Kubernetes SSH Container Exposer registers the SSH container information in the database and helps to proxy by SSHPiper.
Kubernetes
+------------------------------------------+
| Namespace=bob |
| +----------------+ +-------------------+ |
| | | | | |
| | +------------+ | | +---------------+ | |
| | | | | | | | | |
| | | MySQL | | | | SSH Container | | |
+---------+ | | | | | | | | | |
| | | | +------------+ | | +-------^-------+ | |
| Bob +--+ssh -l bob+---+ | | | | | | |
| | | | | +------------+ | +---------|---------+ |
+---------+ | | | | | | | |
+-----> SSH Piper +-------------+ |
+---------+ | | | | | | | |
| | | | | +------------+ | +---------|---------+ |
| Alice +--+ssh -l alice+-+ | | | | | | |
| | | | +------------+ | | +-------v-------+ | |
+---------+ | | | | | | | | | |
| | | KSCE | | | | SSH Container | | |
| | | | | | | | | |
| | +------------+ | | +---------------+ | |
| | | | | |
| +----------------+ +-------------------+ |
| Namespace=alice |
+------------------------------------------+
To install the chart with the release name ksce:
$ git clone git@github.com:ep4/kubernetes-ssh-container-exposer.git
$ cd kubernetes-ssh-container-exposer
$ helm dep build
$ helm inspect values . > ksce.yaml
# Edit the values files
$ vim ksce.yaml
$ helm install --name ksce --values ksce.yaml .To uninstall/delete the ksce deployment:
$ helm delete ksce --purgeThe command removes all the Kubernetes components associated with the chart and deletes the release.
The following table lists the configurable parameters of the KSCE chart and their default values.
| Parameter | Description | Default |
|---|---|---|
image.repository |
KSCE Image name | mach4/kubernetes-ssh-container-exposer |
image.tag |
KSCE Image tag | latest |
image.pullPolicy |
Image pull policy | Always |
sshpiper.image.repository |
SSHPiper Image name | farmer1992/sshpiperd |
sshpiper.image.tag |
SSHPiper Image tag | latest |
sshpiper.image.pullPolicy |
Image pull policy | Always |
sshpiper.service.type |
Kubernetes Service type | LoadBalancer |
sshpiper.service.port |
Kubernetes Service port | 2222 |
mysql.mysqlRootPassword |
Password for the root user. |
D7W626pOqa10766fA8qQxR2F |
# Create public and private keys to communicate between ssh container and sshpiper
$ ssh-keygen -f id_rsa
$ SSHPIPER_PRIVATE_KEY=`cat id_rsa.pub | base64`
$ SSHPIPER_PUBLIC_KEY=`cat id_rsa | base64`
$ PUBLIC_KEY=`cat $HOME/.ssh/id_rsa.pub | base64`
$ echo "
apiVersion: v1
kind: Pod
metadata:
name: ssh-pod
labels:
app: ssh-pod
spec:
containers:
- name: ssh-pod
image: ssh-pod:latest
ports:
- containerPort: 22
volumeMounts:
- mountPath: /root/.ssh/
name: authorized-keys
volumes:
- name: authorized-keys
secret:
secretName: ssh-pod-sshpiper-publickey
---
apiVersion: v1
kind: Secret
metadata:
name: ssh-pod-sshpiper-publickey
type: Opaque
data:
authorized_keys: $SSHPIPER_PUBLIC_KEY
---
apiVersion: v1
kind: Secret
metadata:
name: ssh-pod
type: Opaque
data:
sshpiper_id_rsa: $SSHPIPER_PRIVATE_KEY
downstream_id_rsa.pub: $PUBLIC_KEY
" > ssh-pod.yml
$ kubectl create -f ssh-pod.yml