Updated kube-shell to work in rerstricted clusters

Signed-off-by: Marcus Noble <github@marcusnoble.co.uk>
This commit is contained in:
Marcus Noble 2024-02-15 12:23:54 +00:00
parent d7469d40ae
commit 329f4124ae
Signed by: AverageMarcus
GPG Key ID: B8F2DB8A7AEBAF78

View File

@ -6,8 +6,8 @@ NAMESPACE="$(kubectl config view --minify --output 'jsonpath={..namespace}' &>/d
set -e
NAMESPACE=${NAMESPACE:-default}
POD="shell"
IMAGE="bash"
CMD="sh"
IMAGE="digitalocean/doks-debug"
CMD="bash"
print_usage() {
blue "kube-shell - create a new pod and exec into it's shell"
@ -19,7 +19,7 @@ print_usage() {
echo "-h, --help show this help text"
echo "-n, --namespace the namespace the pod should launch in"
echo "-p, --pod the name of the pod to get logs for (default: shell)"
echo "-i, --image the image to use for the shell container (default: bash)"
echo "-i, --image the image to use for the shell container (default: digitalocean/doks-debug)"
echo "-c, --command the initial command to execute in the container (default: sh)"
}
@ -57,5 +57,16 @@ done
NAMESPACE=${NAMESPACE:-default}
echo kubectl run -it --namespace $NAMESPACE $POD --image $IMAGE --restart Never --rm -- $CMD
kubectl run -it --namespace $NAMESPACE $POD --image $IMAGE --restart Never --rm -- $CMD
OVERRIDES='{
"spec": {
"securityContext": {"runAsGroup": 1000,"runAsNonRoot": true,"runAsUser": 1000,"seccompProfile": {"type": "RuntimeDefault"}},
"containers": [
{
"name":"'$POD'","image":"'$IMAGE'", "command": ["'$CMD'"],
"stdin": true,"stdinOnce": true,"tty": true,
"securityContext": {"allowPrivilegeEscalation": false,"capabilities": {"drop": ["ALL"]},"privileged": false,"runAsGroup": 1000,"runAsNonRoot": true,"runAsUser": 1000,"seccompProfile": {"type": "RuntimeDefault"}}
}
]
}
}'
kubectl run -it --namespace $NAMESPACE $POD --image $IMAGE --restart Never --overrides "${OVERRIDES}" --rm -- $CMD