update readme, add simple example for docker and kubernetes

basejump · basejump · commit f8b4b86bfdf6 · 2019-08-05T20:16:14.000-06:00
diff --git a/README.md b/README.md
@@ -1,5 +1,7 @@
 # SFTP
 
+**Forked from atmoz to make it easier to setup on kubernetes. also add fail2ban. merges in PRs to fix a number of issues**
+
 ![Docker Automated build](https://img.shields.io/docker/automated/atmoz/sftp.svg) ![Docker Build Status](https://img.shields.io/docker/build/atmoz/sftp.svg) ![Docker Stars](https://img.shields.io/docker/stars/atmoz/sftp.svg) ![Docker Pulls](https://img.shields.io/docker/pulls/atmoz/sftp.svg)
 
 ![OpenSSH logo](https://raw.githubusercontent.com/atmoz/sftp/master/openssh.png "Powered by OpenSSH")
@@ -35,6 +37,8 @@ This is an automated build linked with the [debian](https://hub.docker.com/_/deb
 
 # Examples
 
+to run the example in this project `./examples/docker-run.sh`
+
 ## Simplest docker run example
 
 ```
diff --git a/examples/dock-run.sh b/examples/dock-run.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# run this from the root project
+
+# docker build -t yakworks/sftp .
+
+docker run --name sftp --rm --cap-add=SYS_ADMIN -p 30022:22 \
+  -v $(pwd)/examples/users.conf:/etc/sftp/users.conf \
+  -v $(pwd)/examples/sftp-data:/sftp-data \
+  yakworks/sftp
diff --git a/examples/sftp-data/test.txt b/examples/sftp-data/test.txt
@@ -0,0 +1 @@
+test file
diff --git a/examples/users.conf b/examples/users.conf
@@ -0,0 +1,6 @@
+# user:pass:uid:gid  - if gid is 27 is sudo/admin, 100 is user. 
+# admin will get data mounted and user with get data/user/%u mounted
+foo:FuB4r:1001:27
+bar:FuB4r:1002:27
+cust:FuB4r:1003:100
+cust2:FuB4r:1004:100
diff --git a/kubernetes/README.md b/kubernetes/README.md
@@ -0,0 +1,15 @@
+# K8s
+
+Example on how to setup 
+if setting up for prod run `./scripts/keygen.sh` to create new keys and replace whats in secret-host-keys.yml
+
+kubectl create namespace sftp
+kubectl create -f secret-user-conf.yml
+kubectl create -f secret-host-keys.yml
+kubectl create -f sftp-deploy.yml
+
+clean up
+kubectl delete secret sftp-user-conf --namespace=sftp || true
+kubectl delete secret sftp-host-keys --namespace=sftp || true
+kubectl delete service sftp --namespace=sftp || true
+kubectl delete deployment sftp --namespace=sftp || true
diff --git a/kubernetes/secret-host-keys.yml b/kubernetes/secret-host-keys.yml
@@ -0,0 +1,73 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sftp-host-keys
+  namespace: sftp
+type: Opaque
+stringData:
+  # This is a sample. generate you own keys as these are not secure and are now public
+  # scripts/keygen.sh can make new keys, keep them private and safe
+  ssh_host_ed25519_key: |
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    QyNTUxOQAAACDB5Z284hLtSd55Pul4d41HsRJOY+LIYyMlc0pvHiBpNQAAAJhiND1WYjQ9
+    VgAAAAtzc2gtZWQyNTUxOQAAACDB5Z284hLtSd55Pul4d41HsRJOY+LIYyMlc0pvHiBpNQ
+    AAAECC+YCk6jbhGK1yK4U5UtrYbsd1/95+wditLavq5ja8lMHlnbziEu1J3nk+6Xh3jUex
+    Ek5j4shjIyVzSm8eIGk1AAAAEXJvb3RAYzUxZWM2YTExYTkzAQIDBA==
+    -----END OPENSSH PRIVATE KEY-----
+  ssh_host_ed25519_key.pub: |
+    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMHlnbziEu1J3nk+6Xh3jUexEk5j4shjIyVzSm8eIGk1 root@c51ec6a11a93
+  ssh_host_rsa_key: |
+    -----BEGIN RSA PRIVATE KEY-----
+    MIIJKAIBAAKCAgEArpN+a6Wrs7TCfydsl8AvmqpDUnJOcn88IpDbjFxpXL0mE/ez
+    OzMTsY6Omkr9voeW6IIk5eiepmXl9WiqkBFolUmo87Eg738PPuVNj2yMtZXCAFZB
+    RbuCB01/oBDf8vlYEADq+Ef3GFMDnuBjLSzA1zSxxCLy6qj3VPk0LUtfgkld4PBz
+    382nBV+N1AAlzLEUGXiK6t9cTvypdyKlmIbuMt+VmGCiyYtgghq86KKrHd4jTiwX
+    ztKJqPs5oEB5pkrJ203Y6XJf9L9vGNI9rS5nr9NV1fG886TonLhZVKAQRdPsti6W
+    E/VfX+XxPgLtGo6XD9qoaptk8mbKvfAoPwgAw7yrBk+RTnbiefj2MaBnsgSaBKMl
+    dSLsCPmOenLJSbDOj8s9+ekrFNB5D9hKJJI+qlcoqQ/iT1LGay00if9jGtzTJvT8
+    98t3kNZ5yNswklgBcoF777EHYD+0CBDiULqrso0LBMSuxrLxZkR6xNtmvSkawbkj
+    +W/jUMdbBHetn/zCLMz7V0+4KMvTmDibXEhisRgC3x1M8bi+h+BqRqYTZYL18CFI
+    ufQmsZpsKRpFqBxu7Q2oBvnQXfm3pMHxfEKdHmfgwFySQDsOaca1WnpE9SownC0F
+    tiQRkT2cEcU/7/xKJIJWwUQtwSUUzicF348t6RzjhNS5xrxtNYTRsKlVQ+0CAwEA
+    AQKCAgAvvYH66ilUUYBGyX822IWsJBeY+k1dnlHRmg+QCM1/YPKCz2AiNkuSaMuy
+    ggN2ERpBpyV0AfMwyfji7aaHE1uoR6Z+TdgV5odCye415JduKPAOq4faC/b5DEZ0
+    fWjgxzM/3SBkmTmHW1xIHFDCz9REhdJ/Mpd/eIl6oVOVd2E8/ddAZkEp2NFt9L2S
+    ViAAJAS9GmvS4xYZO5sUS1NBrNSC8QW1z+d0ejsAGVPDwohM+Kxq+j/gfU7L+Te/
+    DSK3SQh+goFpBbAb/CXjgcsACwqr2H1Grn7fmh9KjFdRfxw0HEpFX+QGvTlBvl4E
+    eURh2NCSs1cPIEOwzk9vNber1QJwEPs78CQY9KK2lBY053O0zeckY3BLAvzLukPa
+    bYDlw8xE1MjUBegtwi0wHrLFTwfMQ3MtqkF8hkC+mE90FBjySYCptQ1+7svPnbbC
+    zr6bG6vG3t760PJGxfm9xuRuqbUu+W8oEP2KvOdizlKynUSySNKHaZth66OJtLI9
+    sD8VluIJhMKA7xn5sTt9tFOtCe8CoQ99fk05fVOad5+AbtMKhtk1fungR8QlvKtS
+    p9KflF+QmMT2D4p0mGNXTOc3Sw3sECAaRqIvMRrH0jLm9hQ4sGl03vMeQykxW8r2
+    Cfmv+JifP7wNI3zx5SNx8aTUHDhD2SDF2JnPvBpc2VJeG/RqeQKCAQEA2yQuZ6t+
+    tbTnKnBcRabOmkBEOX4ara30ChnCKPun7Jl5u0dBFQHqEDOvkZEX36hv1zfIBTq1
+    ewQLHu2WXOFzySmcGfj53CIFmkO9Ul/bNn+P7aguw4abPx+jJKKDkr6En2FOdgoU
+    hiVgED8un5yCLmaMznUwV1C+L0/L6pbHyyz1yA0WKbUJ80qRdVU17yO/R1KBLRzR
+    /SQqGJ8LlFdRQqE+LP2aLAFTxK2Mj304s5464Q29ieZ8BssCOI333YIOBMSIoDwl
+    WvMrTJxdW+sO059pTdlkIcgzbADSQcHTSlHoJm2AeVOh94R5zx5PzJl/0WwiBoUK
+    PgCWKRo9gALQmwKCAQEAy/BrIH2qJfi0ct1aM6KEQpzpUGsRZATDgDBJ/tmOKJ/O
+    4kJqkeEuCAVZtQppbtXyHlwbupcMfapdpBab0ospDk5zFz+zI5p5ITVwC2i6pA00
+    YzwW3LB0NSqcDO2lPn9hxVntnPupXp5DFkzixLLlgpAX1RLlOJrz1jzWpAwMTXiG
+    09mh8X2jae5CReWZJDGm/nQbzkRpD0OFlkkaAtuvUj8092qW2/6p5ocOUCSE6DaV
+    xcq6C8ZI3kU6vqk/2xqP+OQh7XeW5no/sP7VDUdvBzPZE3QCYqBgv0olMFzqo7v1
+    gTPjsfB4kRretl5hYPw6McZOXA1dTkHBrFjs+MbyFwKCAQA1kT6WsOEkYbgwM48a
+    p4/RPOxwcVbsJZ2F6o3/nqSJvWp4UQ6jp/gjRb8hAiqnzXCpV0VZoeRC0dY2FTWw
+    NpwrDDTQVIAfQ2HDN9PLkwru43e3TGlB+mFwqLckeWVYNaINo6eeSxCBShmVXxxy
+    f7uCxCafQR4z+dTDk+nwyjLEg5UA9dH5F/v6sLulxtKMRly3fn99G5JpIrH3mskl
+    1cJTWz7rmIJbR2fGp/W4DZASuBcEdGtkjia7Mly0nl98khIDMFeFc65d8RsgewiH
+    M4pISKthEEbdyyZmvDypPkv72tG4swO4pKzu6D8uVeaDyPHpq1kV5ud+CH6sRXHL
+    HOUJAoIBAGBQV9eNYZjzPw1sWpg+LWZkQo/3MMxir43PwHJ6fnfTGVqj8T6Z8Spa
+    lIY6t5Zftiv+Zh4WDhEfL4A6KTci/63BAPu+2rR61LAJU7Qfrt2hWtdu3oE1WHxv
+    dilo5nyAnkUc9moINHH6Hkbe4s3wixHBSXAYr2avT28jZl8tTXYc8NgGVUP+iPmT
+    S3tFNrDwPiS34xXkGxXZVrKmLYGiDMe0ECi1DzAwsj6sE+dnh9k/RjaWSo0bBPjs
+    CxVWS1EH12y9GQTUUNDidUf64dWWoent45wbUrEPewF8W9neV/Yh4400W1mC7v3g
+    icPpCOZL2JP/SqyQpzs5NOVXTfsjwdsCggEBALQ74jyWUyLJroHHegSivuTHVRlT
+    9S2GKH4YItTiy74bLjP1oSY+rIEYrhqiJmJ/Y4z6dve2kPZuLHW2nm92lSo+kg7f
+    f0kap9jcS1DfwmsCiBIaVqcl6/uAUNiAeAbKBkJ0Y5+TpFNyiTT2i0a+idKG+mS5
+    DrW0+fbIL2yJKFlDcZ8Fsgf5ckUFL4y4aLD0I503gp03Co84L2zJTzxjE1I9juer
+    QAp1Gt2IWqad1hhU3cgwLKSjCrAtgTkjPDsm9hcoc6OWASwoz8ax1bg9IUG9ONbA
+    CgVsC+oR7tFu+3X14Uaj92HG7/mtmiJ6vl0SAfeM2G4rRNIGAZhRveAjAgo=
+    -----END RSA PRIVATE KEY-----
+  ssh_host_rsa_key.pub: |
+    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCuk35rpauztMJ/J2yXwC+aqkNSck5yfzwikNuMXGlcvSYT97M7MxOxjo6aSv2+h5bogiTl6J6mZeX1aKqQEWiVSajzsSDvfw8+5U2PbIy1lcIAVkFFu4IHTX+gEN/y+VgQAOr4R/cYUwOe4GMtLMDXNLHEIvLqqPdU+TQtS1+CSV3g8HPfzacFX43UACXMsRQZeIrq31xO/Kl3IqWYhu4y35WYYKLJi2CCGrzooqsd3iNOLBfO0omo+zmgQHmmSsnbTdjpcl/0v28Y0j2tLmev01XV8bzzpOicuFlUoBBF0+y2LpYT9V9f5fE+Au0ajpcP2qhqm2TyZsq98Cg/CADDvKsGT5FOduJ5+PYxoGeyBJoEoyV1IuwI+Y56cslJsM6Pyz356SsU0HkP2Eokkj6qVyipD+JPUsZrLTSJ/2Ma3NMm9Pz3y3eQ1nnI2zCSWAFygXvvsQdgP7QIEOJQuquyjQsExK7GsvFmRHrE22a9KRrBuSP5b+NQx1sEd62f/MIszPtXT7goy9OYOJtcSGKxGALfHUzxuL6H4GpGphNlgvXwIUi59CaxmmwpGkWoHG7tDagG+dBd+bekwfF8Qp0eZ+DAXJJAOw5pxrVaekT1KjCcLQW2JBGRPZwRxT/v/EokglbBRC3BJRTOJwXfjy3pHOOE1LnGvG01hNGwqVVD7Q== root@c51ec6a11a93
diff --git a/kubernetes/secret-user-conf.yml b/kubernetes/secret-user-conf.yml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sftp-user-conf
+  namespace: sftp
+type: Opaque
+stringData:
+  users.conf: |
+    # user:pass:uid:gid  - if gid is 27 is sudo/admin, 100 is user. 
+    # admin will get data mounted and user with get data/user/%u mounted
+    foo:F**B4r:1001:27
+    bar:F**B4r:1002:27
+    cust:F**B4r:1003:100
+    cust2:F**B4r:1004:100
diff --git a/kubernetes/sftp-deploy.yml b/kubernetes/sftp-deploy.yml
@@ -0,0 +1,91 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: sftp
+  namespace: sftp
+  labels:
+    ops: sftp
+spec:
+  # type: NodePort
+  type: LoadBalancer
+  ports:
+  - name: ssh
+    port: 30022
+    targetPort: 22
+    # nodePort: 30022
+  selector:
+    ops: sftp
+
+---
+
+kind: Deployment
+apiVersion: apps/v1beta2
+metadata:
+  name: sftp
+  namespace: sftp
+  labels:
+    ops: sftp
+spec:
+  # how many pods and indicate which strategy we want for rolling update
+  replicas: 1
+  minReadySeconds: 10
+  selector:
+    matchLabels:
+      ops: sftp
+  template:
+    metadata:
+      labels:
+        ops: sftp
+    spec:
+      #secrets and config
+      volumes:
+      - name: sftp-host-keys
+        secret:
+          secretName: sftp-host-keys
+          defaultMode: 0600
+      - name: sftp-user-conf
+        secret:
+          secretName: sftp-user-conf
+          defaultMode: 0600
+      - name: sftp-lbs-vol
+        persistentVolumeClaim:
+          claimName: sftp-lbs
+      # - name: sftp-data
+      #   hostPath:
+      #     path: "/sftp-data"
+      #     type: DirectoryOrCreate
+      containers:
+      #the sftp server itself
+      - name: sftp
+        image: yakworks/sftp:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 22
+        securityContext:
+          privileged: true
+          capabilities:
+            add: ["SYS_ADMIN"]
+        volumeMounts:
+        - mountPath: /etc/ssh/ssh_host_ed25519_key
+          name: sftp-host-keys
+          subPath: ssh_host_ed25519_key
+          readOnly: true
+        - mountPath: /etc/ssh/ssh_host_ed25519_key.pub
+          name: sftp-host-keys
+          subPath: ssh_host_ed25519_key.pub
+          readOnly: true
+        - mountPath: /etc/ssh/ssh_host_rsa_key
+          name: sftp-host-keys
+          subPath: ssh_host_rsa_key
+          readOnly: true
+        - mountPath: /etc/ssh/ssh_host_rsa_key.pub
+          name: sftp-host-keys
+          subPath: ssh_host_rsa_key.pub
+          readOnly: true
+        - mountPath: /etc/sftp/users.conf
+          name: sftp-user-conf
+          subPath: users.conf
+        - mountPath: /sftp-data
+          name: sftp-lbs-vol
+        # - mountPath: /data
+        #   name: sftp-data
diff --git a/scripts/build.sh b/scripts/build.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+docker build -t yakworks/sftp .
+docker push yakworks/sftp
diff --git a/scripts/keygen.sh b/scripts/keygen.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+mkdir keys
+# runs the image and copies the keys out to use
+docker run -it --rm -v $(pwd):/workdir yakworks/sftp \
+cp /etc/ssh/ssh_host_ed25519_key* /etc/ssh/ssh_host_rsa_key* /workdir/keys

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!/bin/bash`
	`2`	`+docker build -t yakworks/sftp .`
	`3`	`+docker push yakworks/sftp`