feat: workmachine ssh gen

Author: nxtcoder17

apis/crds/v1/workmachine_types.go

@@ -64,8 +64,8 @@ func (wms *WorkMachineSpec) GetCloudProvider() ct.CloudProvider {
 }
 
 type WorkMachineStatus struct {
-	rApi.Status        `json:"status,omitempty"`
-	MachinePulicSSHKey string `json:"machineSSHKey,omitempty"`
+	rApi.Status         `json:"status,omitempty"`
+	MachinePublicSSHKey string `json:"machineSSHKey,omitempty"`
 }
 
 // +kubebuilder:object:root=true

cmd/agent-operator/main.go

@@ -3,26 +3,35 @@ package main
 import (
 	"github.com/kloudlite/operator/toolkit/operator"
 
-	// helmCharts "github.com/kloudlite/operator/operators/helm-charts/controller"
+	app "github.com/kloudlite/operator/operators/app-n-lambda/controller"
+	helmCharts "github.com/kloudlite/operator/operators/helm-charts/controller"
 	lifecycle "github.com/kloudlite/operator/operators/lifecycle/controller"
-	workspace "github.com/kloudlite/operator/operators/workspace/register"
 
-	// routers "github.com/kloudlite/operator/operators/routers/controller"
+	msvcAndMres "github.com/kloudlite/operator/operators/msvc-n-mres/controller"
+	networkingv1 "github.com/kloudlite/operator/operators/networking/register"
+	project "github.com/kloudlite/operator/operators/project/controller"
+	resourceWatcher "github.com/kloudlite/operator/operators/resource-watcher/controller"
+
+	routers "github.com/kloudlite/operator/operators/routers/controller"
 
+	serviceIntercept "github.com/kloudlite/operator/operators/service-intercept/controller"
 	workmachine "github.com/kloudlite/operator/operators/workmachine/register"
+	workspace "github.com/kloudlite/operator/operators/workspace/register"
+	pluginHelmChart "github.com/kloudlite/plugin-helm-chart/kloudlite"
+	pluginMongoDB "github.com/kloudlite/plugin-mongodb/kloudlite"
 )
 
 func main() {
 	mgr := operator.New("agent-operator")
 
 	// kloudlite resources
-	// app.RegisterInto(mgr)
-	// project.RegisterInto(mgr)
-	// helmCharts.RegisterInto(mgr)
-	// routers.RegisterInto(mgr)
+	app.RegisterInto(mgr)
+	project.RegisterInto(mgr)
+	helmCharts.RegisterInto(mgr)
+	routers.RegisterInto(mgr)
 
 	// kloudlite managed services
-	// msvcAndMres.RegisterInto(mgr)
+	msvcAndMres.RegisterInto(mgr)
 
 	// msvcMongo.RegisterInto(mgr)
 	// msvcRedis.RegisterInto(mgr)
@@ -32,19 +41,17 @@ func main() {
 	lifecycle.RegisterInto(mgr)
 
 	// kloudlite resource status updates
-	// resourceWatcher.RegisterInto(mgr)
+	resourceWatcher.RegisterInto(mgr)
 
 	// distribution.RegisterInto(mgr)
 
-	// networkingv1.RegisterInto(mgr)
-
-	// serviceIntercept.RegisterInto(mgr)
+	networkingv1.RegisterInto(mgr)
+	serviceIntercept.RegisterInto(mgr)
 	workmachine.RegisterInto(mgr)
 	workspace.RegisterInto(mgr)
-	// workmachine.RegisterInto(mgr)
 
-	// pluginMongoDB.RegisterInto(mgr)
-	// pluginHelmChart.RegisterInto(mgr)
+	pluginMongoDB.RegisterInto(mgr)
+	pluginHelmChart.RegisterInto(mgr)
 
 	mgr.Start()
 }

go.mod

@@ -21,6 +21,7 @@ require (
 	github.com/goombaio/namegenerator v0.0.0-20181006234301-989e774b106e
 	github.com/influxdata/influxdb-client-go/v2 v2.14.0
 	github.com/kloudlite/operator/toolkit v0.0.0-20250316093242-493e9b587c10
+	github.com/kloudlite/plugin-helm-chart v0.0.0-20250317052100-fef043b111a2
 	github.com/kloudlite/plugin-mongodb v0.0.0-20250316175205-312ba86d8873
 	github.com/matoous/go-nanoid/v2 v2.1.0
 	github.com/miekg/dns v1.1.62

go.sum

@@ -276,6 +276,8 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc=
 github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0=
+github.com/kloudlite/plugin-helm-chart v0.0.0-20250317052100-fef043b111a2 h1:4DoLvbPEjYVBMnNpVmeR9OoI6Q9kebd6HnDpkwFts+Y=
+github.com/kloudlite/plugin-helm-chart v0.0.0-20250317052100-fef043b111a2/go.mod h1:TZUQ5mREV+UjGVJhPsgmHMS67Mlf2Guit4905Pi/5sc=
 github.com/kloudlite/plugin-mongodb v0.0.0-20250316175205-312ba86d8873 h1:6GKV4bZoNzCC5JvyqxHAhjXXSpSjzAXQHklwXqz5YJQ=
 github.com/kloudlite/plugin-mongodb v0.0.0-20250316175205-312ba86d8873/go.mod h1:dqT/Qia369uD783N8N58RZPhRPZXywV85nLGDwcq698=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=

operators/workmachine/internal/controllers/workmachine/controller.go

@@ -13,6 +13,7 @@ import (
 	"github.com/kloudlite/operator/operators/workmachine/internal/env"
 	"github.com/kloudlite/operator/operators/workmachine/internal/templates"
 	"github.com/kloudlite/operator/pkg/constants"
+	"github.com/kloudlite/operator/pkg/ssh"
 	fn "github.com/kloudlite/operator/toolkit/functions"
 	"github.com/kloudlite/operator/toolkit/kubectl"
 	rApi "github.com/kloudlite/operator/toolkit/reconciler"
@@ -46,10 +47,11 @@ func (r *Reconciler) GetName() string {
 }
 
 const (
-	createWorkMachineJob          string = "create-work-machine-job"
-	createTargetNamespace         string = "create-target-namespace"
-	createSSHPublicKeysSecret     string = "create-ssh-public-keys-secret"
-	createSSHJumpServerDeployment string = "create-ssh-jumpserver-deployment"
+	createWorkMachineJob              string = "create-work-machine-job"
+	createTargetNamespace             string = "create-target-namespace"
+	createSSHPublicKeysSecret         string = "create-ssh-public-keys-secret"
+	createMachinePublicPrivateKeyPair string = "create-machine-public-private-key-pair"
+	createSSHJumpServerDeployment     string = "create-ssh-jumpserver-deployment"
 )
 
 const (
@@ -333,6 +335,31 @@ func (r *Reconciler) createSSHPublicKeysSecret(req *rApi.Request[*crdsv1.WorkMac
 		return check.Failed(err)
 	}
 
+	if secret.Data["private_key"] == nil || secret.Data["public_key"] == nil {
+		privateKeyPEM, publicKey, err := ssh.GenerateSSHKeyPair()
+		if err != nil {
+			return check.Failed(err)
+		}
+
+		if _, err := controllerutil.CreateOrUpdate(ctx, r.Client, secret, func() error {
+			if secret.Data == nil {
+				secret.Data = make(map[string][]byte, 2)
+			}
+			secret.Data["public_key"] = publicKey
+			secret.Data["private_key"] = privateKeyPEM
+			return nil
+		}); err != nil {
+			return check.Failed(err)
+		}
+	}
+
+	// if obj.Status.MachinePublicSSHKey == "" {
+	// 	obj.Status.MachinePublicSSHKey = string(secret.Data["public_key"])
+	// 	if err := r.Status().Update(ctx, obj); err != nil {
+	// 		return check.Failed(err)
+	// 	}
+	// }
+
 	return check.Completed()
 }
 
@@ -353,7 +380,7 @@ func (r *Reconciler) createSSHJumpServer(req *rApi.Request[*crdsv1.WorkMachine])
 		return check.Failed(err)
 	}
 
-	deployment := &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: sshJumpServerName, Namespace: obj.Namespace}}
+	deployment := &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: sshJumpServerName, Namespace: obj.Spec.TargetNamespace}}
 	if _, err := controllerutil.CreateOrUpdate(ctx, r.Client, deployment, func() error {
 		deployment.SetOwnerReferences([]metav1.OwnerReference{fn.AsOwner(obj, true)})
 		fn.MapSet(&deployment.Annotations, constants.DescriptionKey, "this deployment is a ssh jump server used to allow users to jump to different workspaces")

operators/workmachine/internal/templates/ssh-jumpserver-deployment-spec.yml.tpl

@@ -14,7 +14,7 @@ template:
         volumeMounts:
           - name: ssh-secret
             mountPath: /home/kl/.ssh/authorized_keys
-          subPath: authorized_keys
+            subPath: authorized_keys
 
     volumes:
       - name: ssh-secret

pkg/ssh/gen_keys.go

@@ -0,0 +1,34 @@
+package ssh
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+
+	"golang.org/x/crypto/ssh"
+)
+
+func GenerateSSHKeyPair() (privateKeyPEM []byte, publicKey []byte, err error) {
+	// Generate RSA private key
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	// Encode private key to PEM format
+	privDER := x509.MarshalPKCS1PrivateKey(privateKey)
+	privPEM := pem.EncodeToMemory(&pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: privDER,
+	})
+
+	// Generate public key in OpenSSH authorized_keys format
+	pub, err := ssh.NewPublicKey(&privateKey.PublicKey)
+	if err != nil {
+		return nil, nil, err
+	}
+	pubBytes := ssh.MarshalAuthorizedKey(pub)
+
+	return privPEM, pubBytes, nil
+}