Is running the kubectl command from the terminal boring you? Or, do you have network restrictions that do not let you connect to your Kubernetes cluster directly?
Meet Webkubectl, a tool that lets you manage your clusters from your web browser. Webkubectl allows you to manage multiple clusters based on kubeconfig files or bearer tokens. Each user who as access to a webkubectl installation can connect to clusters that have been set up in it, and all sessions will be isolated from each other even for the same cluster, thanks to each session having its own namespace and storage which is invisible to the others. It uses webkubectl/gotty to run a JavaScript-based terminal on web browsers.
Webkubectl can be used for teams, and some of its major advantages include:
- Isolated sessions, with each having its own namespace and storage which get deleted after the session disconnects
- Support for both Kubeconfig and bearer tokens
- Ability to manage clusters that may not be reachable due to network policies locally
- Comes with preinstalled tools
This last part is my favourite feature as it comes preloaded with some of the coolest tools including Helm, k9s, kubectx and common kubectl-aliases.
Why wait? Let's give it a try!
Interestingly you can run webkubectl as a Docker command:
$ docker run --name="webkubectl" -p 8080:8080 -e GOTTY_CREDENTIAL=user01:password02 -d --privileged kubeoperator/webkubectl
For this demo we will install Webkubectl on Civo Kubernetes as a deployment. It will use basic authentication, so you might want to secure access to it more robustly for any non-test deployment.
Step 1: Create a Civo Kubernetes cluster
We'll use Civo Kubernetes, which is based on K3s, to experiment with this quickly. If you don’t yet have an account, sign up here.
Create a new cluster from the UI (you can also use Civo CLI)
Once ready you should see the cluster with ready nodes.
Make sure you have kubectl installed, and the kubeconfig file for your cluster downloaded so that you can run kubectl get nodes and get details of the cluster you just created:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
k3s-webkubectl-8fc23b8c-node-d71d Ready <none> 52s v1.20.2+k3s1
k3s-webkubectl-8fc23b8c-node-776f Ready <none> 52s v1.20.2+k3s1
k3s-webkubectl-8fc23b8c-master-d94b Ready control-plane,master 61s v1.20.2+k3s1
Step 2: Deploy webkubectl
We will use the following YAML that defines the secretc for basic authentication, deployment and service to deploy webkubectl onto the cluster you created. Save it locally with a file you'll remember, such as webkubectl.yaml.
---
apiVersion: v1
kind: Secret
metadata:
name: webkubectl-sec
stringData:
creds: user01:password02
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: webkubectl
name: webkubectl
spec:
replicas: 1
selector:
matchLabels:
app: webkubectl
template:
metadata:
labels:
app: webkubectl
spec:
containers:
- image: kubeoperator/webkubectl
name: webkubectl
ports:
- containerPort: 8080
env:
- name: GOTTY_CREDENTIAL
valueFrom:
secretKeyRef:
name: webkubectl-sec
key: creds
securityContext:
privileged: true
---
apiVersion: v1
kind: Service
metadata:
labels:
app: webkubectl
name: webkubectl
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 8080
selector:
app: webkubectl
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
labels:
app: webkubectl
name: webkubectl
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 8080
selector:
app: webkubectl
type: NodePort
Then, apply the YAML file onto the cluster to create the resources:
$ kubectl apply -f webkubectl.yaml
deployment.apps/webkubectl created
service/webkubectl created
You should see the webkubectl pod and service running when you check for pods and services on your cluster:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
webkubectl-79484cb7d4-jtwrd 1/1 Running 0 14s
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
webkubectl NodePort 10.43.144.173 <none> 8080:32760/TCP 19s
Step 3: Access the Webkubectl UI and play around
You can access the Webkubectl interface at the cluster's IP and the NodePort you can see when viewing the services in your cluster in the above step. In my case, it's on port 32760.
Enter the basic auth as defined in the secret:
Start by adding the cluster you're accessing through the "New Session" button, by adding the Kubeconfig file you downloaded earlier:
You should see the configuration get saved in the web interface once you hit Save:
Once the session is added you can connect to your cluster and run all the awesome tools!
You get the popular K9s tool out of the box - just type k9s and hit enter:
The terminal also comes pre-populated with 800 generated aliases based on this repository.
Handily for any application installations, Helm is bundled in to Webkubectl to give you instant access to Helm repositories.
Each time you hit connect it will generate a new namespace behind the scenes for a new session isolated from any others, so different team members can use the Webkubectl interface together.
Wrapping up
Overall, Webkubectl is a fancy way to run Kubectl with other great tools pre-installed straight from your web browser. The support for multiple team members and multiple clusters through one interface means the tool can be useful for various different use cases.
If you managed multiple clusters, you could run Webkubectl on a fully-secured host giving you a jumping-off point to clusters you manage from anywhere and any computer with access to the internet.
Let us know on Twitter @Civocloud and @SaiyamPathak if you try Webkubectl out on Civo Kubernetes!
