Merge pull request #14 from partcyborg/jump-pod-template

yokawasa · web-flow · commit 90abbcfa9d74 · 2022-07-24T17:36:10.000+09:00
Support specifying a custom sshjump pod template
diff --git a/README.md b/README.md
@@ -169,6 +169,12 @@ Add `--cleanup-agent` option if you want to kill the created agent at the end of
 
 In addtion, add `--skip-agent` option if you want to skip automatic starting `ssh-agent`. This is actually a case where you already have ssh-agent managed or you want to manually start the agent.
 
+### Customize SSH jump pod
+
+You can customize the sshjump pod created by `kubectl ssh-jump` by setting the `$SSH_JUMP_POD_TEMPLATE` environment variable to the path to a pod template on disk.
+
+However, customized sshjump pods must be named `sshjump` and run in the current namespace or `kubectl ssh-jump` won't be able to find them.
+
 ### Examples
 
 Show all node list. Simply executing `kubectl ssh-jump` gives you the list of destination nodes as well as command usage
@@ -209,6 +215,9 @@ Example:
   Scenario2 - You have .pem file but you don't have public key on your side
   $ kubectl ssh-jump -u ec2-user -i ~/.ssh/mykey.pem hostname
 
+  Scenario3 - You want to use a custom sshjump pod definition
+  $ kubectl ssh-jump -u ec2-user -i ~/.ssh/mykey.pem --pod-template ~/myjumppod.yaml hostname
+
 List of destination node...
 Hostname                    Internal-IP
 aks-nodepool1-18558189-0    10.240.0.4
diff --git a/kubectl-ssh-jump b/kubectl-ssh-jump
@@ -33,6 +33,7 @@ Options:
   -P, --port <port>               SSH port for target node SSH server
                                   Defaults to 22
   -a, --args <args>               Args to exec in ssh session
+  --pod-template <file>           Path to custom sshjump pod definition
   --skip-agent                    Skip automatically starting SSH agent and adding 
                                   SSH Identity key into the agent before SSH login
                                   (=> You need to manage SSH agent by yourself)
@@ -119,19 +120,13 @@ cleanup_agent(){
   fi 
 }
 
-run_ssh_node(){
-  local destnode="$1"
-  local sshuser="$2"
-  local identity="$3"
-  local pubkey="$4"
-  local port="$5"
-  local sshargs="$6"
-
-  # Install an SSH Server if not yet installed
-  r=$(kubectl get pod sshjump 2>/dev/null | tail -1 | awk '{print $1}') # 
-  if [ "${r}" != "sshjump" ];then
-    echo "Creating SSH jump host (Pod)..."
-    cat <<EOF | kubectl apply -f -
+create_jump_pod(){
+  local pod_template
+  if [[ -n "${jump_pod_template:-}" && -e "${jump_pod_template}" ]]; then
+    pod_template=$(<"${jump_pod_template}")
+  fi
+  if [[ -z "${pod_template}" ]]; then
+    pod_template=$(cat <<EOF
 apiVersion: v1
 kind: Pod
 metadata:
@@ -147,6 +142,24 @@ spec:
   nodeSelector:
     "kubernetes.io/os": linux
 EOF
+)
+  fi
+  echo "Creating SSH jump host (Pod)..."
+  echo "${pod_template}" | kubectl apply -f -
+}
+
+run_ssh_node(){
+  local destnode="$1"
+  local sshuser="$2"
+  local identity="$3"
+  local pubkey="$4"
+  local port="$5"
+  local sshargs="$6"
+
+  # Install an SSH Server if not yet installed
+  r=$(kubectl get pod sshjump 2>/dev/null | tail -1 | awk '{print $1}') # 
+  if [ "${r}" != "sshjump" ];then
+    create_jump_pod
 
     # Wait until sshjump gets ready
     c=1
@@ -237,6 +250,10 @@ plugin_main() {
         sshargs="$2"
         nSkip=2
         ;;
+      "--pod-template")
+         jump_pod_template="$2"
+         nSkip=2
+         ;;
       [0-9a-zA-Z-]*)
         destnode=$1
         ;;
@@ -310,6 +327,10 @@ plugin_main() {
     echo "using: args=${sshargs}"
   fi
 
+  if [ "${jump_pod_template}" != "" ]; then
+     echo "using: pod-template=${jump_pod_template}"
+  fi
+
   # Caching current ssh options
   write_options "${c_sshuser}" "${c_identity}" "${c_pubkey}" "${c_port}"
 
