From 74bd6410bea0ba6574b16ada5a472f8e2d4b4976 Mon Sep 17 00:00:00 2001
From: Oskar <oskar@severalnines.com>
Date: Tue, 9 Apr 2024 11:09:28 +0000
Subject: [PATCH] SSH support

---
 .../clustercontrol/templates/deployment.yaml  | 14 +++++
 charts/clustercontrol/templates/ingress.yaml  | 61 +++++++++++++++++++
 charts/clustercontrol/templates/service.yaml  |  4 ++
 3 files changed, 79 insertions(+)

diff --git a/charts/clustercontrol/templates/deployment.yaml b/charts/clustercontrol/templates/deployment.yaml
index cbf64d3..2a67e4a 100644
--- a/charts/clustercontrol/templates/deployment.yaml
+++ b/charts/clustercontrol/templates/deployment.yaml
@@ -168,6 +168,20 @@ spec:
         resources:
           {{- toYaml . | nindent 10 }}
         {{- end }}
+      - name: cmon-ssh
+        image: {{ .Values.cmon.image | required ".Values.cmon.image is missing" }}
+        command: ['sh', '-c', '/usr/sbin/cmon-ssh']
+        ports:
+        - containerPort: 9511
+          protocol: TCP
+          name: cmon-ssh9511
+        volumeMounts:
+        - mountPath: /etc/cmon.d/
+          name: cmon-master-pv
+        {{ if .Values.cmon.sshKeysSecretName }}
+        - mountPath: /root/.ssh-keys-user
+          name: ssh-keys-user
+        {{ end }}
       volumes:
       - name: cmon-master-pv
         persistentVolumeClaim:
diff --git a/charts/clustercontrol/templates/ingress.yaml b/charts/clustercontrol/templates/ingress.yaml
index 22d1442..ef72e17 100644
--- a/charts/clustercontrol/templates/ingress.yaml
+++ b/charts/clustercontrol/templates/ingress.yaml
@@ -80,6 +80,7 @@ metadata:
     nginx.ingress.kubernetes.io/configuration-snippet: |
       proxy_pass_header Server;
       add_header Server $upstream_http_server;
+      more_set_headers "Set-Cookie: $sent_http_set_cookie; Path=/";
 
 spec:
   ingressClassName: {{ .Values.cmon.ingress.ingressClassName | default "nginx" }}
@@ -98,4 +99,64 @@ spec:
                   number: 9501
             path: /cmon/(.*)
             pathType: ImplementationSpecific
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "cc.name" . }}-cmon-ssh-ingress
+  annotations:
+    kubernetes.io/tls-acme: "true"
+    {{ if .Values.cmon.ingress.ssl.clusterIssuer }}
+    cert-manager.io/cluster-issuer: {{ .Values.cmon.ingress.ssl.clusterIssuer }}
+    {{ end }}
+    nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
+    nginx.ingress.kubernetes.io/rewrite-target: /$1
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+  ingressClassName: {{ .Values.cmon.ingress.ingressClassName | default "nginx" }}
+  tls:
+    - hosts:
+        - {{ .Values.fqdn }}
+      secretName: {{ .Values.fqdn }}
+  rules:
+    - host: {{ .Values.fqdn }}
+      http:
+        paths:
+          - path: /cmon-ssh/(.*)
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: cmon-master
+                port:
+                  number: 9511
+--- 
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "cc.name" . }}-websocket-cmon-ssh-ingress
+  annotations:
+    kubernetes.io/tls-acme: "true"
+    {{ if .Values.cmon.ingress.ssl.clusterIssuer }}
+    cert-manager.io/cluster-issuer: {{ .Values.cmon.ingress.ssl.clusterIssuer }}
+    {{ end }}
+    nginx.ingress.kubernetes.io/rewrite-target: /cmon/ws/$1
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
+spec:
+  ingressClassName: {{ .Values.cmon.ingress.ingressClassName | default "nginx" }}
+  tls:
+    - hosts:
+        - {{ .Values.fqdn }}
+      secretName: {{ .Values.fqdn }}
+  rules:
+    - host: {{ .Values.fqdn }}
+      http:
+        paths:
+          - path: /cmon-ssh/cmon/ws/(.*)
+            pathType: Prefix
+            backend:
+              service:
+                name: cmon-master
+                port:
+                  number: 9511
 {{ end }}
\ No newline at end of file
diff --git a/charts/clustercontrol/templates/service.yaml b/charts/clustercontrol/templates/service.yaml
index 44e8159..7322dac 100644
--- a/charts/clustercontrol/templates/service.yaml
+++ b/charts/clustercontrol/templates/service.yaml
@@ -20,6 +20,10 @@ spec:
     protocol: TCP
     targetPort: 3000
     name: 3000-port
+  - port: 9511
+    protocol: TCP
+    targetPort: 9511
+    name: 9511-port
   selector:
     app: cmon-master
     run: cmon-master