Add custom SSH port support for dynamic and static nodepools (#2026)

- Adds configurable SSH port support for static node pools, replacing
the hardcoded port 22 -> optional `sshPort field `in the manifest
- New dynamic nodepools (created via new terraform templates) use port
22522 by default, with the port confirmed from terraform output
- Existing dynamic nodepools retain port 22 for backward compatibility
via state transfer
- Terraform templates output [IP, port] tuples; old templates outputting
just IP. This will be handled in ansibler and kube-eleven stage as ssh
port 22 for VMs
- With this PR comes new templates
berops/claudie-config#32. But changes in PR also
works with old templates. Migration from old to new templates also
tested
- **This PR replaces the earlier PR
#1997
- Closes #1837

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added configurable SSH port support for node pools, enabling SSH
connections through non-standard ports. Defaults to port 22 when not
specified.
* Infrastructure provisioning and management services now fully support
custom SSH port configurations for cluster operations.

* **Documentation**
* Updated API documentation, deployment examples, and platform-specific
guides with the new optional `sshPort` field for node pool
specifications.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: Matus Brandys <matus.brandys@berops.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: CI/CD pipeline <CI/CD-pipeline@users.noreply.github.com>

Author: 4 people

docs/input-manifest/api-reference.md

@@ -370,6 +370,10 @@ Static nodepools are defined for static machines which Claudie will not manage.
 
   To see the default taints Claudie applies on each node, refer to [this section](#default-taints).
 
+- `sshPort`
+
+  SSH port used to connect to the static nodes in this node pool. This field is optional. If not specified, the default value of `22` is used.
+
 ## Static node
 
 Static node defines single static node from a static nodepool.

docs/input-manifest/example.md

@@ -262,6 +262,7 @@ spec:
     #         secretRef:    # Secret reference specification, holding private key which will be used to SSH into the node (as root or as a user specificed in the username attribute).
     #           name:       # Name of the secret resource.
     #           namespace:  # Namespace of the secret resource.
+    #     sshPort:          # SSH port used to connect to the static nodes. Defaults to 22 if not set. (optional)
     #     labels:           # Map of custom user defined labels for this nodepool. This field is optional and is ignored if used in Loadbalancer cluster. (optional)
     #     annotations:      # Map of user defined annotations, which will be applied on every node in the node pool. (optional)
     #     taints:           # Array of custom user defined taints for this nodepool. This field is optional and is ignored if used in Loadbalancer cluster. (optional)

docs/input-manifest/providers/on-prem.md

@@ -6,7 +6,7 @@ Claudie is designed to leverage your existing infrastructure and utilise it for
 
 2. Connectivity between Static Nodes: Static nodes within the infrastructure should be able to communicate with each other using the specified endpoints. This connectivity is important for proper functioning of the Kubernetes cluster.
 
-3. SSH Access with Root Privileges: Claudie relies on SSH access to the nodes using the SSH key provided in the input manifest. The SSH key should grant root privileges to enable Claudie to perform required operations on the nodes.
+3. SSH Access with Root Privileges: Claudie relies on SSH access to the nodes using the SSH key provided in the input manifest. The SSH key should grant root privileges to enable Claudie to perform required operations on the nodes. By default, Claudie connects on port `22`. If your static nodes use a custom SSH port, you can specify it with the `sshPort` field on the static nodepool definition.
 
 4. Meeting the Kubernetes nodes requirements: Learn [more](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#before-you-begin).
 
@@ -43,13 +43,15 @@ spec:
   nodePools:
     static:
         - name: control
+          # sshPort: 2222  # Optional: SSH port for connecting to static nodes. Defaults to 22.
           nodes:
             - endpoint: "192.168.10.1"
               secretRef:
                 name: static-node-key
                 namespace: <your-namespace>
 
         - name: compute
+          # sshPort: 2222  # Optional: SSH port for connecting to static nodes. Defaults to 22.
           nodes:
             - endpoint: "192.168.10.2"
               secretRef:

internal/api/crd/inputmanifest/v1beta1/inputmanifest_types.go

@@ -123,6 +123,11 @@ type StaticNodePool struct {
 	Annotations map[string]string `json:"annotations"`
 	// +optional
 	Taints []corev1.Taint `json:"taints"`
+	// SSH port used to connect to the static nodes. Defaults to 22 if not set.
+	// +optional
+	// +kubebuilder:validation:Minimum=1
+	// +kubebuilder:validation:Maximum=65535
+	SshPort int32 `json:"sshPort,omitempty"`
 }
 
 // StaticNode defines a single static node for a particular static nodepool.

internal/api/manifest/manifest.go

@@ -236,6 +236,9 @@ type StaticNodePool struct {
 	// User defined taints for this nodepool.
 	// +optional
 	Taints []k8sV1.Taint `validate:"omitempty" yaml:"taints" json:"taints"`
+	// SSH port used to connect to the static nodes. Defaults to 22 if not set.
+	// +optional
+	SshPort *int32 `validate:"omitempty,min=1,max=65535" yaml:"sshPort" json:"sshPort"`
 }
 
 // Node represents a static node assigned to a particular static nodepool.

internal/api/manifest/utils.go

@@ -6,6 +6,7 @@ import (
 	"math"
 	"slices"
 
+	"github.com/berops/claudie/internal/nodepools"
 	"github.com/berops/claudie/proto/pb/spec"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
@@ -397,6 +398,7 @@ func (ds *Manifest) CreateNodepools(pools []string, isControl bool) ([]*spec.Nod
 				Labels:      nodePool.Labels,
 				Annotations: nodePool.Annotations,
 				Taints:      taints,
+				SshPort:     resolveSSHPort(nodePool.SshPort),
 				Type: &spec.NodePool_StaticNodePool{
 					StaticNodePool: &spec.StaticNodePool{
 						NodeKeys: keys,
@@ -483,6 +485,13 @@ func staticNodes(np *StaticNodePool, isControl bool) []*spec.Node {
 	return nodes
 }
 
+func resolveSSHPort(port *int32) int32 {
+	if port == nil {
+		return nodepools.DefaultSSHPort
+	}
+	return *port
+}
+
 // getNodeKeys returns map of keys for static nodes in map[endpoint]key.
 func getNodeKeys(nodepool *StaticNodePool) map[string]string {
 	m := make(map[string]string)

internal/nodepools/nodepools.go

@@ -16,6 +16,20 @@ import (
 	"google.golang.org/protobuf/proto"
 )
 
+const (
+	// DefaultSSHPort is the standard SSH port used by existing/legacy nodepools.
+	DefaultSSHPort = int32(22)
+)
+
+// SSHPort returns the effective SSH port for a nodepool and normalizes the
+// stored value in-place, replacing 0 with DefaultSSHPort.
+func SSHPort(np *spec.NodePool) int32 {
+	if np.SshPort == 0 {
+		np.SshPort = DefaultSSHPort
+	}
+	return np.SshPort
+}
+
 type RegionNetwork struct {
 	Region          string
 	ExternalNetwork string
@@ -102,6 +116,7 @@ func PartialCopyWithNodeExclusion(np *spec.NodePool, nodes []string) *spec.NodeP
 		Labels:      np.Labels,
 		Taints:      np.Taints,
 		Annotations: np.Annotations,
+		SshPort:     np.SshPort,
 	}
 
 	for _, n := range np.Nodes {
@@ -148,6 +163,7 @@ func PartialCopyWithNodeFilter(np *spec.NodePool, nodes []string) *spec.NodePool
 		Labels:      np.Labels,
 		Taints:      np.Taints,
 		Annotations: np.Annotations,
+		SshPort:     np.SshPort,
 	}
 
 	for _, n := range np.Nodes {
@@ -497,35 +513,37 @@ func RandomDynamicNode(nodepools iter.Seq[*spec.NodePool]) *spec.Node {
 	return nodes[idx]
 }
 
-// Returns a random node public Endpoint and a SSH key to connect to it. Nil if there is none.
-func RandomNodePublicEndpoint(nps []*spec.NodePool) (string, string, string) {
+// Returns a random node public Endpoint, SSH key, and SSH port to connect to it. Empty strings if there is none.
+func RandomNodePublicEndpoint(nps []*spec.NodePool) (username, endpoint, key, sshPort string) {
 	if len(nps) == 0 {
-		return "", "", ""
+		return "", "", "", ""
 	}
 
 	idx := rand.IntN(len(nps))
 	np := nps[idx]
 
 	if len(np.Nodes) == 0 {
-		return "", "", ""
+		return "", "", "", ""
 	}
 
 	idx = rand.IntN(len(np.Nodes))
 	node := np.Nodes[idx]
 
-	endpoint := node.Public
-	username := "root"
+	endpoint = node.Public
+	username = "root"
 	if node.Username != "" && node.Username != username {
 		username = node.Username
 	}
 
-	switch np := np.Type.(type) {
+	port := fmt.Sprint(SSHPort(np))
+
+	switch t := np.Type.(type) {
 	case *spec.NodePool_DynamicNodePool:
-		return username, endpoint, np.DynamicNodePool.PrivateKey
+		return username, endpoint, t.DynamicNodePool.PrivateKey, port
 	case *spec.NodePool_StaticNodePool:
-		return username, endpoint, np.StaticNodePool.NodeKeys[node.Public]
+		return username, endpoint, t.StaticNodePool.NodeKeys[node.Public], port
 	default:
-		return "", "", ""
+		return "", "", "", ""
 	}
 }
 

internal/templateUtils/templates.go

@@ -11,6 +11,7 @@ import (
 	"text/template"
 
 	"github.com/Masterminds/sprig/v3"
+	"github.com/berops/claudie/internal/nodepools"
 )
 
 // directory - output directory
@@ -65,6 +66,7 @@ func LoadTemplate(tplFile string) (*template.Template, error) {
 	funcMap["replaceAll"] = strings.ReplaceAll
 	funcMap["extractNetmaskFromCIDR"] = ExtractNetmaskFromCIDR
 	funcMap["hasExtension"] = HasExtension
+	funcMap["sshPort"] = nodepools.SSHPort
 
 	tpl, err := template.New("").Funcs(funcMap).Parse(tplFile)
 	if err != nil {

manifests/claudie/crd/claudie.io_inputmanifests.yaml

@@ -462,6 +462,13 @@ spec:
                             - secretRef
                             type: object
                           type: array
+                        sshPort:
+                          description: SSH port used to connect to the static nodes.
+                            Defaults to 22 if not set.
+                          format: int32
+                          maximum: 65535
+                          minimum: 1
+                          type: integer
                         taints:
                           items:
                             description: |-

manifests/claudie/kustomization.yaml

@@ -56,16 +56,16 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: ghcr.io/berops/claudie/ansibler
-  newTag: ea529e6-4017
+  newTag: cb86452-4043
 - name: ghcr.io/berops/claudie/autoscaler-adapter
-  newTag: ea529e6-4017
+  newTag: cb86452-4043
 - name: ghcr.io/berops/claudie/claudie-operator
-  newTag: ea529e6-4017
+  newTag: cb86452-4043
 - name: ghcr.io/berops/claudie/kube-eleven
-  newTag: ea529e6-4017
+  newTag: cb86452-4043
 - name: ghcr.io/berops/claudie/kuber
-  newTag: ea529e6-4017
+  newTag: cb86452-4043
 - name: ghcr.io/berops/claudie/manager
-  newTag: ea529e6-4017
+  newTag: cb86452-4043
 - name: ghcr.io/berops/claudie/terraformer
-  newTag: ea529e6-4017
+  newTag: cb86452-4043