{"id":16408745,"url":"https://github.com/davidcollom/k8s-ssh-router","last_synced_at":"2026-05-14T08:41:26.210Z","repository":{"id":249810827,"uuid":"832605997","full_name":"davidcollom/k8s-ssh-router","owner":"davidcollom","description":null,"archived":false,"fork":false,"pushed_at":"2025-02-17T08:23:31.000Z","size":107,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"golang","last_synced_at":"2025-02-23T02:15:20.218Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/davidcollom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-23T11:04:49.000Z","updated_at":"2024-12-13T15:51:07.000Z","dependencies_parsed_at":"2024-07-23T14:04:23.185Z","dependency_job_id":"61abb57a-7d6e-45fa-b5b9-24bef76ddf51","html_url":"https://github.com/davidcollom/k8s-ssh-router","commit_stats":null,"previous_names":["davidcollom/k8s-ssh-routing","davidcollom/k8s-ssh-router"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidcollom%2Fk8s-ssh-router","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidcollom%2Fk8s-ssh-router/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidcollom%2Fk8s-ssh-router/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davidcollom%2Fk8s-ssh-router/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davidcollom","download_url":"https://codeload.github.com/davidcollom/k8s-ssh-router/tar.gz/refs/heads/golang","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240400292,"owners_count":19795331,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-11T06:17:42.758Z","updated_at":"2026-05-14T08:41:21.187Z","avatar_url":"https://github.com/davidcollom.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# k8s-ssh-router\n\n`k8s-ssh-router` is a Go application designed to handle SSH connections and forward them to specific services within a Kubernetes cluster. It uses Kubernetes secrets for authentication and supports various SSH functionalities, including SFTP.\n\n## Features\n\n- **SSH Authentication:** Uses Kubernetes secrets for user authentication.\n- **Forwarding:** Forwards SSH connections to specific services in the cluster.\n- **SFTP Support:** Supports file transfers via SFTP.\n- **Metrics:** Exposes Prometheus metrics for active sessions.\n- **Configurable:** Various options can be configured via command-line arguments or environment variables.\n\n## Why This Solution?\n\n### Secure SSH Access\n\nSSH does not natively support TLS, making it less secure compared to modern protocols that do. This solution ensures secure access by handling authentication and authorization within the Kubernetes cluster, leveraging Kubernetes secrets for storing user credentials.\n\n### Cost-Effective Scaling\n\nRunning multiple LoadBalancer services can be expensive and may not scale well due to IP address limitations. This solution uses a single LoadBalancer service to route SSH traffic to multiple backend pods, significantly reducing costs and simplifying management.\n\n### Auto-Scaling\n\nManaging a fixed number of SSH servers can lead to either over-provisioning or under-provisioning of resources. This solution uses Prometheus metrics to dynamically scale the number of SSH gateway pods based on actual usage, ensuring optimal resource utilization.\n\n## Table of Contents\n\n- [k8s-ssh-router](#k8s-ssh-router)\n  - [Features](#features)\n  - [Why This Solution?](#why-this-solution)\n    - [Secure SSH Access](#secure-ssh-access)\n    - [Cost-Effective Scaling](#cost-effective-scaling)\n    - [Auto-Scaling](#auto-scaling)\n  - [Table of Contents](#table-of-contents)\n  - [Installation](#installation)\n  - [Usage](#usage)\n    - [Running the application](#running-the-application)\n    - [Configuration](#configuration)\n  - [Development](#development)\n    - [Prerequisites](#prerequisites)\n      - [Running Tests](#running-tests)\n      - [Building the Docker Image](#building-the-docker-image)\n  - [CI/CD Pipeline](#cicd-pipeline)\n  - [Dependencies Management](#dependencies-management)\n  - [Contributing](#contributing)\n  - [License](#license)\n\n## Installation\n\nTo install the `k8s-ssh-router`, you need to have Go installed. You can then build the application from source.\n\n```bash\ngit clone https://github.com/davidcollom/k8s-ssh-router.git\ncd k8s-ssh-router\ngo build -o k8s-ssh-router ./cmd\n```\n\nYou can also pull the Docker image from GitHub Container Registry (GHCR):\n\n```sh\ndocker pull ghcr.io/davidcollom/k8s-ssh-router:latest\n```\n\n\n## Usage\n\n### Running the application\n\nTo run the application, you can use the built binary:\n\n```sh\n./k8s-ssh-router --reconcile-interval 60 --ssh-port 2222 --metrics-port 9090 --namespace default --private-key-path /path/to/id_rsa\n```\n\nOr you can run it using Docker:\n\n```sh\ndocker run -d -p 2222:2222 -p 9090:9090 \\\n  -e RECONCILE_INTERVAL=60 \\\n  -e SSH_PORT=2222 \\\n  -e METRICS_PORT=9090 \\\n  -e NAMESPACE=default \\\n  -e PRIVATE_KEY_PATH=/path/to/id_rsa \\\n  ghcr.io/davidcollom/k8s-ssh-router:latest\n```\n\n### Configuration\n\nThe following options can be configured via command-line arguments or environment variables:\n\n- `--reconcile-interval` / `RECONCILE_INTERVAL`: Reconciliation interval in seconds (default: 60)\n- `--ssh-port` / `SSH_PORT`: SSH server port (default: 2222)\n- `--metrics-port` / `METRICS_PORT`: Metrics server port (default: 9090)\n- `--namespace` / `NAMESPACE`: Kubernetes namespace\n- `--private-key-path` / `PRIVATE_KEY_PATH`: Path to the private key file\n\n## Development\n\n### Prerequisites\n\n- Go 1.21 or later\n- Docker\n\n#### Running Tests\n\nTo run the tests locally:\n\n```sh\ngo tst ./... -v\n```\n\n#### Building the Docker Image\n\nTo build the Docker image:\n\n```sh\ndocker build -t ghcr.io/davidcollom/k8s-ssh-router:latest .\n```\n\n\n## CI/CD Pipeline\n\nThis project uses GitHub Actions for continuous integration and deployment. The workflow is defined in `.github/workflows/go.yml`.\n\n## Dependencies Management\n\nThis project uses Dependabot to keep dependencies up to date. The configuration is defined in `.github/dependabot.yml`.\n\n\n## Contributing\n\nContributions are welcome! Please open an issue or submit a pull request for any changes.\n\n## License\n\nThis project is licensed under the Apache 2.0 License. See the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidcollom%2Fk8s-ssh-router","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavidcollom%2Fk8s-ssh-router","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavidcollom%2Fk8s-ssh-router/lists"}