{"id":28600908,"url":"https://github.com/labring/sealctl","last_synced_at":"2025-10-09T15:35:25.960Z","repository":{"id":64307840,"uuid":"246550713","full_name":"labring/sealctl","owner":"labring","description":"kubernetes multi tencent command line tool.","archived":false,"fork":false,"pushed_at":"2023-02-06T23:50:13.000Z","size":5588,"stargazers_count":0,"open_issues_count":3,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-11T14:59:35.178Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/labring.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-11T11:15:31.000Z","updated_at":"2023-08-20T09:11:10.000Z","dependencies_parsed_at":"2023-02-19T13:15:59.966Z","dependency_job_id":null,"html_url":"https://github.com/labring/sealctl","commit_stats":null,"previous_names":["fanux/sealctl"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/labring/sealctl","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labring%2Fsealctl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labring%2Fsealctl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labring%2Fsealctl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labring%2Fsealctl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/labring","download_url":"https://codeload.github.com/labring/sealctl/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/labring%2Fsealctl/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001645,"owners_count":26083147,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-11T14:39:17.623Z","updated_at":"2025-10-09T15:35:25.932Z","avatar_url":"https://github.com/labring.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sealctl for what?\n\nsealctl is kubernetes multi tencent command line tool.\n\nUsing cases:\n\n1. Generate kubeconfig file for a nomal user, like a developer that we don't want him has privilege admin access.\n2. Group manage, different group have different permissions can access different kubernetes namespaces.\n3. Manage roles...\n4. Namespace Quota..\n\n# Quick start\n\nCreate a user named fanux, and join in two group sealyun and sealos\n\n```\nsealctl user -u fanux --group sealyun --group sealos\n```\nThen sealctl will generate a kubeconfig for fanux.\n\n```\n$ cat ./kube/config\napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: LS0tLS1CRUdJTiBD...\n    server: https://sealyun.com:6443\n  name: kubernetes\ncontexts:\n- context:\n    cluster: kubernetes\n    user: fanux\n  name: fanux@kubernetes\ncurrent-context: fanux@kubernetes\nkind: Config\npreferences: {}\nusers:\n- name: fanux\n  user:\n    client-certificate-data: LS0tLS1CRUdJTiBDR...\n    client-key-data: LS0tLS1CRUd...\n```\nfanux has no access to pods before we bind a role to him.\n\n```\n# kubectl --kubeconfig ./kube/config get pod\nError from server (Forbidden): pods is forbidden: User \"fanux\" cannot list resource \"pods\" in API group \"\n```\n\n\u003e Bind a role for user or group\n\nYou can bind role to user or group.\n\nSet fanux as cluster admin..\n\n```\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  name: user-admin-test\nsubjects:\n- kind: User\n  name: \"fanux\" # Name is case sensitive\n  apiGroup: rbac.authorization.k8s.io\nroleRef:\n  kind: ClusterRole\n  name: cluster-admin  # using admin role\n  apiGroup: rbac.authorization.k8s.io\n```\nAll users in group sealos has admin authority\n\n```\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n  name: group-admin-test\nsubjects:\n- kind: Group\n  name: \"sealos\" # Name is case sensitive\n  apiGroup: rbac.authorization.k8s.io\nroleRef:\n  kind: ClusterRole\n  name: cluster-admin  # using admin role\n  apiGroup: rbac.authorization.k8s.io\n```\n\n# Command Reference\n\n```shell script\n./sealctl user -h\nEasy to use this to create a kubernetes user, \n           if your want some one access your kubernetes cluster read only, \n           you can use this command generate a kubeconfig for him, and bind \n           read only role etc..\n\nUsage:\n  sealctl user [flags]\n\nFlags:\n  -s, --apiserver string      apiserver address (default \"https://apiserver.cluster.local:6443\")\n      --ca-crt string         kubernetes ca crt file (default \"/etc/kubernetes/ca.crt\")\n      --ca-key string         kubernetes ca key file (default \"/etc/kubernetes/ca.key\")\n      --cluster-name string   kubeconfig cluster name (default \"kubernetes\")\n  -d, --dns strings           apiserver certSANs dns list (default [apiserver.cluster.local,localhost,sealyun.com])\n  -g, --group strings         user group names (default [sealyun,alibaba])\n  -h, --help                  help for user\n      --ips strings           apiserver certSANs ip list (default [127.0.0.1,10.103.97.2])\n  -o, --out string            default kube config out put file name (default \"./kube/config\")\n  -u, --user string           user name in your kube config (default \"fanux\")\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flabring%2Fsealctl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flabring%2Fsealctl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flabring%2Fsealctl/lists"}