Skip to content
This repository was archived by the owner on Jun 11, 2025. It is now read-only.

Commit 86e6a95

Browse files
committed
feat: workmachine ssh gen
1 parent 96a25ca commit 86e6a95

7 files changed

Lines changed: 94 additions & 23 deletions

File tree

apis/crds/v1/workmachine_types.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -64,8 +64,8 @@ func (wms *WorkMachineSpec) GetCloudProvider() ct.CloudProvider {
6464
}
6565

6666
type WorkMachineStatus struct {
67-
rApi.Status `json:"status,omitempty"`
68-
MachinePulicSSHKey string `json:"machineSSHKey,omitempty"`
67+
rApi.Status `json:"status,omitempty"`
68+
MachinePublicSSHKey string `json:"machineSSHKey,omitempty"`
6969
}
7070

7171
// +kubebuilder:object:root=true

cmd/agent-operator/main.go

Lines changed: 22 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -3,26 +3,35 @@ package main
33
import (
44
"github.com/kloudlite/operator/toolkit/operator"
55

6-
// helmCharts "github.com/kloudlite/operator/operators/helm-charts/controller"
6+
app "github.com/kloudlite/operator/operators/app-n-lambda/controller"
7+
helmCharts "github.com/kloudlite/operator/operators/helm-charts/controller"
78
lifecycle "github.com/kloudlite/operator/operators/lifecycle/controller"
8-
workspace "github.com/kloudlite/operator/operators/workspace/register"
99

10-
// routers "github.com/kloudlite/operator/operators/routers/controller"
10+
msvcAndMres "github.com/kloudlite/operator/operators/msvc-n-mres/controller"
11+
networkingv1 "github.com/kloudlite/operator/operators/networking/register"
12+
project "github.com/kloudlite/operator/operators/project/controller"
13+
resourceWatcher "github.com/kloudlite/operator/operators/resource-watcher/controller"
14+
15+
routers "github.com/kloudlite/operator/operators/routers/controller"
1116

17+
serviceIntercept "github.com/kloudlite/operator/operators/service-intercept/controller"
1218
workmachine "github.com/kloudlite/operator/operators/workmachine/register"
19+
workspace "github.com/kloudlite/operator/operators/workspace/register"
20+
pluginHelmChart "github.com/kloudlite/plugin-helm-chart/kloudlite"
21+
pluginMongoDB "github.com/kloudlite/plugin-mongodb/kloudlite"
1322
)
1423

1524
func main() {
1625
mgr := operator.New("agent-operator")
1726

1827
// kloudlite resources
19-
// app.RegisterInto(mgr)
20-
// project.RegisterInto(mgr)
21-
// helmCharts.RegisterInto(mgr)
22-
// routers.RegisterInto(mgr)
28+
app.RegisterInto(mgr)
29+
project.RegisterInto(mgr)
30+
helmCharts.RegisterInto(mgr)
31+
routers.RegisterInto(mgr)
2332

2433
// kloudlite managed services
25-
// msvcAndMres.RegisterInto(mgr)
34+
msvcAndMres.RegisterInto(mgr)
2635

2736
// msvcMongo.RegisterInto(mgr)
2837
// msvcRedis.RegisterInto(mgr)
@@ -32,19 +41,17 @@ func main() {
3241
lifecycle.RegisterInto(mgr)
3342

3443
// kloudlite resource status updates
35-
// resourceWatcher.RegisterInto(mgr)
44+
resourceWatcher.RegisterInto(mgr)
3645

3746
// distribution.RegisterInto(mgr)
3847

39-
// networkingv1.RegisterInto(mgr)
40-
41-
// serviceIntercept.RegisterInto(mgr)
48+
networkingv1.RegisterInto(mgr)
49+
serviceIntercept.RegisterInto(mgr)
4250
workmachine.RegisterInto(mgr)
4351
workspace.RegisterInto(mgr)
44-
// workmachine.RegisterInto(mgr)
4552

46-
// pluginMongoDB.RegisterInto(mgr)
47-
// pluginHelmChart.RegisterInto(mgr)
53+
pluginMongoDB.RegisterInto(mgr)
54+
pluginHelmChart.RegisterInto(mgr)
4855

4956
mgr.Start()
5057
}

go.mod

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ require (
2121
github.com/goombaio/namegenerator v0.0.0-20181006234301-989e774b106e
2222
github.com/influxdata/influxdb-client-go/v2 v2.14.0
2323
github.com/kloudlite/operator/toolkit v0.0.0-20250316093242-493e9b587c10
24+
github.com/kloudlite/plugin-helm-chart v0.0.0-20250317052100-fef043b111a2
2425
github.com/kloudlite/plugin-mongodb v0.0.0-20250316175205-312ba86d8873
2526
github.com/matoous/go-nanoid/v2 v2.1.0
2627
github.com/miekg/dns v1.1.62

go.sum

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -276,6 +276,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
276276
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
277277
github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
278278
github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
279+
github.com/kloudlite/plugin-helm-chart v0.0.0-20250317052100-fef043b111a2 h1:4DoLvbPEjYVBMnNpVmeR9OoI6Q9kebd6HnDpkwFts+Y=
280+
github.com/kloudlite/plugin-helm-chart v0.0.0-20250317052100-fef043b111a2/go.mod h1:TZUQ5mREV+UjGVJhPsgmHMS67Mlf2Guit4905Pi/5sc=
279281
github.com/kloudlite/plugin-mongodb v0.0.0-20250316175205-312ba86d8873 h1:6GKV4bZoNzCC5JvyqxHAhjXXSpSjzAXQHklwXqz5YJQ=
280282
github.com/kloudlite/plugin-mongodb v0.0.0-20250316175205-312ba86d8873/go.mod h1:dqT/Qia369uD783N8N58RZPhRPZXywV85nLGDwcq698=
281283
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=

operators/workmachine/internal/controllers/workmachine/controller.go

Lines changed: 32 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ import (
1313
"github.com/kloudlite/operator/operators/workmachine/internal/env"
1414
"github.com/kloudlite/operator/operators/workmachine/internal/templates"
1515
"github.com/kloudlite/operator/pkg/constants"
16+
"github.com/kloudlite/operator/pkg/ssh"
1617
fn "github.com/kloudlite/operator/toolkit/functions"
1718
"github.com/kloudlite/operator/toolkit/kubectl"
1819
rApi "github.com/kloudlite/operator/toolkit/reconciler"
@@ -46,10 +47,11 @@ func (r *Reconciler) GetName() string {
4647
}
4748

4849
const (
49-
createWorkMachineJob string = "create-work-machine-job"
50-
createTargetNamespace string = "create-target-namespace"
51-
createSSHPublicKeysSecret string = "create-ssh-public-keys-secret"
52-
createSSHJumpServerDeployment string = "create-ssh-jumpserver-deployment"
50+
createWorkMachineJob string = "create-work-machine-job"
51+
createTargetNamespace string = "create-target-namespace"
52+
createSSHPublicKeysSecret string = "create-ssh-public-keys-secret"
53+
createMachinePublicPrivateKeyPair string = "create-machine-public-private-key-pair"
54+
createSSHJumpServerDeployment string = "create-ssh-jumpserver-deployment"
5355
)
5456

5557
const (
@@ -333,6 +335,31 @@ func (r *Reconciler) createSSHPublicKeysSecret(req *rApi.Request[*crdsv1.WorkMac
333335
return check.Failed(err)
334336
}
335337

338+
if secret.Data["private_key"] == nil || secret.Data["public_key"] == nil {
339+
privateKeyPEM, publicKey, err := ssh.GenerateSSHKeyPair()
340+
if err != nil {
341+
return check.Failed(err)
342+
}
343+
344+
if _, err := controllerutil.CreateOrUpdate(ctx, r.Client, secret, func() error {
345+
if secret.Data == nil {
346+
secret.Data = make(map[string][]byte, 2)
347+
}
348+
secret.Data["public_key"] = publicKey
349+
secret.Data["private_key"] = privateKeyPEM
350+
return nil
351+
}); err != nil {
352+
return check.Failed(err)
353+
}
354+
}
355+
356+
// if obj.Status.MachinePublicSSHKey == "" {
357+
// obj.Status.MachinePublicSSHKey = string(secret.Data["public_key"])
358+
// if err := r.Status().Update(ctx, obj); err != nil {
359+
// return check.Failed(err)
360+
// }
361+
// }
362+
336363
return check.Completed()
337364
}
338365

@@ -353,7 +380,7 @@ func (r *Reconciler) createSSHJumpServer(req *rApi.Request[*crdsv1.WorkMachine])
353380
return check.Failed(err)
354381
}
355382

356-
deployment := &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: sshJumpServerName, Namespace: obj.Namespace}}
383+
deployment := &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: sshJumpServerName, Namespace: obj.Spec.TargetNamespace}}
357384
if _, err := controllerutil.CreateOrUpdate(ctx, r.Client, deployment, func() error {
358385
deployment.SetOwnerReferences([]metav1.OwnerReference{fn.AsOwner(obj, true)})
359386
fn.MapSet(&deployment.Annotations, constants.DescriptionKey, "this deployment is a ssh jump server used to allow users to jump to different workspaces")

operators/workmachine/internal/templates/ssh-jumpserver-deployment-spec.yml.tpl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ template:
1414
volumeMounts:
1515
- name: ssh-secret
1616
mountPath: /home/kl/.ssh/authorized_keys
17-
subPath: authorized_keys
17+
subPath: authorized_keys
1818

1919
volumes:
2020
- name: ssh-secret

pkg/ssh/gen_keys.go

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
package ssh
2+
3+
import (
4+
"crypto/rand"
5+
"crypto/rsa"
6+
"crypto/x509"
7+
"encoding/pem"
8+
9+
"golang.org/x/crypto/ssh"
10+
)
11+
12+
func GenerateSSHKeyPair() (privateKeyPEM []byte, publicKey []byte, err error) {
13+
// Generate RSA private key
14+
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
15+
if err != nil {
16+
return nil, nil, err
17+
}
18+
19+
// Encode private key to PEM format
20+
privDER := x509.MarshalPKCS1PrivateKey(privateKey)
21+
privPEM := pem.EncodeToMemory(&pem.Block{
22+
Type: "RSA PRIVATE KEY",
23+
Bytes: privDER,
24+
})
25+
26+
// Generate public key in OpenSSH authorized_keys format
27+
pub, err := ssh.NewPublicKey(&privateKey.PublicKey)
28+
if err != nil {
29+
return nil, nil, err
30+
}
31+
pubBytes := ssh.MarshalAuthorizedKey(pub)
32+
33+
return privPEM, pubBytes, nil
34+
}

0 commit comments

Comments
 (0)