Kubernetes Login Servers

[nikhiljha]

When you login, connect to one of a few pods (at random?) OR spin up a new pod with your user directory & site directory mounted.

[ethanhs]

I suppose we could set up kVDI that is accessible over the web, is that what you have in mind here?

[nikhiljha]

Hmm... I think kVDI is mostly for a desktop interface. I was thinking more ssh.ocf.berkeley.edu is actually not a real host, and when you ssh to that address and authenticate correctly it makes you your own pod with tiny resource limits that terminates when you log out.

[ethanhs]

Yeah that's fair. I'm not aware of any software that provides this functionality though :/

[ethanhs]

I think we could deploy wetty or webssh and have a controller that deploys them on demand perhaps.

[tnthi115]

I couldn't find any existing technologies that do this, but I have two immediate very rough ideas:

1. Somehow set up tsunami as a public load balancer, create a Kubernetes LoadBalancer service with tsunami's IP, ensure each Pod has openssh-server installed, and let users ssh normally to tsunami. Reference: https://betterprogramming.pub/how-to-ssh-into-a-kubernetes-pod-from-outside-the-cluster-354b4056c42b
2. Create scripts to be run automatically after a user logs into tsunami that will connect to an existing pod or spin a new one up. References: https://superuser.com/questions/355029/how-to-automatically-run-commands-on-ssh-login and https://askubuntu.com/questions/397674/run-scripts-automatically-in-server-after-ssh-connection

[kpengboy]

I should comment that any solution has to support this use case: if a user logs in, starts a background process (e.g. tmux), and logs out, the background process has to survive the logout and upon logging in again they must be returned to the same session.