SSHwifty
SSHWifty is a web based SSH client. I have it setup as an option for me to VPN into my home network and be able to connect to my servers from a laptop or even my phone.
Be very careful exposing this service outside of your home network. Be sure to take adequate precautions and completely understand all security risks before making this publicly available. For example, you could protect this with an identity provider, like Authentik by configuring if for a proxy provider.
Product: SSHWifty
Install Type: Manifest Files
Container Image: Docker
Installation Details
While there are no official Kubernetes instructions for SSHWifty, we can adapt the install instructions to deploy this in Kubernetes. There are not many configuration or storage requirements so this is a very straight forward installation.
Now let's create the files we'll need to configure SSHWifty in Kubernetes
The following manifest files assume you will want to install this to a namespace named utility, an nginx ingress named nginx, and Cert Manager configured to use the ACME provider Let's Encrypt. Please adjust for your particular needs.
00-utility-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: utility
labels:
name: utility03-deploy.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sshwiftry
namespace: utility
labels:
app: sshwiftry
app.kubernetes.io/name: sshwitry
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: sshwifty
template:
metadata:
labels:
app: sshwifty
app.kubernetes.io/name: sshwiftry
spec:
securityContext:
runAsUser: 911
runAsGroup: 911
containers:
- name: shwifty
image: niruix/sshwifty:latest
imagePullPolicy: Always
ports:
- containerPort: 8182
livenessProbe:
httpGet:
path: /
port: 8182
initialDelaySeconds: 10
periodSeconds: 504-service.yaml
The service will help expose the pod for use. I leverage ClusterIP with an Ingress, but you could use a LoadBalancer type (with something like MetalLB to expose Photoprism on an IP outside of your cluster directly.
kind: Service
apiVersion: v1
metadata:
name: sshwifty-service
namespace: utility
spec:
selector:
app: sshwifty
ports:
- protocol: TCP
port: 8182
targetPort: 8182
type: ClusterIP05-ingress.yaml
An Ingress is one way to expose your services and can allow you to use Cert Manager to create TLS certificates for your site as well. In the annotations: {} section.
I deployed this leveraging an Ingress that is not exposed to the internet and with an internal ACME provider that is setup with Cert Manager and Step CA. You can configure as needed.
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: sshwifty-ingress
namespace: utility
annotations:
cert-manager.io/cluster-issuer: internal-ca
spec:
ingressClassName: nginx-internal
rules:
- host: your.server.domain
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: sshwiftry-service
port:
number: 8182
tls:
- hosts:
- your.server.domain
secretName: sshwifty-int-tlsbuild-sshwifty.sh
Now that we have prepared our manifests we need to deploy them to the cluster with kubectl. I create shell scripts for all my deployments so I can quickly redeploy if I make any adjustments. The below script does assume you have configured kubectl properly already.
#!/bin/bash
kubectl apply -f 00-utility-namespace.yaml \
-f 03-deploy.yaml \
-f 04-service.yaml \
-f 05-ingress.yamlWe can deploy the manifests for SSHwifty to the Kubernetes cluster by executing the following:
chmod 755 build-sshwity.sh
./build-sshwifty.shI keep all my manifests, scripts, and helm charts in a private git repository for version control and archival storage While it is certainly not required to deploy SSHwifty, it has made my life a little easier.