Old manual
You are reading the reference manual of an older release. Read the current manual »
Building a container image for ContainerSSH
ContainerSSH can run any Linux container image. However, it is strongly recommended that you install the ContainerSSH guest agent into the image to make all features available.
If you wish to use SFTP you have to add an SFTP server (apt install openssh-sftp-server
on Ubuntu) to the container image and configure the path of the SFTP server correctly in your config.yaml. The sample image containerssh/containerssh-guest-image
contains an SFTP server.
Integrating the guest agent¶
This method uses the containerssh/agent
container image as part of a multistage build:
FROM containerssh/agent AS agent
FROM your-base-image
COPY --from=agent /usr/bin/containerssh-agent /usr/bin/containerssh-agent
# Your other build commands here
We have an experimental Debian repository containing the agent package. Once you have set up the repository you can install the agent like this:
apt-get install containerssh-agent
To use this method go to the latest release from the releases section and verify it against our https://containerssh.io/gpg.txt key (3EE5B012FA7B400CD952601E4689F1F0F358FABA
).
On an Ubuntu image build this would involve the following steps:
ARG AGENT_GPG_FINGERPRINT=3EE5B012FA7B400CD952601E4689F1F0F358FABA
ARG AGENT_GPG_SOURCE=https://containerssh.io/gpg.txt
RUN echo "\e[1;32mInstalling ContainerSSH guest agent...\e[0m" && \
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::='--force-confold' update && \
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::='--force-confold' -fuy --allow-downgrades --allow-remove-essential --allow-change-held-packages install gpg && \
wget -q -O - https://api.github.com/repos/containerssh/agent/releases/latest | grep browser_download_url | grep -e "agent_.*_linux_amd64.deb" | awk ' { print $2 } ' | sed -e 's/"//g' > /tmp/assets.txt && \
wget -q -O /tmp/agent.deb $(cat /tmp/assets.txt |grep -v .sig) && \
wget -q -O /tmp/agent.deb.sig $(cat /tmp/assets.txt |grep .sig) && \
wget -q -O - $AGENT_GPG_SOURCE | gpg --import && \
echo -e "5\ny\n" | gpg --command-fd 0 --batch --expert --edit-key $AGENT_GPG_FINGERPRINT trust && \
test $(gpg --status-fd=1 --verify /tmp/agent.deb.sig /tmp/agent.deb | grep VALIDSIG | grep $AGENT_GPG_FINGERPRINT | wc -l) -eq 1 && \
dpkg -i /tmp/agent.deb && \
rm -rf /tmp/* && \
rm -rf ~/.gnupg && \
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::='--force-confold' -fuy --allow-downgrades --allow-remove-essential --allow-change-held-packages remove gpg && \
DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::='--force-confold' -y clean && \
/usr/bin/containerssh-agent -h
Warning
The release signing process is experimental and is likely to change in the future.
Guest image support is enabled by default in the Docker and Kubernetes backends, but can be disabled as shown below. The KubeRun and DockerRun backends do not support the guest agent.
docker:
execution:
disableAgent: true
kubernetes:
pod:
disableAgent: true