Change port of ssh reverse tunnel to 443 (gardener#8606)

* Change port of ssh reverse tunnel to 443 * Grep for the host instead of port 443 in lifeness probe.
nickytd · Oct 5, 2023 · 2dcb071 · 2dcb071
1 parent 266eb58
commit 2dcb071
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 7 deletions.
diff --git a/example/provider-extensions/seed/configure-seed.sh b/example/provider-extensions/seed/configure-seed.sh
@@ -211,7 +211,7 @@ fi
 
 echo "Create host and client keys for SSH reverse tunnel"
 "$SCRIPT_DIR"/../ssh-reverse-tunnel/prepare-seed-dir.sh "$seed_name"
-"$SCRIPT_DIR"/../ssh-reverse-tunnel/create-host-keys.sh "$seed_name" "$relay_domain" 6222
+"$SCRIPT_DIR"/../ssh-reverse-tunnel/create-host-keys.sh "$seed_name" "$relay_domain" 443
 "$SCRIPT_DIR"/../ssh-reverse-tunnel/create-client-keys.sh "$seed_name" "$relay_domain"
 
 echo "Deploying kyverno, SSH reverse tunnel and container registry"

diff --git a/example/provider-extensions/ssh-reverse-tunnel/base/ssh/files/entrypoint.sh b/example/provider-extensions/ssh-reverse-tunnel/base/ssh/files/entrypoint.sh
@@ -21,4 +21,4 @@ host=$(cat /gardener-apiserver-ssh-keys/host)
 
 # Connect to sshd for gardener-apiserver reverse tunnel
 echo "Connecting to sshd for gardener-apiserver reverse tunnel @ $host"
-exec ssh "root@$host" -R 6443:kubernetes.default.svc.cluster.local:443 -NT -p 6222 -F /gardener_apiserver_ssh/ssh_config
+exec ssh "root@$host" -R 6443:kubernetes.default.svc.cluster.local:443 -NT -p 443 -F /gardener_apiserver_ssh/ssh_config
diff --git a/example/provider-extensions/ssh-reverse-tunnel/base/ssh/ssh_deployment.yaml b/example/provider-extensions/ssh-reverse-tunnel/base/ssh/ssh_deployment.yaml
@@ -24,7 +24,7 @@ spec:
             command:
             - sh
             - "-c"
-            - "netstat | grep 6222"
+            - "netstat | grep gardener-apiserver-tunnel-ssh"
         volumeMounts:
         - name: gardener-apiserver-ssh
           mountPath: /gardener_apiserver_ssh

diff --git a/example/provider-extensions/ssh-reverse-tunnel/base/sshd/files/sshd_config b/example/provider-extensions/ssh-reverse-tunnel/base/sshd/files/sshd_config
@@ -1,4 +1,4 @@
-Port 6222
+Port 443
 ListenAddress 0.0.0.0
 
 HostKey /gardener-apiserver-ssh-keys/ssh_host_rsa_key

diff --git a/example/provider-extensions/ssh-reverse-tunnel/base/sshd/sshd_deployment.yaml b/example/provider-extensions/ssh-reverse-tunnel/base/sshd/sshd_deployment.yaml
@@ -40,7 +40,7 @@ spec:
         - name: https
           containerPort: 6443
         - name: ssh
-          containerPort: 6222
+          containerPort: 433
       volumes:
       - name: gardener-apiserver-sshd
         configMap:

diff --git a/example/provider-extensions/ssh-reverse-tunnel/load-balancer/load-balancer.yaml b/example/provider-extensions/ssh-reverse-tunnel/load-balancer/load-balancer.yaml
@@ -11,6 +11,6 @@ spec:
   ports:
   - name: gardener-apiserver-tunnel
     protocol: TCP
-    port: 6222
-    targetPort: 6222
+    port: 443
+    targetPort: 443
   type: LoadBalancer