Skip to content

Instantly share code, notes, and snippets.

@danielfoehrKn

danielfoehrKn/kubeswitch_medium.md Secret

Created February 28, 2021 18:37
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save danielfoehrKn/457686ea0661892dca5877e6f4cf32a6 to your computer and use it in GitHub Desktop.
Save danielfoehrKn/457686ea0661892dca5877e6f4cf32a6 to your computer and use it in GitHub Desktop.
Download ZIP
The case of Kubeswitch
Raw
kubeswitch_medium.md

Managing a handful of Kubeconfig files and contexts is straightforward and well-supported by existing tools. You can use kubectl config view --flatten, define aliases, or use kubectx.

Meanwhile, Kubernetes adoption has gone through the roof, and large-scale Kubernetes landscapes with hundreds to thousands of clusters are not uncommon. On top of that, projects like Gardener, SIG Cluster-API or Rancher make it easy to spin up and maintain clusters at scale. There are even scenarios that scale up to one million clusters for edge scenarios.

To sum it up, many have moved on from treating Kubernetes clusters as pets to treating them as cattle. Hence, there is a need for a tool that is built for this reality.

The idea of kubeswitch is to enable seamless interaction with Kubeconfig files for operators of large-scale Kubernetes landscapes. No matter if they are stored on disk, in an Enterprise Vault, are spread in different directories, or need to be synchronized from a remote system.

kubeswitch offers

  • Convenience features (terminal window isolation, context history, context aliasing, improved search experience, sanitized Kubeconfig preview);
  • advanced search capabilities (search index, hot reload, unified search over all kubeconfig stores);
  • as well as custom integration points with external systems (see hooks).

To not break existing setups, kubeswitch is a drop-in replacement for kubectx. You can just set an alias.

  alias kubectx='switch'
  alias kctx='switch'

Use the command switch to perform a recursive search across all configured Kubeconfig paths such as directories on the local filesystem or paths in Vault.

demo GIF

Configuration

The exemplary config file below (per default located in ~/.kube/switch-config.yaml) configures to perform a recursive search on three different paths across two kubeconfig stores (filesystem and vault).
Also, every 6 hours the custom hook with the name sync-my-kubeconfigs is executed to synchronize kubeconfig files from a remote system to the local disk.

kind: SwitchConfig
vaultAPIAddress: "http://127.0.0.1:8200"
# kubeconfigRediscoveryInterval: 1h # uncomment to use search index
kubeconfigPaths:
  - path: "~/.kube/config"
    store: filesystem
  - path: "~/.kube/static-kubeconfigs/"
    store: filesystem
  - path: "landscapes"
    store: vault
hooks:
  - name: sync-my-kubeconfigs
    type: Executable
    path: /usr/local/bin/hook_sync_landscape
    arguments:
      - "sync"
      - "--kubeconfig-path"
      - "/path/to/kubeconfig"
      - "--export-path"
      - "/path/on/local/disk"
    execution:
      interval: 6h

Whats next

Looking forward, kubeswitch will hopefully gain support for more storage backends (e.g., local password manager). Additional stores need to implement the KubeconfigStore interface.

Also kubeswitch could be used as an authentication helper for Kubeconfig files to inject credentials from the backing store.

If you find this project interesting, then I invite you to check out kubeswitch on Github with more information or head straight to the installation section. Of course, contributions are more than welcome. Cheers, Daniel

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment