Giter VIP home page Giter VIP logo

kuttle's Introduction

kuttle: kubectl wrapper for sshuttle without SSH

Kuttle allows you to easily get an access into your Kubernetes network environment. SSH access is not required, since kubectl is used instead of ssh.

In comparison with Telepresence, kuttle only proxies Kubernetes network onto your local laptop.

Installation

Install sshuttle following official documentation or use your distro's package manager:

  • MacOS: brew install sshuttle
  • Debian/Ubuntu: apt-get install sshuttle
  • Fedora/RedHat/CentOS: yum install sshuttle

Download kuttle:

wget https://github.com/kayrus/kuttle/raw/master/kuttle
chmod +x kuttle

Additionally you can place kuttle into $PATH

How does it work?

Under the hood sshuttle spawns a remote python oneliner that evaluates a server code, received via stdin, which proxies the traffic. To get a connection to the remote server sshuttle usually uses ssh. kuttle allows sshuttle to use kubectl without any ssh dependencies.

Regular sshuttle process tree

$ pstree -pal `pidof -x sshuttle`
sshuttle,1489 /usr/bin/sshuttle -r remote.example.com 10.254.0.0/16
  ├─ssh,1492 remote.example.com -- exec /bin/sh -c 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c '"'"'import sys, os; verbosity=0; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(978), "assembler.py", "exec"))'"'"''
  └─sudo,1490 -p [local sudo] Password:  PYTHONPATH=/usr/lib/python3/dist-packages -- /usr/bin/python3 /usr/bin/sshuttle --method auto --firewall
      └─python3,1491 /usr/bin/sshuttle --method auto --firewall

sshuttle + kuttle process tree

$ pstree -pal `pidof -x sshuttle`
sshuttle,1538 /usr/bin/sshuttle -r kuttle -e kuttle 10.254.0.0/16
  ├─kubectl,1541 exec -i kuttle -- /bin/sh -c exec /bin/sh -c 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c '"'"'import sys, os; verbosity=0; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(978), "assembler.py", "exec"))'"'"''
  │   ├─{kubectl},1544
  │   ├─{kubectl},1547
  │   ├─{kubectl},1551
  │   ├─{kubectl},1552
  │   ├─{kubectl},1553
  │   ├─{kubectl},1556
  │   ├─{kubectl},1557
  │   └─{kubectl},1558
  └─sudo,1539 -p [local sudo] Password:  PYTHONPATH=/usr/lib/python3/dist-packages -- /usr/bin/python3 /usr/bin/sshuttle --method auto --firewall
      └─python3,1540 /usr/bin/sshuttle --method auto --firewall

Target Kubernetes pod requirements

Since sshuttle uses python interpreter, python should be installed inside target pod's container.

Prior to version 0.78.2, sshuttle used netstat to list routes. If your sshuttle version is older than 0.78.2, you have to ensure that netstat CLI is also installed inside pod's container.

Simple alpine container with a minimal python is enough for kuttle. You can use the kubectl command below in order to spawn ready-to-use pod as a VPN server:

kubectl run kuttle --image=alpine:latest --restart=Never -- sh -c 'apk add python3 --update && exec tail -f /dev/null'
sshuttle -r kuttle -e kuttle 0.0.0.0/0

Examples

Route local requests to the 10.254.0.0/16 subnet via pod-with-python pod in your Kubernetes cluster:

sshuttle -r '--context my-context --namespace default pod-with-python' -e /path/to/kuttle 10.254.0.0/16

Use your Kubernetes pod as a VPN server with DNS requests being resolved by pod:

sshuttle --dns -r '--context my-context --namespace default pod-with-python' -e /path/to/kuttle 0.0.0.0/0

If you already have set kubectl defaults and placed kuttle in $PATH, just specify the pod name:

sshuttle --dns -r pod-with-python -e kuttle 0.0.0.0/0

Credits

Thanks to sshuttle authors and @databus23 for getting me inspired.

kuttle's People

Contributors

kayrus avatar gonzolino avatar reimannf avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.