k8s deployments搭建sftp服务

镜像

docker pull atmoz/sftp:alpine

此处使用的是开源镜像，镜像源码地址GitHub - atmoz/sftp: Securely share your files

编排文件

编排文件sftp.yaml内容如下：

apiVersion: apps/v1
kind: Deployment
metadata:
  name: sftp
spec:
  replicas: 1 #可自行修改副本的个数
  selector:
    matchLabels:
      app: sftp
  template:
    metadata:
      labels:
        app: sftp
    spec:
      containers:
      - command: ["/entrypoint", "$(user):$(passwd):::$(path)"]
        image: atmoz/sftp:alpine
        name: sftp
        env:
        - name: TZ
          value: "CST-8"
        - name: user
          value: "sftp"
        - name: passwd
          value: "123456"
        - name: path
          value: "upload"
        resources:
          limits:
            cpu: "1"
            memory: 200Mi
          requests:
            cpu: "0.5"
            memory: 100Mi
        volumeMounts:
        - mountPath: /etc/ssh/ssh_host_ed25519_key
          name: ssh-host-ed25519-key
        - mountPath: /etc/ssh/ssh_host_rsa_key
          name: ssh-host-rsa-key
      volumes:
      - hostPath:
          path: /etc/ssh/ssh_host_ed25519_key
        name: ssh-host-ed25519-key
      - hostPath:
          path: /etc/ssh/ssh_host_rsa_key
        name: ssh-host-rsa-key
---
# 根据需要创建Service Nodeport
apiVersion: v1
kind: Service
metadata:
  name: sftp
  labels:
    app: sftp
spec:
  type: NodePort
  ports:
  - port: 22
    nodePort: 30022
    targetPort: 22
    protocol: TCP
  selector:
    app: sftp

注意，/etc/ssh/ssh_host_rsa_key和/etc/ssh/ssh_host_ed25519_key需要挂载宿主机的，假如宿主机没有这两个文件，可以使用以下命令生成：

ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''
ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ''

否则容器启动时会自动生成这两个文件，每次重启pod后这两个文件都会变，从而导致pod重启后，客户端访问sftp服务时出现以下错误：

[root@k8smaster ~]# sftp -P 30022 sftp@10.8.4.181
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
b4:0e:1e:38:cf:52:bb:3d:d5:42:c4:3c:c4:2e:ad:23.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ED25519 key in /root/.ssh/known_hosts:22
ED25519 host key for [10.8.4.181]:30022 has changed and you have requested strict checking.
Host key verification failed.
Couldn't read packet: Connection reset by peer

编排服务

执行kubectl apply -f sftp.yaml编排服务。

测试sftp服务

访问sftp服务，其中用户名是上面编排文件中的环境变量user的值sftp，密码是passwd的值123456，路径是path的值upload：

[root@k8s-master1 lck]# sftp -P 30022 sftp@10.8.4.181
sftp@10.8.4.181's password:
Connected to 10.8.4.181.
sftp> ls
upload
sftp> put nodeport.yaml upload/
Uploading nodeport.yaml to /upload/nodeport.yaml
nodeport.yaml                                                                              100%  244    23.4KB/s   00:00
sftp> exit

测试通过，更多说明参考镜像源码地址GitHub - atmoz/sftp: Securely share your files