Skip to content

Instantly share code, notes, and snippets.

@avoidik

avoidik/curl.sh

Last active April 30, 2024 06:54
Show Gist options
  • Save avoidik/79cd3836523f93cdee1d3b25c0e54348 to your computer and use it in GitHub Desktop.
Save avoidik/79cd3836523f93cdee1d3b25c0e54348 to your computer and use it in GitHub Desktop.
Download ZIP
Use curl instead of kubectl
Raw
curl.sh
#!/bin/bash
#
# download yq
#
curl -fsSL https://github.com/mikefarah/yq/releases/download/v4.43.1/yq_linux_amd64 -o /usr/local/bin/yq
chmod +x /usr/local/bin/yq
#
# get certs from kubeconfig
#
KEY_DATA="$(yq eval '.users[] | select(.name == "kubernetes-admin") | .user.client-key-data' ~/.kube/config | base64 -d)"
CERT_DATA="$(yq eval '.users[] | select(.name == "kubernetes-admin") | .user.client-certificate-data' ~/.kube/config | base64 -d)"
CA_DATA="$(yq eval '.clusters[] | select(.name == "kubernetes") | .cluster.certificate-authority-data' ~/.kube/config | base64 -d)"
#
# deploy pod
#
curl -X POST \
--cacert <(echo "${CA_DATA}") \
--cert <(echo "${CERT_DATA}") \
--key <(echo "${KEY_DATA}") \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
--data-binary @<(yq eval -j pod.yaml) \
https://192.168.50.101:6443/api/v1/namespaces/default/pods?fieldManager=kubectl-create
#
# list pods
#
curl \
--cacert <(echo "${CA_DATA}") \
--cert <(echo "${CERT_DATA}") \
--key <(echo "${KEY_DATA}") \
-H "Accept: application/json" \
https://192.168.50.101:6443/api/v1/namespaces/default/pods?limit=5
#
# delete pod
#
curl -X DELETE \
--cacert <(echo "${CA_DATA}") \
--cert <(echo "${CERT_DATA}") \
--key <(echo "${KEY_DATA}") \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
https://192.168.50.101:6443/api/v1/namespaces/default/pods/pod
@avoidik
Copy link
Author

avoidik commented May 18, 2021 

cat ~/.kube/config | tee \
  >(yq eval '.users[] | select(.name == "kubernetes-admin") | .user.client-key-data' - | base64 -d > /tmp/kube-api-key.pem) \
  >(yq eval '.users[] | select(.name == "kubernetes-admin") | .user.client-certificate-data' - | base64 -d > /tmp/kube-api-cert.pem) \
  >(yq eval '.clusters[] | select(.name == "kubernetes") | .cluster.certificate-authority-data' - | base64 -d > /tmp/kube-api-ca.pem) > /dev/null

curl \
  --cacert /tmp/kube-api-ca.pem \
  --cert /tmp/kube-api-cert.pem \
  --key /tmp/kube-api-key.pem \
  https://192.168.50.101:6443/api/v1/namespaces/default/pods?limit=5

@avoidik
Copy link
Author

avoidik commented May 23, 2021 

curl -k \
  -H "Accept: application/json" \
  -H "Authorization: Bearer $(aws eks get-token --cluster-name eksworkshop-eksctl | jq -r '.status.token')" \
  https://C15918F6AD0190339DC3E37DF96941E4.yl4.eu-west-1.eks.amazonaws.com/api/v1/namespaces/default/pods?limit=5

@avoidik
Copy link
Author

avoidik commented May 23, 2021

ref. https://github.com/kubernetes-sigs/aws-iam-authenticator#api-authorization-from-outside-a-cluster

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment