Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

hyper-kube-config

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

hyper-kube-config

H Y P E R K U B E - A secure Serverless API and kubectl plugin that stores and retrieve Kubernetes cluster credentials. Hyperkube leverages AWS Secrets Manager for storing credential information.

  • 0.6.2
  • PyPI
  • Socket score
Maintainers
1

hyper-kube-config

Python Tests

PyPI version

hyper-kube-config - Provides a secure Serverless API to store and retrieve Kubernetes cluster config credentials. hyper-kube-config leverages AWS Secrets Manager for storing credential information. Included is a kubectl plugin to interface with hyperkube API.

You can also set cluster's status and retrieve this information. Useful in CI/CD pipelines when trying to pull access to particular cluters without needing to know their names, just their environments.

It requires a configuration file. See hyperkube-config.yaml.example for layout.

hyper-kube-config

Install hyperkube kubectl plugin

pip3 install hyper-kube-config

Setup ~/hyperkube-config.yaml file

The default locations for the config file is ~/hyperkube-config.yaml. You can also place the config file at a different location and pass the location as a command line option -c <hyper-kube-config-location> or --config <hyper-kube-config-location>

Post cluster and creds to hyperkube store

kubectl hyperkube add --k8s-config ~/.kube/config

Remove cluster and creds

kubectl hyperkube remove --cluster-to-remove 'k8s-cluster-example.cloud'

Get user creds and merge it with existing ~/.kube/config

# for single cluster
kubectl hyperkube get --cluster cloud-infra.cloud -m

Get user creds multiple clusters and merge them with existing ~/.kube/config

kubectl hyperkube get \
  --cluster cloud-infra.cloud \
  --cluster bar-cluster.cloud \
  --cluster baz-cluster.com -m

Get creds for all clusters and merge it with existing ~/.kube/config

kubectl hyperkube get-all -m

List clusters

kubectl hyperkube list

Store and Associate SSH PEM and CA private key with Cluster

Store SSH Pem
kubectl hyperkube add-pem --pem ~/.ssh/my-cluster.pem
Get Stored SSH Pem
kubectl hyperkube get-pem --cluster my-cluster.net
Store Add CA Private Key
kubectl hyperkube add-ca-key --ca-key ca-key-file.key --cluser my-cluster.net

Set Cluster Status and/or Environment References

# Set arbitrary status string and environment reference for given cluster
kubectl hyperkube set-cluster-status --cluster my-cluster.net --status active --environment stage

Get Cluster Status for Environment

# Returns list of clusters that are active for prod environment
kubectl hyperkube get-cluster-status --status active --environment prod

Requirements

  • Serverless - Serverless Framework
  • serverless-python-requirements plugin. Uses Docker and Pip to package a newer vesion of Boto3 for AWS Lambda function use. AWS Lambda boto3 version by default doesn't have AWS Secrets Manager support for tags.
  • click - for hyperkube kubectl plugin
  • kubectl - version 1.12 or higher recommended for stable plugin support.

Deploying Serverless API

Choose authentication method
API Key

Example Serverless Config for API Key Authentication

This config should work out of the box. Feel free to copy to serverless.yml and deploy

IAM Authentication

Example Serverless Config for IAM Authentication

This configuration will require you to add IAM roles to the allowed principal section. These roles are managed outside the scope of this project.

See the section that has:

  resourcePolicy:
    - Effect: Allow
      Principal:
        AWS:
          - arn:aws:iam::{{otherAWSAccountID}}:root
          - arn:aws:iam::{{otherAWSAccountID}}:user/{{otherAWSUserName}}
          - arn:aws:iam::{{otherAWSAccountID}}:role/{{otherAWSRoleName}}

replace with your roles you would like to grant access.

sls deployment
pipenv install
pipenv shell
sls deploy \
  --stage dev \
  --product k8s \
  --owner myteam@foo.cloud \
  --team myteam \
  --environment dev

This will launch your hyperkube API. Capture the API URL, api key and stage for your hyperkube.yaml configuration. The kubectl hyperkube commands will leverage the config to interact with your stored k8s configs.

Serverless will launch an AWS API Gateway to handle API requests forwardered to AWS Lambda functions. A Dynamodb table is configured to store non-senstative cluster config details, while sensative information in uploaded configs (passwords and certs) is stored in AWS Secrets Manager.

Testing for lint errors on your local machine

  1. Install Test Dependencies
pip install -U -r tests/requirements.txt
  1. Run flake8 to check for lint errors
flake8 *.py tests cli/kubectl-hyperkube
  1. Run unit tests
python -m unittest discover -s tests/ -p "*.py"

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Research

Security News

Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries

Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.

By Kirill Boychenko  -  Nov 22, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc