Fix ssh-agent sidecar: install openssh as root, run agent as user 999

- Install openssh as root (has apk permissions) - Create argocd user (999) if needed - Use su to run ssh-agent as argocd user - Fixes 'permission denied' and 'ssh-agent not found' errors
author: Paul Buetow <paul@buetow.org> 2026-01-10 11:09:15 +0200
committer: Paul Buetow <paul@buetow.org> 2026-01-10 11:09:15 +0200
commit: d2d12b0aee6dea7425bcd154d173d68869500547 (patch)
tree: 6043dbb24295511637e5568599ab53b3840c2e70 /f3s
parent: 5d31c49baec8712100effecc287882a099030e90 (diff)
1 files changed, 10 insertions, 7 deletions
diff --git a/f3s/argocd/values.yaml b/f3s/argocd/values.yaml
index 45ba916..75d3c91 100644
--- a/f3s/argocd/values.yaml
+++ b/f3s/argocd/values.yaml
@@ -76,18 +76,21 @@ repoServer:
   extraContainers:
     - name: ssh-agent
       image: alpine:3.19
-      securityContext:
-        runAsUser: 999
-        runAsGroup: 999
       command:
         - sh
         - -c
         - |
+          # Install openssh as root
           apk add --no-cache openssh
-          eval $(ssh-agent -s -a /tmp/ssh-agent/socket)
-          ssh-add /tmp/ssh-key/sshPrivateKey
-          # Keep agent running
-          while true; do sleep 3600; done
+          # Create argocd user if it doesn't exist
+          adduser -D -u 999 argocd 2>/dev/null || true
+          # Start ssh-agent as argocd user
+          su argocd -s /bin/sh -c '
+            eval $(ssh-agent -s -a /tmp/ssh-agent/socket)
+            ssh-add /tmp/ssh-key/sshPrivateKey
+            # Keep agent running
+            while true; do sleep 3600; done
+          '
       volumeMounts:
         - name: ssh-agent-socket
           mountPath: /tmp/ssh-agent
author	Paul Buetow <paul@buetow.org>	2026-01-10 11:09:15 +0200
committer	Paul Buetow <paul@buetow.org>	2026-01-10 11:09:15 +0200
commit	d2d12b0aee6dea7425bcd154d173d68869500547 (patch)
tree	6043dbb24295511637e5568599ab53b3840c2e70 /f3s
parent	5d31c49baec8712100effecc287882a099030e90 (diff)