From 88ae51b812da8547a6be0a67b31f72c230f5b9fe Mon Sep 17 00:00:00 2001
From: Rodolfo Alonso Hernandez <rodolfo.alonso.hernandez@intel.com>
Date: Fri, 4 May 2018 08:44:56 +0100
Subject: Avoid "volumeMounts" with "configMap" fixed permissions

To access to the container without using a password, the jumphost
RSA public key is copied to each container, using "volumeMounts"
defined as "configMap", to /root/.ssh/authorized_keys.

To work properly, the following permissions must be set:
  - /root/.ssh: 700
  - /root/.ssh/authorized_keys: 600

Because of [1][2], the mounted folders have fixed permissions and
cannot be modified.

[1]https://groups.google.com/forum/#!topic/kubernetes-dev/eTnfMJSqmaM
[2]https://github.com/kubernetes/kubernetes/issues/28317

JIRA: YARDSTICK-1149

Change-Id: I821064da56699c5b4f509d233c33e55af119fd56
Signed-off-by: Rodolfo Alonso Hernandez <rodolfo.alonso.hernandez@intel.com>
---
 yardstick/orchestrator/kubernetes.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'yardstick/orchestrator')

diff --git a/yardstick/orchestrator/kubernetes.py b/yardstick/orchestrator/kubernetes.py
index 198eeac6d..ac3a09ed1 100644
--- a/yardstick/orchestrator/kubernetes.py
+++ b/yardstick/orchestrator/kubernetes.py
@@ -74,7 +74,7 @@ class KubernetesObject(object):
 
     def _add_container(self):
         container_name = '{}-container'.format(self.name)
-        ssh_key_mount_path = "/root/.ssh/"
+        ssh_key_mount_path = '/tmp/.ssh/'
 
         container = {
             "args": self.args,
-- 
cgit 1.2.3-korg