 Hi, so welcome to our talk a walk through the Kubernetes UI landscape My name is Joakim. I work for Kinfalk as a director of product engineering and I'm here with Henning Yes, hello everyone. My name is Henning and I work for Zolando Great. So without further ado What are we here to talk about so as you know Kubernetes is a complex project and of course You know people can use the QCTL or keep control whatever you want to call it But a way to make things simpler for everybody is to use graphical user interfaces So there are lots of projects out there and we are here to talk about them So we have we had to have some criteria in selecting those projects and those are Those have to be open-source projects. They have to be Underactive development so that means that they had a release in the last 12 months They have to be used standalone. So, you know, not needing add-ons or control plane for them to be usable and They can run of course either locally or in cluster But they have to be just just that just running standalone and they have to have a graphical user interface Yeah, some of the things we look into and we will mention this is the installation So it's a project supposed to be running cluster or locally on your desktop or You know, does it have multiple cluster support or does it only manage one cluster at a time? Whether it's extensible or not read-only or whether you can read and write And other things we'll talk about. So you see these icons here. They will be on each slide in case we don't talk about this Directly, you will know hopefully what it means So let's start Yes, let's start with a Kubernetes dashboard Next slide. So the official Kubernetes dashboard is pretty old. It's Compared to the other projects. It's from 2015 first release 2016 It's a tool you deploy to a single cluster and provides Workload overview for application developers You authenticate with a service account token. So you do Qtl proxy and then Still need to copy the bearer token into the first form. It provides some features like exactly into parts locks scaling workloads and Editing your deployments, for example It also provides a nice feature for searching across different workloads in the cluster So you can quickly find what you're looking for but it has a overall a relatively limited set of features and it's not extensible so overall, I would say the oldest and official Kubernetes dashboard is Interesting to get a overview of workloads but Doesn't have too many features You might need for further troubleshooting Right and by the way, do you think Still that you know being the official dashboard. Do you think it still lives up to do its You know to do its role or do you think people should look into other things now that we've looked into a bunch of stuff. I Think it still makes sense to check out the Kubernetes dashboard But there is a huge hurdle with the authentication So it I think the project doesn't really know what it wants to be if it's now a local tool or something Deployed so you have to deploy to a cluster, but you still need to a cube config or a bearer token to authenticate So it doesn't integrate with other authentication providers So in this way, it's a little bit in between Local and hosted solutions we will see later on Right and the next one is actually You know, it has many similarities with with the the official Kubernetes dashboard. So it's also running cluster. It's also meant to only manage one cluster and It's it's not extensible as well. So this is called Kate dash and It started as a project by someone called Eric her Branson. I hope I pronounce his name correctly It was stopped for a while But then I think indeed took over and now it's managed by indeed still with with Eric on the project as far as I can see You know, this is an interesting project because like I said, it provides a good alternative to to the official dashboard in my opinion and It's also it also feels very lightweight. So, you know, the UI is kind of Snapping comparison at least last time I checked both of them That said, of course, the UI could maybe be a bit refined From a design point of view or usability One nice thing that it has that the editor shows Documentation so when you're editing some some resource so you can and you don't remember exactly when What things go here and there you can just quickly look into it Yeah, and one Things that well a difference that with with the official ones that it does not have cluster search And also when I tried it with a view only token It kind of failed to start the the you know the UI But otherwise, it's it's a good project in my opinion So you already mentioned some differences to the official Kubernetes dashboard What would you now recommend what would you install in your cluster just looking at these two? Yeah, at least from you know from when I tried the official one and Kate dash I would say I would go with Kate dash For the reasons I said but also for example, if you want to to change something On on on one of the projects. I think it should be easier to do it on Kate dash just because the code base seems You know a bit smaller than of course a project that has been here for a while like like the official Kubernetes dashboard So, yeah, I would go with this one. I think Yeah, let's have a look at another project the cubis Cubis is quite different to the other two dashboards. We saw earlier because it's really about seeing app config and state and yeah checking if the state is safe and Following some of the rules you can define in the rule editor and integrated into this project So it barely helps you analyze your cluster. You can define custom rules. For example, that you don't want to run Docker latest tag or Special settings for example requiring memory limits, etc. Etc. And you can also have custom marker icon So I think this is a really interesting tool for for example platform teams to define Compliance rules and then check the cluster Accordingly another very interesting feature is time machine So you can go back and forth into in time and see when something changed and for example correlate this when with something going wrong in your cluster So for example label edit or removed, etc. The whole tool is only single cluster and it also has a stripped down portable version Because the time machine uses my sequel database in the back end So you can use a portable version, but then you don't have the time machine. Yeah It's only a read-only tool only single cluster extensible by these custom rules Yeah, that certainly looks interesting. So my question is You you know, what do you think of this time machine feature in comparison with for example? GitOps which also give you like a way to see which operations happen Yeah, I guess the time machine is a really interesting feature and it can really help to troubleshoot if when something is going wrong and then checking what was changed in the cluster But obviously like most of the changes should be done via CICD and maybe GitOps So all the changes should be tracked in Git But you might also use something like Postgres operator or other operator which also changes cluster state So the time machine would help you see these clusters state changes, which are not reflected in Git That being said, I never tried this time machine with a big cluster with many changes going on and many resources So I'm not sure how this scales with the database Great. Yes Octane that's a pretty popular tool. It's only locally available. It was created by VMware It has a quite nice UI and it's created for developers to better understand the complexity for of Kubernetes clusters so you start a local tool and then see the UI in your browser and it has some interesting features like this object graph, so you see resources and connected resources like for a port, a service, ingress, secret, etc And it has a very nice feature of port forwarding so you can go to a port or a service and then Enable port forwarding and you don't have to switch between command line or terminal and the browser because it directly happens in your browser and you can open the The tool it also provides plugins. There's also a recent plugin created for Jenkins X So if you use that maybe worth checking out It's a little bit sad that the tool doesn't have a global search so you cannot just search for something in the in the cluster like what is integrated in Kubernetes dashboard and it provides access to multiple clusters you defined in kube config But it doesn't have any cross cluster features great so This octant opens a browser window, so it's a local application, but it does not ship. It's You know, it's on browser view or web view Like others do you think this is an advantage or a disadvantage? I Think it's both, but I certainly can see some advantages for example Using bookmarks because if you use a standalone tool, then you often yeah have not the feature of Having bookmarks in the app itself and with octant you have your normal browser You can bookmark for example your deployment or your workload you usually look at and I think that's pretty neat So you can reuse features from the browser great and the next one is actually Similar in a way, so it's also an application that one runs locally it's also a multi cluster and it was actually So it's called lens and it was actually a proprietary tool by a company called container but the company did not succeed and at that time The I think some of the employees May made this project open source and then maranth is as far as I understand Purchased or acquired the assets from Contenna and now we have an open source application So like I said, this is this is similar to to octant in a way that it runs locally But it's it's like a full application in a way that it ships It's on web view and one thing that I really really like is that the so they the user interface and the user experience is really nice It you can access a lot of information, but it all seems to be Very well, you know in a good layout and very well thought of it also has like a helm chart store and Another interesting thing is that as far as I could understand it ships Cube CTL with it. So you if you update the application you always have an updated cube CTL You can use a terminal right away from the application itself So, yeah, it does not really have cross cluster features. So no and also no like a big search or anything and It's also not extensible So it looks pretty polished lens Yeah, how would you compare to octant both tools are local. So which one should I install and use? Yeah, so both are similar that that's true for me I would probably go with lens just because I think you know in terms of of the UI It works really well and not only it looks good But it actually you know the way things are laid out again and the capabilities you have are really good So I would go with it with lens for sure Yeah, and the the next project is a very curious one that is different from the rest. It's called cube nav and Yeah, so this one works on On your mobile on your mobile phone on on your cluster and also on your desktop and it allows you to manage several clusters as well I said it was a curious one not only because it allows all this but also because You know, it's it's a mobile first in a way that as far as I understand They focus on the mobile experience first and this reflects on the desktop UI So if you if you go and you list some some of the resources available in the cluster You don't see the typical table in there. You rather see a list so and this makes things a little bit more complicated to You know to understand sometimes at least in my In my experience with it because you don't see like okay Discarding is about the the creation date You actually see an entry in the in the entry itself of the of the list with the creation date or something so that so So yeah, so there is that that downside I would say but if you're looking for something beyond the desktop This would be a solution. I think One thing that was not clear was how to authenticate with it So I think it just took whatever was on the on the cube config and also There is no class no cross cluster features. So no no global search So do you think that having a mobile app is it's important for for like managing Kubernetes testers or workloads. I think that in times where People can travel You know, maybe it's important to have a way to just quickly Check on your clusters when you when you are on the app in the airport or something But I think that for for a day-to-day operations tool I think of course, I would rather use something that focuses on On a on an experience that we used to with the with a laptop or you know, that's the computer Yeah, so the next one I have to give a small Disclosure first so this is a This is a project. I'm involved in so this is a called the headlamp and it's a project created by kinfalk You can run this project also locally as an application for your You know computer or also in the cluster it has Multi-cluster support and one of its core features is that we have what we call front-end plugins So you can have a plug-in, you know, just let's say we don't have a graph view So let's say that you want to create a graph you you can create a plug-in for that And then the idea is that the plugins are actually outside of the of the cluster, right? So sorry of the of the UI so when you start the the UI you can point it to Directly with plugins and they will be available Another thing is that the so all the cluster actions We have at the moment like editing for example a deployment or something Those have a grace period when you click apply. So if you are editing something and you click apply You you suddenly notice that you made a mistake. You can just click cancel So it gives you like a small grace period for you to Kind of undo or cancel what you were about to do Yeah, not another thing that I think it's a mix for a good user experience is that we We don't assume that the users have a full administration Capabilities in the cluster. So if you don't if you cannot really edit Resource because you don't have that role in a cluster We don't show the the edit button or the delete button for example Yeah, and we do have like stuff like keyboard shortcuts and other features, but we do not have like cross-cluster Search for example, even if we have multiple cluster support. So so that's something we don't have So what was your motivation to create headlamp? Yeah, so King folk has a Kubernetes distribution called locomotive and at first of course we wanted something that we could use as a UI for it So we looked into the existing projects And and the idea was okay. We take one of these and we modify it We we keep a fork of it or we contribute what we can back But at the point at that point we realized none of the of those projects actually had all that we wanted so we decided to create a project and UI a project but not one that was like intimate or very intimate with with locomotive Instead we wanted to create basically what we were looking for so we created this project called headlamp And the idea is that for locomotive we will take this and we will you know create a couple of Plugins that will be more intimate with this project. So hopefully other people can You know use it as well Okay, next one it's actually my project I wrote a blog post last year about Kubernetes web UIs and I didn't really find what I was looking for so I created Kubernetes web U This is really focusing on read only view for multiple clusters and advanced features so I said it's kind of a Qtl for the web and Really for support and incident response so something you would deploy as a platform team and provide this to your users so you can always use permalink to link to certain parts or certain use or Certain errors or logs and this just works across multiple clusters. It uses plain HTML and CSS it also is responsive so you can also open this on your smartphone if you're traveling and It also has multi cluster features so you can search for workloads across Many clusters and it provides advanced queries and filters So for example, you can quickly look for all nodes with a certain version or a certain taint Across many clusters. So the whole tool is customizable So you can adapt this with templating and seems and so on for your like company needs and we have it deployed in the Use it pretty frequently It also provides like some power features like just download every view as a tab separated value file So this is all kind of more like plain and simple Read-only access for multiple clusters Great so one of the of the reasons one of the differences with With the other solutions we looked into is that this one is read-only, right? Is is the read-write capability something you you you don't need or do you expect that to be added later? So my focus was really Deploying this tool in a in a bigger corporate context something like salando where we have a few thousand developers and Like normal changes are done via CICD and get operations And so I don't really want humans to interact with Kubernetes directly and change something And he's definitely not on production So this view tool was really made for having a read-only view that being said It might make sense to have some right access for emergency situations in the future But this is really not a focus or priority. So Right now Not really planned. Maybe I'll add something if I see this is really valuable for myself or others great Yeah, and next we we have a quick Mention to about this project called K9 so this is a honorable mention because it does not really fit the the criteria of having a graphical user interface But when handing an awesome Twitter that we were doing this talk many people came and said that you have to check in Nines so Yeah, so this is a like I said, this is a common line interface tool That I would say it's it's like an extension to to kubectl if you want Because it gives you like a quick UI with a listing all the all the resources you have you can change them you can, you know Describe them you can get a shell into them But this is not the project that you have to either, you know run locally as an application with a with a web view or host in your cluster So so yeah, it's also very customizable if you want to create shortcuts keyboard shortcuts that is And and yeah, it seems simple enough and besides and very importantly it has a great logo, too So would you rather use the combat mind line tool like K9s or lens or octans for local as local too? So I think you know day-to-day I would use I Would use you know a graphical tool so one that Kind of guides me a bit better or a bit more Graphically into what I need to to do But that said, you know k9s seems like a very nice tool to just if you want to quickly check something or something is going wrong You can just quickly run it and see what's up But yeah for day-to-day I would go with the with the full graphical solution Okay, let's have a quick look at other UIs So we have some UIs which were also mentioned to us, but they require a control plane or something else installed So the wrencher dashboard UI actually looks pretty nice, but it's not available standalone right now Gardener is mostly for managing clusters link ad and Istio keali Our service measures so you need them installed weave scope is also pretty nice and But requires a probe app and portana It's not really a generic when it is your eye, but now has when it is support and requires some persistency Yeah, there are also some other projects which I mentioned for example in my blog post last year But some of them are now stale so constant late It's a stale cube man. I want to mention briefly because it has a very nice approach with recipes so we can define Recipes for views and queries across clusters, but sadly now also stale cubrics Stale cubanata We looked into but the latest release is a one-year-old and on docker hub and Kubernetes is was out because it's not open source Okay, we had a look at a lot of different UIs Joachim you also credit your own UI are also credit one So what would be your summary after looking through all these different tools? Yeah, so, you know, definitely that there are plenty of solutions out there for different use cases and Yeah, and for example, I'm very happy to see that Lens made our You know our project overview, which is something it would not have if it were still proprietary But so I'm very happy that it became open source and that also means that even if it's original creators in the company Or if the company is no longer around the project can still live on and you know Create value for for its users one thing that I think it's curious that I Notice is that many of the of the projects I Tested just assume that you have like full administration capabilities or Full admin role in the in the cluster so whereas, you know, maybe you have a company that Is is you know has to really review who can actually edit stuff Update stuff and delete stuff. So see what's curious to realize that And yeah, well, what do you think on your side? Yeah, I found it interesting that the the tool landscape changes over time So we now have some stale projects which might be a little bit sad But it's also nice to see new projects like KubeNav I only discovered as part of the preparations for this talk. So it's from this year and Yeah, maybe there are also new projects in the future and for me personally, it's interesting to have this Like the one side of tools which are really used locally like octand lens canine s And which is kind of personal preference like selecting your personal IDE, right? So it's kind of in the company and you don't necessarily want to prescribe this this local tools and then there is the other side of Tools you deploy actually to cluster and it's really a difference Whether you now choose a UI based on kind of your personal needs and maybe Using this for your own cluster or something you deploy into a cluster for your users Which also I need to consider like you mentioned this limited cluster access and different roles and maybe just read only access Etc. So in in Zalando we use Kubernetes Vapu because it's created for many clusters and just read only access for Thousands of developers, but this doesn't necessarily mean that it's the right tool for for your scenario So definitely check check out these different tools and you know, you probably have your list of requirements and needs To to to evaluate the tools, but yeah, and I hope that in that regard we we gave a Simple but you know, but useful overview of different tools Also, you know check out the the ones that need the control plan if if that's fine with your deployment too and And yeah, thank you very much for for attending and if you have questions, we'll run. Thank you very much. Thank you You