11# kty
22
3- SSH into Kubernetes. kty is the easiest way to access resources such as pods on
4- your cluster - all without ` kubectl ` . Once kty is installed on your cluster,
5- ` ssh ` gives you a dashboard to interact with the cluster.
3+ The terminal for Kubernetes. kty is the easiest way to access resources such as
4+ pods on your cluster - all without ` kubectl ` . Once kty is installed on your
5+ cluster, ` ssh ` gives you a dashboard to interact with the cluster.
66
77You can:
88
@@ -22,148 +22,9 @@ maps Kubernetes concepts to SSH. It relies on OpenID providers such as Github or
2222Google to verify your identity. Kubernetes RBAC validates access, just like
2323` kubectl ` does, respecting your organizational policies.
2424
25- ![ demo] ( ./assets/demo.gif )
26-
27- ## Documentation
28-
29- - [ Architecture] ( docs/architecture.md )
30- - [ Auth] [ auth ] - Deep dive on what's happening around auth and what the minimum
31- permissions are for each piece of functionality.
32- - [ Deployment] ( docs/deployment.md ) - Figure out how to get running on your own
33- cluster.
34- - [ Development] ( DEVELOPMENT.md ) - Some tips and tricks for doing development on
35- kty itself.
36- - [ Metrics] ( docs/metrics.md ) - List of the possible metrics exported via.
37- prometheus.
38-
39- [ auth ] : docs/auth.md
40-
41- ## Getting Started
42-
43- 1 . Download the [ cli] [ cli-download ] and add it to your ` $PATH ` .
44- 1 . Get a k8s cluster. [ k3d] [ k3d ] is a convenient way to get a cluster up and
45- running fast. Follow their installation instructions and create a default
46- cluster.
47- 1 . Grant your email address access to the cluster. Choose ` cluster-admin ` if
48- you'd like something simple to check out how things work. For more details on
49- the minimum possible permissions, read the [ Authorization] [ auth ] section. The
50- email address is what you'll be using to authenticate against. It can either
51- be the one associated with a google or github account. Note, the ID used for
52- login and the providers available can all be configured.
53-
54- ``` bash
55- kty users grant < cluster-role> < email-address>
56- ```
57-
58- 1 . Start the server.
59-
60- ``` bash
61- kty --serve
62- ```
63-
64- 1 . SSH into your cluster!
65-
66- ``` bash
67- ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 2222 me@localhost
68- ```
69-
70- From this point, here's a few suggestions for things to check out:
71-
72- - Start a new pod. It'll show up in the dashboard immediately!
73-
74- - Exec into a pod. Select the pod you want and go to the ` Shell ` tab. You'll be
75- able to pick the command to exec and then be shell'd into the pod directly.
76-
77- - Follow the logs. Logs for all containers in a pod are streamed to the ` Logs `
78- tab when you've selected a pod from the main list.
79-
80- - ` scp ` some files out of a container:
81-
82- ``` bash
83- scp -P 2222 me@localhost:/default/my-pod/etc/hosts /tmp
84- ```
85-
86- - Use your own [ OpenID provider] ( docs/deployment.md#bring-your-own-provider ) .
87-
88- Note: you'll want to install on-cluster to use the tunnelling functionality.
89- Check out the [ helm] ( docs/deployment.md#helm ) docs for a quick way to do that.
90-
91- [ cli-download ] : https://github.com/grampelberg/kty/releases
92- [ k3d ] : https://k3d.io
93-
94- ## Interaction
95-
96- ### SSH
97-
98- To get to the dashboard, you can run:
25+ Visit the [ docs] ( https://kty.dev ) to get started!
9926
100- ``` bash
101- ssh anything@my-remote-host-or-ip -p 2222
102- ```
103-
104- The provided username is not used as your identity is authenticated via other
105- mechanisms.
106-
107- ### Ingress Tunnel (` ssh -L ` )
108-
109- You can forward requests from a local port into a resource on the remote
110- cluster. The supported resources are ` nodes ` , ` pods ` and ` services ` . See the
111- [ authorization] [ auth ] section for details on required RBAC.
112-
113- To forward port 9090 on your local system to 80 on the cluster, you can run:
114-
115- ``` bash
116- ssh me@my-cluster -p 2222 -L 9090:service/default/remote-service:80
117- ```
118-
119- The first time 9090 is accessed, a connection will be made. Pay attention to the
120- dashboard as any errors establishing this session will be reflected there.
121-
122- The connection string format is ` <resource>/<namespace>/<name> ` . As nodes are
123- not namespaced, the format is ` <resource>/<name> ` .
124-
125- Unlike the API server proxy, this works for any TCP service and is not limited
126- to HTTP/HTTPS. For example, you can ssh directly to a node in the cluster with:
127-
128- ``` bash
129- ssh me@my-cluster -p 2222 -L 3333:no/my-node:22
130- ```
131-
132- With that running in one terminal, you can run this in another:
133-
134- ``` bash
135- ssh my-node-username@localhost -p 3333
136- ```
137-
138- ### Egress Tunnel (` ssh -R ` )
139-
140- You can forward a remote service on your cluster to a port on your local host.
141-
142- To forward port 8080 on service ` default/kty ` to port ` 9090 ` on your local
143- system, you can run:
144-
145- ``` bash
146- ssh me@my-cluster -p 2222 -R default/kty:8080:localhost:9090
147- ```
148-
149- The format for service definitions is ` <namespace>/<service-name> ` .
150-
151- ### SFTP
152-
153- The cluster is represented by a file tree:
154-
155- ``` bash
156- /< namespace> /< pod-name> /< container-name> /< file-path>
157- ```
158-
159- For the ` nginx ` pod running in ` default ` , you would do something like:
160-
161- ``` bash
162- scp -P 2222 me@localhost:/default/nginx/nginx/etc/hosts /tmp
163- ```
164-
165- It can be a little easier to navigate all this with an sftp client as that'll
166- render the file tree natively for you.
27+ ![ demo] ( ./assets/demo.gif )
16728
16829## Releases
16930
0 commit comments