镜像
docker pull atmoz/sftp:alpine
此处使用的是开源镜像,镜像源码地址GitHub - atmoz/sftp: Securely share your files
编排文件
编排文件sftp.yaml内容如下:
apiVersion: apps/v1
kind: Deployment
metadata:
name: sftp
spec:
replicas: 1 #可自行修改副本的个数
selector:
matchLabels:
app: sftp
template:
metadata:
labels:
app: sftp
spec:
containers:
- command: ["/entrypoint", "$(user):$(passwd):::$(path)"]
image: atmoz/sftp:alpine
name: sftp
env:
- name: TZ
value: "CST-8"
- name: user
value: "sftp"
- name: passwd
value: "123456"
- name: path
value: "upload"
resources:
limits:
cpu: "1"
memory: 200Mi
requests:
cpu: "0.5"
memory: 100Mi
volumeMounts:
- mountPath: /etc/ssh/ssh_host_ed25519_key
name: ssh-host-ed25519-key
- mountPath: /etc/ssh/ssh_host_rsa_key
name: ssh-host-rsa-key
volumes:
- hostPath:
path: /etc/ssh/ssh_host_ed25519_key
name: ssh-host-ed25519-key
- hostPath:
path: /etc/ssh/ssh_host_rsa_key
name: ssh-host-rsa-key
---
# 根据需要创建Service Nodeport
apiVersion: v1
kind: Service
metadata:
name: sftp
labels:
app: sftp
spec:
type: NodePort
ports:
- port: 22
nodePort: 30022
targetPort: 22
protocol: TCP
selector:
app: sftp
注意,/etc/ssh/ssh_host_rsa_key和/etc/ssh/ssh_host_ed25519_key需要挂载宿主机的,假如宿主机没有这两个文件,可以使用以下命令生成:
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''
ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ''
否则容器启动时会自动生成这两个文件,每次重启pod后这两个文件都会变,从而导致pod重启后,客户端访问sftp服务时出现以下错误:
[root@k8smaster ~]# sftp -P 30022 sftp@10.8.4.181
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
b4:0e:1e:38:cf:52:bb:3d:d5:42:c4:3c:c4:2e:ad:23.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ED25519 key in /root/.ssh/known_hosts:22
ED25519 host key for [10.8.4.181]:30022 has changed and you have requested strict checking.
Host key verification failed.
Couldn't read packet: Connection reset by peer
编排服务
执行kubectl apply -f sftp.yaml编排服务。
测试sftp服务
访问sftp服务,其中用户名是上面编排文件中的环境变量user的值sftp,密码是passwd的值123456,路径是path的值upload:
[root@k8s-master1 lck]# sftp -P 30022 sftp@10.8.4.181
sftp@10.8.4.181's password:
Connected to 10.8.4.181.
sftp> ls
upload
sftp> put nodeport.yaml upload/
Uploading nodeport.yaml to /upload/nodeport.yaml
nodeport.yaml 100% 244 23.4KB/s 00:00
sftp> exit
测试通过,
————————————————