niraj8 / kubeswitch

The kubectx for operators.

Home Page:https://danielfoehrkn.medium.com/the-case-of-kubeswitch-aff4b6a04ae7

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Kubeswitch

Latest GitHub release Build Go Report Card License

The kubectx for operators.

kubeswitch (lazy: switch) is the single pane of glass for all of your kubeconfig files.
Caters to operators of large scale Kubernetes installations. Designed as a drop-in replacement for kubectx.

Highlights

  • Unified search over multiple providers
  • Change the namespace
  • Change to any context and namespace from the history
  • Terminal Window Isolation
    • Each terminal window can target a different cluster (does not overwrite the current-context in a shared Kubeconfig)
    • Each terminal window can target the same cluster and set a different namespace preference
  • Efficiency: uses local caches for kubeconfig contexts and namespaces
  • Advanced Search Capabilities
    • Hot reload capability (adds Kubeconfigs to the search on the fly - especially useful when searching large directories)
    • Live preview of the selected Kubeconfig file (sanitized from credentials)
    • Recursive search (e.g. on the local filesystem or in Vault)
    • Easily find clusters with cryptic context names
  • Easy Navigation
    • Define alias names for contexts without changing the underlying Kubeconfig
  • Extensibility
    • Integrate custom functionality using Hooks (comparable with Git pre-commit hooks).
    • Build your own integration e.g., synchronise Kubeconfig files of clusters from Git or remote systems.

demo GIF

Non-goals

  • To provide a customized shell prompt. Use kube-ps1.

Installation

Kubeswitch can be installed using brew for OSX, MacPorts, from Github Releases or from source. Please see the documentation.

Usage

$ switch -h
The kubectx for operators.

Usage:
  switch [flags]
  switch [command]

Available Commands:
  alias                Create an alias for a context. Use ALIAS=CONTEXT_NAME
  clean                Cleans all temporary and cached kubeconfig files
  completion           Generate the autocompletion script for the specified shell
  exec                 Execute any command towards the matching contexts from the wildcard search
  gardener             gardener specific commands
  help                 Help about any command
  history              Switch to any previous tuple {context,namespace} from the history
  hooks                Run configured hooks
  list-contexts        List all available contexts
  namespace            Change the current namespace
  set-context          Switch to context name provided as first argument
  set-last-context     Switch to the last used context from the history
  set-previous-context Switch to the previous context from the history
  version              show switch version info

Flags:
      --config-path string         path on the local filesystem to the configuration file. (default "/Users/tommyolsen/.kube/switch-config.yaml")
      --debug                      show debug logs
  -h, --help                       help for switch
      --kubeconfig-name string     only shows kubeconfig files with this name. Accepts wilcard arguments '*' and '?'. Defaults to 'config'. (default "config")
      --kubeconfig-path string     path to be recursively searched for kubeconfigs. Can be a file or a directory on the local filesystem or a path in Vault. (default "$HOME/.kube/config")
      --no-index                   stores do not read from index files. The index is refreshed.
      --show-preview               show preview of the selected kubeconfig. Possibly makes sense to disable when using vault as the kubeconfig store to prevent excessive requests against the API. (default true)
      --state-directory string     path to the local directory used for storing internal state. (default "/Users/tommyolsen/.kube/switch-state")
      --store string               the backing store to be searched for kubeconfig files. Can be either "filesystem" or "vault" (default "filesystem")
      --vault-api-address string   the API address of the Vault store. Overrides the default "vaultAPIAddress" field in the SwitchConfig. This flag is overridden by the environment variable "VAULT_ADDR".
  -v, --version                    version for switch

Use "switch [command] --help" for more information about a command.

Just type switch to search over the context names defined in the default Kubeconfig file ~/.kube/config or from the environment variable KUBECONFIG.

To recursively search over multiple directories, files and Kubeconfig stores, please see the documentation to set up the necessary configuration file.

Change namespace

Change the current namespace using switch ns Uses a self-updating local namespace cache for instant search results.

History

Similar to the command histories of a shell, switch keeps a history of used contexts and namespaces. A history entry is always a tuple of {context-name, namespace}. This allows to jump back to any context and namespace in the history.

In addition, use

  • switch . to change to the last used context and namespace (handy for new terminals)
  • switch - to change to the previous history entry

List and search for contexts

You can list all your indexed contexts by issuing the following command: switch list-contexts. And if you want to search for only parts of those contexts, you can use wildcard search:

switch list-contexts "*-dev-?"

Wildcard search supports matching wildcards notation also known as globbing:

  • ? matches exactly one occurrence of any character.
  • * matches arbitrary many (including zero) occurrences of any character.

Execute commands

You can use the above wildcard search to execute any commands towards the matching clusters. This makes it powerful for quickly running a command through a given set of clusters and see the output of these commands:

switch exec "*-dev-?" -- kubectl get ns

You can also wrap the command(s) into a script and execute it via switch exec:

switch exec "*-dev-?" -- bash script.sh

For inline shell script execution, you need to specify the default shell in the SwitchConfig file:

# ~/.kube/switch-config.yaml
kind: SwitchConfig
execShell: "/bin/bash"

Then you can run shell commands like so:

# executes /bin/bash -c 'for i in 1 2 3; do sleep 1; echo "hi $i"; done'
switch exec "*-dev-?" -- 'for i in 1 2 3; do sleep 1; echo "hi $i"; done'

Kubeconfig stores

Multiple Kubeconfig stores are supported. The local filesystem is the default store and does not require any additional setup. However, if you intend to search for all Kubeconfig context/files in the ~/.kube directory, please first consider this.

To search over multiple directories and setup Kubeconfig stores (such as Vault), please see here.

Kubeconfig cache

A cache for kubeconfig files can be added to a store to prevent loading from remote on each invocation of kubeswitch. The kubeconfig file will be cached after first download.

To see how to configure the cache, please see here.

Transition from Kubectx

Offers a smooth transition as kubeswitch is a drop-in replacement for kubectx. You can set an alias and keep using your existing setup.

  alias kubectx='switch'
  alias kctx='switch'

However, that does not mean that kubeswitch behaves exactly like kubectx. Please see here to read about some main differences to kubectx.

Alias

An alias for any context name can be defined. An alias does not modify or rename the context in the kubeconfig file, instead it is just injected for the search.

Define an alias.

$ switch alias mediathekview=gke_mediathekviewmobile-real_europe-west1-c_mediathekviewmobile

It is also possible to use switch alias <alias>=. to create an alias for the current context.

See the created alias

$ switch alias ls
+---------------+-------------------------------------------------------------------------------+
| ALIAS         | CONTEXT                                                                       |
+---------------+-------------------------------------------------------------------------------+
| mediathekview | mediathekview/gke_mediathekviewmobile-real_europe-west1-c_mediathekviewmobile |
+---------------+-------------------------------------------------------------------------------+
| TOTAL         | 1                                                                             |
+---------------+-------------------------------------------------------------------------------+ 

Remove the alias

$ switch alias rm mediathekview

Caching

See here how to use a search index (cache) to speed up search operations. Using the search index is especially useful when

  • dealing with large amounts of Kubeconfigs and querying the Kubeconfig store is slow (e.g. searching a large directory)
  • when using a remote systems (such as Vault) as the Kubeconfig store to increase search speed, reduce latency and save API requests

Hot Reload

For large directories with many Kubeconfig files, the Kubeconfigs are added to the search set on the fly. For smaller directory sizes, the search feels instantaneous.

demo GIF

Search cryptic context names

Unfortunately operators sometimes have to deal with cryptic or generated kubeconfig context names that make it hard to guess which Kubernetes cluster this kubeconfig context actually points to. For example, these could be temporary CI clusters.

Without having to manually change the Kubeconfig file, kubeswitch makes it easier to identify the right context name by including the direct parent path name in the fuzzy search. This way, the directory layout can actually convey information useful for the search.

To exemplify this, look at the path layout below. Each Kubernetes landscape (called dev, canary and live) have their own directory containing the Kubeconfigs of the Kubernetes clusters on that landscape. Every Kubeconfig is named config.

$ tree .kube/my-path
.kube/my-path
├── canary
│   └── config
├── dev
│   ├── config
│   └── config-tmp
└── live
    └── config

This is how the search looks like for this directory. The parent directory name is part of the search.

demo GIF

You can either manually create such a path layout and place the kubeconfigs, or write a custom hook (script / binary) to do that prior to the search.

Extensibilty

Customization is possible by using Hooks (think Git pre-commit hooks). Hooks can call an arbitrary executable or execute commands at a certain time (e.g every 6 hours) prior to the search via kubeswitch. For more information take a look here.

Difference to kubectx

kubectx is great when dealing with few Kubeconfig files - however lacks support when operating large Kubernetes installations where clusters spin up on demand, have cryptic context names or are stored in various kubeconfig stores (e.g., Vault).

kubeswitch is build for a world where Kubernetes clusters are treated as cattle, not pets. This has implications on how Kubeconfig files are managed. kubeswitch is fundamentally designed for the modern Kubernetes operator of large dynamic Kubernetes installations with possibly thousands of Kubeconfig files in various locations.

Has build-in

  • convenience features (terminal window isolation, context history, context aliasing, improved search experience, sanitized Kubeconfig preview);
  • advanced search capabilities (search index, hot reload);
  • as well as integration points with external systems (hooks).

In addition, kubeswitch is a drop-in replacement for kubectx. You can set an alias and keep using your existing setup.

  alias kubectx='switch'
  alias kctx='switch'

However, that does not mean that kubeswitch behaves exactly like kubectx.

Alias Names

kubectx supports renaming context names using kubectx <NEW_NAME>=<NAME>. Likewise, use switch <NEW_NAME>=<NAME> to create an alias. An alias does not modify or rename the context in the kubeconfig file. It is just a local configuration that can be removed again via switch alias rm <NAME>. Directly modifying the Kubeconfig is problematic:

  • Common tooling might be used across the team which needs to rely on predictable cluster naming conventions
  • Modifying the file is not always possible e.g., when the Kubeconfig is actually stored in a Vault
  • No easy way to revert the alias or see aliases that are currently in use

Terminal Window isolation

kubectx directly modifies the kubeconfig file to set the current context. This has the disadvantage that every other terminal using the same Kubeconfig file (e.g, via environment variable KUBECONFIG) will also be affected and change the context.

A guideline of kubeswitch is to not modify the underlying Kubeconfig file. Hence, a temporary copy of the original Kubeconfig file is created and used to modify the context. This way, each terminal window works on its own copy of the Kubeconfig file and cannot interfere with each other.

Limitations

Please make sure there are no kubeconfig files that have the same context name within one directory. Define multiple search paths using the configuration file.

Future Plans

  • Support more Cloud Providers and Managed Kubernetes Platforms

About

The kubectx for operators.

https://danielfoehrkn.medium.com/the-case-of-kubeswitch-aff4b6a04ae7

License:Apache License 2.0


Languages

Language:Go 97.1%Language:Makefile 1.5%Language:Shell 1.4%