Cluster terminal access is an essential feature that enables DevOps Engineers to manage clusters and troubleshoot applications on the go. The engineers at Devtron understand the need for such a component and have incorporated it into the latest open-source release of Devtron for the community to use. This capability will now allow the users of Devtron to troubleshoot your cluster right from the Devtron dashboard without direct access into the Kubernetes cluster as a standard security best practice.
How to launch a cluster-wide terminal?
Step 1: Go to the clusters sections by clicking on the Clusters icon from the left menu as highlighted in the image below. You’ll be able to see all your clusters on this page.
Step 2: Click on the terminal icon at the right side of each cluster. This should open up a cluster-wide terminal access. In case you don't have the permissions, it can be enabled from the fine-grained access management provided by Devtron.
Click-on the clusters you want to get into, you will able to see a list of nodes present on that cluster. To open the terminal and access the cluster, hover into any node and click on the terminal icon as shown below.
Here you will also see all the node related metrics, including status, taints, no of pods, etc. You can also customize the appearance from the drop-down menu available on the right depending upon the requirements.
Step 3: Currently Devtron comes with four default images packed with utilities like
helm, etc. We have used
Ubuntu:Kubernetes utilities as you can see in the below image.
How to use a custom image with other tools?
Apart from the default images, it also gives you the flexibility to use your own custom images with your favorite tools to start debugging the cluster.
For example, in this blog we took the k9s image publicly available at dockerhub. As you can see in the below image, we spin-up the cluster terminal for debugging with our own custom image i.e, k9s.
Please note that here you’ll need to install
kubectl from the package manager, as this image doesn’t ship with
kubectl installed. You can download kubectl by following the instructions present at Kubernetes docs.
To harden the security process, the terminal access of the cluster is limited to one hour of inactivity, after which the service account token will expire, and you will no longer be able to communicate with the API server.
Use-Case 1: Troubleshoot Network
Before Devtron, it had been a long and laborious process involving security risks to check if a pod is connected to the internet and properly configured for networking.
Now you can spin up a new pod and figure out with all the net-tools command utilities you get. Additional tasks like verifying if the pod can resolve the DNS and checking pod communications across namespaces have become a breeze.
If you want to troubleshoot the network you should choose the
netshoot image while creating the pod for debugging. It ships with all the network debugging tools like nmap, tcpdump, iptables, tshark etc.
If you’re unsure about debugging then refer to this task from Kubernetes documentation.
Let us run a check and see if the pod can resolve google.com or not. We can execute a curl command from inside the terminal of the pod. This will ensure that we are connected to the wider internet.
The above picture shows that you have internet access and your DNS is working fine.
Use-Case 2: How to fix an entry in DNS ConfigMap?
To triage issues related to DNS configmaps, you can edit the file using kubectl command right from the terminal.
kubectl -n kube-system edit configmap coredns
The terminal gives you access to the whole cluster, and the flexibility to exercise a lot control for troubleshooting and fixing issues. This allows the team to limit super admin access to only authorized personnel and you don't have to navigate to bastion for debugging.
Use-Case 3: Authentication to the API server
If you’re interested in knowing more about how we are authenticating with api-server you can execute the following command.
kubectl get pods -v 7
In this blog, we learned about how Cluster Terminal Access can make the debugging experience a lot easier and faster for DevOps professionals and all through the single pane dashboard by Devtron. Cluster access is one of the many features that Devtron comes with and its Kubernetes Dashboard provides the end to end solution for all your Kubernetes operations.Feel free to explore Devtron. Star us if you liked the project. Star