CLI utility, which makes it easy to reach K8s API via jumphost, using SSH port forwarding.
Like aws-vault is a helper for AWS related CLI tools,
k8s-vault is a helper for CLI tools using
KUBECONFIG. Unlike AWS-Vault, vault here is used as a verb, synonymous to leap, jump, spring, etc..
Original implementation of
k8s-vault in Bash is available here.
NOTE: Bash implementation uses slightly different config file, and old config wont work with this implementation. See example config.
Get latest release from Releases page.
Or build from source:
git clone https://github.com/anapsix/k8s-vault.cr.git cd k8s-vault.cr shards build # copy ./bin/k8s-vault to some directory in your PATH
k8s-vault config is expected at
~/.kube/k8s-vault-new.yaml, but it's location can be customized using
K8SVAULT_CONFIG environment variable.
KUBECONFIG is expected at
~/.kube/config, but environment variable will take precedence.
# Single CLI command mode $ k8s-vault exec my-prod-context -- kubectl get nodes (outputs results of "kubectl get nodes") (SSH connection is terminated) # SHELL mode $ k8s-vault exec my-prod-context -s (new shell is opened, with KUBECONFIG environment variable set) $ kubectl get nodes $ exit (SSH connection is terminated)
when launched in SHELL mode,
K8SVAULT_CONTEXTenvironment variable will be be set to selected context
Usage: k8s-vault [--debug] [completion|exec <context-name>] [-s | -- <cli tool using KUBECONFIG>] CLI Options: -h | --help | --usage displays usage -d | --debug enabled debug output example-config outputs example config completion outputs bash completion code exec executes K8s-Vault Environment variables: K8SVAULT_CONFIG path to k8s-vault config file, defaults to ~/.kube/k8s-vault.yaml KUBECONFIG path to KUBECONFIG file It works in two modes: 1. Single CLI command mode: - generates KUBECONFIG from exiting one, based on context name passed - sets up SSH Connection, Port-Forwarding random local port (or configured static port) to K8s API server host, selected from existing KUBECONFIG based on passed context name - executes CLI command - SSH Connection self-terminates after CLI command terminates 2. SHELL mode: - generates KUBECONFIG from exiting one, based on context name passed - sets up SSH Connection, Port-Forwarding random local port (or configured static port) to K8s API server host, selected from existing KUBECONFIG based on passed context name - executes SHELL (using $SHELL environmental variable), with KUBECONFIG environment variable value set to generated temp config file - when SHELL terminates, SSH connection is also terminated
- Fork it (https://github.com/anapsix/k8s-vault.cr/fork)
- Create your feature branch (
git checkout -b my-new-feature)
- Commit your changes (
git commit -am 'Add some feature')
- Push to the branch (
git push origin my-new-feature)
- Create a new Pull Request
- anapsix (Anastas Dancha) - creator, maintainer
- 8 days ago
- January 18, 2021
Sat, 19 Jun 2021 04:55:17 GMT