Announcement of the Kubernetes Web View (and a brief overview of other web UIs for Kubernetes)

Note. transl.: Originally posted by Henning Jacobs of Zalando. He created a new web interface for working with Kubernetes, which is positioned as "kubectl for the web." Why a new Open Source project appeared and what criteria were not met by existing solutions - read in his article.

In this post, I review various open source Kubernetes web interfaces, state my requirements for a generic UI, and explain why I developed Kubernetes WebView - an interface designed to facilitate support and troubleshooting in multiple clusters at once.

Use cases

At Zalando, we serve a large number of Kubernetes users (900+) and clusters (100+). There are a couple of typical use cases where the help of a specialized web tool would be very useful:

1. communication with colleagues within the framework of support;
2. response to incidents and investigation of their causes.

Support

In my experience, support communication often looks like this:

— Help, our XYZ service is unavailable!
What do you see when you do kubectl describe ingress ...?

Or something similar for CRD:

- I have some problem with the identification service ...
- What does the command issue? kubectl describe platformcredentialsset ...?

Such communication usually comes down to entering various variations of the command kubectl in order to fix the problem. As a result, both sides of the conversation are forced to constantly switch between the terminal and the web chat, plus they observe a different situation.

Therefore, I want the Kubernetes web frontend to allow the following:

• users could exchange links and observe the same thing;
• would help avoid human error in support: for example, entering the wrong cluster on the command line, typos in CLI commands, etc.;
• would allow generate custom views to send to colleagues, that is, add label columns, display many types of resources on one page;
• ideally, this web tool should allow you to put deep links to specific sections of YAML (for example, pointing to the wrong parameter causing crashes).

Incident response and analysis

Infrastructure incident response requires situational awareness, the ability to assess impact, and look for patterns in clusters. Some real life examples:

• a critical production service is having problems and you need to find all Kubernetes resources by name in all clustersto troubleshoot;
• nodes start to drop when scaling and you need to find all pods with "Pending" status in all clustersto assess the scope of the problem;
• individual users are reporting a problem with DaemonSet deployed across all clusters and need to find out if Is the problem pervasive?.

My standard solution in such cases is something like for i in $clusters; do kubectl ...; done. Obviously, it is possible to develop a tool that provides similar capabilities.

Existing Kubernetes web interfaces

The open source world of web interfaces to Kubernetes is not too big*, so I tried to collect additional information with Twitter:

* My explanation for the limited number of Kubernetes web UIs is that cloud services and Kubernetes vendors usually offer their own front-ends, so the market for "good" free Kubernetes UIs is relatively small.

With the help of a tweet, I found out about K8Dash, Kubernator и Octant. Let's look at them and other existing Open Source solutions, try to understand what they are.

K8Dash

"K8Dash is the simplest way to manage a Kubernetes cluster."

K8Dash Looks good and feels fast, but has a few disadvantages for the use cases listed above:

• Works only within the boundaries of one cluster.
• Sorting and filtering are possible, but do not have permalinks.
• No support for Custom Resource Definitions (CRDs).

Kubernator

“Kubernator is an alternative UI for Kubernetes. Unlike the high-level Kubernetes Dashboard, it provides low-level control and a great overview of all objects in the cluster with the ability to create new ones, edit them, and resolve conflicts. Being entirely a client application (like kubectl), it does not require any backend other than the Kubernetes API server itself, and also respects the rules for accessing the cluster.”

This is a pretty accurate description. Kubernator. Alas, it lacks some features:

• Serves only one cluster.
• There is no list view mode (i.e. you can't show all pods with the status "Pending").

Kubernetes Dashboard

“Kubernetes Dashboard is a universal web interface for Kubernetes clusters. It allows users to manage and troubleshoot applications running in the cluster, as well as manage the cluster itself.”

Unfortunately, Kubernetes Dashboard doesn't help much in my support and incident response activities because it:

• no permalinks, such as when I filter resources or change the sort order;
• there is no easy way to filter by status - for example, to see all pods with the status "Pending";
• only one cluster is supported;
• not supported by CRD (this feature is under development);
• no custom columns (for example, columns labeled by type kubectl -L).

Kubernetes Operational View (kube-ops-view)

"System panel-observer of the K8s cluster space".

У Kubernetes Operational View completely different approach: this tool only shows the cluster nodes and pods using WebGL, without any text details of the objects. It's great for a quick overview of the status of the cluster ("are the pods going down?")*, but it's not suitable for the support and incident response use cases described above.

* Note. transl.: In this sense, you may also be interested in our plugin grafana statusmap, which we discussed in more detail in this article.

Kubernetes Resource Report (kube-resource-report)

"Collect pod and Kubernetes cluster resource requests, compare them to resource consumption, and generate static HTML."

Kubernetes Resource Report generates static HTML reports on resource usage and cost allocation across teams/applications across clusters. The report is somewhat useful for support and incident response as it allows you to quickly find the cluster where the application is deployed.

Note. transl.: In viewing the details of the distribution of resources and their cost in cloud providers, a service and tool can also be useful. Kubecost, which we review recently published.

Octant

"An extensible web platform for developers to provide a better understanding of the complexity of Kubernetes clusters."

Octant, created by VMware, is a new product that I learned about relatively recently. With its help, it is convenient to explore the cluster on the local machine (there are even visualizations), but it only touches on the issues of support and incident response to a limited extent. Octant Disadvantages:

• No cluster search.
• Works only on the local machine (not deployed in a cluster).
• Unable to sort/filter objects (only label selector is supported).
• You cannot set custom columns.
• You cannot list objects by namespace.

I also had problems with the stability of Octant with Zalando clusters: on some CRDs he fell.

Introducing Kubernetes Web View

kubectl for the web.

After analyzing the available interface options for Kubernetes, I decided to create a new one: Kubernetes WebView. 'Cause all I really need is all the power kubectl on the web, that is:

• availability of all (read-only) operations in which users prefer to use kubectl;
• all URLs must be permanent and present the page in its original form so that colleagues can share them and use them in other tools;
• support for all Kubernetes objects, which will allow you to solve any type of problem;
• resource lists must be downloadable for further work (in spreadsheets, CLI tools like grep) and storage (for example, for postmortems);
• support for selecting resources by labels (similar to kubectl get .. -l);
• the ability to create combined lists of various types of resources (similar to kubectl get all) to obtain a common operational picture among colleagues (for example, in the process of responding to an incident);
• the ability to add custom "smart" deep links to other tools such as dashboards, loggers, application registries, etc. to facilitate troubleshooting/debugging and incident response;
• the front-end should be as simple as possible (pure HTML) to avoid occasional problems, such as hanging JavaScript;
• support for multiple clusters to simplify interaction during remote consulting (for example, to remember only one URL);
• if possible, situational analysis should be simplified (for example, with links to download resources across all clusters / namespaces);
• additional opportunities for creating flexible links and highlighting textual information, for example, so that you can point colleagues to a specific section in the resource description (a line in YAML);
• the ability to adjust to the requirements of a particular client, for example, allowing you to create special display templates for CRD, your own table views, change CSS styles;
• tools for further study on the command line (for example, showing full commands kubectlready to be copied);

Outside of tasks solved in Kubernetes Web View (non-goals) remained:

• abstracting Kubernetes objects;
• application management (for example, deployment management, Helm charts, etc.);
• write operations (should be done through a secure CI/CD and/or GitOps toolbox);
• beautiful interface (JavaScript, themes, etc.);
• visualization (see kube-ops-view);
• cost analysis (see kube-resource-report).

How does Kubernetes Web View help support and respond to incidents?

Support

• All links are permanentmaking it easier to share information with colleagues.
• Can create their views, for example, display all Deployments and Pods with a specific label in two specific clusters (multiple cluster names and resource types can be specified in a link separated by commas).
• You can refer to certain lines in a yaml file object, pointing out potential problems in the object specification.

Cluster search in Kubernetes Web View

Incident response

• Global search (global search) allows you to search for objects in all clusters.
• List Views can display all objects with a certain state/column in all clusters (for example, we need to find all pods with the status "Pending").
• Lists of objects can be downloaded in tab-separated value (TSV) format for later analysis.
• Custom External Links allow you to switch to related dashboards and other tools.

Kubernetes Web View: list of pods with "Pending" status in all clusters

If you want to try Kubernetes Web View, I recommend that you read documentation or look at live demo.

Of course, the interface could be better, but for now, Kubernetes Web View is a tool for "advanced users" who don't shy away from manipulating URL paths manually if necessary. If you have any comments/additions/suggestions, please contact follow me on Twitter!

This article is a brief introduction to the background that led to the creation of Kubernetes Web View. Others will follow! (Note. transl.: They should be expected in author's blog.)

PSfrom translator

Read also on our blog:

• «kubebox and other shells for Kubernetes";
• «Tools for developers of applications that run on Kubernetes";
• «Kubelive console utility for interactive work with Kubernetes appeared";
• «Useful utilities for working with Kubernetes».

Source: habr.com