Skip to content

Instantly share code, notes, and snippets.

@jpetazzo

jpetazzo/configmap.yaml

Created February 11, 2024 17:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save jpetazzo/63ad363937ce5b7d48ed4af8e06fe38b to your computer and use it in GitHub Desktop.
Save jpetazzo/63ad363937ce5b7d48ed4af8e06fe38b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
configmap.yaml
apiVersion: v1
data:
authorized_keys: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID9Zt/CR+kt1omLPJmMLCJu1w3aIpg7IO0Vv7up+MVFI jp@hex
kind: ConfigMap
metadata:
name: shpod
Raw
pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: shpod
labels:
app: shpod
spec:
volumes:
- name: home
persistentVolumeClaim:
claimName: shpod
- name: pubkey
configMap:
name: shpod
containers:
- name: sshd
image: alpine
volumeMounts:
- name: home
mountPath: /home
- name: pubkey
mountPath: /home/user/.ssh
command:
- sh
- -c
- |
set -e
apk add openssh
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ""
echo "StrictModes no" >> /etc/ssh/sshd_config
echo "group:x:1000:" >> /etc/group
echo "user:x:1000:1000::/home/user:/bin/sh" >> /etc/passwd
mkdir -p /home/user
chown user /home/user
exec /usr/sbin/sshd -D -e
Raw
pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: shpod
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1G
Raw
service.yaml
apiVersion: v1
kind: Service
metadata:
name: shpod
spec:
ports:
- name: ssh
port: 22
protocol: TCP
targetPort: 22
selector:
app: shpod
type: ClusterIP
@daixtrose
Copy link

daixtrose commented Feb 19, 2024
edited

I tried to use this example in the following way (using my own ssh credentials):

  • Installed brand new k3s on target machine using the curl method 
    curl -sfL https://get.k3s.io | sh -
  • Issue the following commands 
    sudo kubectl apply -f pvc.yaml 
sudo kubectl apply -f configmap.yaml 
sudo kubectl apply -f service.yaml 
sudo kubectl apply -f pod.yaml 
sudo kubectl get pod shpod
sudo kubectl describe configmaps shpod
sudo kubectl exec -it shpod -- /bin/sh

I get a prompt and can see that the mounting points are available

/ # cat /home/user/.ssh/authorized_keys 
ssh-ed25519 AAAAC3NzaC1lZDI1NTEXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+qzZ numer@pc-001
/ # ifconfig
eth0      Link encap:Ethernet  HWaddr F6:BB:D9:DC:BE:4B  
          inet addr:10.42.0.10  Bcast:10.42.0.255  Mask:255.255.255.0
          inet6 addr: fe80::f4bb:d9ff:fedc:be4b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1450  Metric:1
          RX packets:924 errors:0 dropped:0 overruns:0 frame:0
          TX packets:636 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:4541612 (4.3 MiB)  TX bytes:45948 (44.8 KiB)

# ... lo skipped ...
/ # ps -ef | grep ssh
    1 root      0:00 sshd: /usr/sbin/sshd -D -e [listener] 0 of 10-100 startups

Setting up port forwarding

$ sudo kubectl port-forward service/shpod 2222:22
Forwarding from 127.0.0.1:2222 -> 22
Forwarding from [::1]:2222 -> 22

Now I try to connect from another machine in the network, but the internal network does not seem to be exposed.

$ ssh -i .ssh/k3s-server-credentials -l user -p 2222 build-server.fritz.box
ssh: connect to host build-server.fritz.box port 2222: Connection timed out
$ ssh -v -v -v -i .ssh/k3s-server-credentials -l user -p 2222 build-server.fritz.box
OpenSSH_9.5p1, OpenSSL 3.1.4 24 Oct 2023
debug1: Reading configuration data /c/Users/numer/.ssh/config
debug1: /c/Users/numer/.ssh/config line 1: Applying options for build-server.fritz.box
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/c/Users/numer/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/c/Users/numer/.ssh/known_hosts2'
debug2: resolving "build-server.fritz.box" port 2222
debug3: resolve_host: lookup build-server.fritz.box:2222
debug3: ssh_connect_direct: entering
debug1: Connecting to build-server.fritz.box [2001:9e8:460a:b100:e893:b547:b2f1:ca36] port 2222.
debug3: set_sock_tos: set socket 4 IPV6_TCLASS 0x48
debug1: connect to address 2001:9e8:460a:b100:e893:b547:b2f1:ca36 port 2222: Connection refused
debug1: Connecting to build-server.fritz.box [2001:9e8:460a:b100:50a4:5ebe:5728:acb1] port 2222.
debug3: set_sock_tos: set socket 4 IPV6_TCLASS 0x48
debug1: connect to address 2001:9e8:460a:b100:50a4:5ebe:5728:acb1 port 2222: Connection refused
debug1: Connecting to build-server.fritz.box [192.168.178.111] port 2222.
debug3: set_sock_tos: set socket 4 IP_TOS 0x48
debug1: connect to address 192.168.178.111 port 2222: Connection refused
debug1: Connecting to build-server.fritz.box [192.168.178.55] port 2222.
debug3: set_sock_tos: set socket 4 IP_TOS 0x48
debug1: connect to address 192.168.178.55 port 2222: Connection timed out
ssh: connect to host build-server.fritz.box port 2222: Connection timed out

I guess I have to configure the network in more detail. Any hints how to do this?

@daixtrose
Copy link

Fixed the connectivity issue with

sudo kubectl port-forward --address 0.0.0.0 service/shpod 2222:22

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment