This is not going to end well….
(Source: http://www.commitstrip.com/en/2018/04/11/the-price-of-backups/)
Tunnelling to Kubernetes Nodes & Pods via a Bastion
A quick note to remind myself (and other people) how to tunnel to a node (or pod) in Kubernetes via the bastion server
rm ~/.ssh/known_hosts #Needed if you keep scaling the bastion up/down
BASTION=bastion.{cluster-domain}
DEST=$1
ssh -o StrictHostKeyChecking=no -o ProxyCommand='ssh -o StrictHostKeyChecking=no -W %h:%p admin@bastion.{cluster-domain}' admin@$DEST
Run like this:
bash ./tunnelK8s.sh NODE_IP
Example:
bash ./tunnelK8s.sh 10.10.10.100 #Assuming 10.10.10.100 is the node you want to connect to.
You can extend this by using this to ssh into a pod, assuming the pod has an SSH server on it.
BASTION=bastion.${cluster domain name}
NODE=$1
NODEPORT=$2
PODUSER=$3
ssh -o ProxyCommand="ssh -W %h:%p admin@$BASTION" admin@$NODE ssh -tto StrictHostKeyChecking=no $PODUSER@localhost -p $NODEPORT
So if you have service listening on port 32000 on node 10.10.10.100 that expects a login user of "poduser", you would do this:
bash ./tunnelPod.sh 10.10.10.100 32000 poduser
If you have to pass a password you can install sshpass on the node, then use that (be aware of security risk though – this is not an ideal solution)
ssh -o ProxyCommand="ssh -W %h:%p admin@$BASTION" admin@$NODE sshpass -p ${password} ssh -tto StrictHostKeyChecking=no $PODUSER@localhost -p $NODEPORT
Caveat though — you will have to make sure that your node security group allows your bastion security group to talk to the nodes on the additional ports. By default, the only port that the bastions are able to talk to the node security groups on is SSH (22) only.
Share this:
Facebook Privacy (or lack of)
Facebook have been having a lot of bad publicity lately (and I would personally say it’s long overdue) and a lot of it over privacy. Now, there’s talk about Facebook lifting SMS and phone call information from Android phones with consent. Yes, Facebook asks for it, but you can (and should) refuse it access.
Later versions of Android allow you to revoke and change the permissions given to an app, and also prompt you again if the app asks for it.
My Facebook app has very little permissions on my device because I don’t trust it a single bit.
I also have Privacy Guard enabled and restricted. Whenever it wants to know my location, I can refuse it.
Share this:
The Genius of the London Tube Map
The London Tube map is iconic and TED has a talk about it.
Share this:
Motivation
Set your goals.
Break your limits.
Because you never know just how far you can go, unless you can’t see the end.
Share this:
Walking
After being out of training for a long while due to illness, I decided to fork out on Fitbit Coach and start using some of their workouts.
Today I decided to go out and try their walking workouts — an audio-driven workout around power walking
Share this:
Stephen Hawking
Saddened to hear about Stephen Hawking this morning.
While some may not agree with him on certain things, few can dispute his genius.
And the film of his life with Eddie Redmayne is an absolute blast.
