Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: implement RFC 16 to allow emergency node access #3557

Open
wants to merge 46 commits into
base: main
Choose a base branch
from
Open

feat: implement RFC 16 to allow emergency node access #3557

wants to merge 46 commits into from

Conversation

miampf
Copy link
Contributor

@miampf miampf commented Dec 19, 2024
edited
Loading

Context

This PR aims to implement RFC 16: Node access.

Proposed change(s)

This PR only implements part of the RFC. Currently, the following is implemented:

  • The openssh-server package was added to the node image
  • OpenSSH was configured to only allow public key authentication and use a CA public key as a user certificate
    • The derivation of this certificate will be handled in another PR.
  • A new terraform variable emergency_ssh was added to allow control over load balancing ports. Currently, this is implemented (and tested) for
    • azure
    • aws
    • gcp
    • openstack
  • The emergency ssh e2e tests on this PR don't work since they reference the latest debug image build from main, which does not include the SSH server. The "all at once" test under additional information uses the same workflow, but with an image built from this branch.

Additional info

Checklist

  • Run the E2E tests that are relevant to this PR's changes
  • Update docs
  • Add labels (e.g., for changelog category)
  • Is PR title adequate for changelog?

@miampf miampf added dependencies Pull requests that update a dependency file feature This introduces new functionality hold This cannot be merged right now labels Dec 19, 2024
@miampf miampf requested a review from burgerdev December 19, 2024 14:13
@netlify Netlify
Copy link

netlify bot commented Dec 19, 2024
edited
Loading

Deploy Preview for constellation-docs canceled.

Name Link
🔨 Latest commit 0d37ff2
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/67d032ca6e2dea00088a5e06

@miampf miampf force-pushed the miampf/basic-node-access branch from 6dd69c2 to 95f1f94 Compare December 19, 2024 14:14
@miampf miampf force-pushed the miampf/basic-node-access branch from bd15153 to 897662d Compare January 2, 2025 09:58
burgerdev
burgerdev reviewed Jan 2, 2025
View reviewed changes
@miampf miampf force-pushed the miampf/basic-node-access branch 2 times, most recently from 05eef85 to c5acd89 Compare January 7, 2025 10:20
@miampf miampf mentioned this pull request Jan 7, 2025
Merged
5 tasks
@miampf miampf force-pushed the miampf/basic-node-access branch 7 times, most recently from 607c62e to 7e9315f Compare January 16, 2025 10:41
@miampf miampf force-pushed the miampf/basic-node-access branch 2 times, most recently from b5849db to 37b42ea Compare January 21, 2025 11:20
@daniel-weisse daniel-weisse removed the dependencies Pull requests that update a dependency file label Jan 24, 2025
@miampf miampf force-pushed the miampf/basic-node-access branch 5 times, most recently from fadd6c5 to 643a93f Compare January 30, 2025 12:09
@miampf miampf force-pushed the miampf/basic-node-access branch 4 times, most recently from 2cb1e71 to d074b98 Compare February 11, 2025 10:18
miampf added 23 commits March 11, 2025 13:55
@miampf
e2e: propagate create workspace
474e41f 
Unneeded, later changed back
@miampf
e2e: add emergency ssh workflow
5ae8454
@miampf
e2e: add emergency ssh test option to workflow
607f5b3
@miampf
e2e: added forgotten machine type for runner
6e6a847
@miampf
e2e: actually treat steps as steps
c7cacc8
@miampf
e2e: add `emergency ssh to e2e test action
a428e68
@miampf
e2e: fix some problems in action
7269f80
@miampf
terraform: add loadbalancer_address output to GCP and AWS
204c21b
@miampf
e2e: install terraform for test
7a7d406
@miampf
e2e: fix variable names
00f1a5e
@miampf
e2e: switch to terraform directory correctly
91186f6
@miampf
e2e: don't check host keys
57e0e23
@miampf
chore: fix rebase
d05e9a7
@miampf
fix: typo in CLI
a695f4c
@miampf
terraform: add loadbalancer_address output to STACKIT
a65f435
@miampf
terraform: loadbalancer_address outputs in correct section
eb68996
@miampf
e2e: correct permissions
21408de
@miampf
e2e: bump k8s version in workflow
60226e0
@miampf
chore: update branch
1a51ef3
@miampf
e2e: improve test ergonomics & reliability
0388596
@miampf
chore: fix rebase
180e695
@miampf
e2e: finish test
ddd618a
@miampf
chore: remove unwanted changes
0d37ff2
@miampf miampf force-pushed the miampf/basic-node-access branch from d484612 to 0d37ff2 Compare March 11, 2025 12:55
@github-actions GitHub Actions
Copy link
Contributor

Coverage report

Package Old New Trend
cli/internal/cmd 57.90% 57.90% ↔️

@miampf miampf marked this pull request as ready for review March 11, 2025 15:56
@miampf miampf requested review from msanft and thomasten as code owners March 11, 2025 15:56
@miampf miampf removed the hold This cannot be merged right now label Mar 11, 2025
@miampf miampf requested a review from burgerdev March 11, 2025 15:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@msanft msanft Awaiting requested review from msanft msanft is a code owner

@thomasten thomasten Awaiting requested review from thomasten thomasten is a code owner

@burgerdev burgerdev Awaiting requested review from burgerdev

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
feature This introduces new functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@miampf @burgerdev @daniel-weisse