preparation for ephemeral mode

Author: fenio

docker/Dockerfile

@@ -1,14 +1,14 @@
 FROM debian:stable-slim
 
 RUN apt-get update && \
-    apt-get install -y openssh-server && \
+    apt-get install -y openssh-server openssh-client && \
     mkdir /var/run/sshd && \
     mkdir /volume 
 
 COPY entrypoint.sh /entrypoint.sh
 COPY sshd_config /etc/ssh/sshd_config
 RUN chmod +x /entrypoint.sh
 
-EXPOSE 22
+EXPOSE 2137
 
 ENTRYPOINT ["/entrypoint.sh"]

docker/entrypoint.sh

@@ -6,9 +6,23 @@ if [ -n "$SSH_KEY" ]; then
     echo "Public key added to /root/.ssh/authorized_keys"
 fi
 
-# Redirect sshd logs to stdout
-mkdir -p /var/log/sshd
-touch /var/log/sshd/sshd.log
-ln -sf /dev/stdout /var/log/sshd/sshd.log
+# Check the ROLE environment variable
+case "$ROLE" in
+    standalone)
+        echo "Running as standalone"
+        /usr/sbin/sshd -D -e
+        ;;
+    proxy)
+        echo "Running as proxy"
+        /usr/sbin/sshd -D -e
+        ;;
+    ephemeral)
+        echo "Running as ephemeral"
+        /usr/sbin/sshd -D-e
+        ;;
+    *)
+        echo "Running default..."
+        /usr/sbin/sshd -D -e
+        ;;
+esac
 
-/usr/sbin/sshd -D -e

docker/sshd_config

@@ -1,4 +1,5 @@
 # /etc/ssh/sshd_config
+Port 2137
 PermitRootLogin prohibit-password
 PasswordAuthentication no
 ChallengeResponseAuthentication no

pkg/plugin/clean.go

@@ -49,7 +49,7 @@ func Clean(namespace, pvcName, localMountPoint string) error {
 	port := podList.Items[0].Labels["portNumber"]
 
 	// Kill the port-forward process
-	pkillCmd := exec.Command("pkill", "-f", fmt.Sprintf("kubectl port-forward pod/%s %s:22", podName, port))
+	pkillCmd := exec.Command("pkill", "-f", fmt.Sprintf("kubectl port-forward pod/%s %s:2137", podName, port))
 	pkillCmd.Stdout = os.Stdout
 	pkillCmd.Stderr = os.Stderr
 	if err := pkillCmd.Run(); err != nil {

pkg/plugin/mount.go

@@ -46,7 +46,7 @@ func Mount(namespace, pvcName, localMountPoint string) error {
 		return err
 	}
 
-	podName, port, err := setupPod(clientset, namespace, pvcName, sshKey)
+	podName, port, err := setupPod(clientset, namespace, pvcName, sshKey, "standalone")
 	if err != nil {
 		return err
 	}
@@ -115,9 +115,9 @@ func checkPVCUsage(clientset *kubernetes.Clientset, namespace, pvcName string) (
 	return pvc, nil
 }
 
-func setupPod(clientset *kubernetes.Clientset, namespace, pvcName, sshKey string) (string, int, error) {
+func setupPod(clientset *kubernetes.Clientset, namespace, pvcName, sshKey, role string) (string, int, error) {
 	podName, port := generatePodNameAndPort(pvcName)
-	pod := createPodSpec(podName, port, pvcName, sshKey)
+	pod := createPodSpec(podName, port, pvcName, sshKey, role)
 	if _, err := clientset.CoreV1().Pods(namespace).Create(context.TODO(), pod, metav1.CreateOptions{}); err != nil {
 		return "", 0, fmt.Errorf("failed to create pod: %v", err)
 	}
@@ -141,7 +141,7 @@ func waitForPodReady(clientset *kubernetes.Clientset, namespace, podName string)
 }
 
 func setupPortForwarding(namespace, podName string, port int) error {
-	cmd := exec.Command("kubectl", "port-forward", fmt.Sprintf("pod/%s", podName), fmt.Sprintf("%d:22", port), "-n", namespace)
+	cmd := exec.Command("kubectl", "port-forward", fmt.Sprintf("pod/%s", podName), fmt.Sprintf("%d:2137", port), "-n", namespace)
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	if err := cmd.Start(); err != nil {
@@ -170,7 +170,22 @@ func generatePodNameAndPort(pvcName string) (string, int) {
 	return podName, port
 }
 
-func createPodSpec(podName string, port int, pvcName, sshKey string) *corev1.Pod {
+func createPodSpec(podName string, port int, pvcName, sshKey, role string) *corev1.Pod {
+	envVars := []corev1.EnvVar{
+		{
+			Name:  "SSH_KEY",
+			Value: sshKey,
+		},
+	}
+
+	// Add the ROLE environment variable if the role is "standalone"
+	if role == "standalone" {
+		envVars = append(envVars, corev1.EnvVar{
+			Name:  "ROLE",
+			Value: "standalone",
+		})
+	}
+
 	return &corev1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: podName,
@@ -187,7 +202,7 @@ func createPodSpec(podName string, port int, pvcName, sshKey string) *corev1.Pod
 					Image: "bfenski/volume-exposer:latest",
 					Ports: []corev1.ContainerPort{
 						{
-							ContainerPort: 22,
+							ContainerPort: 2137,
 						},
 					},
 					VolumeMounts: []corev1.VolumeMount{
@@ -196,12 +211,7 @@ func createPodSpec(podName string, port int, pvcName, sshKey string) *corev1.Pod
 							Name:      "my-pvc",
 						},
 					},
-					Env: []corev1.EnvVar{
-						{
-							Name:  "SSH_KEY",
-							Value: sshKey,
-						},
-					},
+					Env: envVars,
 				},
 			},
 			Volumes: []corev1.Volume{