README
¶
kubectl-mapr-ticket
kubectl-mapr-ticket is a kubectl plugin that allows you to list and inspect MapR tickets deployed as Kubernetes secrets in a cluster.
MapR tickets are used by the MapR CSI driver to authenticate and authorize access to Persistent Volumes backed by MapR storage.
Installation
Using krew
The easiest way to install the plugin is using the krew plugin manager for kubectl. Once you have krew installed, you can install the plugin as follows:
$ kubectl krew install mapr-ticket
$ kubectl mapr-ticket --help
Using Release Binaries
You can download the latest release binaries from the releases page. Binaries are available for Linux and macOS for both AMD64 and ARM64 architectures.
Example installation of v0.4.1 for Apple Silicon (ARM64) macOS:
$ curl -LO https://github.com/nobbs/kubectl-mapr-ticket/releases/download/v0.4.1/kubectl-mapr-ticket-arm64-darwin.tar.gz
$ tar -xvf kubectl-mapr-ticket-arm64-darwin.tar.gz
$ mv ./kubectl-mapr-ticket /usr/local/bin
$ kubectl mapr-ticket --help
From Source
To install from source, you will need to have Go installed on your system. Once you have Go installed, you can build the plugin as follows:
$ git clone https://github.com/nobbs/kubectl-mapr-ticket.git
$ cd kubectl-mapr-ticket && CGO_ENABLED=0 go build -buildvcs=true -o ./bin/kubectl-mapr-ticket ./cmd && mv ./bin/kubectl-mapr-ticket /usr/local/bin
$ kubectl mapr-ticket --help
Usage
The plugin can be invoked using the kubectl mapr-ticket command. The plugin supports the following subcommands:
inspect, aliasi- Inspect the contents of a MapR ticket secret in the current namespace or a local file.secret, aliass- List all secrets containing MapR tickets in the current namespace and print some information about them.volume, aliaspv- List all persistent volumes that use the specified MapR ticket secret and print some information about them.claim, aliaspvc- List all persistent volume claims that use a MapR ticket in the current namespace.
Inspect
The inspect subcommand will print the contents of a MapR ticket secret in the current namespace or a MapR ticket from a local file. The output by default is a minimal JSON representation of the ticket. An optional --output flag can be used to instead print the ticket in YAML format. The optional --human-readable (-H) flag can be used to print the ticket in a human-readable format, pretty-printing the JSON output and converting UNIX timestamps to human-readable dates.
$ cat mapr_ticket
demo.mapr.com +Cze+qwYCbAXGbz56OO7UF+lGqL3WPXrNkO1SLawEEDmSbgNl019xBeBY3kvh+R13iz/mCnwpzsLQw4Y5jEnv5GtuIWbeoC95ha8VKwX8MKcE6Kn9nZ2AF0QminkHwNVBx6TDriGZffyJCfZzivBwBSdKoQEWhBOPFCIMAi7w2zV/SX5Ut7u4qIKvEpr0JHV7sLMWYLhYncM6CKMd7iECGvECsBvEZRVj+dpbEY0BaRN/W54/7wNWaSVELUF6JWHQ8dmsqty4cZlI0/MV10HZzIbl9sMLFQ=
$ kubectl mapr-ticket inspect --human-readable --file mapr_ticket
{
"cluster": "demo.mapr.com",
"ticket": {
"expiryTime": "29229672-06-17T19:31:17+02:00",
"creationTimeSec": "2018-04-04T16:31:37+02:00",
"maxRenewalDurationSec": "0s",
"encryptedTicket": "AggBendQDHJBpB80ZZpmpde/2DYxfbgEPOBjBZTgLNno844p0I5Y5OZ7PvUdbcS1HwvGQjOWnsX3oIS3F6ZrGLeNWxKwQW9VtQG7EcOZFFtHCFMjcnWU3RSGo6dRn8EndfObMZBbXAQYJks5Qw==",
"userKey": {
"key": "t4l3cSFODvinISYUr6C394nN9w3gbg+YspV4fIu+vkQ="
},
"userCreds": {
"uid": 5000,
"gids": [
5000,
0,
5001
],
"userName": "mapr"
}
}
}
Secrets
The secret subcommand will list all MapR tickets deployed as Secrets in the current namespace. The output by default will be a table that can be extended with the --output wide flag. Additional flags can be used to customize the output, see kubectl mapr-ticket secret --help for more details.
$ kubectl mapr-ticket secret
NAME MAPR CLUSTER USER STATUS AGE
mapr-dev-ticket-user-a demo.dev.mapr.com user_a Valid (4y left) 75d
mapr-dev-ticket-user-b demo.dev.mapr.com user_b Valid (4y left) 75d
mapr-dev-ticket-user-c demo.dev.mapr.com user_c Valid (4y left) 75d
mapr-prod-ticket-user-a demo.prod.mapr.com user_a Expired (43d ago) 73d
mapr-prod-ticket-user-b demo.prod.mapr.com user_b Expired (43d ago) 73d
mapr-prod-ticket-user-c demo.prod.mapr.com user_c Expired (43d ago) 73d
Volumes
The volume subcommand will list all Persistent Volumes that are using a specific MapR ticket if a secret name is specified, or any ticket in the current namespace if no argument is provided. The output by default will be a table with the following columns. Additional flags can be used to customize the output, see kubectl mapr-ticket volume --help for more details.
$ kubectl mapr-ticket mapr-ticket-secret -n test-csi
NAME SECRET NAMESPACE SECRET CLAIM NAMESPACE CLAIM TICKET STATUS AGE
test-static-pv test-csi mapr-ticket-secret default test-claim Not found / Invalid 13h
var-lib-mapr test-csi mapr-ticket-secret default test-var Valid (4y left) 12d
expired-pv test-csi mapr-ticket-secret default test-exp Expired (43d ago) 12d
Claims
The claim subcommand will list all Persistent Volume Claims in the current namespace that are using a MapR ticket. The output by default will be a table with the following columns. Additional flags can be used to customize the output, see kubectl mapr-ticket claim --help for more details.
$ kubectl mapr-ticket claim -n default
NAME SECRET NAMESPACE SECRET VOLUME NAME TICKET STATUS AGE
test-claim test-csi mapr-ticket-secret test-static-pv Not found / Invalid 13h
test-var test-csi mapr-ticket-secret var-lib-mapr Valid (4y left) 12d
test-exp test-csi mapr-ticket-secret expired-pv Expired (43d ago) 12d
Shell Completion
The plugin supports shell completion for various shells. To enable shell completion, you will need to source the completion script for your shell. For example, to enable completion for zsh, you can run the following command:
$ source <(kubectl mapr-ticket completion zsh)
Note, that this is only local to your current shell session. To enable completion permanently, you either need to add the command to your shell profile or place the completion script in the appropriate location for your shell.
Unfortunately, the above setup will only provide completion for the kubectl-mapr_ticket command, not the actual kubectl mapr-ticket alias. To enable completion for the alias, you need to create a special kubectl_complete-mapr_ticket executable in your PATH that will delegate execution to the plugin. You can find an example of it in the hack directory. Place the script somewhere in your PATH and make sure it is executable, e.g. by running:
$ curl -LO https://github.com/nobbs/kubectl-mapr-ticket/raw/main/hack/kubectl_complete-mapr_ticket
$ chmod +x ./kubectl_complete-mapr_ticket
$ mv ./kubectl_complete-mapr_ticket /usr/local/bin
Does this require a connection to a MapR cluster?
No, this kubectl plugin does not require a connection to a MapR cluster. The plugin will inspect the secrets in the current namespace, filter them down to those that are MapR tickets, and then decode the ticket contents using this reverse-engineered ticket parser which is based on this blog post of mine.
Based on testing, the plugin is able to parse tickets starting at least from MapR 6.0.0 as the format did not receive any breaking changes since then.
License
This project is licensed under the MIT License - see the LICENSE file for details.
Documentation
¶
Overview ¶
Package main implements the main entry point for the kubectl-mapr-ticket CLI. It is responsible for creating the root command and executing it.
The root command is responsible for creating the subcommands and executing them. The subcommands are responsible for the actual work.
If you are interested in the actual plugin documentation, please refer to the README.md file.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
claim
Package claim provides the claim command for the application.
|
Package claim provides the claim command for the application. |
|
common
Package common contains common functions used by the cmd packages.
|
Package common contains common functions used by the cmd packages. |
|
inspect
Package inspect provides the inspect command for the application.
|
Package inspect provides the inspect command for the application. |
|
root
Package root provides the root command for the application.
|
Package root provides the root command for the application. |
|
secret
Package secret provides the secret command for the application.
|
Package secret provides the secret command for the application. |
|
version
Package version provides the version command for the application.
|
Package version provides the version command for the application. |
|
volume
Package volume provides the volume command for the application.
|
Package volume provides the volume command for the application. |
|
pkg
|
|
|
claim
Package claim implements the persistent volume claim lister.
|
Package claim implements the persistent volume claim lister. |
|
secret
Package secret implements the secret lister.
|
Package secret implements the secret lister. |
|
ticket
Package ticket provides functionality to work with MapR tickets, including parsing tickets either from their raw string representation or from Kubernetes secrets.
|
Package ticket provides functionality to work with MapR tickets, including parsing tickets either from their raw string representation or from Kubernetes secrets. |
|
types
Package types defines some common types for Secrets, PersistentVolumes and PersistentVolumeClaims based on the core Kubernetes types, wrapped into their own types to provide additional functionality required for this tool.
|
Package types defines some common types for Secrets, PersistentVolumes and PersistentVolumeClaims based on the core Kubernetes types, wrapped into their own types to provide additional functionality required for this tool. |
|
util
Package util provides utility functions for the application.
|
Package util provides utility functions for the application. |
|
volume
Package volume implements a volume lister that lists volumes that are provisioned by one of the MapR CSI provisioners.
|
Package volume implements a volume lister that lists volumes that are provisioned by one of the MapR CSI provisioners. |