Browser
Users that have access to the Web Console are provided with the option to perform KubeCTL operations in a browser based shell after they successfully authenticate.
Infrastructure and Cluster Admins¶
Users with Infrastructure Admin roles for a Project(s) in the Web Console have access to the "Infrastructure" tab and therefore access to the Kubernetes clusters in the Project. For every managed cluster, in a Project, users are presented with a visible option to initiate KubeCTL. See the image below for an illustrative example.
- Click the KubeCTL icon
- This presents the user with a browser based KubeCTL shell. Initially, the connection status is Connecting (highlighted in red)
Connection Status¶
- On a successful connection, the status is Connected (highlighted in green)
- Click + icon next to the clusters name to view one or more cluster details through KubeCTL. The connection fetches information for each cluster
- When the user is away from the controller for a longer period or the session expires, the connection status is Not Connected. Click Reconnect to get the connection back and use the relevant commands to retrieve the required information
Project Admins¶
Users with Project Admin roles for a Project(s) in the Web Console have access to the "Applications" and "Integrations" tabs. Unlike Infrastructure Admins, these users DO NOT have direct, low level access to the Kubernetes clusters in the Projects. However, as application owners/developers, they may require quick KubeCTL access to the namespace where their workloads are deployed so that they can debug/diagnose issues when they occur.
The Web Console provides these users the means to open a browser based KubeCTL shell directly in the namespace of the cluster where their workload is deployed.
- Click on a workload
- Navigate to the Publish tab and click on Debug
- Click on the KubeCTL button
The user will now be presented with a browser based KubeCTL shell and can perform operations in the namespace where the workload was deployed.
Important
Unlike the debug window which automatically provides a filtered view of only the k8s resources for their workload, the KubeCTL shell provides the user visibility into all resources in the namespace.
Namespace Admins¶
Users with Namespace Admin roles in a Project in the Web Console have access ONLY to specifically identified Kubernetes namespaces. As application owners/developers, they may require quick KubeCTL access to the namespace where their workloads are deployed so that they can debug/diagnose issues when they occur.
The Web Console provides these users the means to open a browser based KubeCTL shell directly in the namespace of the cluster where their workload is deployed.
- Click on a workload
- Navigate to the Publish tab and click on Debug
- Click on the KubeCTL button
The user will now be presented with a browser based KubeCTL shell and can perform operations in the namespace where the workload was deployed.
Important
Users with a namespace admin role will be blocked from being able to perform privileged KubeCTL commands outside the allowed namespaces.