kubernetes

command

v1.4.3 Latest Latest Go to latest Published: Oct 28, 2024 License: MIT Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tg123/sshpiper

Links

Open Source Insights

README ¶

kubernetes plugin for sshpiperd

The kubernetes plugin for sshpiperd provides native kubernetes CRD integretion and allow you manage sshpiper by kubectl get pipes and kubectl apply -f pipe.yaml

this plugin is inpsired by the first version kubernetes plugin for v0 sshpier by pockost

Usage

Start plugin with flag --all-namespaces or environment variable SSHPIPERD_KUBERNETES_ALL_NAMESPACES=true for cluster-wide usage, or it will listen to the namespace where it is in by default.

Start plugin with flag --kubeconfig or environment variable SSHPIPERD_KUBERNETES_KUBECONFIG=/path/to/kubeconfig to specify the kubeconfig file.

Helm

helm repo add sshpiper https://tg123.github.io/sshpiper-chart/

helm install my-sshpiper sshpiper/sshpiper --version 0.1.1

Manually

Apply CRD definition

kubectl apply -f https://raw.githubusercontent.com/tg123/sshpiper/master/plugin/kubernetes/crd.yaml

most parameters are the same as in yaml

A full sample can be found here

Create Service

# sshpiper service
---
apiVersion: v1
kind: Service
metadata:
  name: sshpiper
spec:
  selector:
    app: sshpiper
  ports:
    - protocol: TCP
      port: 2222
---
apiVersion: v1
data:
  server_key: |
    <replace with you server key>
kind: Secret
metadata:
  name: sshpiper-server-key
type: Opaque
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sshpiper-deployment
  labels:
    app: sshpiper
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sshpiper
  template:
    metadata:
      labels:
        app: sshpiper
    spec:
      serviceAccountName: sshpiper-account
      containers:
      - name: sshpiper
        image: farmer1992/sshpiperd:latest
        ports:
        - containerPort: 2222
        env:
        - name: PLUGIN
          value: "kubernetes"
        - name: SSHPIPERD_SERVER_KEY
          value: "/serverkey/ssh_host_ed25519_key"
        - name: SSHPIPERD_LOG_LEVEL
          value: "trace"
        volumeMounts:
        - name: sshpiper-server-key
          mountPath: "/serverkey/"
          readOnly: true          
      volumes:
      - name: sshpiper-server-key
        secret:
          secretName: sshpiper-server-key
          items:
          - key: server_key
            path: ssh_host_ed25519_key
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: sshpiper-reader
rules:
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
- apiGroups: ["sshpiper.com"]
  resources: ["pipes"]
  verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-sshpiper
subjects:
- kind: ServiceAccount
  name: sshpiper-account
roleRef:
  kind: Role
  name: sshpiper-reader
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: sshpiper-account

Create Pipes

Create Password Pipe

apiVersion: sshpiper.com/v1beta1
kind: Pipe
metadata:
  name: pipe-password
spec:
  from:
  - username: "password_simple"
  to:
    host: host-password:2222
    username: "user"
    ignore_hostkey: true

ssh password_simple@piper_ip will pipe to user@host-password

Create Public Key Pipe

ssh piper_ip -i <key in authorized_keys_data> will pipe to user@host-publickey and login with secret host-publickey-key

apiVersion: v1
data:
  ssh-privatekey: |
    <base64 encoded private key>
kind: Secret
metadata:
  name: host-publickey-key
type: kubernetes.io/ssh-auth
---
apiVersion: sshpiper.com/v1beta1
kind: Pipe
metadata:
  name: pipe-publickey
spec:
  from:
  - username: ".*" # catch all    
    username_regex_match: true
    authorized_keys_data: "base64_authorized_keys_data"
  to:
    host: host-publickey:2222
    username: "user"
    private_key_secret:
      name: host-publickey-key
    ignore_hostkey: true

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
apis
sshpiper/v1beta1 +k8s:deepcopy-gen=package +groupName=sshpiper	+k8s:deepcopy-gen=package +groupName=sshpiper
generated
clientset/versioned
clientset/versioned/fake This package has the automatically generated fake clientset.	This package has the automatically generated fake clientset.
clientset/versioned/scheme This package contains the scheme of the automatically generated clientset.	This package contains the scheme of the automatically generated clientset.
clientset/versioned/typed/sshpiper/v1beta1 This package has the automatically generated typed clients.	This package has the automatically generated typed clients.
clientset/versioned/typed/sshpiper/v1beta1/fake Package fake has the automatically generated clients.	Package fake has the automatically generated clients.
listers/sshpiper/v1beta1

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL