cert-manager: cert-exporter: Static SSH host keys

The *cert-exporter* script really only needs the SSH host key for Gitea, so the dynamic host key fetch is overkill. Since it frequently breaks for various reasons, it's probably better to just have a static list of trusted keys.
2024-01-04 15:35:00 -06:00
parent 98cdcdfe30
commit fbf2a6864f
3 changed files with 10 additions and 7 deletions
--- a/cert-manager/cert-exporter.yaml
+++ b/cert-manager/cert-exporter.yaml
@@ -53,8 +53,6 @@ data:
      key: certificates/hatchlearningcenter.org.key
      cert: certificates/hatchlearningcenter.org.crt
      bundle: certificates/hatchlearningcenter.org.pem
-  known-hosts-command.ssh_config: |
-    KnownHostsCommand /usr/bin/curl -fsL https://files.pyrocufflink.blue/ssh_known_hosts

 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -117,9 +115,9 @@ spec:
              name: sshkeys
              subPath: cert-exporter.pem
              readOnly: true
-            - mountPath: /etc/ssh/ssh_config.d/known-hosts-command.conf
-              name: config
-              subPath: known-hosts-command.ssh_config
+            - mountPath: /etc/ssh/ssh_known_hosts
+              name: sshkeys
+              subPath: ssh_known_hosts
              readOnly: true
          securityContext:
            fsGroup: 1000