Menu
I couldn't find an equivalent k8s cli command to do something like this, nor any ssh keys stored as k8s secrets. It also appears to do this in a cloud-agnostic fashion.
Is it just using a k8s pod with special privileges or something?
Edit: oops, it's open-source. I'll investigate and update this question accordingly
707
Posting this community wiki answer to give more visibility on the comment that was made at a github issue that addressed this question:
Lens will create
nsenterpod to the selected nodeprotected async createNodeShellPod(podId: string, nodeName: string) { const kc = this.getKubeConfig(); const k8sApi = kc.makeApiClient(k8s.CoreV1Api); const pod = { metadata: { name: podId, namespace: "kube-system" }, spec: { restartPolicy: "Never", terminationGracePeriodSeconds: 0, hostPID: true, hostIPC: true, hostNetwork: true, tolerations: [{ operator: "Exists" }], containers: [{ name: "shell", image: "docker.io/alpine:3.9", securityContext: { privileged: true, }, command: ["nsenter"], args: ["-t", "1", "-m", "-u", "-i", "-n", "sleep", "14000"] }], nodeSelector: { "kubernetes.io/hostname": nodeName } } } as k8s.V1Pod;and exec into that container in lens terminal.
-- Github.com: Lensapp: Issues: How Lens accessing nodes in AKS/EKS without user and SSH key under ROOT?
I've checked this and as it can be seen below the Pod with nsenter is created in the kube-system (checked on GKE):
$ kubectl get pods -n kube-system (output redacted)kube-system node-shell-09f6baaf-dc4a-4faa-969e-8016490eb8e0 1/1 Running 0 10m
Additional resources:
58
answered Jan 27 '26 00:01
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With