{"id":26246037,"url":"https://github.com/zillow/hyper-kube-config","last_synced_at":"2025-08-21T03:06:56.463Z","repository":{"id":53533668,"uuid":"148261200","full_name":"zillow/hyper-kube-config","owner":"zillow","description":"H Y P E R K U B E - A Serverless API and kubectl plugin providing a storage and retrieval Kubernetes cluster credentials. Hyperkube leverages AWS Secrets Manager for storing credential information.","archived":false,"fork":false,"pushed_at":"2022-09-08T04:14:10.000Z","size":6153,"stargazers_count":28,"open_issues_count":5,"forks_count":8,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-07-30T21:59:48.677Z","etag":null,"topics":["aws","aws-apigateway","aws-lambda","aws-secrets-manager","boto","dynamodb","kube","kubectl-plugin","kubernetes","python3","serverless","serverless-framework"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zillow.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-11T04:41:18.000Z","updated_at":"2024-04-02T02:56:04.000Z","dependencies_parsed_at":"2022-08-20T13:00:59.327Z","dependency_job_id":null,"html_url":"https://github.com/zillow/hyper-kube-config","commit_stats":null,"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"purl":"pkg:github/zillow/hyper-kube-config","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zillow%2Fhyper-kube-config","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zillow%2Fhyper-kube-config/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zillow%2Fhyper-kube-config/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zillow%2Fhyper-kube-config/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zillow","download_url":"https://codeload.github.com/zillow/hyper-kube-config/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zillow%2Fhyper-kube-config/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271420132,"owners_count":24756490,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-21T02:00:08.990Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-apigateway","aws-lambda","aws-secrets-manager","boto","dynamodb","kube","kubectl-plugin","kubernetes","python3","serverless","serverless-framework"],"created_at":"2025-03-13T13:17:18.212Z","updated_at":"2025-08-21T03:06:56.421Z","avatar_url":"https://github.com/zillow.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# hyper-kube-config\n\n![Python Tests](https://github.com/zillow/hyper-kube-config/workflows/Python%20Tests/badge.svg)\n\n[![PyPI version](https://badge.fury.io/py/hyper-kube-config.svg)](https://badge.fury.io/py/hyper-kube-config)\n\nhyper-kube-config - Provides a secure [Serverless](https://serverless.com/) API to store and retrieve [Kubernetes cluster config credentials](https://kubernetes.io/docs/tasks/access-application-cluster/configure-access-multiple-clusters/). hyper-kube-config leverages [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/index.html) for storing credential information. Included is a [kubectl plugin](https://kubernetes.io/docs/tasks/extend-kubectl/kubectl-plugins/) to interface with hyperkube API. \n\nYou can also set cluster's status and retrieve this information. Useful in CI/CD pipelines when trying to pull access to particular cluters without needing to know their names, just their environments. \n\nIt requires a configuration file. See [hyperkube-config.yaml.example](hyperkube-config.yaml.example) for layout.\n\n![hyper-kube-config](https://user-images.githubusercontent.com/538171/46702337-8edc2780-cbd7-11e8-8ba5-dbbe9916708a.png)\n\n\n## Install hyperkube kubectl plugin\n\n```bash\npip3 install hyper-kube-config \n```\n\n## Setup `~/hyperkube-config.yaml` file\n\nThe default locations for the config file is `~/hyperkube-config.yaml`. You can also place the config file at a different location and pass the location as a command line option `-c \u003chyper-kube-config-location\u003e` or `--config \u003chyper-kube-config-location\u003e`\n\n\n## Post cluster and creds to hyperkube store\n\n```bash\nkubectl hyperkube add --k8s-config ~/.kube/config\n```\n\n## Remove cluster and creds\n\n```bash\nkubectl hyperkube remove --cluster-to-remove 'k8s-cluster-example.cloud' \n```\n\n## Get user creds and merge it with existing `~/.kube/config`\n\n```bash\n# for single cluster\nkubectl hyperkube get --cluster cloud-infra.cloud -m\n```\n\n## Get user creds multiple clusters and merge them with existing `~/.kube/config`\n\n```bash\nkubectl hyperkube get \\\n  --cluster cloud-infra.cloud \\\n  --cluster bar-cluster.cloud \\\n  --cluster baz-cluster.com -m\n```\n\n## Get creds for all clusters and merge it with existing `~/.kube/config`\n\n```bash\nkubectl hyperkube get-all -m\n```\n\n## List clusters\n\n```bash\nkubectl hyperkube list\n```\n\n## Store and Associate SSH PEM and CA private key with Cluster\n\n#### Store SSH Pem\n\n```bash\nkubectl hyperkube add-pem --pem ~/.ssh/my-cluster.pem \n```\n\n#### Get Stored SSH Pem\n\n```bash\nkubectl hyperkube get-pem --cluster my-cluster.net\n```\n\n\n#### Store Add CA Private Key\n\n```bash\nkubectl hyperkube add-ca-key --ca-key ca-key-file.key --cluser my-cluster.net\n```\n\n## Set Cluster Status and/or Environment References\n\n```bash\n# Set arbitrary status string and environment reference for given cluster\nkubectl hyperkube set-cluster-status --cluster my-cluster.net --status active --environment stage\n```\n\n## Get Cluster Status for Environment\n\n```bash\n# Returns list of clusters that are active for prod environment\nkubectl hyperkube get-cluster-status --status active --environment prod\n```\n\n## Requirements\n\n* [Serverless](https://serverless.com/) - Serverless Framework\n* [serverless-python-requirements](https://www.npmjs.com/package/serverless-python-requirements) plugin. Uses Docker and Pip to package a newer vesion of Boto3 for AWS Lambda function use. AWS Lambda boto3 version by default doesn't have AWS Secrets Manager support for tags.\n* [click](https://click.palletsprojects.com/en/7.x/) - for hyperkube kubectl plugin\n* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) - version 1.12 or higher recommended for stable plugin support.\n\n### Deploying Serverless API\n\n#### Choose authentication method\n\n##### API Key\n\n[Example Serverless Config for API Key Authentication](./serverless.yml.example_api_key)\n\nThis config should work out of the box. Feel free to copy to serverless.yml and deploy\n\n##### IAM Authentication\n\n[Example Serverless Config for IAM Authentication](./serverless.yml.example_iam_policy_access)\n\nThis configuration will require you to add IAM roles to the allowed principal section. These roles are managed outside the scope of this project.\n\nSee the section that has:\n\n```\n  resourcePolicy:\n    - Effect: Allow\n      Principal:\n        AWS:\n          - arn:aws:iam::{{otherAWSAccountID}}:root\n          - arn:aws:iam::{{otherAWSAccountID}}:user/{{otherAWSUserName}}\n          - arn:aws:iam::{{otherAWSAccountID}}:role/{{otherAWSRoleName}}\n```\n\nreplace with your roles you would like to grant access.\n\n##### sls deployment\n\n```bash\npipenv install\npipenv shell\nsls deploy \\\n  --stage dev \\\n  --product k8s \\\n  --owner myteam@foo.cloud \\\n  --team myteam \\\n  --environment dev\n```\nThis will launch your hyperkube API. Capture the API URL, api key and stage for your hyperkube.yaml configuration. The `kubectl hyperkube` commands will leverage the config to interact with your stored k8s configs.\n\nServerless will launch an [AWS API Gateway](https://docs.aws.amazon.com/apigateway/index.html) to handle API requests forwardered to [AWS Lambda functions](https://docs.aws.amazon.com/lambda/index.html#lang/en_us). A Dynamodb table is configured to store non-senstative cluster config details, while sensative information in uploaded configs (passwords and certs) is stored in [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/index.html).\n\n### Testing for lint errors on your local machine\n\n1. Install Test Dependencies\n\n  ```\n  pip install -U -r tests/requirements.txt\n  ```\n\n2. Run flake8 to check for lint errors\n\n  ```\n  flake8 *.py tests cli/kubectl-hyperkube\n  ```\n\n3. Run unit tests\n\n  ```\n  python -m unittest discover -s tests/ -p \"*.py\"\n  ```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzillow%2Fhyper-kube-config","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzillow%2Fhyper-kube-config","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzillow%2Fhyper-kube-config/lists"}