit

Permalink
add generate public and private key (#5004)
Browse files Browse the repository at this point in the history
* add generate public and private key

* add generate public and private key

* add generate public and private key

* add generate public and private key

* add generate public and private key

* add generate public and private key

* fix bug

* Changes

* Changes

* Changes

* Changes

* Changes
  • Loading branch information
bearslyricattack authored Aug 29, 2024
1 parent 06caa81 commit 5877ddb
Show file tree
Hide file tree
Showing 2 changed files with 70 additions and 4 deletions.
39 changes: 36 additions & 3 deletions controllers/devbox/internal/controller/devbox_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,16 @@ import (
"fmt"
"time"

"k8s.io/apimachinery/pkg/util/rand"

devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1"
"github.com/labring/sealos/controllers/devbox/internal/controller/helper"
"github.com/labring/sealos/controllers/devbox/label"

corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/intstr"
"k8s.io/apimachinery/pkg/util/rand"
"k8s.io/client-go/tools/record"
"k8s.io/utils/ptr"
ctrl "sigs.k8s.io/controller-runtime"
Expand Down Expand Up @@ -136,9 +136,18 @@ func (r *DevboxReconciler) syncSecret(ctx context.Context, devbox *devboxv1alpha
// if secret not found, create a new one
if err != nil && client.IgnoreNotFound(err) == nil {
// set password to context, if error then no need to update secret
publicKey, privateKey, err := helper.GenerateSSHKeyPair()
if err != nil {
logger.Error(err, "generate public and private key failed")
return err
}
secret := &corev1.Secret{
ObjectMeta: objectMeta,
Data: map[string][]byte{"SEALOS_DEVBOX_PASSWORD": []byte(rand.String(12))},
Data: map[string][]byte{
"SEALOS_DEVBOX_PASSWORD": []byte(rand.String(12)),
"SEALOS_DEVBOX_PUBLIC_KEY": publicKey,
"SEALOS_DEVBOX_PRIVATE_KEY": privateKey,
},
}
if err := controllerutil.SetControllerReference(devbox, secret, r.Scheme); err != nil {
return err
Expand Down Expand Up @@ -349,6 +358,29 @@ func (r *DevboxReconciler) generateDevboxPod(ctx context.Context, devbox *devbox
"memory": devbox.Spec.Resource["memory"],
},
},
VolumeMounts: []corev1.VolumeMount{
{
Name: "devbox-ssh-public-key",
MountPath: "/usr/start/.ssh",
ReadOnly: true,
},
},
},
}
volume := []corev1.Volume{
{
Name: "devbox-ssh-public-key",
VolumeSource: corev1.VolumeSource{
Secret: &corev1.SecretVolumeSource{
SecretName: devbox.Name,
Items: []corev1.KeyToPath{
{
Key: "SEALOS_DEVBOX_PUBLIC_KEY",
Path: "id.pub",
},
},
},
},
},
}
terminationGracePeriodSeconds := 300
Expand All @@ -358,6 +390,7 @@ func (r *DevboxReconciler) generateDevboxPod(ctx context.Context, devbox *devbox
Spec: corev1.PodSpec{
RestartPolicy: corev1.RestartPolicyNever,
Containers: containers,
Volumes: volume,
TerminationGracePeriodSeconds: ptr.To(int64(terminationGracePeriodSeconds)),
AutomountServiceAccountToken: ptr.To(automountServiceAccountToken),
},
Expand Down
35 changes: 34 additions & 1 deletion controllers/devbox/internal/controller/helper/devbox.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,18 @@

package helper

import devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1"
import (
"crypto/ecdsa"
"crypto/elliptic"
cryptorand "crypto/rand"
"crypto/x509"

"encoding/pem"

"golang.org/x/crypto/ssh"

devboxv1alpha1 "github.com/labring/sealos/controllers/devbox/api/v1alpha1"
)

func GetLastSuccessCommitHistory(devbox *devboxv1alpha1.Devbox) *devboxv1alpha1.CommitHistory {
if devbox.Status.CommitHistory == nil {
Expand All @@ -27,3 +38,25 @@ func GetLastSuccessCommitHistory(devbox *devboxv1alpha1.Devbox) *devboxv1alpha1.
}
return nil
}

func GenerateSSHKeyPair() ([]byte, []byte, error) {
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), cryptorand.Reader)
if err != nil {
return []byte(""), []byte(""), err
}
public := &privateKey.PublicKey
derPrivateKey, err := x509.MarshalECPrivateKey(privateKey)
if err != nil {
return []byte(""), []byte(""), err
}
privateKeyPem := pem.EncodeToMemory(&pem.Block{
Type: "PRIVATE KEY",
Bytes: derPrivateKey,
})
publicKey, err := ssh.NewPublicKey(public)
if err != nil {
return []byte(""), []byte(""), err
}
sshPublicKey := ssh.MarshalAuthorizedKey(publicKey)
return sshPublicKey, privateKeyPem, nil
}

0 comments on commit 5877ddb

Please sign in to comment.