{"id":21497155,"url":"https://github.com/financial-times/kubectl-login","last_synced_at":"2025-07-15T19:33:23.735Z","repository":{"id":54583879,"uuid":"93626919","full_name":"Financial-Times/kubectl-login","owner":"Financial-Times","description":"Logs you into multiple clusters which use dex","archived":false,"fork":false,"pushed_at":"2021-07-08T08:47:08.000Z","size":90,"stargazers_count":6,"open_issues_count":2,"forks_count":3,"subscribers_count":58,"default_branch":"master","last_synced_at":"2024-04-08T16:48:18.741Z","etag":null,"topics":["cli","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Financial-Times.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null}},"created_at":"2017-06-07T11:15:59.000Z","updated_at":"2022-11-20T02:13:57.000Z","dependencies_parsed_at":"2022-08-13T20:31:08.284Z","dependency_job_id":null,"html_url":"https://github.com/Financial-Times/kubectl-login","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Financial-Times%2Fkubectl-login","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Financial-Times%2Fkubectl-login/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Financial-Times%2Fkubectl-login/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Financial-Times%2Fkubectl-login/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Financial-Times","download_url":"https://codeload.github.com/Financial-Times/kubectl-login/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226065737,"owners_count":17568259,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","kubernetes"],"created_at":"2024-11-23T16:21:52.663Z","updated_at":"2024-11-23T16:21:53.301Z","avatar_url":"https://github.com/Financial-Times.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# kubectl-login\n\n[![Circle CI](https://circleci.com/gh/Financial-Times/kubectl-login/tree/master.png?style=shield)](https://circleci.com/gh/Financial-Times/kubectl-login/tree/master)\n[![Go Report Card](https://goreportcard.com/badge/github.com/Financial-Times/kubectl-login)](https://goreportcard.com/report/github.com/Financial-Times/kubectl-login)\n[![Coverage Status](https://coveralls.io/repos/github/Financial-Times/kubectl-login/badge.svg)](https://coveralls.io/github/Financial-Times/kubectl-login)\n\n## Config file\n\n`$HOME/.kubectl-login.json`\n\n```json\n{\n  \"cluster-1\": {\n    \"issuer\": \"https://dex-for-cluster-1.example.com\",\n    \"redirectUrl\": \"https://dex-redirect-for-cluster-1.example.com/callback\",\n    \"loginSecret\": \"some shared secret\",\n    \"aliases\": [\"test\"]\n  },\n  \"cluster-2\": {\n    \"issuer\": \"https://dex-for-cluster-2.example.com\",\n    \"redirectUrl\": \"https://dex-redirect-for-cluster-2.example.com/callback\",\n    \"loginSecret\": \"some shared secret\",\n    \"aliases\": [\"prod\"]\n  }\n}\n```\n\n## Releases\n\n### Install dep\n\n#### Mac\n\n`brew install dep` / `brew upgrade dep`\n\n#### Other Platforms\n\n`curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh`\n\n### Run dep ensure\n\n`dep ensure`\n\n### Release\n\n#### Build binaries\n\n- `GOOS=linux GOARCH=amd64 go build -o kubectl-login-linux .`\n- `GOOS=darwin GOARCH=amd64 go build -o kubectl-login-darwin .`\n- `GOOS=windows GOARCH=amd64 go build -o kubectl-login-windows.exe .`\n\n#### Create Github Release\n\n- Upload the binaries and the cluster-login.sh on the release\n\n### How to use locally\n\n- rename binary to kubectl-login and put in on your PATH\n- run `source ./cluster-login.sh  cluster-x` or `. ./cluster-login.sh  cluster-x`\n\n#### How to [Fish](https://fishshell.com/) locally\n\n- put the following lines in `~/.config/fish/config.fish`:\n  - `set -x KUBECONFIG \u003cPATH_TO membership-developer-setup\u003e/kubeconfig`\n  - `alias k8s-login=\"source \u003cPATH_TO kubectl-login\u003e/cluster-login.fish $argv\"`\n- Use with `k8s-login` (or whatever name you alias for the command)\n\n#### How to use with ZSH\n\n- put `export KUBECONFIG=[path-to-repo]/content-k8s-auth-setup/kubeconfig`  in `~/.zshrc`\n- execute `source cluster-login.zsh udde`\n\n## EKS\n\n### Info\n\nWhen provisioning a new EKS cluster the provisioning script will upload the\ncorresponding kubeconfig to S3 bucket named `upp-kubeconfig-ACCOUNT-NUMBER`.\nIn order to use it you need to get this kubeconfig and merge it with the\nkubeconfig files of the rest of EKS clusters. This way you will have a single\nunited kubeconfig for all the EKS clusters.\n\nIf you want to do that automatically, there is this script\n`./update-eks-kubeconfig/update-eks-kubeconfig.sh`.\nThe script will do the merge for you. It will store the merged\n`eks-kubecofig` under `$HOME/.kube`.\nMore details on that in the [#step-by-step guide](#connect-to-eks-cluster-step-by-step-guide) below.\n\n#### Ops specifics\n\nThe script `ops-eks-kubeconfig.sh` inside `update-eks-kubeconfig` directory\nis intended to be used from OPS on the jumpbox (Upp Jumpbox p).\nThe script sits in `/usr/local/bin` and is invoked by `/etc/skel/.bashrc`\neverytime a user is connected. The purpose of the script is similar - it will\ndownload and merge the kubeconfigs for OPS and will get `kubectx` tool\non the jumpbox.\n\n### Connect to EKS cluster (Step-by-step guide)\n\nIMPORTANT: This guide has been moved. To read the most resent version go to [upp-docs](https://github.com/Financial-Times/upp-docs/tree/master/guides/howto/setup-eks-kubeconfig-login). \n\n1. Checkout the kubectl-login repo and get into the proper folder:\n\n    ```shell\n    git clone git@github.com:Financial-Times/kubectl-login.git\n    cd update-eks-kubeconfig/\n    ```\n\n1. Check the script `update-eks-kubeconfig.sh` and update the EKS cluster names\n  for PROD and TEST accounts, if needed:\n\n    ```shell\n    PROD_ACCOUNT_CLUSTERS=(\n      ...\n    )\n    TEST_ACCOUNT_CLUSTERS=(\n      ...\n    )\n    ```\n\n    How to check what are the EKS clusters' names?\n\n    - Log into the [AWS console](https://awslogin.in.ft.com/adfs/ls/IdpInitiatedSignOn.aspx?loginToRp=urn:amazon:webservices).\n    - Check accordingly test and prod accounts.\n    - Look for `EKS` and check the cluster names there.\n      Or if you are already looged in, you can directly check the\n      [EKS Cluster names](https://eu-west-1.console.aws.amazon.com/eks/home?region=eu-west-1#/clusters).\n\n1. Once happy with the cluster names setup:\n\n   - Make sure that you are connected to the Restricted VPN.\n   - Then execute `update-eks-kubeconfig.sh`\n     (you should be in its folder):\n\n    ```shell\n    bash update-eks-kubeconfig.sh\n    ```\n\n    - Restricted VPN is now no longer needed after this step.\n\n1. Set KUBECONFIG to its proper EKS value\n\n    ```shell\n    export KUBECONFIG=$HOME/.kube/eks-kubeconfig\n    ```\n\n1. Install [kubectx](https://github.com/ahmetb/kubectx) and run it:\n\n    ```shell\n    brew install kubectx\n    ```\n\n    ```shell\n    kubectx\n    ```\n\n1. Connect to an EKS cluster by specifying its name:\n\n    ```shell\n    kubectx eks-publish-dev-eu\n    ```\n\n1. Check that you are able to execute commands:\n\n    ```shell\n    kubectl get pods\n    ```\n\n### Navigation between K8S and EKS\n\n#### Aliases\n\nThe main difference is the `KUBECONFIG` value.\nSo for easier access to both K8S and EKS of clusters,\nyou can set up some aliases to quickly change that:\n\n```shell\nalias export-k8s-kubeconfig='export KUBECONFIG=$HOME/content-k8s-auth-setup/kubeconfig'\nalias export-eks-kubeconfig='export KUBECONFIG=$HOME/.kube/eks-kubeconfig'\n```\n\nAlter the path to your `content-k8s-auth-setup` repo accordingly.\n\nName your aliases according to your personal preference, above are just example names.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffinancial-times%2Fkubectl-login","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffinancial-times%2Fkubectl-login","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffinancial-times%2Fkubectl-login/lists"}