Kubectl docker image

Minimal docker image based on busybox with kubeconfig automation.

Components

Kubectl

Kubectl is the Kubernetes cli version of a swiss army knife, and can do many things.

Project link

BusyBox

BusyBox provides a fairly complete environment for any small or embedded system.

Project link

Usage

Run in Docker

$ docker run \
    --name="docker-kubectl-example" \
    --volume="$HOME/.kube/config:/config/kubectl.conf:ro" \
    --network="host" \
    --rm \
    --interactive \
    --tty \
    4ops/kubectl:1.18.2 \
    get pods

Run in Kubernetes

From command line:

$ kubectl run "get-pods-example" \
    --rm="true" \
    --restart="Never" \
    --image="4ops/kubectl:1.18.2" \
    --stdin \
    --tty \
    -- \
    get \
    pods

Pod manifest example:

apiVersion: v1
kind: Pod
metadata:
  name: get-pods-example
spec:
  containers:
    - name: "kubectl"
      image: "4ops/kubectl:1.18.2"
      args: ["get", "pods"]

Credentials

Using existing kubeconfig

• Mount volume with kubeconfig file
• Setup path to kubeconfig using environment variable KUBECONFIG

Using ServiceAccount token

• Setup token as environment variable KUBE_TOKEN
• If no KUBECONFIG or KUBE_TOKEN set, entrypoint script will try to discover ServiceAccount secrets from /var/run/secrets/kubernetes.io/serviceaccount directory

Environment variables

• KUBECONFIG - path to kubeconfig file (default: /config/kubectl.conf)
• KUBERNETES_SERVICE_HOST, KUBERNETES_SERVICE_PORT - Kubernetes API native service discovery variables (default: kubernetes.default.svc, 443)
• KUBE_URL - custom Kubernetes API URL
• KUBE_CA_PEM - PEM-encoded certificate (or path to cert file) for TLS verification
• KUBE_NAMESPACE - default namespace for kubeconfig context (default: default)
• KUBE_TOKEN - auth token
• DEBUG - enable entrypoint script tracing