From d28b02e749f993b9825c1d034a1a382641068800 Mon Sep 17 00:00:00 2001
From: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Date: Sat, 21 Oct 2023 19:24:18 +0200
Subject: [PATCH] add optional ssh-admin cell

---
 templates/configmap.yaml | 6 ++++++
 templates/door.yaml      | 8 ++++++++
 values.yaml              | 5 +++++
 3 files changed, 19 insertions(+)

diff --git a/templates/configmap.yaml b/templates/configmap.yaml
index 8115172..3dfdb2c 100644
--- a/templates/configmap.yaml
+++ b/templates/configmap.yaml
@@ -89,6 +89,12 @@ data:
     [door-svc/spacemanager]
     spacemanager.authz.link-group-file-name=/opt/dcache/etc/linkgroupauthz.conf
 
+{{- if .Values.sshAdmin.enabled }}
+    [door-svc/admin]
+    admin.paths.host-keys=/etc/grid-security/ssh_host_rsa_key
+{{- end }}
+
+
 {{- range .Values.dcache.pools }}
 
     [pool-{{ . }}-svc]
diff --git a/templates/door.yaml b/templates/door.yaml
index 3909701..f92545c 100644
--- a/templates/door.yaml
+++ b/templates/door.yaml
@@ -71,6 +71,14 @@ spec:
           volumeMounts:
             - mountPath: /etc/grid-security
               name: certs
+      {{- if .Values.sshAdmin.enabled }}
+        - name: gen-ssh-key
+          image: kroniak/ssh-client
+          command: ['sh', '-c', "ssh-keygen -t rsa -b 2048 -N '' -f /etc/grid-security/ssh_host_rsa_key; chown 994:1000 /etc/grid-security/ssh_host_rsa_key"]
+          volumeMounts:
+            - mountPath: /etc/grid-security
+              name: certs
+      {{- end }}
       volumes:
       {{ include "dcache.conf.volume" . | indent 6 }}
       - name: certs
diff --git a/values.yaml b/values.yaml
index 9d6e464..e407171 100644
--- a/values.yaml
+++ b/values.yaml
@@ -30,6 +30,11 @@ door:
     gridftp: 2811
     srm: 8443
 
+sshAdmin:
+  enabled: true
+  port: 22224
+
+
 mover:
   nfs: 32049
   xrootd: 31094