Webkubectl - Running Kubectl commands from your web browser

Is running the kubectl command from the terminal boring you? Or, do you have network restrictions that do not let you connect to your Kubernetes cluster directly?

Meet Webkubectl, a tool that lets you manage your clusters from your web browser. Webkubectl allows you to manage multiple clusters based on kubeconfig files or bearer tokens. Each user who has access to a webkubectl installation can connect to clusters that have been set up in it, and all sessions will be isolated from each other even for the same cluster, thanks to each session having its own namespace and storage, which is invisible to the others. It uses webkubectl/gotty to run a JavaScript-based terminal on web browsers.

Webkubectl can be used for teams, and some of its major advantages include:

• Isolated sessions, with each having its own namespace and storage which get deleted after the session disconnects
• Support for both Kubeconfig and bearer tokens
• Ability to manage clusters that may not be reachable due to network policies locally
• Comes with preinstalled tools

This last part is my favourite feature as it comes preloaded with some of the coolest tools including Helm, k9s, kubectx, and common kubectl-aliases.

Why wait? Let's give it a try!

Interestingly, you can run webkubectl as a Docker command:

1$ docker run --name="webkubectl" -p 8080:8080 -e GOTTY_CREDENTIAL=user01:password02 -d --privileged kubeoperator/webkubectl

For this demo, we will install Webkubectl on Civo Kubernetes as a deployment. It will use basic authentication, so you might want to secure access to it more robustly for any non-test deployment.

Step 1: Create a Civo Kubernetes cluster

We'll use Civo Kubernetes, which is based on K3s, to experiment with this quickly. If you don’t yet have an account, sign up here.

Create a new cluster from the UI (you can also use Civo CLI):

Once ready you should see the cluster with ready nodes.

Make sure you have kubectl installed, and the kubeconfig file for your cluster downloaded so that you can run kubectl get nodes and get details of the cluster you just created:

1$ kubectl get nodes
2NAME                                  STATUS   ROLES                  AGE   VERSION
3k3s-webkubectl-8fc23b8c-node-d71d     Ready    <none>                 52s   v1.20.2+k3s1
4k3s-webkubectl-8fc23b8c-node-776f     Ready    <none>                 52s   v1.20.2+k3s1
5k3s-webkubectl-8fc23b8c-master-d94b   Ready    control-plane,master   61s   v1.20.2+k3s1

Step 2: Deploy webkubectl

We will use the following YAML that defines the secret for basic authentication, deployment, and service to deploy webkubectl onto the cluster you created. Save it locally with a file you'll remember, such as webkubectl.yaml.

1apiVersion: v1
2kind: Secret
3metadata:
4  name: webkubectl-sec
5stringData:
6  creds: user01:password02
7---
8apiVersion: apps/v1
9kind: Deployment
10metadata:
11  labels:
12    app: webkubectl
13  name: webkubectl
14spec:
15  replicas: 1
16  selector:
17    matchLabels:
18      app: webkubectl
19  template:
20    metadata:
21      labels:
22        app: webkubectl
23    spec:
24      containers:
25      - image: kubeoperator/webkubectl
26        name: webkubectl
27        ports:
28        - containerPort: 8080
29        env:
30        - name: GOTTY_CREDENTIAL
31          valueFrom:
32            secretKeyRef:
33              name: webkubectl-sec
34              key: creds
35        securityContext:
36          privileged: true
37---
38apiVersion: v1
39kind: Service
40metadata:
41  labels:
42    app: webkubectl
43  name: webkubectl
44spec:
45  ports:
46  - port: 8080
47    protocol: TCP
48    targetPort: 8080
49  selector:
50    app: webkubectl
51  type: NodePort
52---
53apiVersion: v1
54kind: Service
55metadata:
56  labels:
57    app: webkubectl
58  name: webkubectl
59spec:
60  ports:
61  - port: 8080
62    protocol: TCP
63    targetPort: 8080
64  selector:
65    app: webkubectl
66  type: NodePort

Then, apply the YAML file to the cluster to create the resources:

1$ kubectl apply -f webkubectl.yaml
2deployment.apps/webkubectl created
3service/webkubectl created

You should see the webkubectl pod and service running when you check for pods and services on your cluster:

1$ kubectl get pods
2NAME                          READY   STATUS    RESTARTS   AGE
3webkubectl-79484cb7d4-jtwrd   1/1     Running   0          14s
4$ kubectl get svc
5NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
6webkubectl   NodePort    10.43.144.173   <none>        8080:32760/TCP   19s

Step 3: Access the Webkubectl UI and play around

You can access the Webkubectl interface at the cluster's IP and the NodePort you can see when viewing the services in your cluster in the above step. In my case, it's on port 32760.

Enter the basic auth as defined in the secret:

Start by adding the cluster you're accessing through the "New Session" button, by adding the Kubeconfig file you downloaded earlier:

You should see the configuration get saved in the web interface once you hit Save:

Once the session is added, you can connect to your cluster and run all the awesome tools!

You get the popular K9s tool out of the box - just type k9s and hit enter:

The terminal also comes pre-populated with 800 generated aliases based on this repository.

Handily for any application installations, Helm is bundled in to Webkubectl to give you instant access to Helm repositories.

Each time you hit connect it will generate a new namespace behind the scenes for a new session isolated from any others, so different team members can use the Webkubectl interface together.

Wrapping up

Overall, Webkubectl is a fancy way to run Kubectl with other great tools pre-installed straight from your web browser. The support for multiple team members and multiple clusters through one interface means the tool can be useful for various different use cases.

If you managed multiple clusters, you could run Webkubectl on a fully-secured host giving you a jumping-off point to clusters you manage from anywhere and any computer with access to the internet.

Let us know on Twitter @Civocloud and @SaiyamPathak if you try Webkubectl out on Civo Kubernetes!