ARO-RP/hack/ssh-k8s.sh

#!/bin/bash -e

set -o pipefail

while [[ $1 == -* ]]; do
  if [[ $1 == -- ]]; then
    shift
    break
  fi
  shift
done

if [[ "$#" -gt 0 ]]; then
  NODENAME=$1
  shift
fi

COMMAND='bash --login'
TTY=true
TTYOPT=-t
if [[ "$#" -gt 0 ]]; then
  COMMAND="bash -c $(printf ' %q' "$@" | sed -e "s/'/''/g")"
  TTY=false
  TTYOPT=
fi

cleanup() {
    [[ -n "$POD" ]] && oc delete pod -n default "$POD" >/dev/null
}

trap cleanup EXIT

POD=$(oc create -o json -f - <<EOF | jq -r .metadata.name
kind: Pod
apiVersion: v1
metadata:
  generateName: debug
  labels:
    openshift.io/run-level: "0"
  namespace: default
spec:
  containers:
  - command:
    - /sbin/chroot
    - /host
    - /bin/bash
    - -c
    - 'cd && exec $COMMAND'
    image: ubi8/ubi-minimal
    name: debug
    securityContext:
      capabilities:
        add:
        - CHOWN
        - DAC_OVERRIDE
        - DAC_READ_SEARCH
        - FOWNER
        - FSETID
        - KILL
        - SETGID
        - SETUID
        - SETPCAP
        - LINUX_IMMUTABLE
        - NET_BIND_SERVICE
        - NET_BROADCAST
        - NET_ADMIN
        - NET_RAW
        - IPC_LOCK
        - IPC_OWNER
        - SYS_MODULE
        - SYS_RAWIO
        - SYS_CHROOT
        - SYS_PTRACE
        - SYS_PACCT
        - SYS_ADMIN
        - SYS_BOOT
        - SYS_NICE
        - SYS_RESOURCE
        - SYS_TIME
        - SYS_TTY_CONFIG
        - MKNOD
        - LEASE
        - AUDIT_WRITE
        - AUDIT_CONTROL
        - SETFCAP
        - MAC_OVERRIDE
        - MAC_ADMIN
        - SYSLOG
        - WAKE_ALARM
        - BLOCK_SUSPEND
        - AUDIT_READ
    stdin: true
    tty: $TTY
    volumeMounts:
    - mountPath: /host
      name: host
  hostIPC: true
  hostNetwork: true
  hostPID: true
  nodeName: "$NODENAME"
  restartPolicy: Never
  terminationGracePeriodSeconds: 0
  volumes:
  - hostPath:
      path: /
    name: host
EOF
)

oc wait --timeout=300s --for=condition=Ready -n default "pod/$POD" >/dev/null
oc attach -i $TTYOPT -n default -c debug "pod/$POD"
add "ssh" tool 2019-12-20 21:43:52 +03:00			`#!/bin/bash -e`

add missing -o pipefail 2020-05-05 18:38:25 +03:00			`set -o pipefail`

improve ssh.sh so it can work with scp 2019-12-21 21:13:40 +03:00			`while [[ $1 == -* ]]; do`
			`if [[ $1 == -- ]]; then`
			`shift`
			`break`
			`fi`
			`shift`
			`done`

			`if [[ "$#" -gt 0 ]]; then`
			`NODENAME=$1`
			`shift`
			`fi`

			`COMMAND='bash --login'`
			`TTY=true`
			`TTYOPT=-t`
			`if [[ "$#" -gt 0 ]]; then`
			`COMMAND="bash -c $(printf ' %q' "$@" \| sed -e "s/'/''/g")"`
			`TTY=false`
			`TTYOPT=`
			`fi`
add "ssh" tool 2019-12-20 21:43:52 +03:00
			`cleanup() {`
			`[[ -n "$POD" ]] && oc delete pod -n default "$POD" >/dev/null`
			`}`

			`trap cleanup EXIT`

			`POD=$(oc create -o json -f - <<EOF \| jq -r .metadata.name`
			`kind: Pod`
			`apiVersion: v1`
			`metadata:`
			`generateName: debug`
revert to using infraid 2020-04-15 05:48:03 +03:00			`labels:`
			`openshift.io/run-level: "0"`
add "ssh" tool 2019-12-20 21:43:52 +03:00			`namespace: default`
			`spec:`
			`containers:`
			`- command:`
			`- /sbin/chroot`
			`- /host`
			`- /bin/bash`
			`- -c`
improve ssh.sh so it can work with scp 2019-12-21 21:13:40 +03:00			`- 'cd && exec $COMMAND'`
add "ssh" tool 2019-12-20 21:43:52 +03:00			`image: ubi8/ubi-minimal`
			`name: debug`
improve ssh.sh so it can work with scp 2019-12-21 21:13:40 +03:00			`securityContext:`
			`capabilities:`
			`add:`
			`- CHOWN`
			`- DAC_OVERRIDE`
			`- DAC_READ_SEARCH`
			`- FOWNER`
			`- FSETID`
			`- KILL`
			`- SETGID`
			`- SETUID`
			`- SETPCAP`
			`- LINUX_IMMUTABLE`
			`- NET_BIND_SERVICE`
			`- NET_BROADCAST`
			`- NET_ADMIN`
			`- NET_RAW`
			`- IPC_LOCK`
			`- IPC_OWNER`
			`- SYS_MODULE`
			`- SYS_RAWIO`
			`- SYS_CHROOT`
			`- SYS_PTRACE`
			`- SYS_PACCT`
			`- SYS_ADMIN`
			`- SYS_BOOT`
			`- SYS_NICE`
			`- SYS_RESOURCE`
			`- SYS_TIME`
			`- SYS_TTY_CONFIG`
			`- MKNOD`
			`- LEASE`
			`- AUDIT_WRITE`
			`- AUDIT_CONTROL`
			`- SETFCAP`
			`- MAC_OVERRIDE`
			`- MAC_ADMIN`
			`- SYSLOG`
			`- WAKE_ALARM`
			`- BLOCK_SUSPEND`
			`- AUDIT_READ`
add "ssh" tool 2019-12-20 21:43:52 +03:00			`stdin: true`
improve ssh.sh so it can work with scp 2019-12-21 21:13:40 +03:00			`tty: $TTY`
add "ssh" tool 2019-12-20 21:43:52 +03:00			`volumeMounts:`
			`- mountPath: /host`
			`name: host`
			`hostIPC: true`
			`hostNetwork: true`
			`hostPID: true`
revert to using infraid 2020-04-15 05:48:03 +03:00			`nodeName: "$NODENAME"`
add "ssh" tool 2019-12-20 21:43:52 +03:00			`restartPolicy: Never`
			`terminationGracePeriodSeconds: 0`
			`volumes:`
			`- hostPath:`
			`path: /`
			`name: host`
			`EOF`
			`)`

increase ssh.sh timeout 2020-05-14 20:24:08 +03:00			`oc wait --timeout=300s --for=condition=Ready -n default "pod/$POD" >/dev/null`
improve ssh.sh so it can work with scp 2019-12-21 21:13:40 +03:00			`oc attach -i $TTYOPT -n default -c debug "pod/$POD"`