Skip to content
This repository was archived by the owner on Feb 25, 2025. It is now read-only.

cststack/km

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
bin
bin
 
 
examples
examples
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

km

>>> Replaced by https://github.com/catalinpan/km <<<

Km is a thin wrapper for kubectl which helps with the EKS kubeconfig management. Any other command will be proxied to kubectl so km command can be used in the same way as kubectl.

Check km -h for all the available options.

Tested with EKS access via iam assume role with/without MFA enabled.

Breaking changes from v0.0.1-beta4 to v0.0.1-beta5

  • the clusters secured with MFA will need to be re-added using the --mfa-profile flag (check the examples below). This change will allow the management of the clusters without MFA including non AWS EKS cluster.

Demo

Demo

Requirements

  • aws-iam-authenticator (eks clusters only)
  • jq
  • awscli >= 1.16 (configured like on the example, eks clusters only)
  • kubectl >= 1.15
  • yubikey, ykman (optional)
  • gnu-sed, gnu-grep (MacOS)
  • fzf

Installation

MacOS requirements

brew install fzf brew install grep brew install gnu-sed 
curl -L https://raw.githubusercontent.com/cststack/km/master/bin/km -o /usr/local/bin/km chmod +x /usr/local/bin/km

Features

  • multiple EKS clusters can be configured. If they have the same name they can be assigned aliases.
  • context change for the cluster and the namespace (fzf is required for this)
  • run any kubectl commands via km
  • if ykman is installed and the Yubikey is plugged there is no need to input the MFA token at all. Make sure the --mfa-profile matches the profile used for authentication in ykman.

Examples

Add new EKS cluster

With iam-role resolved from ~/.aws/credentials from the aws_profile

km add --region eu-west-1 --profile aws_profile --cluster-name aws-eks-eu-west-1 --cluster-alias eks-dev

With iam-role

km add --region eu-west-1 --profile aws_profile --cluster-name aws-eks-eu-west-1 --cluster-alias eks-dev --iam-role arn:aws:iam::111111111111:role/EksRole

With iam-role resolved from ~/.aws/credentials from the aws_profile and MFA

km add --region eu-west-1 --profile aws_profile --cluster-name aws-eks-eu-west-1 --cluster-alias eks-dev --mfa-profile mfaProfileName/myAwsSsoProfile

With iam-role and MFA

km add --region eu-west-1 --profile aws_profile --cluster-name aws-eks-eu-west-1 --cluster-alias eks-dev --iam-role arn:aws:iam::111111111111:role/EksRole --mfa-profile mfaProfileName/myAwsSsoProfile

Import a KUBECONFIG file.

km --import-kubeconfig pathToKubeConfigFile

The usual kubectl commands should be used to clear any cluster config from kubeconfig.

AWS credentials file

[default] region = eu-west-1 aws_access_key_id = xxxxxxxxxxxxxxxx aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx mfa_serial = arn:aws:iam::000000000000:mfa/AWS_USERNAME [aws_profile] role_arn = arn:aws:iam::111111111111:role/EksRole region = eu-west-1 source_profile = default mfa_serial = arn:aws:iam::000000000000:mfa/AWS_USERNAME

or

[myAwsSsoProfile] region = eu-west-1 aws_access_key_id = xxxxxxxxxxxxxxxx aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx mfa_serial = arn:aws:iam::000000000000:mfa/AWS_USERNAME [aws_profile] role_arn = arn:aws:iam::111111111111:role/EksRole region = eu-west-1 source_profile = myAwsSsoProfile mfa_serial = arn:aws:iam::000000000000:mfa/AWS_USERNAME

Credits

  • the guys who has created kns
  • junegunn for the fzf tool
  • and to the open source community

About

EKS MFA kubeconfig management tool. Thin wrapper for kubectl.

Topics

kubernetes yubikey kubectl kubeconfig kubectl-plugins eks eks-cluster kubectl-switch eks-kubeconfig eks-kubeconfig-management ykman

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages