Is running the kubectl command from the terminal boring you? Or, do you have network restrictions that do not let you connect to your Kubernetes cluster directly?

Meet Webkubectl, a tool that lets you manage your clusters from your web browser. Webkubectl allows you to manage multiple clusters based on kubeconfig files or bearer tokens. Each user who as access to a webkubectl installation can connect to clusters that have been set up in it, and all sessions will be isolated from each other even for the same cluster, thanks to each session having its own namespace and storage which is invisible to the others. It uses webkubectl/gotty to run a JavaScript-based terminal on web browsers.

Webkubectl can be used for teams, and some of its major advantages include:

  • Isolated sessions, with each having its own namespace and storage which get deleted after the session disconnects
  • Support for both Kubeconfig and bearer tokens
  • Ability to manage clusters that may not be reachable due to network policies locally
  • Comes with preinstalled tools

This last part is my favourite feature as it comes preloaded with some of the coolest tools including Helm, k9s, kubectx and common kubectl-aliases.

Why wait? Let's give it a try!

Interestingly you can run webkubectl as a Docker command:

$ docker run --name="webkubectl" -p 8080:8080 -e GOTTY_CREDENTIAL=user01:password02 -d --privileged kubeoperator/webkubectl

For this demo we will install Webkubectl on Civo Kubernetes as a deployment. It will use basic authentication, so you might want to secure access to it more robustly for any non-test deployment.

Step 1: Create a Civo Kubernetes cluster

We'll use Civo Kubernetes, which is based on K3s, to experiment with this quickly. If you don’t yet have an account, sign up here. You could also use any other Kubernetes cluster you have access to.

Create a new cluster from the UI (you can also use Civo CLI)

Creating a Civo Kubernetes cluster

Once ready you should see the cluster with ready nodes.

Cluster ready to use

Make sure you have kubectl installed, and the kubeconfig file for your cluster downloaded so that you can run kubectl get nodes and get details of the cluster you just created:

$ kubectl get nodes
NAME                                  STATUS   ROLES                  AGE   VERSION
k3s-webkubectl-8fc23b8c-node-d71d     Ready    <none>                 52s   v1.20.2+k3s1
k3s-webkubectl-8fc23b8c-node-776f     Ready    <none>                 52s   v1.20.2+k3s1
k3s-webkubectl-8fc23b8c-master-d94b   Ready    control-plane,master   61s   v1.20.2+k3s1

Step 2: Deploy webkubectl

We will use the following YAML that defines the secretc for basic authentication, deployment and service to deploy webkubectl onto the cluster you created. Save it locally with a file you'll remember, such as webkubectl.yaml.

---
apiVersion: v1
kind: Secret
metadata:
  name: webkubectl-sec
stringData:
  creds: user01:password02
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: webkubectl
  name: webkubectl
spec:
  replicas: 1
  selector:
    matchLabels:
      app: webkubectl
  template:
    metadata:
      labels:
        app: webkubectl
    spec:
      containers:
      - image: kubeoperator/webkubectl
        name: webkubectl
        ports:
        - containerPort: 8080
        env:
        - name: GOTTY_CREDENTIAL
          valueFrom:
            secretKeyRef:
              name: webkubectl-sec
              key: creds
        securityContext:
          privileged: true
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: webkubectl
  name: webkubectl
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: webkubectl
  type: NodePort
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: webkubectl
  name: webkubectl
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: webkubectl
  type: NodePort

Then, apply the YAML file onto the cluster to create the resources:

$ kubectl apply -f webkubectl.yaml
deployment.apps/webkubectl created
service/webkubectl created

You should see the webkubectl pod and service running when you check for pods and services on your cluster:

$ kubectl get pods
NAME                          READY   STATUS    RESTARTS   AGE
webkubectl-79484cb7d4-jtwrd   1/1     Running   0          14s
$ kubectl get svc
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
webkubectl   NodePort    10.43.144.173   <none>        8080:32760/TCP   19s

Step 3: Access the Webkubectl UI and play around

You can access the Webkubectl interface at the cluster's IP and the NodePort you can see when viewing the services in your cluster in the above step. In my case, it's on port 32760.

Enter the basic auth as defined in the secret:

Auth screen

Webkubectl interface initial view

Start by adding the cluster you're accessing through the "New Session" button, by adding the Kubeconfig file you downloaded earlier:

Uploading session configuration in webkubectl

You should see the configuration get saved in the web interface once you hit Save:

Saved cluster session configuration

Once the session is added you can connect to your cluster and run all the awesome tools!

Web-based kubectl

You get the popular K9s tool out of the box - just type k9s and hit enter:

K9s running on webkubectl

The terminal also comes pre-populated with 800 generated aliases based on this repository.

Command aliases at work

Handily for any application installations, Helm is bundled in to Webkubectl to give you instant access to Helm repositories.

Adding a helm repository

Each time you hit connect it will generate a new namespace behind the scenes for a new session isolated from any others, so different team members can use the Webkubectl interface together.

Wrapping up

Overall, Webkubectl is a fancy way to run Kubectl with other great tools pre-installed straight from your web browser. The support for multiple team members and multiple clusters through one interface means the tool can be useful for various different use cases.

If you managed multiple clusters, you could run Webkubectl on a fully-secured host giving you a jumping-off point to clusters you manage from anywhere and any computer with access to the internet.

Let us know on Twitter @Civocloud and @SaiyamPathak if you try Webkubectl out on Civo Kubernetes!