Kubernetes UI¶
Compliant Kubernetes recommends operations to be done via script -- if possible the GitOps way -- to improve repeatability and application developer productivity, as well as reduce human errors. That being said, User Interfaces (UIs) have their advantages. In particular, they have a reduced learning curve and make features more discoverable.
Compliant Kubernetes does not come with a UI for the sake of resource efficiency. However, you can run a locally-installed Kubernetes UI yourself. We have tested:
Both of these projects are installed locally, and have no cluster-side component. Both use the exact same permissions as your Compliant Kubernetes user has. This makes it a perfectly safe and secure user interface to use and does not compromise your cluster's stability or security posture.
Note for macOS and Linux users¶
If you followed the Install Prerequisites steps of this documentation, you have probably installed the oidc-login
plugin to kubectl
via krew
.
If so, a locally-installed Kubernetes UI might not be able to find it.
That makes it fail to authenticate via Dex, the OpenID Connect provider in Compliant Kubernetes.
You have two options for making the oidc-login
plugin findable by locally-installed Kubernetes UIs:
-
Edit
~/.profile
and add:if [ -d "$HOME/.krew/bin" ] ; then PATH="$HOME/.krew/bin:$PATH" fi
-
Run the following command:
sudo ln -s ~/.krew/bin/kubectl-oidc_login /usr/local/bin
Monokle¶
To get started with Monokle:
- Make sure you performing the above changes.
- Install Monokle as instructed in the upstream documentation.
- Perform OpenID authentication via your browser.
- Make sure to select a valid namespace, since Compliant Kubernetes does not allow access to the
default
namespace.
Monokle should work out-of-the-box with Compliant Kubernetes.
Kubernetes Extension for Visual Studio Code¶
To get started:
- Make sure you performing the above changes.
- Install the Kubernetes extension as instructed in the upstream documentation.
- Perform OpenID authentication via your browser.
The Kubernetes extension should work out-of-the-box with Compliant Kubernetes.