fix(k8s): known_hosts 改掛 /etc/repair-known-hosts 獨立目錄,修 mount 衝突
All checks were successful
CD Pipeline / build-and-deploy (push) Successful in 12m11s
E2E Health Check / e2e-health (push) Successful in 34s

/etc/repair-ssh 已被 repair-ssh-key 佔用,subPath 檔案掛載衝突
改為獨立目錄 /etc/repair-known-hosts,路徑同步更新 KNOWN_HOSTS_PATH

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
OG T
2026-04-06 15:06:28 +08:00
parent d56aae135d
commit af07c23675
2 changed files with 3 additions and 3 deletions

View File

@@ -58,7 +58,7 @@ _MAX_COMMAND_LEN = 512
ANSIBLE_CONTROL_HOST = os.environ.get("ANSIBLE_CONTROL_NODE_HOST", "192.168.0.188")
ANSIBLE_CONTROL_USER = os.environ.get("ANSIBLE_CONTROL_NODE_USER", "ollama")
ANSIBLE_PLAYBOOKS_PATH = os.environ.get("ANSIBLE_PLAYBOOKS_PATH", "~/openclaw-v5/ansible/playbooks")
KNOWN_HOSTS_PATH = "/etc/repair-ssh/known_hosts"
KNOWN_HOSTS_PATH = "/etc/repair-known-hosts/known_hosts"
def validate_ansible_playbook(playbook_name: str) -> None:

View File

@@ -56,9 +56,9 @@ spec:
mountPath: /etc/repair-ssh
readOnly: true
# 2026-04-06 Claude Code: Sprint 3 Security Fix A1 — known_hosts
# 掛到獨立目錄,避免與 repair-ssh-key 的 mountPath 衝突
- name: repair-known-hosts
mountPath: /etc/repair-ssh/known_hosts
subPath: known_hosts
mountPath: /etc/repair-known-hosts
readOnly: true
resources:
requests: