🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security

800+ IT News als RSS Feed abonnieren

Thema auswählen:

📚 Kubebox - Terminal And Web Console For Kubernetes

🕛 Zeit seit Veröffentlichung: 1353 Tage, 18 Stunden 6 Minuten
📆 Veröffentlicht am: 29.07.2020 um 23:30 Uhr
💡 Newskategorie: IT Security Nachrichten
🔗 Quelle: feedproxy.google.com

Terminal and Web console for Kubernetes

Features

Configuration from kubeconfig files (KUBECONFIG environment variable or $HOME/.kube)
Switch contexts interactively
Authentication support (bearer token, basic auth, private key / cert, OAuth, OpenID Connect, Amazon EKS, Google Kubernetes Engine, Digital Ocean)
Namespace selection and pods list watching
Container log scrolling / watching
Container resources usage (memory, CPU, network, file system charts) ^[1]
Container remote exec terminal
Cluster, namespace, pod events

Follow @kubebox for some updates.

Run

The following alternatives are available for you to use Kubebox, depending on your preferences and constraints:

Executable

Download the Kubebox standalone executable for your OS:

# Linux
$ curl -Lo kubebox https://github.com/astefanutti/kubebox/releases/download/v0.8.0/kubebox-linux && chmod +x kubebox
# OSX
$ curl -Lo kubebox https://github.com/astefanutti/kubebox/releases/download/v0.8.0/kubebox-macos && chmod +x kubebox
# Windows
$ curl -Lo kubebox.exe https://github.com/astefanutti/kubebox/releases/download/v0.8.0/kubebox-windows.exe

Then run:

$ ./kubebox

Server

Kubebox can be served from a service hosted in your Kubernetes cluster. Terminal emulation is provided by Xterm.js and the communication with the Kubernetes master API is proxied by the server.

To deploy the server in your Kubernetes cluster, run:

$ kubectl apply -f https://raw.github.com/astefanutti/kubebox/master/kubernetes.yaml

To shut down the server and clean-up resources, run:

$ kubectl delete namespace kubebox

For the Ingress resource to work, the cluster must have an Ingress controller running. See Ingress controllers for more information.

Alternatively, to deploy the server in your OpenShift cluster, run:

$ oc new-app -f https://raw.github.com/astefanutti/kubebox/master/openshift.yaml

Kubectl

You can run Kubebox as an in-cluster client with kubectl, e.g.:

$ kubectl run kubebox -it --rm --env="TERM=xterm" --image=astefanutti/kubebox --restart=Never

If RBAC is enabled, you’ll have to use the --serviceaccount option and reference a service account with sufficient permissions.

Docker

You can run Kubebox using Docker, e.g.:

$ docker run -it --rm astefanutti/kubebox

You may want to mount your home directory so that Kubebox can rely on the ~/.kube/config file, e.g.:

$ docker run -it --rm -v ~/.kube/:/home/node/.kube/:ro astefanutti/kubebox

Online

Kubebox is available online at https://astefanutti.github.com/kubebox. Note that it requires this address to match the allowed origins for CORS by the API server. This can be achived with the Kubernetes API server CLI, e.g.:

$ kube-apiserver --cors-allowed-origins .*

Authentication

We try to support the various authentication strategies supported by kubectl, in order to provide seamless integration with your local setup. Here are the different authentication strategies we support, depending on how you’re using Kubebox:

	Executable	Docker	Online
OpenID Connect	yes	yes	^yes[2]
Amazon EKS	yes
Digital Ocean	yes
Google Kubernetes Engine	yes

If the mode you’re using isn’t supported, you can refresh the authentication token/certs manually and update your kubeconfig file accordingly.

cAdvisor

Kubebox relies on cAdvisor to retrieve the resource usage metrics. Before version 0.8.0, Kubebox used to access the cAdvisor endpoints, that are embedded in the Kubelet. However, these endpoints are being deprecated, and will eventually be removed, as discussed in kubernetes#68522.

Starting version 0.8.0, Kubebox expects cAdvisor to be deployed as a DaemonSet. This can be achieved with:

$ kubectl apply -f https://raw.github.com/astefanutti/kubebox/master/cadvisor.yaml

It’s recommended to use the provided cadvisor.yaml file, that’s tested to work with Kubebox. However, the DaemonSet example, from the cAdvisor project, should also work just fine. Note that the cAdvisor containers must run with a privileged security context, so that they can access the container runtime on each node.

You can change the default --storage_duration and --housekeeping_interval options, added to the cAdvisor container arguments declared in the cadvisor.yaml file, to adjust the duration of the storage moving window (default to 5m0s), and the sampling period (default to 10s) respectively. You may also have to provide the path of your cluster container runtime socket, in case it’s not following the usual convention.

Hotkeys

Keybinding	Description
General
`l`, `Ctrl`+`l`	Login
`n`	Change current namespace
[`Shift`+]`←`, `→` [`Alt`+]`1`, …, `9`	Navigate screens (use `Shift` or `Alt` inside exec terminal)
`↑`, `↓`	Navigate list / form / log
`Enter`	Select item / submit form
`Esc`	Close modal window / cancel form / rewind focus
`Ctrl`+`z`	Close current tab
`q`, `Ctrl`+`q`	Exit ^[3]
Login
`←`, `→`	Navigate Kube configurations
Pods
`Enter`	Select pod / cycle containers
`r`	Remote shell into container
`m`	Memory usage
`c`	CPU usage
`t`	Network usage
`f`	File system usage
`e`	Open pod events tab
`Shift`+`e`	Open namespace events tab
`Ctrl`+`e`	Open cluster events tab
Log
`g`, `Shift`+`g`	Move to top / bottom
`Ctrl`+`u`, `Ctrl`+`d`	Move one page up / down

FAQ

Resources usage metrics are unavailable!
- Starting version 0.8.0, Kubebox expects cAdvisor to be deployed as a DaemonSet. See the cAdvisor section for more details;
- The metrics are retrieved from the REST API, of the cAdvisor pod running on the same node as the container for which the metrics are being requested. That REST API is accessed via the API server proxy, which requires proper RBAC permission, e.g.:
  # Permission to list the cAdvisor pods (selected using the `spec.nodeName` field selector) $ kubectl auth can-i list pods -n cadvisor yes # Permission to proxy the selected cAdvisor pod, to call its REST API $ kubectl auth can-i get pod --subresource proxy -n cadvisor yes

Development

$ git clone https://github.com/astefanutti/kubebox.git
$ cd kubebox
$ npm install
$ node index.js

Screenshots

Cluster events:

Shell into a container:

Terminal theme support:

Web browser version:

1. Requires cAdvisor to be deployed as a DaemonSet. See the cAdvisor section for more details.

2. Custom IDP certificate authority files are not supported in Web versions.

3. Not available in Web versions.

Download Kubebox

...

Sharing is caring on Social Media

Join the Team IT Security Community

📌 Found this on twitter. Is it right if they are trying to associate Kubernetes with all the legacy and heritage of Unix and BSD virtualization attempts (like chroot, jails, etc.). Is Kubernetes really that advanced and useful?

🕛 1787 Tage, 8 Stunden 50 Minuten
📆 23.05.2019 um 07:51 Uhr
📈 23.17 Punkte

📌 Gillbert, a web developer, uses a centralized web API to reduce complexity and increase the integrity of updating and changing data. For this purpose, he uses a web service that uses HTTP methods such as PUT, POST, GET, and DELETE and can improve the

🕛 1083 Tage, 11 Stunden 43 Minuten
📆 18.03.2021 um 08:17 Uhr
📈 18.88 Punkte