Kubernetes impersonations with kubie

26 June 2022

Some Kubernetes resources require elevated privileges to access. For example, passing --as <namespace>-admin to each kubectl command. Below is a convenient alias to elevate your permissions for such resources.

The alias relies on using kubie, a tool I highly recommend for your day-to-day Kubernetes interactions. It has some excellent features that simplify a lot of the repetition around the kubectl command. Another dependency is yq for parsing a YAML file.

# Impersonate -admin in current kubie namespace
kubieKubectlAsAdmin() {
  KUBENS=$(cat $KUBIE_KUBECONFIG | yq '.contexts[0].context.namespace')
  kubectl --as $KUBENS-admin $(echo "$@")
alias ka='kubieKubectlAsAdmin'

Now it’s a matter of using ka <command> to run commands as the elevated user.

[my-context|my-namespace] ➜  ~ ka get secrets
NAME                       TYPE                  DATA   AGE
some-secret                Opaque                1      12d
some-other-secret          Opaque                0      12d

comments powered by Disqus