diff --git a/README.md b/README.md
index d8589a5..98234c9 100644
--- a/README.md
+++ b/README.md
@@ -35,9 +35,12 @@ No modules.
| [namespace](#input\_namespace) | Namespace where the resource will be deployed. If not specified it will be deployed in 'default' namespace. | `string` | `"default"` | no |
| [ssh\_host\_rsa\_key](#input\_ssh\_host\_rsa\_key) | Private key used by the OpenSSH server. If not defined it will generated automatically, but won't be saved. | `string` | `""` | no |
| [ssh\_host\_rsa\_key\_public](#input\_ssh\_host\_rsa\_key\_public) | Public key used by the OpenSSH server. If not defined it will generated automatically, but won't be saved. | `string` | `""` | no |
-| [ssh\_keys](#input\_ssh\_keys) | List of SSH keys to be added to the authorized keys list. | `string` | n/a | yes |
+| [ssh\_keys](#input\_ssh\_keys) | List of SSH keys to be added to the authorized keys list. Should be in the same format as the 'authorized\_keys' file, represented in Heredoc style as a multi-line string value. | `string` | n/a | yes |
+| [ssh\_port](#input\_ssh\_port) | Specify the port that OpenSSH server will bind to. The port value can't be below 1024. If not defined it will use '2222' as default. | `number` | `2222` | no |
+| [ssh\_user](#input\_ssh\_user) | Specify a username to connect to. If not defined it will use 'user' as default. | `string` | `"user"` | no |
| [sshd\_config](#input\_sshd\_config) | Configuration file for SSH. If not defined it will use the default. | `string` | `""` | no |
| [svc\_annotations](#input\_svc\_annotations) | Map of annotations for the service. | `map(any)` | `{}` | no |
+| [svc\_port](#input\_svc\_port) | Port where the OpenSSH will be exposed. If not defined it will use '22' as default | `number` | `22` | no |
| [svc\_type](#input\_svc\_type) | Type of LoadBalancer. | `string` | `"LoadBalancer"` | no |
## Outputs
diff --git a/main.tf b/main.tf
index 9864f31..9426f3c 100644
--- a/main.tf
+++ b/main.tf
@@ -3,6 +3,7 @@ locals {
# Default SSH config
sshd_config = <<-EOT
+Port ${var.ssh_port}
AllowTcpForwarding yes
AuthorizedKeysFile .ssh/authorized_keys
ClientAliveCountMax 100
@@ -132,44 +133,67 @@ resource "kubernetes_deployment" "main" {
}
}
- container {
- name = local.resource_name
- image = "${var.image_repository}:${var.image_tag}"
+ volume {
+ name = "config"
+ empty_dir {}
+ }
- env {
- name = "USER_NAME"
- value = "user"
- }
+ init_container {
+ name = "${local.resource_name}-init"
+ image = "busybox:1.36.1-uclibc"
- volume_mount {
- name = "motd"
- mount_path = "/etc/motd"
- sub_path = "motd"
- }
+ command = ["sh", "-c", "cp -r /defaults/. /config && chmod 600 /config/ssh_host_keys/ssh_host_rsa_key"]
volume_mount {
name = "authorized-keys"
- mount_path = "/config/.ssh/authorized_keys"
+ mount_path = "/defaults/.ssh/authorized_keys"
sub_path = "authorized_keys"
}
volume_mount {
name = "sshd-config"
- mount_path = "/config/ssh_host_keys/sshd_config"
+ mount_path = "/defaults/ssh_host_keys/sshd_config"
sub_path = "sshd_config"
}
volume_mount {
name = "ssh-host-rsa-key"
- mount_path = "/config/ssh_host_keys/ssh_host_rsa_key"
+ mount_path = "/defaults/ssh_host_keys/ssh_host_rsa_key"
sub_path = "ssh_host_rsa_key"
}
volume_mount {
name = "ssh-host-rsa-key-public"
- mount_path = "/config/ssh_host_keys/ssh_host_rsa_key_public"
+ mount_path = "/defaults/ssh_host_keys/ssh_host_rsa_key_public"
sub_path = "ssh_host_rsa_key_public"
}
+
+ volume_mount {
+ name = "config"
+ mount_path = "/config"
+ }
+ }
+
+ container {
+ name = local.resource_name
+ image = "${var.image_repository}:${var.image_tag}"
+
+ env {
+ name = "USER_NAME"
+ value = var.ssh_user
+ }
+
+
+ volume_mount {
+ name = "motd"
+ mount_path = "/etc/motd"
+ sub_path = "motd"
+ }
+
+ volume_mount {
+ name = "config"
+ mount_path = "/config"
+ }
}
}
}
@@ -203,8 +227,8 @@ resource "kubernetes_service" "main" {
app = local.resource_name
}
port {
- port = 22
- target_port = 2222
+ port = var.svc_port
+ target_port = var.ssh_port
}
type = var.svc_type
diff --git a/variables.tf b/variables.tf
index a630a9f..97ae504 100644
--- a/variables.tf
+++ b/variables.tf
@@ -33,7 +33,6 @@ variable "sshd_config" {
description = "Configuration file for SSH. If not defined it will use the default."
}
-
variable "ssh_host_rsa_key" {
type = string
default = ""
@@ -46,6 +45,18 @@ variable "ssh_host_rsa_key_public" {
description = "Public key used by the OpenSSH server. If not defined it will generated automatically, but won't be saved."
}
+variable "ssh_user" {
+ type = string
+ default = "user"
+ description = "Specify a username to connect to. If not defined it will use 'user' as default."
+}
+
+variable "ssh_port" {
+ type = number
+ default = 2222
+ description = "Specify the port that OpenSSH server will bind to. The port value can't be below 1024. If not defined it will use '2222' as default."
+}
+
variable "image_repository" {
type = string
default = "linuxserver/openssh-server"
@@ -69,3 +80,9 @@ variable "svc_type" {
default = "LoadBalancer"
description = "Type of LoadBalancer."
}
+
+variable "svc_port" {
+ type = number
+ default = 22
+ description = "Port where the OpenSSH will be exposed. If not defined it will use '22' as default"
+}