kubectl ssh assumes user's GCP username

Question

kubectl ssh assumes user's GCP username

jordanwilson230 opened this issue 6 years ago · comments

"kubectl ssh" assumes that the local user (i.e., "ben") has the same GCP username (e.g., ben, and not Benjamin). It should allow for either an init or flag option.

Paul Laleu · Answer 1 · Wed Mar 07 2018 00:27:07 GMT+0800 (China Standard Time)

I guess it's the same for me, got an exist status 255

Jordan Wilson · Answer 2 · Wed Mar 07 2018 00:37:08 GMT+0800 (China Standard Time)

@paullaleu the quick fix is to change the last line in the ssh.sh file from:

ssh -t $node_ip "docker exec -it $user $container $command" 2>/dev/null

to

ssh -t <YOUR_GKE_USERNAME>@$node_ip "docker exec -it $user $container $command" 2>/dev/null

Paul Laleu · Answer 3 · Wed Mar 07 2018 00:41:39 GMT+0800 (China Standard Time)

That's exactly what I was doing atm :D, was about to answer you. Thanks for the tip.

[Update]

In fact you need to put :
ssh -t <YOUR_GKE_USERNAME>@$node_ip "docker exec -it $user $container $command" 2>/dev/null

and then you have to put the passphrase from your rsakey, wich is not very convenient.
Does it ask for passphrase when your current user is the same as GCP ?

Jordan Wilson · Answer 4 · Wed Mar 07 2018 03:33:48 GMT+0800 (China Standard Time)

@paullaleu No problem :) I suspect that depends on how you created your rsa key. If you create it without a passphrase, you should not need to enter one. That is outside the scope of the plugin. If you're looking for a way around that, though, theres a couple of options...they are less secure, so it's not an endorsement :P

use sshpass
use expect (e.g., expect -c 'spawn ssh -t @$node_ip "docker exec -it -u $user $container $command 2>/dev/null" ; expect "assword:"; send "myInsecurePassword\r"; interact' )

Note that example is untested, just an example to go off of.

Paul Laleu · Answer 5 · Fri Mar 09 2018 00:18:31 GMT+0800 (China Standard Time)

I was not pathing the proper key, my bad.

I'm trying to modify the plugin to add a -r argument to run a cmd directly inside the container but don't succeed,

I did modify the ssh.sh file and plugin.yaml file accordingly but I am missing something.

I don't really know how kubectl plugins works but I assume there is another place where I have to define the -r argument for it to be read at execution. cause right know when I echo -e my $cmd variable (using kubectl -p podnaime -r "echo toto" their is nothing in $cmd

Jordan Wilson · Answer 6 · Sat Mar 10 2018 06:18:13 GMT+0800 (China Standard Time)

@paullaleu. See this guide on getting started with plugins: https://kubernetes.io/docs/tasks/extend-kubectl/kubectl-plugins/

You'll want to add any additional arg options to the plugin.yaml file.

Jordan Wilson · Answer 7 · Mon Mar 19 2018 03:25:34 GMT+0800 (China Standard Time)

Please re-run the install script. It has been changed to detect/prompt for your gcloud username and apply it to the ssh process automatically.

Closing

Jordan Wilson · Answer 8 · Thu Aug 16 2018 11:34:56 GMT+0800 (China Standard Time)

@paullaleu Much overdue, but a change was nade to the way exec works. In short, it doesn't require any ssh commands to be run. It should fix this issue for you.