1panel-dev / webkubectl Goto Github PK

Hi,
I want to add a kubeconfig file and share it between multiple users. They will access the dashboard and the session configuration will be ready for them to "connect" without further configuration.
Is there a way to do it?

It would be good if there is any authentication for login into the UI

Websocket connection closed unexpectedly in NAT.

we have many openshift clusters and we want to give this tool to people who wish to run some kubectl command from the backend how we can do this.
we don't want to create a config file for all users.
and how we can also implement security.

Hi,

I am running webkubectl on my local and trying to connect my GKE cluster and getting Unauthorized, trying to authenticate for individual user account and not for serviceaccount. Do I am missing anything here?.

#gcloud config config-helper --format=json |grep id_token

#curl http://localhost:8080/api/kube-token -X POST -d '{"name":"cluster-name","apiServer":"https://1.1.1.1","token":"<REPLACED_TOKEN_WITH_ABOVE_COMMAND_VALUE>"}'

{"success":true,"token":"z99g0mpycafe2xxxxxx","message":""}

Trying to browse the below url on browser
#http://localhost:8080/terminal/?token=z99g0mpycafe2xxxxxx

Welcome to Web Kubectl, try kubectl --help.
> k get po
error: You must be logged in to the server (Unauthorized)
>

在k8s中部署，进去终端的时候报错:
unshare: unshare(0x20020000): Operation not permitted

请问在k8s中部署，需要做什么配置吗？

Only part of the content is pasted if content > 1024 bytes.

建议出场封装helm 3命令，也是通过config文件连接到集群。

在使用当前容器后，发现非法关闭浏览器中的tab后，查看容器中的sh命令依然存在，如下 所示：
/ # ps axu|grep sh
1 root 0:00 sh
134 root 0:00 sh
319 root 0:00 sh
329 root 0:00 grep sh
经过多次测试，发现正常输入exit后会自动退出，但是直接关闭浏览器则会多处类似319这样的sh。测试惊现使用busybox。

Firstly congratulations for your fantastic project!

Now I'm trying to hack your project to integrate with my small open source project.
So I have made some changes in the front-end side, and I simply built the project with the Dockerfile, and there are some makefile that looks doing some npm build, However the changes are not applied at all.

It looks the changes in front-ends must be reflected to the "asset.go" file, specifically to the _staticJsGottyBundleJs variable. And your team changed the modified date and the contents length corresponding to the changes as well. I think it looks done by some build tools something.

How did you do this?

Thank you.

你好，

$ docker run --name="webkubectl" -p 8080:8080 -d --privileged kubeoperator/webkubectl

执行上述命令后，访问 http://<webkubectl-address>:<port> 返回如下内容

<ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<Owner>
<ID>anonymous</ID>
<DisplayName/>
</Owner>
<Buckets/>
</ListAllMyBucketsResult>

is there any way we can define multiple usernames and passwords for diff people as I can see with basic authentication we can only provide one username and password.

or can we get integration with LDAP.
can we have such a feature?

English:
It is difficult to implement by modifying the webkubectl source code, because some functions of TTY ( such as button of 'up' going to last command, 'tab' auto-completion)still need to be used. If you want to use these functions, you have to send characters to TTY (slave) first, so it is difficult to intercept commands in the webkubect source code

There are some methods for TTY interception, such as rbash, but there are still some escape methods

Any better suggestions?

中文：
很难通过修改webkubectl源码实现，因为仍然需要使用tty的一些功能（比如up键表示回到上一条命令，tab自动补全等等）。如果要使用这些功能，就不得不先把字符先发送给tty（slave），所以很难在webkubect源码进行命令拦截

在tty拦截有一些办法，像rbash，但仍然有一些逃逸的方法

有更好的建议吗？

This error happens many times

we are using 5 replicas of webkubectl
kubernete server version : 1.20.6
webkubectl : latest version

hi， please tell me how to compile the assert. I suffered below error when executed "make asset". Which base build image I should use
ERROR in ./src/xterm.ts
(6,6): error TS2339: Property 'loadAddon' does not exist on type 'typeof 'xterm''.

ERROR in ./src/xterm.ts
(11,11): error TS2304: Cannot find name 'bare'.

ERROR in ./src/xterm.ts
(23,21): error TS2351: Cannot use 'new' with an expression whose type lacks a call or construct signature.

ERROR in ./src/xterm.ts
(11,11): error TS4031: Public property 'term' of exported class has or is using private name 'bare'.

Sometimes it is necessary to transfer files with the terminal. After installing lrzsz, there are still problems in using it.

http://0.0.0.0/kubepi/webkubectl/root?token=620dade5-9fc0-4478-9cb0-3d008f9f07fa
download kubeconfig failed
{
"code": 500,
"message": "can not find sessionId: 620dade5-9fc0-4478-9cb0-3d008f9f07fa in memory",
"success": false
}

通过Web界面已经连接上K8s，可是几秒中不输入就会断开连接。这个时间太短了，应该也就几秒钟。
是否可以让这个时间配置由用户自己来指定自动断开的时间呢？

Hi all and thanks for this great Tool,

I want to use your application in a Kubernetes Cluster. I have create a simple Helm chart for it with: Deployment, Service and Secret. I am using the latest image : kubeoperator/webkubectl:latest

1. Without authentication

I can generate a token to create a session and connect, but once connected, i always got authentication error : error: You must be logged in to the server (Unauthorized)   

I didn't try with the KubeConfig file.

2. With authentication:

I have proceeded as explained in this blog to add a secret for for the credentials : https://www.civo.com/learn/webkubectl-running-kubectl-commands-from-your-web-browser

But once the GOTTY_CREDENTIAL env variable is set, the pod cannot be started. If i use a dummy variable, it will start.

I can share the helm chart if it can help to solve the issue.

3. How can we in this context handle the multiple users authentication ?

Thanks

Hi,

Is it possible to customize the web GUI like setting custom icon, background..etc? Is there any way to store the kubeconfig or token details in the app instead of the web browser?

比如我想默认打开就是exec某个容器下

1）版本是2.12.0
2）部署方式：docker，参数都是默认参数
3）后台日志出现：Connection closed：ip地址:端口，reason:client close, connections: 0/3

如下命令，似乎use_redis_token_cache并没生效，是设置错了么？
docker run --rm --name="webkubectl" -p 8889:8080 --privileged -e GOTTY_OPTIONS="--port 8080 --permit-write --permit-arguments --use_redis_token_cache true --redis_addr x.x.x.x" kubeoperator/webkubectl:v2.8.0

Hello, guys!
Hope you have a good day !
I have the wonder like how to access the terminal without manually importing the kubeconfig file.
The big idea is i already have some kubeconfig file in the local OS and the webkubectl will import these file and auto create some session and my job is simply click on connect and access into the cluster ! ( For example i have a lot of kubeconfig file and what if i import manually. It will take a lot of time)

Welcome to Web Kubectl, try kubectl --help.
base64: invalid input

Hi I have written a new blog for webkubectl and how to install that on Kubernetes. Would be great to include a community contribution section and add it.
Thoughts?
Blog article -> https://www.civo.com/learn/webkubectl-running-kubectl-commands-from-your-web-browser

(The purpose of this report is to alert KubeOperator/webkubectl to the possible problems when KubeOperator/webkubectl try to upgrade the following dependencies)

An error will happen when upgrading library github.com/codegangsta/cli:

github.com/codegangsta/cli

-Now Moved To: github.com/urfave/cli
-Latest Version: v2.2.0 (Latest commit d648edd on 6 Mar)
-Where did you use it:
https://github.com/KubeOperator/webkubectl/search?q=codegangsta%2Fcli&unscoped_q=codegangsta%2Fcli
-Detail:

github.com/urfave/cli/go.mod

module github.com/urfave/cli/v2
go 1.11
require (
	github.com/BurntSushi/toml v0.3.1
	github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d
	gopkg.in/yaml.v2 v2.2.2
) 

github.com/urfave/cli/docs.go

package cli
import (
	"github.com/cpuguy83/go-md2man/v2/md2man"
	…
) 

This problem was introduced since urfave/cli v1.22.1 . If you try to upgrade urfave/cli to version ** v1.22.1** and above, you will get an error--- no package exists at "github.com/cpuguy83/go-md2man/v2/md2man"

NOTICE HERE The github.com/codegangsta/cli makes it very difficult for downstream module users to use KubeOperator/webkubectl. Force downstream module users to use vendor if they want to use KubeOperator/webkubectl.

I investigated the libraries (urfave/cli >= v1.22.1) release information and found the root cause of this issue is that----

1. These dependencies all added Go modules in the recent versions.

2. They all comply with the specification of "Releasing Modules for v2 or higher" available in the Modules documentation. Quoting the specification:

A package that has migrated to Go Modules must include the major version in the import path to reference any v2+ modules. For example, Repo github.com/my/module migrated to Modules on version v3.x.y. Then this repo should declare its module path with MAJOR version suffix "/v3" (e.g., module github.com/my/module/v3), and its downstream project should use "github.com/my/module/v3/mypkg" to import this repo’s package.

3. This "github.com/my/module/v3/mypkg" is not the physical path. So earlier versions of Go (including those that don't have minimal module awareness) plus all tooling (like dep, glide, govendor, etc) don't have minimal module awareness as of now and therefore don't handle import paths correctly See golang/dep#1962, golang/dep#2139.

Note: creating a new branch is not required. If instead you have been previously releasing on master and would prefer to tag v3.0.0 on master, that is a viable option. (However, be aware that introducing an incompatible API change in master can cause issues for non-modules users who issue a go get -u given the go tool is not aware of semver prior to Go 1.11 or when module mode is not enabled in Go 1.11+).
Pre-existing dependency management solutions such as dep currently can have problems consuming a v2+ module created in this way. See for example dep#1962.
https://github.com/golang/go/wiki/Modules#releasing-modules-v2-or-higher

Solution

1. Migrate to Go Modules.

Go Modules is the general trend of ecosystem, if you want a better upgrade package experience, migrating to Go Modules is a good choice.

Migrate to modules will be accompanied by the introduction of virtual paths(It was discussed above).

This "github.com/my/module/v3/mypkg" is not the physical path. So Go versions older than 1.9.7 and 1.10.3 plus all third-party dependency management tools (like dep, glide, govendor, etc) don't have minimal module awareness as of now and therefore don't handle import paths correctly.

Then the downstream projects might be negatively affected in their building if they are module-unaware (Go versions older than 1.9.7 and 1.10.3; Or use third-party dependency management tools, such as: Dep, glide, govendor…).

2. Maintaining v2+ libraries that use Go Modules in Vendor directories.

If KubeOperator/webkubectl want to keep using the dependency manage tools (like dep, glide, govendor, etc), and still want to upgrade the dependencies, can choose this fix strategy.
Manually download the dependencies into the vendor directory and do compatibility dispose(materialize the virtual path or delete the virtual part of the path). Avoid fetching the dependencies by virtual import paths. This may add some maintenance overhead compared to using modules.

As the import paths have different meanings between the projects adopting module repos and the non-module repos, materialize the virtual path is a better way to solve the issue, while ensuring compatibility with downstream module users. A textbook example provided by repo github.com/moby/moby is here:
https://github.com/moby/moby/blob/master/VENDORING.md
https://github.com/moby/moby/blob/master/vendor.conf
In the vendor directory, github.com/moby/moby adds the /vN subdirectory in the corresponding dependencies.
This will help more downstream module users to work well with your package.

3. Request upstream to do compatibility processing.

The codegangsta/cli have 225 module-unaware users in github, such as: FINTLabs/fint-oauth-token, rancher/share-mnt, wushuai826/wushuai…
https://github.com/search?q=codegangsta%2Fcli+filename%3Avendor.conf+filename%3Avendor.json+filename%3Aglide.toml+filename%3AGodep.toml+filename%3AGodep.json

Summary

You can make a choice when you meet this DM issues by balancing your own development schedules/mode against the affects on the downstream projects.

For this issue, Solution 1 can maximize your benefits and with minimal impacts to your downstream projects the ecosystem.

References

• https://github.com/golang/go/wiki/Modules#semantic-import-versioning
• https://golang.org/cmd/go/#hdr-Module_compatibility_and_semantic_versioning
• https://github.com/golang/go/wiki/Modules#releasing-modules-v2-or-higher

Do you plan to upgrade the libraries in near future?
Hope this issue report can help you ^_^
Thank you very much for your attention.

Best regards,
Kate

#7 接这个问题后：
这个问题还是没解决，目前测还是有问题。关闭浏览器后没结束进程，超过180s后进程依然存在
比如我进入终端后，又执行了一次bash或者sh，然后关闭，这个时候第二次执行的sh不会结束