kube-plugin/kubectl-rsh

#!/usr/bin/env bash
set -aeou pipefail

SCRIPT_VERSION="0.1"
KUBECTL_RSH_IMAGE="${KUBECTL_RSH_IMAGE:-docker.io/library/busybox}"
KUBECTL_RSH_IMAGE_TAG="${KUBECTL_RSH_IMAGE_TAG:-latest}"
KUBECTL_RSH_NAMESPACE="${KUBECTL_RSH_NAMESPACE:-default}"
KUBECTL_RSH_POD_CREATE_TIMEOUT="${KUBECTL_RSH_POD_CREATE_TIMEOUT:-3}"


function print_help(){
    cat << EOF
Creates a pod on the node and executes a shell on that node.
You need cluster admin rights and privileged pod execution rights

Usage:
  kubectl rsh [nodeName]
EOF
}

if [[ "$1" == "version" ]];then
    echo "$SCRIPT_VERSION"
    exit 0
fi

if [[ "$1" == "--help" ]]; then
  print_help
  exit 0
fi

NODE="$1"

POD=$( kubectl create -n "$KUBECTL_RSH_NAMESPACE" -o name -f - <<EOF
apiVersion: v1
kind: Pod
metadata:
  generateName: rsh-node-
  labels:
    rre.nu/kubectl-plugin: rsh-node
spec:
  nodeName: $NODE
  containers:
  - name: rsh-node
    image: ${KUBECTL_RSH_IMAGE}:${KUBECTL_RSH_IMAGE_TAG}
    imagePullPolicy: IfNotPresent
    command: ["chroot", "/host"]
    tty: true
    stdin: true
    stdinOnce: true
    securityContext:
      privileged: true
    volumeMounts:
    - name: host
      mountPath: /host
  volumes:
  - name: host
    hostPath:
      path: /
  hostNetwork: true
  hostIPC: true
  hostPID: true
  restartPolicy: Never
  tolerations:
    - operator: "Exists"
EOF
)

echo "Creating $POD in $KUBECTL_RSH_NAMESPACE namespace"

function remove_pod(){
    echo "Removing $POD in $KUBECTL_RSH_NAMESPACE namespace"
    kubectl -n "$KUBECTL_RSH_NAMESPACE" delete "$POD" --wait=false
}

trap remove_pod EXIT

echo "Waiting for pod to be ready..."
kubectl wait -n "$KUBECTL_RSH_NAMESPACE" --for=condition=Ready --timeout "${KUBECTL_RSH_POD_CREATE_TIMEOUT}m" "$POD" >/dev/null

kubectl attach -n "$KUBECTL_RSH_NAMESPACE" -it "$POD"