Feature #17657
closed
[container shell] support SSH port forwarding
Description
If a running container has a service listening on TCP port 80, a user with permission to get an interactive shell with "arvados-client shell" should also be able to forward traffic to it:
arvados-client shell $containerUUID -L12345:localhost:80 -N
Related issues
Updated by Tom Clegg almost 3 years ago
- Related to Idea #17207: External access to web services running in containers added
Updated by Tom Clegg almost 3 years ago
- Target version set to 2021-05-12 sprint
- Assigned To set to Tom Clegg
- Status changed from New to In Progress
Updated by Tom Clegg almost 3 years ago
17657-ssh-port-forward @ 97227aa7827c0dfe471fd617e333f1228c5381ae -- developer-run-tests: #2465
Updated by Ward Vandewege almost 3 years ago
Tom Clegg wrote:
17657-ssh-port-forward @ 97227aa7827c0dfe471fd617e333f1228c5381ae -- developer-run-tests: #2465
The code seems good, if docker specific. It works, I tested it! I have no comments.
I think we need to document the ShellAccess feature. I know we don't have doc yet for arvados-client, but I think this feature should be documented separately.
We should add a note about firewalling to the configuration reference, at a minimum. And something in the user guide on how to use the feature (under "debugging containers", perhaps).
It would be nice to have a page in the architecture section, under "Computation with crunch" that describes how the feature works (the interaction between a-d-c and controller and crunch-run), why it is secure, and how to use it.
Updated by Tom Clegg almost 3 years ago
- Related to Feature #17668: [Documentation] Container shell access added
Updated by Tom Clegg almost 3 years ago
- Status changed from In Progress to Resolved
Updated by