GithubHelp home page GithubHelp logo

Comments (13)

maraino avatar maraino commented on September 27, 2024

This is a known issue, right now the helm-chart only sets up the CA with the default configuration. Editing the configmap that has the ca.json won't be enough as you will need the keys too. So do get it you will need to edit the chart itself.

I'm not sure, because I haven't tested, but I think adding --ssh here might be enough:
https://github.com/smallstep/helm-charts/blob/master/step-certificates/templates/configmaps.yaml#L106-L113

from helm-charts.

tquid avatar tquid commented on September 27, 2024

Thanks. Yes, I was thinking something like {{ if .Values.ca.ssh.enabled }}--ssh{{ end }}, I'll try it and report back.

from helm-charts.

maraino avatar maraino commented on September 27, 2024

Yes, we need to add something like that for sure. SSH still in alpha stage and we didn't do it. We're working on providing a nicer experience with it.

from helm-charts.

tquid avatar tquid commented on September 27, 2024

I tried updating the values.yml and templates\configmaps.yml as mentioned, and I get this curious error:

(Usual messages about root cert location, config files, etc)
...
Your PKI is ready to go. To generate certificates for individual services see 'step help ca'.
/home/step/bootstrap/bootstrap.sh: line 61: --ssh: not found

Not sure if I'm just getting my newline escaping wrong or something; it seems like the --ssh is being interpreted by itself. Unless openssh needs to be installed on the Docker image?

I've attached a diff.
smallstep-diff.txt

from helm-charts.

tquid avatar tquid commented on September 27, 2024

OK, I did have issues with the line continuations, so just combined the lines. That unfortunately confirmed my hunch about the image, as we then get this error:

Initializating the CA...
Incorrect Usage: flag provided but not defined: -ssh

from helm-charts.

kfox1111 avatar kfox1111 commented on September 27, 2024

Interested in this as well.

from helm-charts.

tquid avatar tquid commented on September 27, 2024

Any movement on this at all?

from helm-charts.

alexbarcelo avatar alexbarcelo commented on September 27, 2024

Maybe the bootstrap image is not ready to manage the --ssh flag?

I see that last build was from May, so maybe the binary in that image is too old for the --ssh flag.

To support ssh in the helm chart it seems that it needs to

  • Add the "ssh enable" configuration for Helm just as @tquid proposed
  • Update the step-ca-bootstrap to support the --ssh flag

I suppose I could workaroudn by using the patch in this thread + building a new step-ca-bootstrap image and changing it in the bootstrapImage.repository helm chart configuration variable... but... I would prefer to wait for an official update, if it's coming!

from helm-charts.

insertjokehere avatar insertjokehere commented on September 27, 2024

Is the source for the bootstrap image available anywhere?

from helm-charts.

maraino avatar maraino commented on September 27, 2024

@insertjokehere The actual bootstrap image is this one:
https://github.com/smallstep/helm-charts/blob/master/docker/step-ca-bootstrap/Dockerfile

But the script executed as an entry point is here:

helm-charts/step-certificates/templates/configmaps.yaml

Lines 104 to 111 in e09b6ed

step ca init \
--name "{{.Values.ca.name}}" \
--dns "{{include "step-certificates.dns" .}}" \
--address "{{.Values.ca.address}}" \
--provisioner "{{.Values.ca.provisioner.name}}" \
--with-ca-url "{{include "step-certificates.url" .}}" \
--password-file "$TMP_CA_PASSWORD" \
--provisioner-password-file "$TMP_CA_PROVISIONER_PASSWORD" {{ if not .Values.ca.db.enabled }}--no-db{{ end }}

It would be possible to add an if condition to add the --ssh flag, or perhaps easier, I believe boolean flags can be passed as --ssh true or --ssh false too.

from helm-charts.

estenrye avatar estenrye commented on September 27, 2024

@tquid the chart now has an inject mode that allows you to configure all aspects of ca.json and the ability to inject all keys used by the CA.

It should now be possible to configure an SSH CA using this helm chart.

from helm-charts.

estenrye avatar estenrye commented on September 27, 2024

@tquid @maraino Are we able to close this issue now?

from helm-charts.

maraino avatar maraino commented on September 27, 2024

Yes, closing this now. Using the step ca init --ssh --helm chart is now possible to enable SSH. The bootstrap script is deprecated.

from helm-charts.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.