Skip to content
/ kexer Public

Kubernetes addon apiserver to offload streaming operations like exec, cp, logs from main apiserver

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Commvault/kexer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
cmd/apiserver
cmd/apiserver
 
 
config
config
 
 
pkg
pkg
 
 
sample
sample
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
boilerplate.go.txt
boilerplate.go.txt
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

kexer

Kexer (K8s Executor) is an addon apiserver to execute commands in a Kubernetes cluster. It is designed to be used to offload long running streaming operations like exec, cp from the main apiserver. It can also be used as a proxy for main apiserver with rest of the operations proxied to the main apiserver.

Kexer can also be used as a reverse proxy for clusters configured using a secret with endpoint and service-account token on the cluster that acts a reverse proxy.

Highlights

  • Execute commands in a Kubernetes cluster
  • kubectl compatible
  • Support for kubectl exec and kubectl cp commands
  • Support for kubectl logs command
  • Support for authentication and authorization delegation to the main apiserver

Installation

Prerequisites

  • serving certificate and key for the apiserver

Steps

  1. Generate a serving certificate and key for the apiserver. The certificate and key should be in PEM format. The certificate should be either signed by a CA trusted by the kube-apiserver (default) or Public CA or self signed. In case of Public CA or self signed, set the caBundle in the config/kexer-apiservice.yaml . The serving certificate and key should be set in the Secret object config/kexer-serving-cert.yaml.

  2. Run the following command to install the addon:

kubectl apply -f https://raw.githubusercontent.com/Commvault/kexer/master/config

Configuration

The addon can be configured as a NodePort or LoadBalancer service. The default configuration is ClusterIP. A sample configuration for NodePort service is available in sample/node-svc.yaml file.

Authentication and Authorization

The addon supports authentication and authorization delegation to the main apiserver. To enable this feature, create a kubeconfig with following endpoint url and use the client certificate or the ServiceAccount token. A sample kubeconfig file is available in sample/kubeconfig.yaml file.

Example:

server:  https://woker-node:node-port/apis/backup.cv.io/v1/namespaces/default/clusters/local/exec

Usage

kubectl exec

kubectl exec -it <pod-name> -- <command>

kubectl cp

kubectl cp <pod-name>:<path> <local-path>

Reverse Proxy

Create a Secret object with the following keys. You can use the sample/cluster-creds-secret.yaml file as a template.

  • endpointUrl: The endpoint of the cluster to be proxied
  • token: The service account token for the cluster to be proxied

The url for the reverse proxy in the kubeconfig is:

https://<kexer-host>:<kexer-port>/apis/backup.cv.io/v1/namespaces/<secret-namespace>/clusters/<secret-name>/exec

About

Kubernetes addon apiserver to offload streaming operations like exec, cp, logs from main apiserver

Topics

kubernetes reverse-proxy kubectl-plugins apiserver-aggregation

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages