2025-02-13 13:55:41 +01:00
|
|
|
name: Emergency ssh
|
|
|
|
|
description: "Verify that an emergency ssh connection can be established."
|
|
|
|
|
|
|
|
|
|
inputs:
|
|
|
|
|
workspace:
|
|
|
|
|
description: "The constellation workspace directory."
|
|
|
|
|
required: true
|
|
|
|
|
kubeconfig:
|
|
|
|
|
description: "The kubeconfig file for the cluster."
|
|
|
|
|
required: true
|
|
|
|
|
|
|
|
|
|
runs:
|
|
|
|
|
using: "composite"
|
|
|
|
|
steps:
|
|
|
|
|
- name: Test emergency ssh
|
|
|
|
|
shell: bash
|
|
|
|
|
env:
|
|
|
|
|
KUBECONFIG: ${{ inputs.kubeconfig }}
|
|
|
|
|
run: |
|
|
|
|
|
# Activate emergency ssh access to the cluster
|
|
|
|
|
echo "emergency_ssh = true" >> terraform.tfvars
|
|
|
|
|
terraform apply -auto-approve
|
|
|
|
|
lb="$(terraform output -raw loadbalancer_address)"
|
|
|
|
|
|
|
|
|
|
# write ssh config
|
|
|
|
|
cat > ssh_config <<EOF
|
|
|
|
|
Host $lb
|
|
|
|
|
ProxyJump none
|
|
|
|
|
|
2025-02-13 16:44:01 +01:00
|
|
|
Host *
|
|
|
|
|
IdentityFile ./access-key
|
|
|
|
|
PreferredAuthentications publickey
|
|
|
|
|
CertificateFile=constellation_cert.pub
|
|
|
|
|
User root
|
|
|
|
|
ProxyJump $lb
|
2025-02-13 13:55:41 +01:00
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
# generate and try keypair
|
|
|
|
|
ssh-keygen -t ecdsa -q -N "" -f ./access-key
|
|
|
|
|
constellation ssh --debug --key ./access-key.pub
|
|
|
|
|
internalIPs="$(kubectl get nodes -o=jsonpath='{.items[*].status.addresses}' | jq -r '.[] | select(.type == "InternalIP") | .address')"
|
|
|
|
|
for ip in internalIPs; do
|
2025-02-18 11:50:15 +01:00
|
|
|
ssh -F ssh_config -o BatchMode=yes $ip true
|
2025-02-13 13:55:41 +01:00
|
|
|
done
|
