Kubebox terminal and web console for kubernetes.
Features
KUBECONFIG
environment variable or $HOME/.kube
)Run
The following alternatives are available for you to use Kubebox, depending on your preferences and constraints:
Executable
Download the Kubebox standalone executable for your OS:
#Linux
$ curl -Lo kubebox https://github.com/astefanutti/kubebox/releases/download/v0.8.0/kubebox-linux && chmod +x kubebox
#OSX
$ curl -Lo kubebox https://github.com/astefanutti/kubebox/releases/download/v0.8.0/kubebox-macos && chmod +x kubebox
#Windows
$ curl -Lo kubebox.exe https://github.com/astefanutti/kubebox/releases/download/v0.8.0/kubebox-windows.exe
Then run:
$ ./kubebox
Server
Kubebox can be served from a service hosted in your Kubernetes cluster. Terminal emulation is provided by Xterm.js and the communication with the Kubernetes master API is proxied by the server.
To deploy the server in your Kubernetes cluster, run:
$ kubectl apply -f https://raw.github.com/astefanutti/kubebox/master/kubernetes.yaml
To shut down the server and clean-up resources, run:
$ kubectl delete namespace kubebox
For the Ingress resource to work, the cluster must have an Ingress controller running. See Ingress controllers for more information.
Alternatively, to deploy the server in your OpenShift cluster, run:
$ oc new-app -f https://raw.github.com/astefanutti/kubebox/master/openshift.yaml
Kubectl
You can run Kubebox as an in-cluster client with kubectl
, e.g.:
$ kubectl run kubebox -it –rm –env=”TERM=xterm” –image=astefanutti/kubebox –restart=Never
If RBAC is enabled, you’ll have to use the --serviceaccount
option and reference a service account with sufficient permissions.
Docker
You can run Kubebox using Docker, e.g.:
$ docker run -it –rm astefanutti/kubebox
You may want to mount your home directory so that Kubebox can rely on the ~/.kube/config
file, e.g.:
$ docker run -it –rm -v ~/.kube/:/home/node/.kube/:ro astefanutti/kubebox
Online
Kubebox is available online at https://astefanutti.github.com/kubebox. Note that it requires this address to match the allowed origins for CORS by the API server. This can be achived with the Kubernetes API server CLI, e.g.:
$ kube-apiserver –cors-allowed-origins .*
Authentication
We try to support the various authentication strategies supported by kubectl
, in order to provide seamless integration with your local setup. Here are the different authentication strategies we support, depending on how you’re using Kubebox:
Executable | Docker | Online | |
---|---|---|---|
OpenID Connect | ✔️ | ✔️ | ✔️[2] |
Amazon EKS | ✔️ | ||
Digital Ocean | ✔️ | ||
Google Kubernetes Engine | ✔️ |
If the mode you’re using isn’t supported, you can refresh the authentication token/certs manually and update your kubeconfig file accordingly.
cAdvisor
Kubebox relies on cAdvisor to retrieve the resource usage metrics. Before version 0.8.0, Kubebox used to access the cAdvisor endpoints, that are embedded in the Kubelet. However, these endpoints are being deprecated, and will eventually be removed, as discussed in kubernetes#68522.
Starting version 0.8.0, Kubebox expects cAdvisor to be deployed as a DaemonSet. This can be achieved with:
$ kubectl apply -f https://raw.github.com/astefanutti/kubebox/master/cadvisor.yaml
It’s recommended to use the provided cadvisor.yaml
file, that’s tested to work with Kubebox. However, the DaemonSet example, from the cAdvisor project, should also work just fine. Note that the cAdvisor containers must run with a privileged security context, so that they can access the container runtime on each node.
You can change the default --storage_duration
and --housekeeping_interval
options, added to the cAdvisor container arguments declared in the cadvisor.yaml
file, to adjust the duration of the storage moving window (default to 5m0s
), and the sampling period (default to 10s
) respectively. You may also have to provide the path of your cluster container runtime socket, in case it’s not following the usual convention.
Hotkeys
Keybinding | Description |
---|---|
General | |
l, Ctrl+l | Login |
n | Change current namespace |
[Shift+]←, → [Alt+]1, …, 9 | Navigate screens (use Shift or Alt inside exec terminal) |
↑, ↓ | Navigate list / form / log |
Enter | Select item / submit form |
Esc | Close modal window / cancel form / rewind focus |
Ctrl+z | Close current tab |
q, Ctrl+q | Exit [3] |
Login | |
←, → | Navigate Kube configurations |
Pods | |
Enter | Select pod / cycle containers |
r | Remote shell into container |
m | Memory usage |
c | CPU usage |
t | Network usage |
f | File system usage |
e | Open pod events tab |
Shift+e | Open namespace events tab |
Ctrl+e | Open cluster events tab |
Log | |
g, Shift+g | Move to top / bottom |
Ctrl+u, Ctrl+d | Move one page up / down |
FAQ
Development
$ git clone https://github.com/astefanutti/kubebox.git
$ cd kubebox
$ npm install
$ node index.js
Screenshots
bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…
Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…
Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…