kubectl ssh

kubectl ssh provides a kubectl exec-like interface, but executes via SSH to the underlying node.

What It Does

• Resolves targets like kubectl exec: POD, TYPE/NAME, or -f/--filename.
• SSHes to the node hosting the selected pod.
• Executes container commands via crictl exec.
• Supports --node to run directly on the node (skip container execution path).

Usage

kubectl ssh (POD | TYPE/NAME) [-c CONTAINER] [flags] [-- COMMAND [args...]]

If no command is provided, it opens an interactive shell.

Examples

# Pod target
kubectl ssh mypod -n default -- /bin/sh -lc 'echo hello'

# Workload targets
kubectl ssh deploy/mydeploy -n default -- /bin/sh -lc 'echo hello'
kubectl ssh svc/myservice -n default -- /bin/sh -lc 'echo hello'

# Node mode
kubectl ssh mypod -n default --node -- hostname
kubectl ssh node/mynode -- hostname

# Login user override (otherwise SSH config/default user is used)
kubectl ssh -l myuser mypod -n default -- /bin/sh -lc 'echo hello'

# Interactive shell (no command)
kubectl ssh mypod -n default

Requirements

On your local machine:

• ssh
• kubectl

On target nodes:

• crictl with exec support is required
• If your login user cannot run CRI operations directly, passwordless sudo for crictl is needed

Build

go build -o kubectl-ssh .

Installation

Run directly via Nix (no install step):

nix run github:pbar1/kubectl-ssh -- --help

Or build locally and place kubectl-ssh on your PATH:

go build -o kubectl-ssh .

Live Test Script

scripts/test-live.sh

Optional interactive checks:

scripts/test-live.sh --interactive