1panel-dev / webkubectl Goto Github PK
View Code? Open in Web Editor NEWRun kubectl command in Web Browser.
License: Apache License 2.0
Run kubectl command in Web Browser.
License: Apache License 2.0
Hi,
I want to add a kubeconfig file and share it between multiple users. They will access the dashboard and the session configuration will be ready for them to "connect" without further configuration.
Is there a way to do it?
It would be good if there is any authentication for login into the UI
we have many openshift clusters and we want to give this tool to people who wish to run some kubectl command from the backend how we can do this.
we don't want to create a config file for all users.
and how we can also implement security.
Hi,
I am running webkubectl on my local and trying to connect my GKE cluster and getting Unauthorized, trying to authenticate for individual user account and not for serviceaccount. Do I am missing anything here?.
#gcloud config config-helper --format=json |grep id_token
#curl http://localhost:8080/api/kube-token -X POST -d '{"name":"cluster-name","apiServer":"https://1.1.1.1","token":"<REPLACED_TOKEN_WITH_ABOVE_COMMAND_VALUE>"}'
{"success":true,"token":"z99g0mpycafe2xxxxxx","message":""}
Trying to browse the below url on browser
#http://localhost:8080/terminal/?token=z99g0mpycafe2xxxxxx
Welcome to Web Kubectl, try kubectl --help.
> k get po
error: You must be logged in to the server (Unauthorized)
>
在k8s中部署,进去终端的时候报错:
unshare: unshare(0x20020000): Operation not permitted
请问在k8s中部署,需要做什么配置吗?
Only part of the content is pasted if content > 1024 bytes.
建议出场封装helm 3命令,也是通过config文件连接到集群。
在使用当前容器后,发现非法关闭浏览器中的tab后,查看容器中的sh命令依然存在,如下 所示:
/ # ps axu|grep sh
1 root 0:00 sh
134 root 0:00 sh
319 root 0:00 sh
329 root 0:00 grep sh
经过多次测试,发现正常输入exit后会自动退出,但是直接关闭浏览器则会多处类似319这样的sh。测试惊现使用busybox。
Firstly congratulations for your fantastic project!
Now I'm trying to hack your project to integrate with my small open source project.
So I have made some changes in the front-end side, and I simply built the project with the Dockerfile, and there are some makefile that looks doing some npm build, However the changes are not applied at all.
It looks the changes in front-ends must be reflected to the "asset.go" file, specifically to the _staticJsGottyBundleJs variable. And your team changed the modified date and the contents length corresponding to the changes as well. I think it looks done by some build tools something.
How did you do this?
Thank you.
你好,
$ docker run --name="webkubectl" -p 8080:8080 -d --privileged kubeoperator/webkubectl
执行上述命令后,访问 http://<webkubectl-address>:<port>
返回如下内容
<ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Owner>
<ID>anonymous</ID>
<DisplayName/>
</Owner>
<Buckets/>
</ListAllMyBucketsResult>
is there any way we can define multiple usernames and passwords for diff people as I can see with basic authentication we can only provide one username and password.
or can we get integration with LDAP.
can we have such a feature?
English:
It is difficult to implement by modifying the webkubectl source code, because some functions of TTY ( such as button of 'up' going to last command, 'tab' auto-completion)still need to be used. If you want to use these functions, you have to send characters to TTY (slave) first, so it is difficult to intercept commands in the webkubect source code
There are some methods for TTY interception, such as rbash, but there are still some escape methods
Any better suggestions?
中文:
很难通过修改webkubectl源码实现,因为仍然需要使用tty的一些功能(比如up键表示回到上一条命令,tab自动补全等等)。如果要使用这些功能,就不得不先把字符先发送给tty(slave),所以很难在webkubect源码进行命令拦截
在tty拦截有一些办法,像rbash,但仍然有一些逃逸的方法
有更好的建议吗?
hi, please tell me how to compile the assert. I suffered below error when executed "make asset". Which base build image I should use
ERROR in ./src/xterm.ts
(6,6): error TS2339: Property 'loadAddon' does not exist on type 'typeof 'xterm''.
ERROR in ./src/xterm.ts
(11,11): error TS2304: Cannot find name 'bare'.
ERROR in ./src/xterm.ts
(23,21): error TS2351: Cannot use 'new' with an expression whose type lacks a call or construct signature.
ERROR in ./src/xterm.ts
(11,11): error TS4031: Public property 'term' of exported class has or is using private name 'bare'.
Sometimes it is necessary to transfer files with the terminal. After installing lrzsz, there are still problems in using it.
http://0.0.0.0/kubepi/webkubectl/root?token=620dade5-9fc0-4478-9cb0-3d008f9f07fa
download kubeconfig failed
{
"code": 500,
"message": "can not find sessionId: 620dade5-9fc0-4478-9cb0-3d008f9f07fa in memory",
"success": false
}
通过Web界面已经连接上K8s,可是几秒中不输入就会断开连接。这个时间太短了,应该也就几秒钟。
是否可以让这个时间配置由用户自己来指定自动断开的时间呢?
Hi all and thanks for this great Tool,
I want to use your application in a Kubernetes Cluster. I have create a simple Helm chart for it with: Deployment, Service and Secret. I am using the latest image : kubeoperator/webkubectl:latest
I can generate a token to create a session and connect, but once connected, i always got authentication error : error: You must be logged in to the server (Unauthorized)
I didn't try with the KubeConfig file.
I have proceeded as explained in this blog to add a secret for for the credentials : https://www.civo.com/learn/webkubectl-running-kubectl-commands-from-your-web-browser
But once the GOTTY_CREDENTIAL env variable is set, the pod cannot be started. If i use a dummy variable, it will start.
I can share the helm chart if it can help to solve the issue.
Thanks
Hi,
Is it possible to customize the web GUI like setting custom icon, background..etc? Is there any way to store the kubeconfig or token details in the app instead of the web browser?
比如我想默认打开就是exec某个容器下
1)版本是2.12.0
2)部署方式:docker,参数都是默认参数
3)后台日志出现:Connection closed:ip地址:端口,reason:client close, connections: 0/3
如下命令,似乎use_redis_token_cache并没生效,是设置错了么?
docker run --rm --name="webkubectl" -p 8889:8080 --privileged -e GOTTY_OPTIONS="--port 8080 --permit-write --permit-arguments --use_redis_token_cache true --redis_addr x.x.x.x" kubeoperator/webkubectl:v2.8.0
Hello, guys!
Hope you have a good day !
I have the wonder like how to access the terminal without manually importing the kubeconfig file.
The big idea is i already have some kubeconfig file in the local OS and the webkubectl will import these file and auto create some session and my job is simply click on connect and access into the cluster ! ( For example i have a lot of kubeconfig file and what if i import manually. It will take a lot of time)
Welcome to Web Kubectl, try kubectl --help.
base64: invalid input
Hi I have written a new blog for webkubectl and how to install that on Kubernetes. Would be great to include a community contribution section and add it.
Thoughts?
Blog article -> https://www.civo.com/learn/webkubectl-running-kubectl-commands-from-your-web-browser
(The purpose of this report is to alert KubeOperator/webkubectl
to the possible problems when KubeOperator/webkubectl
try to upgrade the following dependencies)
-Now Moved To: github.com/urfave/cli
-Latest Version: v2.2.0 (Latest commit d648edd on 6 Mar)
-Where did you use it:
https://github.com/KubeOperator/webkubectl/search?q=codegangsta%2Fcli&unscoped_q=codegangsta%2Fcli
-Detail:
module github.com/urfave/cli/v2
go 1.11
require (
github.com/BurntSushi/toml v0.3.1
github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d
gopkg.in/yaml.v2 v2.2.2
)
package cli
import (
"github.com/cpuguy83/go-md2man/v2/md2man"
…
)
This problem was introduced since urfave/cli v1.22.1 . If you try to upgrade urfave/cli to version ** v1.22.1** and above, you will get an error--- no package exists at "github.com/cpuguy83/go-md2man/v2/md2man"
NOTICE HERE The github.com/codegangsta/cli
makes it very difficult for downstream module users to use KubeOperator/webkubectl
. Force downstream module users to use vendor if they want to use KubeOperator/webkubectl
.
These dependencies all added Go modules in the recent versions.
They all comply with the specification of "Releasing Modules for v2 or higher" available in the Modules documentation. Quoting the specification:
A package that has migrated to Go Modules must include the major version in the import path to reference any v2+ modules. For example, Repo github.com/my/module migrated to Modules on version v3.x.y. Then this repo should declare its module path with MAJOR version suffix "/v3" (e.g., module
github.com/my/module/v3
), and its downstream project should use"github.com/my/module/v3/mypkg"
to import this repo’s package.
physical path
. So earlier versions of Go (including those that don't have minimal module awareness) plus all tooling (like dep, glide, govendor, etc) don't have minimal module awareness
as of now and therefore don't handle import paths correctly See golang/dep#1962, golang/dep#2139.Note: creating a new branch is not required. If instead you have been previously releasing on master and would prefer to tag v3.0.0 on master, that is a viable option. (However, be aware that introducing an incompatible API change in master can cause issues for non-modules users who issue a go get -u given the go tool is not aware of semver prior to Go 1.11 or when module mode is not enabled in Go 1.11+).
Pre-existing dependency management solutions such as dep currently can have problems consuming a v2+ module created in this way. See for example dep#1962.
https://github.com/golang/go/wiki/Modules#releasing-modules-v2-or-higher
Go Modules is the general trend of ecosystem, if you want a better upgrade package experience, migrating to Go Modules is a good choice.
Migrate to modules will be accompanied by the introduction of virtual paths(It was discussed above).
This "github.com/my/module/v3/mypkg" is not the
physical path
. So Go versions older than 1.9.7 and 1.10.3 plus all third-party dependency management tools (like dep, glide, govendor, etc) don't haveminimal module awareness
as of now and therefore don't handle import paths correctly.
Then the downstream projects might be negatively affected in their building if they are module-unaware (Go versions older than 1.9.7 and 1.10.3; Or use third-party dependency management tools, such as: Dep, glide, govendor…).
If KubeOperator/webkubectl
want to keep using the dependency manage tools (like dep, glide, govendor, etc), and still want to upgrade the dependencies, can choose this fix strategy.
Manually download the dependencies into the vendor directory and do compatibility dispose(materialize the virtual path or delete the virtual part of the path). Avoid fetching the dependencies by virtual import paths. This may add some maintenance overhead compared to using modules.
As the import paths have different meanings between the projects adopting module repos and the non-module repos, materialize the virtual path is a better way to solve the issue, while ensuring compatibility with downstream module users. A textbook example provided by repo github.com/moby/moby
is here:
https://github.com/moby/moby/blob/master/VENDORING.md
https://github.com/moby/moby/blob/master/vendor.conf
In the vendor directory, github.com/moby/moby
adds the /vN subdirectory in the corresponding dependencies.
This will help more downstream module users to work well with your package.
The codegangsta/cli
have 225 module-unaware users in github, such as: FINTLabs/fint-oauth-token, rancher/share-mnt, wushuai826/wushuai…
https://github.com/search?q=codegangsta%2Fcli+filename%3Avendor.conf+filename%3Avendor.json+filename%3Aglide.toml+filename%3AGodep.toml+filename%3AGodep.json
You can make a choice when you meet this DM issues by balancing your own development schedules/mode against the affects on the downstream projects.
For this issue, Solution 1 can maximize your benefits and with minimal impacts to your downstream projects the ecosystem.
Do you plan to upgrade the libraries in near future?
Hope this issue report can help you ^_^
Thank you very much for your attention.
Best regards,
Kate
#7 接这个问题后:
这个问题还是没解决,目前测还是有问题。关闭浏览器后没结束进程,超过180s后进程依然存在
比如我进入终端后,又执行了一次bash或者sh,然后关闭,这个时候第二次执行的sh不会结束
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.