k8s-vault: connect to K8s API via SSH jumphost
Like aws-vault is a helper for AWS related CLI tools, k8s-vault is a helper for CLI tools using KUBECONFIG. Unlike aws-vault, "vault" is used as a verb, synonymous to leap, jump, spring, etc..
About two years ago, I've made a script described in Using SSH + Port-Forwarding for K8s CLI tools post.
That CLI script serves as wrapper to other CLI tools using KUBECONFIG
. It establishes an SSH Forwarding session via SSH jumphost, while generating temporary KUBECONFIG
with server endpoint modified to use the TCP port of the forwarding session.
While the script worked well in my experience, it had to be fixed when newer version of yq introduced incompatible changes. And then again.. The whole dependency on specific version of helper tools is rather annoying..
Recently, I've implemented the same thing in Crystal, learning the language. Enter k8s-vault.cr
It works pretty much the same way, with a slight change in k8s-vault.yaml
config format.
The repository's releases page includes statically compiled binary for Linux (x64), as well as dynamic one for macOS.