-
-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Anastas Dancha <[email protected]>
- Loading branch information
0 parents
commit cc66d09
Showing
18 changed files
with
817 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
root = true | ||
|
||
[*.cr] | ||
charset = utf-8 | ||
end_of_line = lf | ||
insert_final_newline = true | ||
indent_style = space | ||
indent_size = 2 | ||
trim_trailing_whitespace = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
*.dwarf | ||
.icr* | ||
shard.lock | ||
.gh-pages/ | ||
lib/ | ||
releases/ | ||
docs/ | ||
bin/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
## this stage installs everything required to build the project | ||
FROM alpine:3.13 as build | ||
RUN apk add --no-cache musl-dev yaml-static crystal shards upx | ||
WORKDIR /tmp | ||
COPY VERSION . | ||
COPY shard.yml . | ||
COPY k8s-vault_example.yaml . | ||
COPY ./src ./src | ||
RUN \ | ||
shards install && \ | ||
crystal build --progress --release --static src/cli.cr -o /tmp/k8s-vault && \ | ||
upx /tmp/k8s-vault && \ | ||
echo >&2 "## Version check: $(/tmp/k8s-vault -v)" && \ | ||
echo >&2 "## Help Check" && \ | ||
/tmp/k8s-vault --help | ||
|
||
|
||
## this stage created final docker image | ||
FROM busybox as release | ||
COPY --from=build /tmp/k8s-vault /k8s-vault | ||
USER nobody | ||
ENTRYPOINT ["/k8s-vault"] | ||
CMD ["--help"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
The MIT License (MIT) | ||
|
||
Copyright (c) 2021 Anastas Dancha | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in | ||
all copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN | ||
THE SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
UNAME_S := $(shell uname -s) | ||
ifeq ($(UNAME_S),Darwin) | ||
OS:= darwin | ||
endif | ||
ifeq ($(UNAME_S),Linux) | ||
OS:= linux | ||
endif | ||
UNAME_M:= $(shell uname -m) | ||
ifeq ($(UNAME_M),x86_64) | ||
ARCH:= amd64 | ||
endif | ||
|
||
BINARY:= k8s-vault | ||
VERSION:= $(shell cat VERSION) | ||
TARGET:= src/cli | ||
RELEASE_DIR:= releases | ||
OUTPUT:= ./$(RELEASE_DIR)/$(BINARY)-$(VERSION)-$(OS)-$(ARCH) | ||
|
||
.PHONY: all clean version prepare | ||
|
||
all: clean prepare releases | ||
|
||
releases: prepare version $(TARGET) pack docker | ||
docker run -it --rm -v ${PWD}/$(RELEASE_DIR):/app --entrypoint "sh" $(BINARY):$(VERSION) -c "cp /$(BINARY) /app/$(BINARY)-$(VERSION)-linux-amd64" | ||
|
||
docker: | ||
docker build -t $(BINARY):$(VERSION) . | ||
docker tag $(BINARY):$(VERSION) $(BINARY):latest | ||
|
||
prepare: | ||
@if [ ! -d ./$(RELEASE_DIR) ]; then mkdir ./$(RELEASE_DIR); fi | ||
|
||
clean: | ||
@rm -f ./$(RELEASE_DIR)/* | ||
@echo >&2 "cleaned up" | ||
|
||
version: | ||
@sed -i "" 's/^version:.*/version: $(VERSION)/g' shard.yml | ||
@echo "shard.yml updated with version $(VERSION)" | ||
|
||
$(TARGET): % : prepare $(filter-out $(TEMPS), $(OBJ)) %.cr | ||
@crystal build src/cli.cr -o $(OUTPUT) --progress --release | ||
@rm ./$(RELEASE_DIR)/*.dwarf | ||
@echo "compiled binaries places to \"./$(RELEASE_DIR)\" directory" | ||
|
||
pack: | ||
@find ./$(RELEASE_DIR) -type f -name "$(BINARY)-$(VERSION)-$(OS)-$(ARCH)" | xargs upx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
# k8s-vault | ||
|
||
[![GitHub release](https://img.shields.io/github/v/release/anapsix/k8s-vault.cr.svg)](https://github.com/anapsix/k8s-vault.cr/releases) | ||
|
||
CLI utility, which makes it easy to reach K8s API via jumphost, using SSH port | ||
forwarding. | ||
|
||
Like [aws-vault](https://github.com/99designs/aws-vault) is a helper for AWS | ||
related CLI tools, `k8s-vault` is a helper for CLI tools using `KUBECONFIG`. | ||
Unlike AWS-Vault, vault here is used as a verb, synonymous to leap, jump, | ||
spring, etc.. | ||
|
||
Original implementation of `k8s-vault` in Bash is available [here](https://gist.github.com/anapsix/b5af204162c866431cd5640aef769610). | ||
|
||
> NOTE: Bash implementation uses slightly different config file, and old config | ||
wont work with this implementation. | ||
See [example config](./k8s-vault_example.yaml). | ||
|
||
## Installation | ||
|
||
Get latest release from [Releases](https://github.com/anapsix/k8s-vault.cr/releases) page. | ||
|
||
Or build from source: | ||
```sh | ||
git clone https://github.com/anapsix/k8s-vault.cr.git | ||
cd k8s-vault.cr | ||
shards build | ||
# copy ./bin/k8s-vault to some directory in your PATH | ||
``` | ||
|
||
## Usage | ||
|
||
Your `k8s-vault` config is expected at `~/.kube/k8s-vault-new.yaml`, but it's | ||
location can be customized using `K8SVAULT_CONFIG` environment variable. | ||
|
||
Likewise, `KUBECONFIG` is expected at `~/.kube/config`, but environment variable | ||
will take precedence. | ||
|
||
``` | ||
# Single CLI command mode | ||
$ k8s-vault exec my-prod-context -- kubectl get nodes | ||
(outputs results of "kubectl get nodes") | ||
(SSH connection is terminated) | ||
# SHELL mode | ||
$ k8s-vault exec my-prod-context -s | ||
(new shell is opened, with KUBECONFIG environment variable set) | ||
$ kubectl get nodes | ||
$ exit | ||
(SSH connection is terminated) | ||
``` | ||
|
||
``` | ||
Usage: k8s-vault [--debug] [completion|exec <context-name>] [-s | -- <cli tool using KUBECONFIG>] | ||
CLI Options: | ||
-h | --help | --usage displays usage | ||
-d | --debug enabled debug output | ||
example-config outputs example config | ||
completion outputs bash completion code | ||
exec executes K8s-Vault | ||
Environment variables: | ||
K8SVAULT_CONFIG path to k8s-vault config file, defaults to ~/.kube/k8s-vault.yaml | ||
KUBECONFIG path to KUBECONFIG file | ||
It works in two modes: | ||
1. Single CLI command mode: | ||
- generates KUBECONFIG from exiting one, based on context name passed | ||
- sets up SSH Connection, Port-Forwarding random local port (or configured | ||
static port) to K8s API server host, selected from existing KUBECONFIG | ||
based on passed context name | ||
- executes CLI command | ||
- SSH Connection self-terminates after CLI command terminates | ||
2. SHELL mode: | ||
- generates KUBECONFIG from exiting one, based on context name passed | ||
- sets up SSH Connection, Port-Forwarding random local port (or configured | ||
static port) to K8s API server host, selected from existing KUBECONFIG | ||
based on passed context name | ||
- executes SHELL (using $SHELL environmental variable), with KUBECONFIG | ||
environment variable value set to generated temp config file | ||
- when SHELL terminates, SSH connection is also terminated | ||
``` | ||
|
||
## Contributing | ||
|
||
1. Fork it (https://github.com/anapsix/k8s-vault.cr/fork) | ||
2. Create your feature branch (`git checkout -b my-new-feature`) | ||
3. Commit your changes (`git commit -am 'Add some feature'`) | ||
4. Push to the branch (`git push origin my-new-feature`) | ||
5. Create a new Pull Request | ||
|
||
## Contributors | ||
|
||
- [anapsix](https://github.com/anapsix) (Anastas Dancha) - creator, maintainer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
0.2.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
version: "0.2.0" | ||
k8s_api_timeout: 5 # in seconds | ||
ssh_forwarding_port: | ||
random: true | ||
static: 32845 | ||
clusters: | ||
- name: prod | ||
enabled: true | ||
ssh_jump_host: jumphost.prod.example.com | ||
- name: qa | ||
ssh_jump_host: jumphost.qa.example.com | ||
- name: dev | ||
enabled: false | ||
ssh_jump_host: jumphost.dev.example.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
name: k8s-vault | ||
version: 0.2.0 | ||
|
||
description: | | ||
`k8s-vault` makes it easy to reach K8s API via jumphost, using SSH port forwarding. | ||
dependencies: | ||
kce: | ||
github: anapsix/kce.cr | ||
version: ~> 0.5.0 | ||
|
||
authors: | ||
- Anastas Dancha <[email protected]> | ||
|
||
targets: | ||
k8s-vault: | ||
main: src/cli.cr | ||
|
||
crystal: ~> 0.35.1 | ||
license: MIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
require "./spec_helper" | ||
|
||
describe K8sVault do | ||
# TODO: Write tests | ||
it "has tests" do | ||
"should have specs".should eq(true) | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
require "spec" | ||
require "../src/k8s-vault" |
Oops, something went wrong.