/kubesafe

Safely manage multiple Kubernetes clusters by defining safe contexts and protected commands.

Primary LanguageGoApache License 2.0Apache-2.0

Kubesafe

Kubesafe 🔁 Tired of accidentally running dangerous commands on the wrong Kubernetes cluster? Meet kubesafe — your safety net for cluster management.

Build Status

kubesafe allows you to safely run commands acrosss multiple Kubernetes contexts. By allowing you to mark specific contexts as "safe" and define a list of protected commands, kubesafe makes sure you never accidentally run a dangerous command on the wrong cluster.

Key Features:

  • 🚀 Works with any Kubernetes tool: kubesafe can wraps any CLI that targets a Kubernetes cluster. Whether you're using kubectl, helm, or any other tool, kubesafe has you covered.
  • 🛡️ Context Protection with Custom Commands: Mark one or more contexts as "safe" and define a list of commands that require confirmation before execution.
  • 🔄 Flexible and Customizable: Easily configure protected contexts and commands to suit your workflow.

How does it work?

Simply prepend kubesafe to any command you want to run:

# Example with kubectl
kubesafe kubectl delete pod my-pod

# Example with Helm
kubesafe helm upgrade my-release stable/my-chart

Kubesafe seamlessly wraps any CLI command you provide as the first argument (e.g., kubectl, helm, kubecolor, etc.). If you attempt to run a protected command in a safe context, kubesafe will prompt you for confirmation before proceeding.

For convenience, you can set aliases in your shell configuration:

alias kubectl='kubesafe kubectl'
alias helm='kubesafe helm'

Now, every time you use kubectl or helm, kubesafe will automatically protect your commands!

To manage your safe contexts and protected commands, see the Managing contexts section.

Installation

Install with Homebrew (Mac/Linux)

$ brew tap Telemaco019/kubesafe
$ brew install kubesafe

Install with Go

$ go install github.com/telemaco019/kubesafe/kubesafe@latest

Managing contexts

Kubesafe makes it easy to manage your safe contexts and protected commands. To see all available options, run:

kubesafe --help

Add a safe context

To add a safe context, simply execute:

kubesafe context add

Kubesafe will guide you interactively to select a context to mark as "safe" and choose the commands you want to protect. Alternatively, you can add a safe context directly by specifying its name:

kubesafe context add my-context

The provided value can also be a regular expression to match multiple contexts:

kubesafe context add "prod-.*"

This will mark all context starting with prod- as safe.

Define custom protected commands

By default, kubesafe allows you to interactively choose commands to protect from a predefined list. However, if you prefer to specify your own custom commands, you can provide them as a comma-separated list like this:

kubesafe context add my-context --commands "delete,apply,upgdrade"

List safe contexts

To display all your configured safe contexts and their protected commands, use:

kubesafe context list

Remove a safe context

To remove a context from your list of safe contexts, run:

kubesafe context remove my-context

Similar tools

Kubesafe draws inspiration from existing kubectl plugins that offer similar features but are restricted to working exclusively with kubectl:

  • kubectl-prompt: A kubectl plugin that displays a warning prompt when issuing commands in a flagged cluster or namespace
  • kubectl-safe: A kubectl plugin to prevent shooting yourself in the foot with edit commands.

License

This project is licensed under the Apache License. See the LICENSE file for details.