sdkks/README.md

## README.md

      
        
                
      Raw
    
  

        
        
          
            
          
          
            
              README.md
            
          
        
      
      
    Requirements

socat
kubectl with proper ~/.kube/config that can connect to your cluster
Working knowledge of kubectl client
OpenSSH client

How does it work?

kubectl does port forwarding to sshd port of your pod. I'm using pm2 process managed to keep my services alive in my workstation container. If you have only sshd, easiest to use is dropbear
ProxyCommand of OpenSSH client uses socat to redirect two way fd - to forwarded port of kubectl
Voila! You are in

See it in action
But WHY?
Starbucks, school, guest network, there are whole bunch of wifi zones with firewalls blocking outgoing access to TCP Port 22. I remember my school's firewall used to scan packet headers to see whether it's http to allow it. If you are in a place that whitelists only HTTP access to non-blacklisted sites, this will do the magic.
This is an autoamtic way of doing it, so you could possibly SSH, SFTP, even use this as JumpHost in your .ssh/config, meaning you could connect to regular port 22 servers like:
kubectl proxy => ProxyCommand socat to your pod => regular ssh to any other server

  

  

## kubectl-portfwd-ws.sh
#!/usr/bin/env bash
set -euo pipefail

# Ignore this function and `e home` if you use something like `kubectx` to manage your kubectl contexts and environments
e(){
    export KUBECONFIG="${HOME}/.kubechain/${@}"
}

e home

# Replace podname with your own
POD=$(kubectl get pod | grep Running | grep ws- | awk '{print $1}')

# Change forwarding port here and in ssh-config if you need something different
if ! grep 2222 <(netstat -nat) &>/dev/null ; then
    kubectl port-forward $POD 2222:2222 &
fi

while ! nc -z 127.0.0.1 2222; do
    sleep 0.1
done

socat - tcp:127.0.0.1:2222

## ssh-config
# Append this to your ~/.ssh/config
Host <server name you want to use>
    Hostname <Assuming you are forwarding to localhost 127.0.0.1>
    User <username>
    Port <Your forwarded host, use >1024 because less than 1024 requires `sudo` perms 2222>
    ProxyCommand ~/.dotfiles/scripts/kubectl-portfwd-ws.sh
    IdentitiesOnly yes
    IdentityFile ~/.dotfiles/keys/id_rsa
	#!/usr/bin/env bash
	set -euo pipefail

	# Ignore this function and `e home` if you use something like `kubectx` to manage your kubectl contexts and environments
	e(){
	export KUBECONFIG="${HOME}/.kubechain/${@}"
	}

	e home

	# Replace podname with your own
	POD=$(kubectl get pod \| grep Running \| grep ws- \| awk '{print $1}')

	# Change forwarding port here and in ssh-config if you need something different
	if ! grep 2222 <(netstat -nat) &>/dev/null ; then
	kubectl port-forward $POD 2222:2222 &
	fi

	while ! nc -z 127.0.0.1 2222; do
	sleep 0.1
	done

	socat - tcp:127.0.0.1:2222
	# Append this to your ~/.ssh/config
	Host <server name you want to use>
	Hostname <Assuming you are forwarding to localhost 127.0.0.1>
	User <username>
	Port <Your forwarded host, use >1024 because less than 1024 requires `sudo` perms 2222>
	ProxyCommand ~/.dotfiles/scripts/kubectl-portfwd-ws.sh
	IdentitiesOnly yes
	IdentityFile ~/.dotfiles/keys/id_rsa