Skip to content

misospace/KubeTix

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

222 Commits
.github
.github
 
 
charts/kubetix
charts/kubetix
 
 
docs/runbooks
docs/runbooks
 
 
kubetix-api
kubetix-api
 
 
kubetix-web
kubetix-web
 
 
tests
tests
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.renovaterc.json5
.renovaterc.json5
 
 
AGENTS.md
AGENTS.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
PROJECT_SUMMARY.md
PROJECT_SUMMARY.md
 
 
README.md
README.md
 
 
SPEC.md
SPEC.md
 
 
TEST_AUDIT.md
TEST_AUDIT.md
 
 
TEST_PLAN.md
TEST_PLAN.md
 
 
__init__.py
__init__.py
 
 
docker-compose.yml
docker-compose.yml
 
 
kc-share.py
kc-share.py
 
 
pytest.ini
pytest.ini
 
 
requirements.txt
requirements.txt
 
 
run_tests.sh
run_tests.sh
 
 
test_integration.py
test_integration.py
 
 
test_kc_share.py
test_kc_share.py
 
 

Repository files navigation

KubeTix 🎫

Temporary Kubernetes access, on demand

Share secure, time-limited Kubernetes access with your team. No more permanent admin credentials or messy kubeconfig sharing.

🚀 Features

  • Temporary Access - Generate kubeconfig access with automatic expiry (1h, 4h, 24h, or custom)
  • Encrypted Storage - Kubeconfigs are encrypted at rest with Fernet (AES)
  • Audit Logging - Track who accessed what and when
  • Instant Revocation - Cut off access immediately, anytime
  • Simple CLI - Easy to use command-line interface
  • Namespace & Role Control - Fine-grained access control

💡 Use Cases

  • On-call engineers - Grant temporary cluster access during incidents
  • Contractors - Give time-limited access without permanent credentials
  • Team collaboration - Share cluster access securely without password managers
  • Security compliance - Meet "least privilege" and "time-bound access" requirements

📦 Installation

# Clone and install
git clone https://github.com/misospace/KubeTix.git
cd KubeTix
pip install -r requirements.txt

🎯 Quick Start

Create a temporary grant

# Create 4-hour access to prod cluster
python3 kc-share.py create --cluster prod --role edit --expiry 4

# Create 1-hour access to specific namespace
python3 kc-share.py create --cluster staging -n default --role view --expiry 1

Share access

# List active grants
python3 kc-share.py list

# Download temporary context
python3 kc-share.py download <grant-id>

Manage access

# Revoke access immediately
python3 kc-share.py revoke <grant-id>

🔒 Security

  • Encryption: Kubeconfigs encrypted with Fernet (AES-128-CBC)
  • Expiry: Automatic expiration enforced server-side
  • Audit: Complete audit trail of all access
  • Revocation: Instant access revocation
  • No plaintext: Kubeconfigs never stored in plain text

🧪 Testing

# Run all tests
./run_tests.sh

# Run unit tests only
python3 test_kc_share.py -v

# Run integration tests only
python3 test_integration.py -v

🐳 Docker

Build and Run

# Build the image
docker build -t kubetix .

# Run with your kubeconfig
docker run -v ~/.kube:/root/.kube:ro -v kubetix_data:/root/.kc-share kubetix list

Docker Compose

docker-compose up -d

🌐 Web UI

The web dashboard is in the kubetix-web/ directory:

cd kubetix-web
npm install
npm run dev

Visit http://localhost:3000 to access the dashboard.

📚 Documentation

🛣️ Roadmap

  • Web UI dashboard (in kubetix-web/)
  • Backend API (in kubetix-api/)
  • Team features (multiple users, SSO)
  • Helm chart for K8s deployment
  • Self-hosted OIDC (Authentik, Keycloak, Okta)
  • Cloud provider integrations (EKS/GKE/AKS)
  • Slack/Teams bot integration
  • Docker container support
  • API endpoints for automation

🤝 Contributing

Contributions welcome! Feel free to open issues or submit PRs.

📄 License

MIT License - See LICENSE file for details

Made with ❤️ by Jory Irving

About

Temporary Kubernetes access, on demand

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages