{"id":16248181,"url":"https://github.com/rmohr/jumppod","last_synced_at":"2026-04-26T22:31:51.241Z","repository":{"id":70309645,"uuid":"376000544","full_name":"rmohr/jumppod","owner":"rmohr","description":"Example repository on how to make use of a ssh jump-pod in kubevirt","archived":false,"fork":false,"pushed_at":"2021-06-22T13:08:04.000Z","size":17,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-02-14T08:23:34.537Z","etag":null,"topics":["ansible","automation","bastion","jumphost","jumppod","kubevirt"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rmohr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-11T11:19:04.000Z","updated_at":"2022-03-29T09:17:53.000Z","dependencies_parsed_at":"2023-02-25T03:00:23.815Z","dependency_job_id":null,"html_url":"https://github.com/rmohr/jumppod","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rmohr%2Fjumppod","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rmohr%2Fjumppod/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rmohr%2Fjumppod/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rmohr%2Fjumppod/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rmohr","download_url":"https://codeload.github.com/rmohr/jumppod/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247839244,"owners_count":21004722,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","automation","bastion","jumphost","jumppod","kubevirt"],"created_at":"2024-10-10T14:40:40.237Z","updated_at":"2026-04-26T22:31:51.235Z","avatar_url":"https://github.com/rmohr.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# jumppod\n\n## What does this do?\n\nSuppose you have ansible and you want to provision KubeVirt VMs in a kubernets\ncluster, jumppod can help you reaching all VMs in your inventory easily by\nkubernetes assigned DNS names by e.g. headless services.\n\nThe jumppod is a small sshd deployement for k8s. It can be easily deployed and\ncan be exposed via `kubectl port-forward`, `LoadBalancer` or `NodePort`\nservices.\n\nOnce running and exposed, you have a jump pod inside your kubernetes cluster\nwith KubeVirt, including kube-dns resolution.\n\nEnsure that your VMIs which you want to access are part of a headless service\n(https://kubevirt.io/user-guide/virtual_machines/dns/#dns-records) and you will\nhave nice DNS names for your VMs for ansible or yourself without the need for a\nton of `ClusterIP` services or plain IPs just for administrational tasks.\n\n## Security considerations\n\njumppod should be pretty safe to use:\n * The sshd servers in the jumppod deployment run in unprivileged pods.\n * The host-keys are provided via a secret and not regenerated to prevent MITM (so that you trust the host key signature and do not disable the checks).\n\n## Deploy jumppod\n\n### Publish host-keys for sshd as a secret and create the deployment\n\n```bash\nmkdir -p ~/etc/ssh \u0026\u0026 ssh-keygen -A -f ~/\nkubectl create secret generic host-keys --from-file=${HOME}/etc/ssh\nrm -rf ~/etc/ssh\nkubectl create -f https://raw.githubusercontent.com/rmohr/jumppod/main/manifests/deployment.yaml\n```\n\n### Manage access\n\nAccess can be given or revoked by updating a `configmap` called\n`authorized-keys` which contains a `authorized_keys` file.\n\nIt is easy to transform an existing `authorized_keys` file or your `id_rsa.pub`\nfile into the required configmap:\n\n```bash\nkubectl create configmap authorized-keys --from-file=authorized_keys=${HOME}/.ssh/id_rsa.pub\n```\n\n### Exposing the service via a NodePort\n\nCreate a nodeport service which will expose sshd on port\n`32222`:\n\n```bash\nkubectl create service nodeport sshd-nodeport --node-port 32222 --tcp 2222:2222\n```\n\nDefine an entry like this in `.ssh/config`\n\n```\nHost jumphost\n   HostName \u003cnode-ip\u003e\n   User nonroot\n   Port 32222\n```\n\n### Exposing the service via kubectl port-forward\n\nUsing `port-forward` to open a connection to your local machine:\n\n```bash\nkubectl port-forward svc/sshd 2222:22 \u0026\n```\n\nConnect to the ssh server:\n\n```bash\nssh nonroot@localhost -p 2222\n```\n\nWith the port-forward established, we can define a jumphost in our `.ssh/config` file:\n\n```\nHost jumphost\n   HostName localhost\n   User nonroot\n   Port 2222\n```\n\n### Define a headless service to assign nice uniqe DNS names to every VMI in a cluster\n\nWe now have defined a headless service which will create unique DNS entries for\neach of the two small Cirros VMs.\n\n```bash\nkubectl create -f example/vmis.yaml\n```\n\nOnce they are up, we can connect like this to them (password is `gocubsgo`):\n\n```bash\nssh cirros@cirros0.ansiblemachines -J jumphost\nssh cirros@cirros1.ansiblemachines -J jumphost\n```\n\nWe can also define entries in `.ssh/config` which will use the jumphost automatically:\n\n```\nHost cirros0.ansiblemachines\n   HostName cirros0.ansiblemachines\n   User cirros\n   ProxyJump jumphost\nHost cirros1.ansiblemachines\n   HostName cirros1.ansiblemachines\n   User cirros\n   ProxyJump jumphost\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frmohr%2Fjumppod","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frmohr%2Fjumppod","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frmohr%2Fjumppod/lists"}