The private key that grants admin access to your Kubernetes cluster shouldn’t live in ~/.kube/config. It shouldn’t live on your filesystem at all. I built a proxy that keeps my k8s client credentials locked inside a YubiKey. TL;DR: If you just want the tool: yubikey-kube-proxy. Read on for how it works. The Problem: Secrets on Disk I’m running a single-node k3s cluster on a Hetzner root server, reachable from my laptop via Tailscale. The standard way to access it is to SSH to it and access it as root. However, I wanted to access it from my laptop. One way to do this is to just copy /etc/rancher/k3s/k3s.yaml to your laptop. It looks like this:
No comments yet. Log in to reply on the Fediverse. Comments will appear here.