๐ Kubebox - Terminal And Web Console For Kubernetes
๐ก Newskategorie: IT Security Nachrichten
๐ Quelle: feedproxy.google.com
Features
- Configuration from kubeconfig files (
KUBECONFIG
environment variable or$HOME/.kube
)
- Switch contexts interactively
- Authentication support (bearer token, basic auth, private key / cert, OAuth, OpenID Connect, Amazon EKS, Google Kubernetes Engine, Digital Ocean)
- Namespace selection and pods list watching
- Container log scrolling / watching
- Container resources usage (memory, CPU, network, file system charts) [1]
- Container remote exec terminal
- Cluster, namespace, pod events
Run
Executable
# Linux
$ curl -Lo kubebox https://github.com/astefanutti/kubebox/releases/download/v0.8.0/kubebox-linux && chmod +x kubebox
# OSX
$ curl -Lo kubebox https://github.com/astefanutti/kubebox/releases/download/v0.8.0/kubebox-macos && chmod +x kubebox
# Windows
$ curl -Lo kubebox.exe https://github.com/astefanutti/kubebox/releases/download/v0.8.0/kubebox-windows.exe
$ ./kubebox
Server
$ kubectl apply -f https://raw.github.com/astefanutti/kubebox/master/kubernetes.yaml
$ kubectl delete namespace kubebox
$ oc new-app -f https://raw.github.com/astefanutti/kubebox/master/openshift.yaml
Kubectl
kubectl
, e.g.:$ kubectl run kubebox -it --rm --env="TERM=xterm" --image=astefanutti/kubebox --restart=Never
--serviceaccount
option and reference a service account with sufficient permissions.Docker
$ docker run -it --rm astefanutti/kubebox
~/.kube/config
file, e.g.:$ docker run -it --rm -v ~/.kube/:/home/node/.kube/:ro astefanutti/kubebox
Online
$ kube-apiserver --cors-allowed-origins .*
Authentication
kubectl
, in order to provide seamless integration with your local setup. Here are the different authentication strategies we support, depending on how youโre using Kubebox:Executable | Docker | Online | |
---|---|---|---|
OpenID Connect | yes | yes | yes[2] |
Amazon EKS | yes | ||
Digital Ocean | yes | ||
Google Kubernetes Engine | yes |
cAdvisor
$ kubectl apply -f https://raw.github.com/astefanutti/kubebox/master/cadvisor.yaml
cadvisor.yaml
file, thatโs tested to work with Kubebox. However, the DaemonSet example, from the cAdvisor project, should also work just fine. Note that the cAdvisor containers must run with a privileged security context, so that they can access the container runtime on each node.--storage_duration
and --housekeeping_interval
options, added to the cAdvisor container arguments declared in the cadvisor.yaml
file, to adjust the duration of the storage moving window (default to 5m0s
), and the sampling period (default to 10s
) respectively. You may also have to provide the path of your cluster container runtime socket, in case itโs not following the usual convention.Hotkeys
Keybinding | Description |
---|---|
General | |
l, Ctrl+l | Login |
n | Change current namespace |
[Shift+]โ, โ [Alt+]1, โฆโ, 9 | Navigate screens (use Shift or Alt inside exec terminal) |
โ, โ | Navigate list / form / log |
Enter | Select item / submit form |
Esc | Close modal window / cancel form / rewind focus |
Ctrl+z | Close current tab |
q, Ctrl+q | Exit [3] |
Login | |
โ, โ | Navigate Kube configurations |
Pods | |
Enter | Select pod / cycle containers |
r | Remote shell into container |
m | Memory usage |
c | CPU usage |
t | Network usage |
f | File system usage |
e | Open pod events tab |
Shift+e | Open namespace events tab |
Ctrl+e | Open cluster events tab |
Log | |
g, Shift+g | Move to top / bottom |
Ctrl+u, Ctrl+d | Move one page up / down |
FAQ
- Resources usage metrics are unavailable!
- Starting version 0.8.0, Kubebox expects cAdvisor to be deployed as a DaemonSet. See the cAdvisor section for more details;
- The metrics are retrieved from the REST API, of the cAdvisor pod running on the same node as the container for which the metrics are being requested. That REST API is accessed via the API server proxy, which requires proper RBAC permission, e.g.:
# Permission to list the cAdvisor pods (selected using the `spec.nodeName` field selector)
$ kubectl auth can-i list pods -n cadvisor
yes
# Permission to proxy the selected cAdvisor pod, to call its REST API
$ kubectl auth can-i get pod --subresource proxy -n cadvisor
yes
- Starting version 0.8.0, Kubebox expects cAdvisor to be deployed as a DaemonSet. See the cAdvisor section for more details;
Development
$ git clone https://github.com/astefanutti/kubebox.git
$ cd kubebox
$ npm install
$ node index.js
...