Open yuvipanda opened 6 years ago
For local port forwards there might be an even easier way: with a cluster network configured according to spec the kubessh pod should be able to connect to any port on the user pod over the cluster-internal network and pass it along. If target-ip
is somewhere other than the user pod, we'd still need socat
though, at least if remote port forwards are actually supposed to go through the user pod.
I actually implemented this already in some form in https://github.com/yuvipanda/kubessh/blob/master/kubessh/server.py#L55, via kubectl port-forward. kubectl port-forward internally uses socat. I didn't want to just talk to the user pod, because:
localhost
on the user pod, since that can't be accessed from outside the pod.To deal with (2), we could host a sidecar, since it will be in the same network namespace. However, that isn't needed quite yet.
I actually implemented this already in some form in https://github.com/yuvipanda/kubessh/blob/master/kubessh/server.py#L55, via kubectl port-forward.
cool, I totally missed that! I just tried once with localhost
instead of 127.0.0.1
in the ssh command, and assumed that wasn't implemented yet ;)
I didn't want to just talk to the user pod, because:
that makes sense, (1) is super useful for debugging/testing, and (2) is expected behavior from a ssh port forward
Tunneling requires we:
socat
in the form ofsocat - TCP:<target-ip>:<target-port>