Cluster information:
Kubernetes version: v1.17.4+k3s1
Cloud being used: bare-metal
Installation method: k3s install script
Host OS: Arch Linux
The goal
I’m hosting a Gitea instance right now. http
works fine, but I’m trying to get ssh
to work.
git clone git@git.mydomain.com:sseneca/report.git
works as expected.
What I think I need to do
- Generate
ssh
keys within container
- Ingress Controller map outside port
22
to service (running via standard port 22
)
Problems
I don’t know if the above is correct. Also, I access my nodes via ssh on port 22. Won’t there be a conflict?
I had this working at one point, but I’ve lost the configuration that it ran on. I didn’t get it to work on port 22; there are options on the container you can set via an environment variable that will change it. I used 2222. At the time I had it working, I was not using the k3s-supplied traefik ingress or the servicelb; I had nginx for ingress and was using metallb. I’m still trying to get back to the point where it works.
Actually, I got it working. I had a permissions issue with the contents of /data/ssh in the container, because of how I mounted the PVC. Anyway, here’s what I did:
- Start the cluster master with the
--disable servicelb
option.
- Installed metallb using
helm install metallb stable/metallb --namespace kube-system --set configInline.address-pools[0].name=default --set configInline.address-pools[0].protocol=layer2 --set configInline.address-pools[0].addresses[0]=10.0.96.200-10.0.96.220
- In the deployment for gitea, set SSH_DOMAIN to my domain, and SSH_PORT to 2222.
- Use this yaml for the ssh service:
`apiVersion: v1
kind: Service
metadata:
name: gitea-ssh
namespace: gitea
spec:
ports:
- name: gitea-ssh
port: 2222
targetPort: 2222
protocol: TCP
selector:
app: gitea
type: LoadBalancer`
I generally followed this post from Ruan Bekker to set up gitea and drone; the only place I deviated from his manifests were related to the PVCs, because I’m using local-storage (I have /var/lib/rancher/k3s/storage
nfs-mounted on all my nodes.)