From f462784933e1c5527c48effa856fa111b56a9f38 Mon Sep 17 00:00:00 2001 From: Yoichi Kawasaki Date: Sun, 16 Apr 2023 06:46:58 +0900 Subject: [PATCH 1/3] all changelogs are descripbed in release, thus it's duplicate Signed-off-by: Yoichi Kawasaki --- CHANGELOG.md | 62 ---------------------------------------------------- 1 file changed, 62 deletions(-) delete mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index 7588cfa..0000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,62 +0,0 @@ -# Change Log - -All notable changes to the "kubectl-plugin-ssh-jump" extension will be documented in this file. - -## 0.8.0 - -- Support providing namespace and context by @partcyborg ([#23](https://github.com/yokawasa/kubectl-plugin-ssh-jump/pull/23)) - - -## 0.7.3 - -- Fix `Connection closed by remote host connection closed by unknown port 65535` issue ([#16](https://github.com/yokawasa/kubectl-plugin-ssh-jump/issues/16)) - - Add RSA workaround options (`-o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa`)to commands in ProxyCommand only if the local OpenSSH version >= `8.5` - -## 0.7.2 - -- Fix `Bad configuration option: pubkeyacceptedalgorithms` issue ([#18](https://github.com/yokawasa/kubectl-plugin-ssh-jump/issues/18)) - - Add OpenSSH version check - - Add RSA workaround options (`-o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa`) introduced in [ssh-jump-0.7.1](https://github.com/yokawasa/kubectl-plugin-ssh-jump/releases/tag/0.7.1) only if the local OpenSSH version >= `8.5` -- Add verbose option (`-v|--verbose`) - -## 0.7.1 - -- Fix `root@127.0.0.1: Permission denied (publickey)` issue ([#13](https://github.com/yokawasa/kubectl-plugin-ssh-jump/issues/13)) - - Add options like `-o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa` which works for newer ssh client (`OpenSSH 8.5+`) scenario - -## 0.7.0 - -- Support specifying a custom sshjump pod template by @partcyborg ([#14](https://github.com/yokawasa/kubectl-plugin-ssh-jump/pull/14)) - -## 0.6.0 - -- Support SSH local port forwarding to access a remote server. This allows to forward the traffic form local machine to SSH jump then SSH jump will forward the traffic to the remote server. - -## 0.5.0 - -- Fix to address pod sshjump pod scheduling on hybrid clusters ([#9](https://github.com/yokawasa/kubectl-plugin-ssh-jump/pull/9), thanks to @swgriffith ) - -## 0.4.0 - -- Support PEM (Privacy Enhanced Mail) scenario where you create key-pair but you only have .pem / private key (downloaded from AWS, for example) and you don't have the public key on your side. - -## 0.3.2 - -- Changed a validation for destination name to support valid characters of hostname for SSH destination node that can start from ASCII letters 'a' through 'z' (in a case-insensitive manner), the digits '0' through '9', or the hyphen ('-'). Ref [RFC952](https://tools.ietf.org/html/rfc952) for valid characters of hostname. -- Add Internal-IP info, not only hostname for node info in running get-node-list - -## 0.3.1 - -- fixed typo: missing char ( [#3](https://github.com/yokawasa/kubectl-plugin-ssh-jump/pull/3), thanks to @iuryfukuda ) - -## 0.3.0 - -- Added Args param to exec in ssh session ( [#2](https://github.com/yokawasa/kubectl-plugin-ssh-jump/pull/2), thanks to @iuryfukuda ) -## 0.2.0 - -- Added -P|--port options for specifing SSH port that target node is listening (default 22) -- Added -o "StrictHostKeyChecking=no" for ssh login options -- Changed the way to SSH login via SSH Jump Pod from using "-J" to using "ProxyCommand" -## 0.1.0 - -- Initial release (alpha release) From 5cc3e2dba8339feb70c3f23cb78621bb4d37d8b9 Mon Sep 17 00:00:00 2001 From: Yoichi Kawasaki Date: Sun, 16 Apr 2023 07:05:50 +0900 Subject: [PATCH 2/3] add amd64 to default nodeSelector Signed-off-by: Yoichi Kawasaki --- kubectl-ssh-jump | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kubectl-ssh-jump b/kubectl-ssh-jump index f4a1af1..62306c6 100755 --- a/kubectl-ssh-jump +++ b/kubectl-ssh-jump @@ -147,7 +147,8 @@ spec: ports: - containerPort: 22 nodeSelector: - "kubernetes.io/os": linux + kubernetes.io/os: linux + kubernetes.io/arch: amd64 EOF ) fi From da2e858c19d38f0936395ea4cfb5c6692a74f7c7 Mon Sep 17 00:00:00 2001 From: Yoichi Kawasaki Date: Sun, 16 Apr 2023 07:07:53 +0900 Subject: [PATCH 3/3] fix username to azureuser in example scenario where sshing to azure node Signed-off-by: Yoichi Kawasaki --- README.md | 51 +++++++++++---------------------------------------- 1 file changed, 11 insertions(+), 40 deletions(-) diff --git a/README.md b/README.md index 1125448..95022a6 100644 --- a/README.md +++ b/README.md @@ -33,14 +33,14 @@ Here is an scenario where you want to connect to Kubernetes nodes or remote serv - [How to use](#how-to-use) - [Usage](#usage) - [Option parameters Cache](#option-parameters-cache) - - [SSH Agent (ssh-agent)](#ssh-agent-ssh-agent) + - [SSH Agent ssh-agent](#ssh-agent-ssh-agent) - [Customize SSH jump pod](#customize-ssh-jump-pod) - [Examples](#examples) - [CASE 1: SSH into Kubernetes nodes via SSH jump Pod](#case-1-ssh-into-kubernetes-nodes-via-ssh-jump-pod) - - [1-1 - You have private & public SSH key on your side](#1-1---you-have-private--public-ssh-key-on-your-side) - - [1-2 - You have .pem file but you don't have public key on your side](#1-2---you-have-pem-file-but-you-dont-have-public-key-on-your-side) + - [-1 - You have private & public SSH key on your side](#-1---you-have-private--public-ssh-key-on-your-side) + - [-2 - You have .pem file but you don't have public key on your side](#-2---you-have-pem-file-but-you-dont-have-public-key-on-your-side) - [CASE 2: Access remote serivces via SSH local port forwarding](#case-2-access-remote-serivces-via-ssh-local-port-forwarding) - - [2-1 - Configuring SSH local port forwarding with --args or -a option](#2-1---configuring-ssh-local-port-forwarding-with---args-or--a-option) + - [-1 - Configuring SSH local port forwarding with --args or -a option](#-1---configuring-ssh-local-port-forwarding-with---args-or--a-option) - [Useful Links](#useful-links) - [Contributing](#contributing) @@ -191,41 +191,12 @@ $ kubectl ssh-jump Usage: kubectl ssh-jump [options] -Options: - Destination node name or IP address - dest_node must start from the following letters: - ASCII letters 'a' through 'z' or 'A' through 'Z', - the digits '0' through '9', or hyphen ('-'). - NOTE: Setting dest_node as 'jumphost' allows to - ssh into SSH jump Pod as 'root' user - -u, --user SSH User name - -i, --identity Identity key file, or PEM(Privacy Enhanced Mail) - -p, --pubkey Public key file - -P, --port SSH port for target node SSH server - Defaults to 22 - -a, --args Args to exec in ssh session - --pod-template Path to custom sshjump pod definition - --skip-agent Skip automatically starting SSH agent and adding - SSH Identity key into the agent before SSH login - (=> You need to manage SSH agent by yourself) - --cleanup-agent Clearning up SSH agent at the end - The agent is NOT cleaned up in case that - --skip-agent option is given - --cleanup-jump Clearning up sshjump pod at the end - Defaults to skip cleaning up sshjump pod - -h, --help Show this message - -Example: - Scenario1 - You have private & public SSH key on your side - $ kubectl ssh-jump -u myuser -i ~/.ssh/id_rsa -p ~/.ssh/id_rsa.pub hostname - - Scenario2 - You have .pem file but you don't have public key on your side - $ kubectl ssh-jump -u ec2-user -i ~/.ssh/mykey.pem hostname +...snip... List of destination node... Hostname Internal-IP aks-nodepool1-18558189-0 10.240.0.4 -... +...snip... ``` @@ -235,13 +206,13 @@ aks-nodepool1-18558189-0 10.240.0.4 Suppose you have private & public SSH key on your side and you want to SSH to a node named `aks-nodepool1-18558189-0`, execute the plugin with options like this: -- usernaem: `myuser` +- usernaem: `azureuser` - identity:`~/.ssh/id_rsa_k8s` - pubkey:`~/.ssh/id_rsa_k8s.pub`) ```sh $ kubectl ssh-jump aks-nodepool1-18558189-0 \ - -u myuser -i ~/.ssh/id_rsa_k8s -p ~/.ssh/id_rsa_k8s.pub + -u azureuser -i ~/.ssh/id_rsa_k8s -p ~/.ssh/id_rsa_k8s.pub ``` > [NOTE] you can try SSH into a node using node IP address (`Internal-IP`) instead of `Hostname` @@ -272,7 +243,7 @@ You can clean up sshjump pod at the end of the command with `--cleanup-jump` opt ```sh $ kubectl ssh-jump aks-nodepool1-18558189-0 \ - -u myuser -i ~/.ssh/id_rsa_k8s -p ~/.ssh/id_rsa_k8s.pub \ + -u azureuser -i ~/.ssh/id_rsa_k8s -p ~/.ssh/id_rsa_k8s.pub \ --cleanup-jump ``` @@ -280,7 +251,7 @@ You can clean up ssh-agent at the end of the command with `--cleanup-agent` opti ```sh $ kubectl ssh-jump aks-nodepool1-18558189-0 \ - -u myuser -i ~/.ssh/id_rsa_k8s -p ~/.ssh/id_rsa_k8s.pub \ + -u azureuser -i ~/.ssh/id_rsa_k8s -p ~/.ssh/id_rsa_k8s.pub \ --cleanup-agent ``` @@ -293,7 +264,7 @@ $ eval `ssh-agent` $ ssh-add ~/.ssh/id_rsa_k8s # Then, run the plugin with --skip-agent $ kubectl ssh-jump aks-nodepool1-18558189-0 \ - -u myuser -i ~/.ssh/id_rsa_k8s -p ~/.ssh/id_rsa_k8s.pub \ + -u azureuser -i ~/.ssh/id_rsa_k8s -p ~/.ssh/id_rsa_k8s.pub \ --skip-agent # At the end, run this if you want to kill the current agent