Skip to content

Commit

Permalink
initial
Browse files Browse the repository at this point in the history
Signed-off-by: Anastas Dancha <[email protected]>
  • Loading branch information
anapsix committed Jan 18, 2021
0 parents commit cc66d09
Show file tree
Hide file tree
Showing 18 changed files with 817 additions and 0 deletions.
9 changes: 9 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
root = true

[*.cr]
charset = utf-8
end_of_line = lf
insert_final_newline = true
indent_style = space
indent_size = 2
trim_trailing_whitespace = true
8 changes: 8 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
*.dwarf
.icr*
shard.lock
.gh-pages/
lib/
releases/
docs/
bin/
23 changes: 23 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
## this stage installs everything required to build the project
FROM alpine:3.13 as build
RUN apk add --no-cache musl-dev yaml-static crystal shards upx
WORKDIR /tmp
COPY VERSION .
COPY shard.yml .
COPY k8s-vault_example.yaml .
COPY ./src ./src
RUN \
shards install && \
crystal build --progress --release --static src/cli.cr -o /tmp/k8s-vault && \
upx /tmp/k8s-vault && \
echo >&2 "## Version check: $(/tmp/k8s-vault -v)" && \
echo >&2 "## Help Check" && \
/tmp/k8s-vault --help


## this stage created final docker image
FROM busybox as release
COPY --from=build /tmp/k8s-vault /k8s-vault
USER nobody
ENTRYPOINT ["/k8s-vault"]
CMD ["--help"]
21 changes: 21 additions & 0 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
The MIT License (MIT)

Copyright (c) 2021 Anastas Dancha

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
47 changes: 47 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
UNAME_S := $(shell uname -s)
ifeq ($(UNAME_S),Darwin)
OS:= darwin
endif
ifeq ($(UNAME_S),Linux)
OS:= linux
endif
UNAME_M:= $(shell uname -m)
ifeq ($(UNAME_M),x86_64)
ARCH:= amd64
endif

BINARY:= k8s-vault
VERSION:= $(shell cat VERSION)
TARGET:= src/cli
RELEASE_DIR:= releases
OUTPUT:= ./$(RELEASE_DIR)/$(BINARY)-$(VERSION)-$(OS)-$(ARCH)

.PHONY: all clean version prepare

all: clean prepare releases

releases: prepare version $(TARGET) pack docker
docker run -it --rm -v ${PWD}/$(RELEASE_DIR):/app --entrypoint "sh" $(BINARY):$(VERSION) -c "cp /$(BINARY) /app/$(BINARY)-$(VERSION)-linux-amd64"

docker:
docker build -t $(BINARY):$(VERSION) .
docker tag $(BINARY):$(VERSION) $(BINARY):latest

prepare:
@if [ ! -d ./$(RELEASE_DIR) ]; then mkdir ./$(RELEASE_DIR); fi

clean:
@rm -f ./$(RELEASE_DIR)/*
@echo >&2 "cleaned up"

version:
@sed -i "" 's/^version:.*/version: $(VERSION)/g' shard.yml
@echo "shard.yml updated with version $(VERSION)"

$(TARGET): % : prepare $(filter-out $(TEMPS), $(OBJ)) %.cr
@crystal build src/cli.cr -o $(OUTPUT) --progress --release
@rm ./$(RELEASE_DIR)/*.dwarf
@echo "compiled binaries places to \"./$(RELEASE_DIR)\" directory"

pack:
@find ./$(RELEASE_DIR) -type f -name "$(BINARY)-$(VERSION)-$(OS)-$(ARCH)" | xargs upx
95 changes: 95 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
# k8s-vault

[![GitHub release](https://img.shields.io/github/v/release/anapsix/k8s-vault.cr.svg)](https://github.com/anapsix/k8s-vault.cr/releases)

CLI utility, which makes it easy to reach K8s API via jumphost, using SSH port
forwarding.

Like [aws-vault](https://github.com/99designs/aws-vault) is a helper for AWS
related CLI tools, `k8s-vault` is a helper for CLI tools using `KUBECONFIG`.
Unlike AWS-Vault, vault here is used as a verb, synonymous to leap, jump,
spring, etc..

Original implementation of `k8s-vault` in Bash is available [here](https://gist.github.com/anapsix/b5af204162c866431cd5640aef769610).

> NOTE: Bash implementation uses slightly different config file, and old config
wont work with this implementation.
See [example config](./k8s-vault_example.yaml).

## Installation

Get latest release from [Releases](https://github.com/anapsix/k8s-vault.cr/releases) page.

Or build from source:
```sh
git clone https://github.com/anapsix/k8s-vault.cr.git
cd k8s-vault.cr
shards build
# copy ./bin/k8s-vault to some directory in your PATH
```

## Usage

Your `k8s-vault` config is expected at `~/.kube/k8s-vault-new.yaml`, but it's
location can be customized using `K8SVAULT_CONFIG` environment variable.

Likewise, `KUBECONFIG` is expected at `~/.kube/config`, but environment variable
will take precedence.

```
# Single CLI command mode
$ k8s-vault exec my-prod-context -- kubectl get nodes
(outputs results of "kubectl get nodes")
(SSH connection is terminated)
# SHELL mode
$ k8s-vault exec my-prod-context -s
(new shell is opened, with KUBECONFIG environment variable set)
$ kubectl get nodes
$ exit
(SSH connection is terminated)
```

```
Usage: k8s-vault [--debug] [completion|exec <context-name>] [-s | -- <cli tool using KUBECONFIG>]
CLI Options:
-h | --help | --usage displays usage
-d | --debug enabled debug output
example-config outputs example config
completion outputs bash completion code
exec executes K8s-Vault
Environment variables:
K8SVAULT_CONFIG path to k8s-vault config file, defaults to ~/.kube/k8s-vault.yaml
KUBECONFIG path to KUBECONFIG file
It works in two modes:
1. Single CLI command mode:
- generates KUBECONFIG from exiting one, based on context name passed
- sets up SSH Connection, Port-Forwarding random local port (or configured
static port) to K8s API server host, selected from existing KUBECONFIG
based on passed context name
- executes CLI command
- SSH Connection self-terminates after CLI command terminates
2. SHELL mode:
- generates KUBECONFIG from exiting one, based on context name passed
- sets up SSH Connection, Port-Forwarding random local port (or configured
static port) to K8s API server host, selected from existing KUBECONFIG
based on passed context name
- executes SHELL (using $SHELL environmental variable), with KUBECONFIG
environment variable value set to generated temp config file
- when SHELL terminates, SSH connection is also terminated
```

## Contributing

1. Fork it (https://github.com/anapsix/k8s-vault.cr/fork)
2. Create your feature branch (`git checkout -b my-new-feature`)
3. Commit your changes (`git commit -am 'Add some feature'`)
4. Push to the branch (`git push origin my-new-feature`)
5. Create a new Pull Request

## Contributors

- [anapsix](https://github.com/anapsix) (Anastas Dancha) - creator, maintainer
1 change: 1 addition & 0 deletions VERSION
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
0.2.0
14 changes: 14 additions & 0 deletions k8s-vault_example.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
version: "0.2.0"
k8s_api_timeout: 5 # in seconds
ssh_forwarding_port:
random: true
static: 32845
clusters:
- name: prod
enabled: true
ssh_jump_host: jumphost.prod.example.com
- name: qa
ssh_jump_host: jumphost.qa.example.com
- name: dev
enabled: false
ssh_jump_host: jumphost.dev.example.com
20 changes: 20 additions & 0 deletions shard.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: k8s-vault
version: 0.2.0

description: |
`k8s-vault` makes it easy to reach K8s API via jumphost, using SSH port forwarding.
dependencies:
kce:
github: anapsix/kce.cr
version: ~> 0.5.0

authors:
- Anastas Dancha <[email protected]>

targets:
k8s-vault:
main: src/cli.cr

crystal: ~> 0.35.1
license: MIT
8 changes: 8 additions & 0 deletions spec/k8s-vault_spec.cr
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
require "./spec_helper"

describe K8sVault do
# TODO: Write tests
it "has tests" do
"should have specs".should eq(true)
end
end
2 changes: 2 additions & 0 deletions spec/spec_helper.cr
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
require "spec"
require "../src/k8s-vault"
Loading

0 comments on commit cc66d09

Please sign in to comment.