kayrus / Kuttle
Programming Languages
Labels
Projects that are alternatives of or similar to Kuttle
kuttle: kubectl wrapper for sshuttle without SSH
Kuttle allows you to easily get an access into your Kubernetes network environment. SSH access is not required, since kubectl is used instead of ssh.
In comparison with Telepresence, kuttle only proxies Kubernetes network onto your local laptop.
Installation
Install sshuttle following official documentation or use your distro's package manager:
- MacOS:
brew install sshuttle - Debian/Ubuntu:
apt-get install sshuttle - Fedora/RedHat/CentOS:
yum install sshuttle
Download kuttle:
wget https://github.com/kayrus/kuttle/raw/master/kuttle
chmod +x kuttle
Additionally you can place kuttle into $PATH
How does it work?
Under the hood sshuttle spawns a remote python oneliner that evaluates a server code, received via stdin, which proxies the traffic. To get a connection to the remote server sshuttle usually uses ssh. kuttle allows sshuttle to use kubectl without any ssh dependencies.
Regular sshuttle process tree
$ pstree -pal `pidof -x sshuttle`
sshuttle,1489 /usr/bin/sshuttle -r remote.example.com 10.254.0.0/16
ββssh,1492 remote.example.com -- exec /bin/sh -c 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c '"'"'import sys, os; verbosity=0; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(978), "assembler.py", "exec"))'"'"''
ββsudo,1490 -p [local sudo] Password: PYTHONPATH=/usr/lib/python3/dist-packages -- /usr/bin/python3 /usr/bin/sshuttle --method auto --firewall
ββpython3,1491 /usr/bin/sshuttle --method auto --firewall
sshuttle + kuttle process tree
$ pstree -pal `pidof -x sshuttle`
sshuttle,1538 /usr/bin/sshuttle -r kuttle -e kuttle 10.254.0.0/16
ββkubectl,1541 exec -i kuttle -- /bin/sh -c exec /bin/sh -c 'P=python3.5; $P -V 2>/dev/null || P=python; exec "$P" -c '"'"'import sys, os; verbosity=0; sys.stdin = os.fdopen(0, "rb"); exec(compile(sys.stdin.read(978), "assembler.py", "exec"))'"'"''
β ββ{kubectl},1544
β ββ{kubectl},1547
β ββ{kubectl},1551
β ββ{kubectl},1552
β ββ{kubectl},1553
β ββ{kubectl},1556
β ββ{kubectl},1557
β ββ{kubectl},1558
ββsudo,1539 -p [local sudo] Password: PYTHONPATH=/usr/lib/python3/dist-packages -- /usr/bin/python3 /usr/bin/sshuttle --method auto --firewall
ββpython3,1540 /usr/bin/sshuttle --method auto --firewall
Target Kubernetes pod requirements
Since sshuttle uses python interpreter, python should be installed inside target pod's container.
Prior to version 0.78.2, sshuttle used netstat to list routes. If your sshuttle version is older than 0.78.2, you have to ensure that netstat CLI is also installed inside pod's container.
Simple alpine container with a minimal python is enough for kuttle. You can use the kubectl command below in order to spawn ready-to-use pod as a VPN server:
kubectl run kuttle --image=alpine:latest --restart=Never -- sh -c 'apk add python --update && exec tail -f /dev/null'
sshuttle -r kuttle -e kuttle 0.0.0.0/0
Examples
Route local requests to the 10.254.0.0/16 subnet via pod-with-python pod in your Kubernetes cluster:
sshuttle -r '--context my-context --namespace default pod-with-python' -e /path/to/kuttle 10.254.0.0/16
Use your Kubernetes pod as a VPN server with DNS requests being resolved by pod:
sshuttle --dns -r '--context my-context --namespace default pod-with-python' -e /path/to/kuttle 0.0.0.0/0
If you already have set kubectl defaults and placed kuttle in $PATH, just specify the pod name:
sshuttle --dns -r pod-with-python -e kuttle 0.0.0.0/0
Credits
Thanks to sshuttle authors and @databus23 for getting me inspired.