gardenctl ssh improvement

[tedteng]

What this PR does / why we need it:

• fix: check if bastion host exists, avoid multiple bastions create and occupied source in cloud
• add: waiting instance-status.status,Values=ok then ssh (ssh timeout due to status check initiating)
  

Warning: Permanently added '<some-public-ip>' (ECDSA) to the list of known hosts.
channel 0: open failed: connect failed: Connection timed out
stdio forwarding failed
kex_exchange_identification: Connection closed by remote host
exit status 255

• add: use exist global flags -c trigger clear up function gardenctl ssh xxxx -c
• add: check ssh rule if exist avoid blocked the deletion flow.

(2/3) Close SSH Port on Node.

An error occurred (InvalidPermission.NotFound) when calling the RevokeSecurityGroupIngress operation: The specified rule does not exist in this security group.

Which issue(s) this PR fixes:
Fixes #191
Fixes #192

Special notes for your reviewer:
global flags testing
gardenctl ssh (any hostname) -c

gardenctl ssh and exit

Release note:

improvement operator handling of external resources relate with bastion instance in was, manual gracefully deleted by global flags enable

[vpnachev]

This PR is not fixing #192.

[tedteng]

This PR is not fixing #192.

@vpnachev , the current fix is able to remove bastion resources include (ec2 , sg, 22 rules) manually if there any resource leaking. in #192 do you mean I need to refactor ssh, call CRD create term- pod then get through term- pod to access node instead of current ssh method? Is that idea want to achieve it?

[vpnachev]

My idea is gardenctl to use machine.sapcloud.io/v1alpha1.Machine resource for the bastion host and let the MCM do the real work on creating/deleting these VMs. This approach is applicable for any cloud provider, not only AWS.

The implementation is, of course cloud dependent because on some providers, e.g. Azure, a public IP is directly attached to the VM and a bastion is not used.

[tedteng]

more discuss in #192 if relate with #192
this PR only for #191

[tedteng]

sign-off

• no extra resources generated on Cloud Provider when using SSH Pod.

• able to SSH AWS, AZURE, GCP, ALICLOUD, OPENSTACK now

• gardenctl ssh xxxxx use Pod as jump box as default way. flag --j will use Bastion VM as a jump box gardenctl ssh --j xxxx

• global flag -c also able to use for cleanup AWS Bastion VM gardenctl ssh -c xxx

• bugs fix

---

Openstack SSH Tesing result

Azure SSH Testing result

GCP SSH Testing result

AWS SSH Testing result

[DockToFuture]

Thanks, the PR looks very good. Just a few minor things in the comments. Can you please also rebase the PR?

[DockToFuture]

Please replace by
cmd.Flags().BoolVarP(&bastionVM, "jumpbox", "j", false, "Use Bastion VM as jump box")

[tedteng]

I am using local flags that seem not to support it.

too many arguments in call to cmd.Flags().BoolVar
	have (*bool, string, string, bool, string)
	want (*bool, string, bool, string)go

[DockToFuture]

I would rather name the flag cleanup to make things more clear. Maybe we can also document it in the readme. We only have this for aws. In my opinion it would also make sense to add this for the other infrastructures, what do you think?

[tedteng]

sure.
due to -c already use by no-cache, I change to -e as erase

[tedteng]

I agree with you, regarding the other infrastructures. I will work on that.

[tedteng]

Readme add

[tedteng]

I am using local flags that seem not to support it.

too many arguments in call to cmd.Flags().BoolVar
	have (*bool, string, string, bool, string)
	want (*bool, string, bool, string)go