Access kubernetes clusters over ssh
Project description
sshkube
Configure access to a kubernetes cluster over ssh:
- ssh public key used to authenticate users to the ssh server
- kubeconfig is available on the ssh server
- all kubectl commands run on the host but routed through an SSH facilitated SOCKS5 HTTPS proxy
SSH Server
- An ssh server enables login by users with public keys fetched from github
- The server contains a .kube/config file usable for accessing the kubernetes cluster
- The server has tcp forwarding enabled
SSHKube Client Library
- A python CLI
- SSHs to the ssh server and obtains the .kube/config file
- Runs a SOCKS5 proxy server as a daemon
- prepares environment variables for kubectl to route requests through the SOCKS5 proxy server
Install on Cluster
# create demo cluster
k3d cluster create -a1 -p "80:80@loadbalancer" -p "443:443@loadbalancer"
DOMAIN=sshkube.localhost.u8sand.net
# install the sshkube chart
# users specified line-by-line in githubUsers will be able to authenticate against the cluster
# storage is used for ssh host keys persistence
# ingress is used to forward ssl connections to the given domain to the ssh server
helm install --create-namespace -n sshkube sshkube ./charts/sshkube/ -f - << EOF
ingress:
type: traefik
domain: ${DOMAIN}
certResolver: null
storage:
class: local-path
githubUsers: |
u8sand
EOF
# by default, users you configure will be given a namespace and exclusive access to that namespace
# cluster admins can give the user broader access if necessary, e.g.
kubectl create clusterrolebinding u8sand --clusterrole=cluster-admin --serviceaccount=u8sand:u8sand
# any user that has been granted access can use sshkube like so:
# the client library can be configured to use the public server we've deployed
# specify your github username and github identity file
sshkube install -s ${DOMAIN} -u u8sand -i ~/.ssh/id_ed25519
# we can run commands through ssh
sshkube run kubectl get secret
# or, preferred we "activate" our environment and use local kubectl
# this will allow us to also use port-forward
eval "$(sshkube init)"
kubectl get secret
# clean up
k3d cluster delete
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
sshkube-0.2.1.tar.gz
(8.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
sshkube-0.2.1-py3-none-any.whl
(10.2 kB
view details)
File details
Details for the file sshkube-0.2.1.tar.gz.
File metadata
- Download URL: sshkube-0.2.1.tar.gz
- Upload date:
- Size: 8.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.3 CPython/3.12.0 Linux/6.15.4-arch2-1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6328fe9db426eef8af95a0b813a948a0fe3a88933c29a9c6b3c14b007f88de1c
|
|
| MD5 |
f266064550ede6f44a3938339bc114d3
|
|
| BLAKE2b-256 |
d0a4663af9e041444b0769557171a10f4b7527d4f2264590dc83a60fe9199123
|
File details
Details for the file sshkube-0.2.1-py3-none-any.whl.
File metadata
- Download URL: sshkube-0.2.1-py3-none-any.whl
- Upload date:
- Size: 10.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.3 CPython/3.12.0 Linux/6.15.4-arch2-1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f51c4824cb6d4b8f2d1d8ce64b7e73f4f0849a17b959f78f0416360636a8440d
|
|
| MD5 |
19b3594bd862313a9d412e4b5c8af862
|
|
| BLAKE2b-256 |
29292eea957d860015e4b2a4a28e0a8244f80b984d1a82a8b42451f484f3f000
|
