Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow tunnel to ssh ports #178

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Allow tunnel to ssh ports #178

wants to merge 1 commit into from

Conversation

lalyos
Copy link

@lalyos lalyos commented Feb 9, 2025

I wondered if its possible to expose both http and ssh ports of a pod.
In my case I deployed gitea which has both.

After making the tunnel work by manually changing the tunnel configuration, I figgured what was missing:

  • in case of http(s) protocol the path make sense
  • for ssh (and probably for tcp) type it shouldn't be set

With a simple check I made the controller successfully expose my gitea ssh service via a cloudflare tunnel.

Example

Here is an ingress with all details:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    cloudflare-tunnel-ingress-controller.strrl.dev/backend-protocol: "ssh"
  name: gitea-ssh
  namespace: gitea
spec:
  ingressClassName: cloudflare-tunnel
  rules:
  - host: ssh.mydomain.com
    http:
      paths:
        - path: '/*'
          pathType: ImplementationSpecific
          backend:
            service:
              name: gitea-ssh
              port:
                number: 2222

I was using the official helm chart to deploy gitea, and first the svc had a couple of issue:

  • it was headless (ClusteIp: None) which is not supported
  • there was a port mapping 22->2222 (port:22, targetPort:2222) which is convenient inside the cluster, so one can ssh with a servicename, skipping the port spec, but it did not work

The final relevant chart values to fix the service:

helm upgrade -i  \
  gitea \
  --repo https://dl.gitea.io/charts  \
  gitea \
  --version 10.6.0 \
  --namepace gitea \
  --create-namespace \
  --values values-gitea.yaml

The content of values-gitea.yaml

service:
  http:
    clusterIP:
  ssh:
    clusterIP:
    port: 2222
    targetPort: 2222

@lalyos lalyos changed the title make ssh tunnel work Allow tunnel to ssh ports Feb 9, 2025
@lalyos
Copy link
Author

lalyos commented Feb 9, 2025

In case somebody want to test it, I've pushed my image to dockerhub.

helm upgrade -i \
  cf-tunnel \
  --repo https://helm.strrl.dev cloudflare-tunnel-ingress-controller \
  --namespace cloudflare-ingress \
  --create-namespace \
  --values values-cf-tunnel.yaml

Where values-cf-tunnel.yaml:

image:
  repository: lalyos/cloudflare-tunnel-ingress-controller

cloudflare:
  accountId: 888888888888faeb6fd019aaaaaa
  apiToken: qYBe_khasdkjhasdakhsdCPPU
  tunnelName: k8s-ssh-ing
ingressClass:
  name: cloudflare-tunnel
  isDefaultClass: true

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lalyos