HackMD - Collaborative Markdown Knowledge Base

## Introduction to krew --- ## About me [https://rewanthtammana.com/](https://rewanthtammana.com/) Rewanth Tammana is a security ninja, open-source contributor, & freelancer. Previously, Senior Security Architect at Emirates NBD. Passionate about DevSecOps, Application, and Container Security. Added 17,000+ lines of code to Nmap. Holds industry certifications like CKS, CKA, etc. --- ## About me [https://twitter.com/rewanthtammana](https://twitter.com/rewanthtammana) Speaker & trainer at international security conferences worldwide including Black Hat, Defcon, Hack In The Box (Dubai and Amsterdam), CRESTCon UK, PHDays, Nullcon, Bsides, CISO Platform, null chapters and multiple others. --- ## About me [https://linkedin.com/in/rewanthtammana](https://linkedin.com/in/rewanthtammana) One of the MVP researchers on Bugcrowd (2018) and identified vulnerabilities in several organizations. Published an IEEE research paper on an offensive attack in Machine Learning and Security. Also, part of the renowned Google Summer of Code program. --- ## Basics ![](https://hackmd.io/_uploads/rkf_rXGU2.png =600x300) [Reference](https://www.suse.com/c/rancher_blog/how-to-manage-kubernetes-with-kubectl/) --- ## Basics ![](https://hackmd.io/_uploads/ByEEUQM83.png) [Reference](https://rafay.co/the-kubernetes-current/zero-trust-kubectl-access-the-easiest-most-secure-option-for-managing-kubernetes-clusters/) --- ## Introduction to krew Krew is the plugin manager for kubectl CLI. Krew helps you: * discover kubectl plugins * install them on your machine * and keep the installed plugins up-to-date. --- ## Kubernetes is complex ![](https://hackmd.io/_uploads/SJ1FxMyLh.png) --- ## Discover krew plugins ``` kubectl krew search ``` ![](https://hackmd.io/_uploads/HkjXlQzIn.png) --- ## Using krew plugins ``` kubectl krew install $pluginname ``` ``` kubectl krew uninstall $pluginname ``` --- ## Sample plugin outline https://github.com/kubernetes/sample-cli-plugin --- ## Switching namespace ``` kubectl config set-context --current --namespace=$namespace ``` Lengthy 🫤🫤 --- ## Simple plugin Let's create a plugin to switch namespace with ease ``` kubectl ns $namespace ``` End goal ⏬ ![](https://hackmd.io/_uploads/rJPsI-zL2.png) --- ## Simple plugin ![](https://hackmd.io/_uploads/B1qUbmzI3.png) --- ## Why? A simple bash script can achieve the above result. Why write code and make it complex? --- ## Why? For advanced use cases. Visualization, sniffing network traffic, exploring other Kubernetes components, complex operations, etc. --- ## My plugins --- ### Kubectl fields https://github.com/rewanthtammana/kubectl-fields ![](https://hackmd.io/_uploads/H14Lj-GU3.png) --- ### Kubectl fields https://github.com/rewanthtammana/kubectl-fields ![](https://hackmd.io/_uploads/H1wPoWfUh.png) --- ### Kubectl whisper secrets https://github.com/rewanthtammana/kubectl-whisper-secret ![](https://hackmd.io/_uploads/BkzPfQzIh.png) ```bash kubectl whisper-secret generic my-secret --from-literal key1 Enter value for key1: secret/my-secret created ``` --- ## More plugins https://krew.sigs.k8s.io/plugins/ --- ## My personal favorite Lists the users who can perform certain operation on specific resource ``` kubectl who-can get po ``` ``` kubectl who-can '*' po ``` --- ## Conclusion Simple interpretation | Platform | Plugin Manager | |---|---| | Ubuntu | Apt/Snap | | CentOS | Yum | | MacOS | Brew | | Kubectl | Krew | --- ## References https://krew.sigs.k8s.io/