← Back to Skills Marketplace
wencaiwulue

kubevpn

by naison · GitHub ↗ · v2.9.14 · MIT-0
cross-platform ✓ Security Clean
202
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install kubevpn
Description
KubeVPN is a cloud-native dev tool to connect local machine to Kubernetes cluster networks. Use this skill when the user mentions: kubevpn, KubeVPN, or any o...
README (SKILL.md)

KubeVPN

KubeVPN bridges a local machine to a remote Kubernetes cluster network. Core workflows: connect (VPN tunnel), proxy (traffic interception), run (local pod simulation), sync (local code → cluster clone).

Installation

brew install kubevpn                              # macOS
curl -fsSL https://kubevpn.dev/install.sh | sh   # Linux/macOS
kubectl krew install kubevpn/kubevpn              # kubectl plugin
scoop bucket add extras && scoop install kubevpn  # Windows

Core Workflows

1. Connect — Access cluster network

kubevpn connect
kubevpn connect -n \x3Cnamespace>
kubevpn connect --context \x3Ccontext-name>
kubevpn disconnect --all

After connecting, access cluster resources directly:

ping \x3Cpod-ip>
curl \x3Cservice-name>:\x3Cport>
curl \x3Cservice-name>.\x3Cnamespace>.svc.cluster.local:\x3Cport>

2. Proxy — Intercept inbound traffic

Intercepts inbound cluster traffic for a workload and forwards to local machine. proxy also auto-connects to the cluster if not already connected.

kubevpn proxy deployment/\x3Cname>
kubevpn proxy deployment/\x3Cname> -n \x3Cnamespace>

# Mesh mode: only requests with matching headers go to local
kubevpn proxy deployment/\x3Cname> --headers foo=bar
kubevpn proxy deployment/\x3Cname> --headers foo=bar --headers env=dev  # AND logic

# Port mapping
kubevpn proxy deployment/\x3Cname> --portmap 9080:8080
kubevpn proxy deployment/\x3Cname> --portmap udp/9080:5000

# Multiple workloads at once
kubevpn proxy deployment/authors deployment/productpage

kubevpn leave deployment/\x3Cname>   # stop proxying, restore workload

3. Run — Simulate pod locally in Docker

Runs a workload in a local Docker container with identical env vars, volumes, and network.

kubevpn run deployment/\x3Cname>
kubevpn run deployment/\x3Cname> --entrypoint /bin/bash   # interactive shell
kubevpn run deployment/\x3Cname> --no-proxy               # no traffic interception
kubevpn run deployment/\x3Cname> --dev-image golang:1.21 --entrypoint bash
kubevpn run deployment/\x3Cname> --headers foo=bar        # mesh mode

4. Sync — Hot-reload local code in cluster

Clones the workload inside the cluster and syncs a local directory into the clone. The clone has the same env/volumes/network as the original. Supports mesh routing via --headers.

kubevpn sync deployment/\x3Cname> --sync ~/code:/app/code
kubevpn sync deployment/\x3Cname> --sync ~/code:/app/code --headers foo=bar

kubevpn unsync deployment/\x3Cname>-sync-xxxxx   # remove sync resource

5. Alias — Named config shortcuts

Define named aliases in ~/.kubevpn/config.yaml to avoid repeating long flags. Supports Needs dependency chains (connect to cluster A before cluster B).

kubevpn alias dev       # runs the flags defined under "dev" in config
kubevpn alias jumper    # connect to jumper cluster only

See commands.md for config file format.

Via SSH Bastion / Jump Host

All connect/proxy/run/sync commands support SSH jump:

kubevpn connect --ssh-addr 192.168.1.100:22 --ssh-username root --ssh-keyfile ~/.ssh/id_rsa
kubevpn connect --ssh-alias dev                           # uses ~/.ssh/config alias
kubevpn proxy deployment/\x3Cname> --ssh-alias dev --headers foo=bar

Reference Files

  • commands.md — Full flag reference for all kubevpn commands (including alias, connection, route, ssh, image, logs, quit)
  • architecture.md — How connect/proxy/mesh modes work internally

Common Patterns

Goal Command
Access cluster IPs/services locally kubevpn connect
Connect using a saved alias kubevpn alias \x3Cname>
Debug a service (receive all its traffic) kubevpn proxy deployment/\x3Cname>
Debug only my requests (don't break others) kubevpn proxy deployment/\x3Cname> --headers x-user=me
Reproduce a pod environment locally kubevpn run deployment/\x3Cname> --entrypoint sh
Hot-reload local code in cluster env kubevpn sync deployment/\x3Cname> --sync ~/code:/app
Check connection status kubevpn status
Force-restore a stuck workload kubevpn reset deployment/\x3Cname>
Fully stop kubevpn (daemon + connections) kubevpn quit
Remove all kubevpn from cluster kubevpn uninstall
Copy image to private registry kubevpn image copy \x3Csrc> \x3Cdst>
Tail daemon logs kubevpn logs -f

Notes

  • proxy, run, and sync auto-connect to the cluster if not already connected
  • Multiple clusters can be connected simultaneously; use kubevpn status or kubevpn connection list to inspect
  • disconnect cleans up DNS/hosts; quit also stops the daemon gRPC server entirely
  • Server components are auto-deployed on first use (or pre-install: helm install kubevpn kubevpn/kubevpn)
  • Supports HTTP, gRPC, Thrift, WebSocket, TCP, UDP, ICMP
  • Use kubevpn reset deployment/\x3Cname> if a workload gets stuck with injected containers
  • Use kubevpn image copy to mirror images to a private registry when ghcr.io is not accessible
Usage Guidance
This skill is coherent with its stated goal (bridging your machine to Kubernetes networks), but it performs high‑privilege actions and references sensitive local credentials and remote installers. Before using or running any commands from this skill: (1) verify the upstream project (GitHub repo, official release artifacts, and Helm chart) and prefer signed releases; (2) review any install script (don’t blindly run curl | sh); (3) do not hand your kubeconfig or SSH private keys to untrusted processes — only use local kubeconfig/keys with tools you trust; (4) be aware that proxy/run/sync injects or modifies cluster workloads (may disrupt production); (5) note that local containers default to privileged=true and the tool can change iptables and create tun devices — test in a staging environment first; (6) avoid using remote config URLs or inline kubeconfig JSON from unknown sources. If you want higher confidence, provide the upstream repo URL, package release checksums/signatures, or the installer script for review.
Capability Analysis
Type: OpenClaw Skill Name: kubevpn Version: 2.9.14 The skill bundle provides documentation and instructions for 'kubevpn', a legitimate open-source cloud-native development tool designed to bridge local machines with Kubernetes clusters. The workflows described—including VPN tunneling (connect), traffic interception (proxy), and local container simulation (run)—align perfectly with the tool's intended purpose. While the tool requires high-privilege access (sudo for TUN devices, Kubernetes cluster-admin permissions, and SSH keys), these are inherent requirements for its functionality. No evidence of malicious intent, data exfiltration, or prompt injection was found in SKILL.md or the reference files.
Capability Assessment
Purpose & Capability
The name/description (connect/proxy/run/sync to Kubernetes clusters) matches the instructions: the SKILL.md explains VPN tunnels, sidecar injection, image transfer, and local Docker pod simulation. The features being requested (kubeconfig, SSH bastion usage, helm/kubectl/ docker interactions) are coherent with this purpose.
Instruction Scope
Instructions describe actions that require cluster and local host privileges (deploying a traffic-manager, injecting sidecars, altering iptables, creating tun interfaces, attaching Docker containers to cluster network). These actions are expected for the stated functionality, but they are powerful and can modify cluster workloads and local networking. The docs reference local files (~/.kube/config, ~/.ssh/*, ~/.kubevpn/config.yaml) and remote config URLs; those are relevant to operation but should be treated as sensitive.
Install Mechanism
The skill itself is instruction-only (no install spec). The docs recommend installing from brew, krew, scoop or via curl -fsSL https://kubevpn.dev/install.sh | sh and a Helm repo (https://kubevpn.dev/helm). Pointing to an official domain is normal, but piping a remote install script (curl | sh) and relying on a remote Helm repo are higher-risk practices — verify the upstream project, release signatures, or review the install script before running.
Credentials
The skill declares no required env vars, which is consistent for an instruction-only skill, but the workflows rely on sensitive local credentials/files: kubeconfig content (which contains cluster credentials), SSH private keys (~/.ssh/id_rsa), and optional inline kubeconfig JSON or remote config URLs. These are appropriate for the tool's purpose but are high-sensitivity and should not be supplied to untrusted code or actors.
Persistence & Privilege
The skill does not request 'always:true' or permanent elevated platform privileges. However, the documented operations themselves require cluster-level and host-level privileges (deployment of server components, sidecar injection, privileged Docker containers by default). Those privileges are consistent with the tool's goals but increase risk if misused.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install kubevpn
  3. After installation, invoke the skill by name or use /kubevpn
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.9.14
- Improved documentation in SKILL.md with detailed workflows, usage scenarios, and installation steps. - Added examples and reference commands for connect, proxy, run, sync, and alias workflows. - Documented SSH bastion/jump host support and multi-cluster connectivity. - Included troubleshooting, command reference links, and common usage patterns. - Enhanced clarity for local development, debugging, and cluster access scenarios.
Metadata
Slug kubevpn
Version 2.9.14
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is kubevpn?

KubeVPN is a cloud-native dev tool to connect local machine to Kubernetes cluster networks. Use this skill when the user mentions: kubevpn, KubeVPN, or any o... It is an AI Agent Skill for Claude Code / OpenClaw, with 202 downloads so far.

How do I install kubevpn?

Run "/install kubevpn" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is kubevpn free?

Yes, kubevpn is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does kubevpn support?

kubevpn is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created kubevpn?

It is built and maintained by naison (@wencaiwulue); the current version is v2.9.14.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments