How to pass SSH key to custom node driver

I’m testing out a custom node driver and am running into an issue where I don’t know how to pass an SSH key to my driver. The custom node driver accepts either a path to a SSH key or the fingerprint of a SSH key that is loaded in the SSH agent. I’m able to set either of these parameters in my node template via the Rancher UI but I don’t know how to get my node driver access to this SSH key.

I’m running rancher in a docker container on an Ubuntu VM. I tried copying my SSH key inside the rancher docker container. When I exec into the rancher docker container I can see my SSH key but the node driver still can’t access the key because rancher creates a jail when running the node driver and the jail doesn’t contain the key.

I also tried adding the SSH key to the SSH agent in the Ubuntu VM that hosts the rancher docker container and recreated the rancher docker container with the following arguments:


This allows me to see the SSH key when I run ssh-add -l from inside the rancher docker container and I can also echo $SSH_AUTH_SOCK and see that it’s set but $SSH_AUTH_SOCK is still not accessible to my node driver since it’s in a jail.

I’ve also tried setting ssh_agent_auth: true with no luck.

Here’s where I see it creating a jail in the rancher docker container log:

2022/03/19 01:27:45 [INFO] Creating jail for c-9dfx6
2022/03/19 01:27:45 [INFO] Provisioning node k8s-worker-1

How can one go about giving the node driver jail access to a SSH key?

  1. You need to add your private key if you want to authenticate via SSH, not your public key. In your case, that’s probably the file id_rsa. The public key is used by the server to verify your identity.
  2. The Dockerfile is only used for the build, so there is no way to use it to do anything at runtime. I think your approach with the environment variable is reasonable…
  3. You can connect to the container via docker exec, open the bash and interact with the filesystem like you normally would
    docker exec -it imagename /bin/bash

This assumes that you are running a system with a bash. Otherwise, try /bin/sh.

If you still far to pass this custom driver Then I have a better option for you with best example True Paintballer.

@Beckham To reiterate, I was able to give the Docker rancher container access to my SSH key from the Ubuntu VM hosting the Docker Rancher VM but the issue is that Rancher machine creates a jail when running my custom node driver code and that jail doesn’t have access to the SSH key even though the Docker container does. I ended up modifying the custom node driver so that it accepts the SSH key as a base-64 encoded string rather than a file path so that it can be stored directly in the node template. It worked out well.