on Kubernetes
某个网络是隔离的(出于安全原因),所以其中的主机、服务(MySQL Redis)都是对外隔离的,无法直接访问。
通过 SSH Server 来作为跳板机,通过 SSH Tunnel 来访问,所以我们才会在 Kubernetes 中部署 SSH 服务。
该笔记将记录:在 Kubernetes 中,如何部署 OpenSSH 服务,以及相关问题的解决方法。
with Helm | by djjudas21/charts
仓库:https://artifacthub.io/packages/helm/djjudas21/openssh-server
helm repo add djjudas21 https://djjudas21.github.io/charts/
helm repo update djjudas21
helm pull djjudas21/openssh-server
helm show values ./openssh-server-0.1.14.tgz > openssh-server-0.1.14.tgz.helm-values.yaml
vim openssh-server-0.1.14.tgz.helm-values.yaml
... image:
... env.passwordAccess:
... env.userPassword:
... env.userName:
helm upgrade --install \
ssh-bastion ./openssh-server-0.1.14.tgz -f openssh-server-0.1.14.tgz.helm-values.yaml
废弃 | with Helm | by t3n/ssh-bastion
ssh-bastion 1.0.0 · helm/t3n
helm-charts/ssh-bastion at master · t3n/helm-charts
bash – Openssh Private Key to RSA Private Key – Stack Overflow
但为了简便,我们通过 Helm 进行部署 ssh-bastion 1.0.0 · helm/t3n
helm repo add t3n https://storage.googleapis.com/t3n-helm-charts
helm repo update t3n
helm pull t3n/ssh-bastion
helm show values ./ssh-bastion-1.0.0.tgz > ssh-bastion-1.0.0.tgz.helm-values.yaml
vim ssh-bastion-1.0.0.tgz.helm-values.yaml
... image:
... extraEnvs.USER: "ubuntu"
... service:
... users.ubuntu:
... host.keys:
helm upgrade --install ssh-bastion \
./ssh-bastion-1.0.0.tgz -f ssh-bastion-1.0.0.tgz.helm-values.yaml
ssh-keygen -p -N "" -m pem -f /path/to/host-key # 生成 Host Key(RSA PRIVATE KEY)
# users.dummy:指定 SSH 公钥
# host.keys:用于创建 Host Key
helm install ssh-bastion t3n/ssh-bastion \
--set users.dummy="$(cat /home/k4nz/.ssh/id_rsa.pub)" \
--set host.keys="$(cat /path/to/host-key)"
# 05/19/2025 当启动时,容器无法修改 Private Key 权限,进而导致无法正常工作。