Origin: About the ssh support in router

Created on 21 Jan 2016  路  13Comments  路  Source: openshift/origin

After deployed the gerrit following below definitions in openshift, I want to do the git clone like this:

git clone ssh://[email protected]:29418/hello-gerrit

it reports error:

Cloning into 'hello-gerrit'...
ssh: connect to host gerrit.example.com port 29418: No route to host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

might be I should change to use the route about 29418 like this:

git clone ssh://[email protected]/hello-gerrit

it will report to need the password:

Cloning into 'hello-gerrit'...
[email protected]'s password:

What do you think about that ? are there any suggestions or thoughts ? many thanks.

P.S.
The gerrit pod is exposing the container ports as bellow:

ports:
  - containerPort: 8080
    protocol: TCP
  - containerPort: 29418
    protocol: TCP

The service definition as here

apiVersion: v1
kind: Service
metadata:
  name: gerrit
  labels:
    app: gerrit
spec:
  ports:
  - name: web-tcp
    port: 8080
    protocol: TCP
    targetPort: 8080
  - name: ssh-tcp
    port: 29418
    protocol: TCP
    targetPort: 29418
  selector:
    name: gerrit-server
  sessionAffinity: None
  type: ClusterIP

The gerrit route definition as here

apiVersion: v1
kind: Route
metadata:
  name: gerrit
spec:
  host: gerrit.example.com
  port:
    targetPort: web-tcp
  to:
    kind: Service
    name: gerrit

The gerrit-ssh route definition as here

apiVersion: v1
kind: Route
metadata:
  name: gerrit-ssh
spec:
  host: gerrit-ssh.example.com
  port:
    targetPort: ssh-tcp
  to:
    kind: Service
    name: gerrit
kinquestion prioritP2
Source
picture thincal

All 13 comments

so there is no way to support the ssh in openshift, right ?

thincal picture thincal on 22 Jan 2016

@thincal I think what you need here is to set the source secret for the git server.

mfojtik picture mfojtik on 22 Jan 2016

@mfojtik thanks for your info, the section describe how to let openshift build access the external git repo. My case is that the git repo is running as a service inside the openshift, how to git clone it through the ssh protocol.

thincal picture thincal on 23 Jan 2016

@thincal if you can create the secret with SSH key you can use to authenticate against that SSH server and use it as SourceSecret, then you should be able to clone from that ssh+git server.

mfojtik picture mfojtik on 26 Jan 2016

for example: git clone ssh://[email protected]:29418/hello-gerrit, so it even works with a specified port number 29418? since the router only can route the traffic on 80 and 443 port...

P.S. the gerrit.example.com service is running on the openshift platform.

thincal picture thincal on 26 Jan 2016

@thincal oh, you cannot pass the SSH traffic via 'router', but the service name should work inside cluster, so the build pod that fetch the sources should be able to use ssh://admin@gerrit:29418/hello-gerrit

mfojtik picture mfojtik on 29 Jan 2016

@rajatchopra @mrunalp do you guys know if it is possible to use SSH via router? I think only HTTP(s) protocols are allowed right now.

mfojtik picture mfojtik on 8 Feb 2016
😕1 👍1

@mfojtik ssh will not work through the router today. It's not about http only, the problem with TCP routing is figuring out which app it is meant for.

rajatchopra picture rajatchopra on 8 Feb 2016

@rajatchopra @mfojtik
so that does it mean the services can't be accessed by ssh:// protocol ? why is there this limitation by the router ? could you share the reason behind ?
You know if deploying a Git server inside the OpenShift, but it's very common to use the ssh for git clone.

thincal picture thincal on 2 Mar 2016

If it is TLS with SNI headers present then no problem, only thing that we listen on port 443 only (not 22 or anything else)

rajatchopra picture rajatchopra on 4 Mar 2016

thanks! so what is your recommended way to deploy the git server with ssh protocol support?

thincal picture thincal on 4 Mar 2016

@deads2k @mfojtik so is there any plan/consideration to support the ssh:// in router (OpenShift origin)?
thanks.

thincal picture thincal on 4 Mar 2016

There are no plans for a special support for ssh in the openshift router. There are plans to support tcp routing soon which should cover ssh too. See this work: #9454
The only alternative until then is to have ssh tunnel through https. The client needs to provide SNI though (e.g. use ssh with stunnel).

Please do not hesitate to re-open the issue if anything is unresolved.

rajatchopra picture rajatchopra on 24 Jun 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

davivd picture davivd  路  4Comments
enj picture enj  路  4Comments
thincal picture thincal  路  5Comments
syui picture syui  路  3Comments
edseymour picture edseymour  路  3Comments