About me

https://rewanthtammana.com/

Rewanth Tammana is a security ninja, open-source contributor, independent consultant & SME at Uptycs. Previously, Senior Security Architect at Emirates NBD. Passionate about DevSecOps, Application, and Container Security. Added 17,000+ lines of code to Nmap. Holds industry certifications like CKS, CKA, etc.

About me

https://twitter.com/rewanthtammana

Speaker & trainer at international security conferences worldwide including Black Hat, Defcon, Hack In The Box (Dubai and Amsterdam), CRESTCon UK, PHDays, Nullcon, Bsides, CISO Platform, null chapters and multiple others.

About me

https://linkedin.com/in/rewanthtammana

One of the MVP researchers on Bugcrowd (2018) and identified vulnerabilities in several organizations. Published an IEEE research paper on an offensive attack in Machine Learning and Security. Also, part of the renowned Google Summer of Code program.

Basics

Reference

Basics

Reference

Introduction to krew

Krew is the plugin manager for kubectl CLI.

Krew helps you:

• discover kubectl plugins
• install them on your machine
• and keep the installed plugins up-to-date.

Kubernetes is complex

Discover krew plugins

kubectl krew search

Using krew plugins

kubectl krew install $pluginname

kubectl krew uninstall $pluginname

Sample plugin outline

https://github.com/kubernetes/sample-cli-plugin

Switching namespace

kubectl config set-context --current --namespace=$namespace

Lengthy 🫤🫤

Simple plugin

Let's create a plugin to switch namespace with ease

kubectl ns $namespace

End goal ⏬

Simple plugin

Why?

A simple bash script can achieve the above result.

Why write code and make it complex?

Why?

For advanced use cases. Visualization, sniffing network traffic, exploring other Kubernetes components, complex operations, etc.

My plugins

Kubectl fields

https://github.com/rewanthtammana/kubectl-fields

Kubectl fields

https://github.com/rewanthtammana/kubectl-fields

Kubectl whisper secrets

https://github.com/rewanthtammana/kubectl-whisper-secret

kubectl whisper-secret generic my-secret --from-literal key1
Enter value for key1: 
secret/my-secret created

More plugins

https://krew.sigs.k8s.io/plugins/

My personal favorite

Lists the users who can perform certain operation on specific resource

kubectl who-can get po

kubectl who-can '*' po

Conclusion

Simple interpretation

References

https://krew.sigs.k8s.io/