Is running the
kubectl command from the terminal boring you? Or, do you have network restrictions that do not let you connect to your Kubernetes cluster directly?
Meet Webkubectl, a tool that lets you manage your clusters from your web browser. Webkubectl allows you to manage multiple clusters based on kubeconfig files or bearer tokens. Each user who as access to a webkubectl installation can connect to clusters that have been set up in it, and all sessions will be isolated from each other even for the same cluster, thanks to each session having its own namespace and storage which is invisible to the others. It uses
Webkubectl can be used for teams, and some of its major advantages include:
- Isolated sessions, with each having its own namespace and storage which get deleted after the session disconnects
- Support for both Kubeconfig and bearer tokens
- Ability to manage clusters that may not be reachable due to network policies locally
- Comes with preinstalled tools
This last part is my favourite feature as it comes preloaded with some of the coolest tools including Helm, k9s, kubectx and common kubectl-aliases.
Why wait? Let's give it a try!
Interestingly you can run webkubectl as a Docker command:
$ docker run --name="webkubectl" -p 8080:8080 -e GOTTY_CREDENTIAL=user01:password02 -d --privileged kubeoperator/webkubectl
For this demo we will install Webkubectl on Civo Kubernetes as a deployment. It will use basic authentication, so you might want to secure access to it more robustly for any non-test deployment.
Step 1: Create a Civo Kubernetes cluster
We'll use Civo Kubernetes, which is based on K3s, to experiment with this quickly. If you don’t yet have an account, sign up here.
Create a new cluster from the UI (you can also use Civo CLI)
Once ready you should see the cluster with ready nodes.
Make sure you have kubectl installed, and the
kubeconfig file for your cluster downloaded so that you can run
kubectl get nodes and get details of the cluster you just created:
$ kubectl get nodes NAME STATUS ROLES AGE VERSION k3s-webkubectl-8fc23b8c-node-d71d Ready <none> 52s v1.20.2+k3s1 k3s-webkubectl-8fc23b8c-node-776f Ready <none> 52s v1.20.2+k3s1 k3s-webkubectl-8fc23b8c-master-d94b Ready control-plane,master 61s v1.20.2+k3s1
Step 2: Deploy webkubectl
We will use the following YAML that defines the secretc for basic authentication, deployment and service to deploy webkubectl onto the cluster you created. Save it locally with a file you'll remember, such as
--- apiVersion: v1 kind: Secret metadata: name: webkubectl-sec stringData: creds: user01:password02 --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: webkubectl name: webkubectl spec: replicas: 1 selector: matchLabels: app: webkubectl template: metadata: labels: app: webkubectl spec: containers: - image: kubeoperator/webkubectl name: webkubectl ports: - containerPort: 8080 env: - name: GOTTY_CREDENTIAL valueFrom: secretKeyRef: name: webkubectl-sec key: creds securityContext: privileged: true --- apiVersion: v1 kind: Service metadata: labels: app: webkubectl name: webkubectl spec: ports: - port: 8080 protocol: TCP targetPort: 8080 selector: app: webkubectl type: NodePort --- apiVersion: v1 kind: Service metadata: labels: app: webkubectl name: webkubectl spec: ports: - port: 8080 protocol: TCP targetPort: 8080 selector: app: webkubectl type: NodePort
Then, apply the YAML file onto the cluster to create the resources:
$ kubectl apply -f webkubectl.yaml deployment.apps/webkubectl created service/webkubectl created
You should see the webkubectl pod and service running when you check for pods and services on your cluster:
$ kubectl get pods NAME READY STATUS RESTARTS AGE webkubectl-79484cb7d4-jtwrd 1/1 Running 0 14s $ kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE webkubectl NodePort 10.43.144.173 <none> 8080:32760/TCP 19s
Step 3: Access the Webkubectl UI and play around
You can access the Webkubectl interface at the cluster's IP and the NodePort you can see when viewing the services in your cluster in the above step. In my case, it's on port 32760.
Enter the basic auth as defined in the secret:
Start by adding the cluster you're accessing through the "New Session" button, by adding the Kubeconfig file you downloaded earlier:
You should see the configuration get saved in the web interface once you hit Save:
Once the session is added you can connect to your cluster and run all the awesome tools!
You get the popular K9s tool out of the box - just type
k9s and hit enter:
The terminal also comes pre-populated with 800 generated aliases based on this repository.
Handily for any application installations, Helm is bundled in to Webkubectl to give you instant access to Helm repositories.
Each time you hit connect it will generate a new namespace behind the scenes for a new session isolated from any others, so different team members can use the Webkubectl interface together.
Overall, Webkubectl is a fancy way to run Kubectl with other great tools pre-installed straight from your web browser. The support for multiple team members and multiple clusters through one interface means the tool can be useful for various different use cases.
If you managed multiple clusters, you could run Webkubectl on a fully-secured host giving you a jumping-off point to clusters you manage from anywhere and any computer with access to the internet.