From 1f8186a173a27fc7c7298f557eecbb36c6174952 Mon Sep 17 00:00:00 2001 From: Colin Campbell Date: Fri, 30 Aug 2024 11:41:13 -0400 Subject: [PATCH 1/3] Fix ssh breaking if kube context namespace changes --- sky/provision/kubernetes/utils.py | 12 +++++++++--- .../kubernetes-port-forward-proxy-command.sh | 14 ++++++++++---- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/sky/provision/kubernetes/utils.py b/sky/provision/kubernetes/utils.py index 8ac3ab1d4ca..d33bbee6a90 100644 --- a/sky/provision/kubernetes/utils.py +++ b/sky/provision/kubernetes/utils.py @@ -935,7 +935,8 @@ def construct_ssh_jump_command( ssh_jump_user: str = 'sky', proxy_cmd_path: Optional[str] = None, proxy_cmd_target_pod: Optional[str] = None, - current_kube_context: Optional[str] = None) -> str: + current_kube_context: Optional[str] = None, + current_kube_namespace: Optional[str] = None) -> str: ssh_jump_proxy_command = (f'ssh -tt -i {private_key_path} ' '-o StrictHostKeyChecking=no ' '-o UserKnownHostsFile=/dev/null ' @@ -949,9 +950,12 @@ def construct_ssh_jump_command( os.chmod(proxy_cmd_path, os.stat(proxy_cmd_path).st_mode | 0o111) kube_context_flag = f' {current_kube_context}' if (current_kube_context is not None) else '' + kube_namespace_flag = f' {current_kube_namespace}' if ( + current_kube_namespace is not None) else '' ssh_jump_proxy_command += (f' -o ProxyCommand=\'{proxy_cmd_path} ' f'{proxy_cmd_target_pod}' - f'{kube_context_flag}\'') + f'{kube_context_flag}' + f'{kube_namespace_flag}\'') return ssh_jump_proxy_command @@ -1017,13 +1021,15 @@ def get_ssh_proxy_command( else: ssh_jump_proxy_command_path = create_proxy_command_script() current_context = get_current_kube_config_context_name() + current_namespace = get_current_kube_config_context_namespace() ssh_jump_proxy_command = construct_ssh_jump_command( private_key_path, ssh_jump_ip, ssh_jump_user=constants.SKY_SSH_USER_PLACEHOLDER, proxy_cmd_path=ssh_jump_proxy_command_path, proxy_cmd_target_pod=k8s_ssh_target, - current_kube_context=current_context) + current_kube_context=current_context, + current_kube_namespace=current_namespace) return ssh_jump_proxy_command diff --git a/sky/templates/kubernetes-port-forward-proxy-command.sh b/sky/templates/kubernetes-port-forward-proxy-command.sh index 27580ffbe04..26a929421e5 100644 --- a/sky/templates/kubernetes-port-forward-proxy-command.sh +++ b/sky/templates/kubernetes-port-forward-proxy-command.sh @@ -3,12 +3,13 @@ set -uo pipefail # Check if pod name is passed as an argument if [ $# -lt 1 ]; then - echo "Usage: $0 [kube_context]" >&2 + echo "Usage: $0 [kube_context] [kube_namespace]" >&2 exit 1 fi POD_NAME="$1" # The first argument is the name of the pod KUBE_CONTEXT="${2:-}" # The second argument is the kube context, default is empty +KUBE_NAMESPACE="${3:-}" # The third argument is the kube namespace, default is empty # Checks if socat is installed if ! command -v socat > /dev/null; then @@ -27,12 +28,17 @@ fi # This is preferred because of socket re-use issues in kubectl port-forward, # see - https://github.com/kubernetes/kubernetes/issues/74551#issuecomment-769185879 KUBECTL_OUTPUT=$(mktemp) +KUBECTL_ARGS=() + if [ -n "$KUBE_CONTEXT" ]; then - kubectl --context="$KUBE_CONTEXT" port-forward pod/"${POD_NAME}" :22 > "${KUBECTL_OUTPUT}" 2>&1 & -else - kubectl port-forward pod/"${POD_NAME}" :22 > "${KUBECTL_OUTPUT}" 2>&1 & + KUBECTL_ARGS+=("--context=$KUBE_CONTEXT") +fi +if [ -n "$KUBE_NAMESPACE" ]; then + KUBECTL_ARGS+=("--namespace=$KUBE_NAMESPACE") fi +kubectl "${KUBECTL_ARGS[@]}" port-forward pod/"${POD_NAME}" :22 > "${KUBECTL_OUTPUT}" 2>&1 & + # Capture the PID for the backgrounded kubectl command K8S_PORT_FWD_PID=$! From 133336c7405aa79810b3b29c985a00707f12d970 Mon Sep 17 00:00:00 2001 From: Zhanghao Wu Date: Tue, 3 Sep 2024 11:00:00 -0700 Subject: [PATCH 2/3] Update sky/provision/kubernetes/utils.py --- sky/provision/kubernetes/utils.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sky/provision/kubernetes/utils.py b/sky/provision/kubernetes/utils.py index d33bbee6a90..4d7baac7005 100644 --- a/sky/provision/kubernetes/utils.py +++ b/sky/provision/kubernetes/utils.py @@ -1028,6 +1028,9 @@ def get_ssh_proxy_command( ssh_jump_user=constants.SKY_SSH_USER_PLACEHOLDER, proxy_cmd_path=ssh_jump_proxy_command_path, proxy_cmd_target_pod=k8s_ssh_target, + # We embed both the current context and namespace to the SSH proxy + # command to make sure SSH still works when the current context/namespace + # is changed by the user. current_kube_context=current_context, current_kube_namespace=current_namespace) return ssh_jump_proxy_command From de0f820e1a19e9de7d03e39ac68a54fbd393df0e Mon Sep 17 00:00:00 2001 From: Romil Bhardwaj Date: Tue, 3 Sep 2024 18:26:07 -0700 Subject: [PATCH 3/3] lint --- sky/provision/kubernetes/utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sky/provision/kubernetes/utils.py b/sky/provision/kubernetes/utils.py index 4d7baac7005..a68018d6ace 100644 --- a/sky/provision/kubernetes/utils.py +++ b/sky/provision/kubernetes/utils.py @@ -1029,8 +1029,8 @@ def get_ssh_proxy_command( proxy_cmd_path=ssh_jump_proxy_command_path, proxy_cmd_target_pod=k8s_ssh_target, # We embed both the current context and namespace to the SSH proxy - # command to make sure SSH still works when the current context/namespace - # is changed by the user. + # command to make sure SSH still works when the current + # context/namespace is changed by the user. current_kube_context=current_context, current_kube_namespace=current_namespace) return ssh_jump_proxy_command