Skip to content

Instantly share code, notes, and snippets.

@containerscrew

containerscrew/Dockerfile

Last active May 11, 2023 15:05
Show Gist options
  • Save containerscrew/3322c045aca2a3093acc21a3cbd93e16 to your computer and use it in GitHub Desktop.
Save containerscrew/3322c045aca2a3093acc21a3cbd93e16 to your computer and use it in GitHub Desktop.
Download ZIP
SOCKS server in Kubernetes
Raw
README.md

SOCKS server in Kubernetes for debug/testing purpose

The reason for this is basically the following:

I need to go out for the public IP of my Kubernetes cluster to debug an external website and I want to do it from my local machine (using the browser in fact). Therefore, I will be able to navigate from my local using crossing traffic through a pod, using Openssh-Server as SOCKSV5 Server.

REMEMBER: DEBUGING OR TESTING PURPOSE!!!

Credits

The official image of this SSH server is from linuxserver.io

Steps

Build your own image. The Dockerfile has a slight change from the official image. Enable TCP forward.

FROM docker.io/linuxserver/openssh-server:latest
# latest is not a good practice, but this is for testing purpose

RUN sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config

Build the image using the script

Inside the script build.sh change the docker hub username/repository (or custom repository).

#!/usr/bin/env bash

# I'm using buildx since I'm using Kubernetes nodes with amd64 but my personal laptop it's arm64
docker buildx build --platform linux/amd64 \
--no-cache \
--pull \
-t docker.io/containerscrew/socks-k8s:latest .

docker push docker.io/containerscrew/socks-k8s:latest

Change containerscrew/socks-k8s and put your own user.

Execute the script:

./build.sh

Deploy the pod in your cluster

kubectl apply -f pod.yml

Take a look in the pod.yml and change what you need

Port forward from your pod to your local

kubectl port-forward pod/socks-pod 2222:2222 -n default

SOCKS tunnel using ssh in your local machine

ssh -D8080 admin@localhost -p 2222

Password is admin (the password can be changed in pod.yml)

Also you can execute the following command to run in background

ssh -qNfC -D8080 admin@localhost -p 2222

Execute your first connection tunneled by the socks proxy

First:

curl ifconfig.me

Then:

curl -x socks5h://127.0.0.1:8080 ifconfig.me

Browser

To be able to tunnel connections in your browser, you need to install a plugin such as Socks5 Proxy. Configure it to make requests to 127.0.0.1:8080.

Raw
build.sh
#!/usr/bin/env bash
# I'm using buildx since I'm using Kubernetes nodes with amd64 but my personal laptop it's arm64
docker buildx build --platform linux/amd64 \
--no-cache \
--pull \
-t docker.io/containerscrew/socks-k8s:latest .
docker push docker.io/containerscrew/socks-k8s:latest
Raw
Dockerfile
FROM docker.io/linuxserver/openssh-server:latest
# latest is not a good practice, but this is for testing purpose
RUN sed -i 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
Raw
pod.yml
apiVersion: v1
kind: Pod
metadata:
name: socks-pod
namespace: default
spec:
terminationGracePeriodSeconds: 5
containers:
- image: docker.io/containerscrew/socks-k8s:latest
imagePullPolicy: Always
name: socks-pod
resources:
limits:
cpu: 100m
memory: 512Mi
requests:
cpu: 50m
memory: 128Mi
env:
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: TZ
value: "Etc/UTC"
- name: USER_PASSWORD
value: "admin"
- name: USER_NAME
value: "admin"
- name: PASSWORD_ACCESS
value: "true"
- name: SUDO_ACCESS
value: "false"
ports:
- containerPort: 2222
restartPolicy: Never
# nodeSelector:
# Nodegroup: test
# tolerations:
# - key: "dedicated"
# operator: "Equal"
# value: "test"
# effect: "NoSchedule"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment