robertlagrant 2 days ago | next |

This seems good, but can it also be done via ACLs in vanilla Kubernetes?

Telemaco019 a day ago | root | parent |

Thanks Robert! Yes, you can achieve this with ACLs in Kubernetes, but it requires setting up multiple Roles and contexts. Even then, you might accidentally switch to a higher-permission Role and accidentally run a risky command, thinking you're in a different cluster or using a low-permission user.

Kubesafe is just an extra safety net to prevent those kind of accidents :)

JohnMakin a day ago | prev |

I am not trying to shit on this, sorry - but can't you achieve the same thing with rudimentary automation, and barring that, rudimentary scripting? This seems to just be adding y/n prompts to certain contexts. How's that different than a bash wrapper script that does something like this?

context=$(grep "current-context:" ~/.kube/config | grep "*prod*")

if [[ -z ${context} ]]

then # do the command

else # do a y/n prompt

fi

Am I missing something?

Telemaco019 a day ago | root | parent |

Thanks for the feedback John! You're right, that's pretty much it :)

I developed kubesafe because (1) I was tired of tinkering with shell aliases and scripts (especially when I wanted to define protected commands) and (2) I needed something that worked smoothly with all Kubernetes tools like kubectl, helm, kubecolor, etc.

Kubesafe is just a convenient way to manage protected commands and contexts. Nothing too fancy!

Btw - I also found a kubectl plugin written in Bash that’s similar to what you mentioned, in case you're interested: https://github.com/jordanwilson230/kubectl-plugins/blob/krew...