apiVersion: v1
kind: Pod
metadata:
name: alpine-ssh
spec:
hostNetwork: true
securityContext:
runAsUser: 0
containers:
- name: alpine-ssh
image: alpine
env:
- name: SSH_AUTHORIZED_KEYS
value: |
ssh-rsa <your_public_ssh_key_1>
ssh-rsa <your_public_ssh_key_2>
command:
- "/bin/sh"
- "-c"
- |
apk add --no-cache openssh-server && \
mkdir -p /root/.ssh && \
echo "$SSH_AUTHORIZED_KEYS" > /root/.ssh/authorized_keys && \
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config && \
ssh-keygen -A && \
/usr/sbin/sshd -D
volumeMounts:
- name: host-root
mountPath: /host
readOnly: true
- name: var-log-pods
mountPath: /var/log/pods
readOnly: true
- name: run-containerd
mountPath: /run/containerd
readOnly: true
volumes:
- name: host-root
hostPath:
path: /
type: Directory
- name: var-log-pods
hostPath:
path: /var/log/pods
type: Directory
- name: run-containerd
hostPath:
path: /run/containerd
type: Directory- uses host port 22
ssh root@<node-ip>- use as static pod or add add this for node:
nodeSelector: kubernetes.io/hostname: '<hostname>' - ssh host key is gerneated every time.
ssh-keygen -R "<host>"can be used for removing known host key. - containerd
- Install
apk add cri-tools --allow-untrusted --repository http://dl-3.alpinelinux.org/alpine/edge/testing/ - Set containerd.sock
echo 'runtime-endpoint: unix:///run/containerd/containerd.sock' > /etc/crictl.yaml - List containers
crictl ps
- Install
Create a new entry at machine.pods[] for either the control-plane or worker config, then apply-config.