Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cststack/km

EKS MFA kubeconfig management tool. Thin wrapper for kubectl.
https://github.com/cststack/km

eks eks-cluster eks-kubeconfig eks-kubeconfig-management kubeconfig kubectl kubectl-plugins kubectl-switch kubernetes ykman yubikey

Last synced: 7 days ago
JSON representation

EKS MFA kubeconfig management tool. Thin wrapper for kubectl.

Host: GitHub
URL: https://github.com/cststack/km
Owner: cststack
License: mit
Created: 2019-08-29T23:32:00.000Z (about 5 years ago)
Default Branch: master
Last Pushed: 2023-05-12T10:17:01.000Z (over 1 year ago)
Last Synced: 2024-08-02T06:13:40.225Z (3 months ago)
Topics: eks, eks-cluster, eks-kubeconfig, eks-kubeconfig-management, kubeconfig, kubectl, kubectl-plugins, kubectl-switch, kubernetes, ykman, yubikey
Language: Shell
Homepage:
Size: 303 KB
Stars: 4
Watchers: 2
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-kubectl-plugins - km

README

# km

Km is a thin wrapper for kubectl which helps with the EKS kubeconfig management.
Any other command will be proxied to kubectl so km command can be used in the same way as kubectl.

Check `km -h` for all the available options.

*Tested with EKS access via iam assume role with/without MFA enabled.*

## Breaking changes from v0.0.1-beta4 to v0.0.1-beta5

- the clusters secured with MFA will need to be re-added using the `--mfa-profile` flag (check the examples below). This change will allow the management of the clusters without MFA including non AWS EKS cluster.

## Demo
![Demo](examples/demo.gif)

## Requirements

- aws-iam-authenticator (eks clusters only)
- jq
- awscli >= 1.16 (configured like on the example, eks clusters only)
- kubectl >= 1.15
- yubikey, ykman (optional)
- gnu-sed, gnu-grep (MacOS)
- [fzf](https://github.com/junegunn/fzf)

## Installation

### MacOS requirements

```
brew install fzf
brew install grep
brew install gnu-sed
```

```
curl -L https://raw.githubusercontent.com/cststack/km/master/bin/km -o /usr/local/bin/km
chmod +x /usr/local/bin/km
```

## Features

- multiple EKS clusters can be configured. If they have the same name they can be assigned aliases.
- context change for the cluster and the namespace (fzf is required for this)
- run any kubectl commands via km
- if [ykman](https://github.com/Yubico/yubikey-manager) is installed and the Yubikey is plugged there is no need to input the MFA token at all. Make sure the `--mfa-profile` matches the profile used for authentication in ykman.

## Examples

### Add new EKS cluster

With iam-role resolved from ~/.aws/credentials from the aws_profile
```
km add --region eu-west-1 --profile aws_profile --cluster-name aws-eks-eu-west-1 --cluster-alias eks-dev
```

With iam-role

```
km add --region eu-west-1 --profile aws_profile --cluster-name aws-eks-eu-west-1 --cluster-alias eks-dev --iam-role arn:aws:iam::111111111111:role/EksRole
```

With iam-role resolved from ~/.aws/credentials from the aws_profile and MFA
```
km add --region eu-west-1 --profile aws_profile --cluster-name aws-eks-eu-west-1 --cluster-alias eks-dev --mfa-profile mfaProfileName/myAwsSsoProfile
```

With iam-role and MFA

```
km add --region eu-west-1 --profile aws_profile --cluster-name aws-eks-eu-west-1 --cluster-alias eks-dev --iam-role arn:aws:iam::111111111111:role/EksRole --mfa-profile mfaProfileName/myAwsSsoProfile
```

Import a KUBECONFIG file.
```
km --import-kubeconfig pathToKubeConfigFile
```

*The usual kubectl commands should be used to clear any cluster config from kubeconfig.*

### AWS credentials file

```
[default]
region = eu-west-1
aws_access_key_id = xxxxxxxxxxxxxxxx
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
mfa_serial = arn:aws:iam::000000000000:mfa/AWS_USERNAME

[aws_profile]
role_arn = arn:aws:iam::111111111111:role/EksRole
region = eu-west-1
source_profile = default
mfa_serial = arn:aws:iam::000000000000:mfa/AWS_USERNAME
```
or

```
[myAwsSsoProfile]
region = eu-west-1
aws_access_key_id = xxxxxxxxxxxxxxxx
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
mfa_serial = arn:aws:iam::000000000000:mfa/AWS_USERNAME

[aws_profile]
role_arn = arn:aws:iam::111111111111:role/EksRole
region = eu-west-1
source_profile = myAwsSsoProfile
mfa_serial = arn:aws:iam::000000000000:mfa/AWS_USERNAME
```

## Credits
- the guys who has created [kns](https://github.com/blendle/kns)
- [junegunn](https://github.com/junegunn) for the fzf tool
- and to the open source community