I am thinking of doing a PR (or 2) to add some other relationships, just want your opinion before I spend any time of it

ConfigMaps
Secrets (maybe also linking to the tls Secrets for ingresses... Not sure if there are any other places that secrets can be related to other than ingresses and used by Pods?)

Second PR

Endpoints (not sure if most people would appreciate this as most people probably don't even know this resource exists between the service and pod). Maybe also changing it to use the convention from the official kubernetes icons style guide, solid arrow line where a resource references another, dotted where it creates? As in deployment creates ReplicaSet, ReplicaSet creates Pod, Service creates Endpoints) I realised you already Service and Endpoints

When the nginx Ingress path is not set to root , when the page loads calls to /api/scrape/default are failing as they should be getting directed to //api/scrape/default.

setting environment variable VUE_APP_API_ENDPOINT = to //api has no effect.

When the ui tries to load entrypoint the load bar gets stuck and does not format and sort the UI.

when viewing the console we see the following:

When digging into the console i see the following:

message: "Can not create second element with ID ConfigMap_wso2am-pattern-2-conf-entrypoint"

I'm running latest version of kubeview (0.1.31) and getting error below. I'm running Kubernetes v1.17.4. Does kubeview supports this version of K8s?

2021/12/01 15:29:58 ### 10.42.192.0 GET /
2021/12/01 15:30:07 ### 10.42.192.0 GET /api/scrape/default
2021/12/01 15:30:07 ### Kubernetes API error the server could not find the requested resource

Allow us to view multiple namespaces at once, selectable on demand

Is it possible to set a custom base url for Kubeview in order it to work under a subpath like https://custom.host/sub/path/?

If you have revision history on a deployment kubernetes keeps X previous replicasets and 0 pods.

So in kubeview you get the black box which pods are shown in but it is empty and looks like a tiny square.

I am having a look to figure out if it would be possible to only add the group when adding the first node but I am reporting this in case I fail...

Allow us to set some specific annotation at the deployment of objects so KubeView can Visualize if a Pod requires connectivity with other deployments / services for example.

Hi - hit an issue deploying when scoped to just a namespace. Looks like the ServiceAccount is bound to a Role which is fine for most resource types, but PersistentVolumes are only cluster scoped (AFAIK) so require a ClusterRole and ClusterRoleBinding

Steps to reproduce

• Deployed using helm
  • limitNamespace: true set in my-values.yaml
  • helm --namespace flag specified with existing namespace
• When SPA calls scrape API, 500 internal server error; logs show kubernetes error (snippet) ... cannot get resource "persistentvolumes" in API group "" at the cluster scope

Will link to a PR with a possible fix. I guess the decision is do you want to generate a ClusterRole just for PersistentVolumes or does that feel like it's sneakily breaking the 'limitNamespace' contract? Perhaps could stick this behind a different config option?

Hi Ben,

I like your idea and your project.
Do you have any plans to visualize also Kubernetes Network Policies from the networking.k8s.io/v1 API?
I mean this kind of Kubernetes ressources:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy

I started something for Network Policies myself, but I am a System Engineer and not a Developer, that is why my project contains only bash scripts at the moment. :-)
https://github.com/dmlabs/kube-defcon

Kind Regards,
Domenic

Whenever we click on the object we see highlighted object description. Please add the feature of highlighting the arrows on click on object.

Hi,

It is great tool to visualize the K8s objects. There is security concern for the secrets, users can get the secret objects and decode using base64. I tried to remove secret from the clusterrole but then kubeview does not format and sort the UI properly. It would be great if there is an option to disable the secrets.

Could you please publish the latest release to Dockerhub? It looks quite old:

• https://hub.docker.com/r/bencuk/kubeview/tags?page=1&ordering=last_updated : 1.15
• https://github.com/benc-uk/kubeview/releases/ : 1.20

Thank you

It would be great to have kubeview as a Docker Extension. With just a single click, one should be able to install kubeview on Docker Desktop with Kubernetes enabled.

When I am trying from Windows 11 PC below is the error getting.

PS C:\source\repos\kubeview\cmd\server> go run main.go
go: downloading github.com/benc-uk/go-starter v1.0.0
verifying github.com/benc-uk/[email protected]: checksum mismatch
downloaded: h1:LFUEEKd3lksZ63JFMnPNLzc0IJyz51H5FLJZSJSJOV0=
go.sum: h1:40BfCK5pslAs+vFc6zbJiKCVs/IWxiP3ZMn8+46ywXw=

SECURITY ERROR
This download does NOT match an earlier download recorded in go.sum.
The bits may have been replaced on the origin server, or an attacker may
have intercepted the download attempt.

For more information, see 'go help module-auth'.

The go version is as follows
PS C:\source\repos\kubeview\cmd\server> go version
go version go1.20.1 windows/amd64

Any help is much appreciated. I am trying to visualize the connections between the resources inside the namespace and cluster.

The readme talks about setting up the service account with service-account.yaml, but that file does not exist in the deployment directory, only in the helm chart.

I was having a very difficult time assigning the ingressClassName for the ingress. I needed to use "public" here. I would like to suggest:

./kubeview/templates/ingress.yaml:

{{- if .Values.ingress.enabled -}}
{{- $fullName := include "kubeview.fullname" . -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: {{ $fullName }}
  labels:
{{ include "kubeview.labels" . | indent 4 }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
{{- if .Values.ingress.ingressClassName }}
  ingressClassName: {{ .Values.ingress.ingressClassName }} 
{{- end }}
{{- if .Values.ingress.tls }}
  tls:
  {{- range .Values.ingress.tls }}
    - hosts:
      {{- range .hosts }}
        - {{ . | quote }}
      {{- end }}
      secretName: {{ .secretName }}
  {{- end }}
{{- end }}
  rules:
  {{- range .Values.ingress.hosts }}
    - host: {{ .host | quote }}
      http:
        paths:
        {{- range .paths }}
          - path: {{ . }}
            backend:
              serviceName: {{ $fullName }}
              servicePort: 80
        {{- end }}
  {{- end }}
{{- end }}

Then you would be able to configure your values with:

#
# If true install in single namespace mode
#
limitNamespace: false

image:
  repository: ghcr.io/benc-uk/kubeview
  tag: 0.1.19
  pullPolicy: Always

ingress:
  enabled: true
  annotations:
    cert-manager.io/cluster-issuer: mkcert-ca-issuer
  hosts:
    - host: kubeview.k8s.localhost
      paths:
        - /
  tls:
  - secretName: kubeview-cert
    hosts:
      - kubeview.k8s.localhost
  ingressClassName: public

Can Kubeview help visualize apps across multiple clusters and their service dependencies ?

When running docker run --env HOME=/home/charlie ghcr.io/benc-uk/kubeview:0.1.31 it fails with:

2021/11/30 10:01:56 ### Connecting to Kubernetes...
2021/11/30 10:01:56 ### Creating client with config file: /home/charlie/.kube/config
panic: stat /home/charlie/.kube/config: no such file or directory

goroutine 1 [running]:
main.main()
        /build/cmd/server/main.go:60 +0x6a5

The file does exist:

[charlie@localhost ~]$ ls -al /home/charlie/.kube/
total 20
drwxr-xr-x.  3 charlie charlie   33 Apr  6  2021 .
drwx--x--x. 23 charlie charlie 4096 Nov 30 10:33 ..
drwxr-x---.  4 charlie charlie   35 Apr  6  2021 cache
-rwxr-xr-x.  1 charlie charlie 9698 Nov 30 10:35 config

Line 60 is:

Would be nice if I the link can include selected namespace (and filters) so that I can bookmark or share with someone.
e.g.) kubeview.example.com?namespace=foo&filter=hello-world*

My team loves Kubeview but this was one of the feedbacks.

I cannot find any instructions on how to install the tool!
I'm using Windows. It would be great if you add more clarification on the installation process. I don't even know where to start. Here and on youtube, there is much more focus on the demo, rather than facilitating the installation process (for different platforms).

With Microsoft Edge, if I change the namespace from default to another one, I'm not able to get it working, Tab or Enter to lose the focus will get back to the default namespace.

With Google Chrome, as soon as I select another namespace in the dropdown, the main view is refreshed.

Are you able to reproduce it?

here a image of my resources in dev namespace. It's too hard to use. To many links. It will be cleaner if they were regrouped by applications

Hi,

We have been using this tool for sometime and really like it. We noticed , it doesn't show configmap and secrets for few namespaces i. During my investigation, I found if deployment have envFrom below settings then it doesn't show configmaps and secrets

• envFrom:
  • configMapRef:
    name: test
  • secretRef:
    name: test

Could you please test at your end?

If configMaps are defined below then it seems no issues

• configMap:
  name: test

Its brokes view if you have a lot of namespaces by clicking namespace dropdown button. Also it would be nice to refine namespace by writing first letters.

Some load balancer services such as MetalLB support specifying an external IP for the service. I'd like the chart to support it.

Based on the way your chart is written, since there's no service section, I guess it can just go straight in the root of the values file.

Hello,

may you please consider adding authentication to KubeView?

a curl to the the API for the kube-system namespace would return certificate files that can be used for authentication and ultimately lead to taking full control over the k8s cluster!

the request would be like this:

curl http://x.x.x.x/api/scrape/kube-system | jq | grep -P '(BEGIN|END) (RSA|CERT)'

and using the certs for auth like below:

kubectl --client-certificate=adm.crt --client-key=adm.key --certificate-authority ca.crt --server https://x.x.x.x

Please fix this ASAP to make sure everyone who uses this is secure.

Thanks in advance :)

Noticed some issues with your latest release which included a packaged helm chart.

1. the chart version is 0.0.0 in charts.yaml.
2. app version is still 0.1.17
3. values.yaml specify tag 0.1.17

Hi

I find this application quite useful. On my homelab k3s-cluster where I am the cluster admin I can deploy this app cluster wide. But in a shared cluster from a PaaS provider it is not possible to add a ClusterRole and a ClusterRoleBinding. So i made a little hack in a helm chart and replaced ClusterRole with Role and ClusterRoleBinding with RoleBinding:
cowboysysop/charts#14

The only little issues now occur:

• when I launch the app in the browser, it tries to display the default-Namespace, where it has no permissions
• the app tries to ask the k8s api-server what namspaces are available which will also fail since we have no permissions to list namespaces

Would it be a big effort to add the ability to only display the current namespace where the app is deployed in?

Cheers!
Marco

Hi there,

thanks for the effort on kubeview. Very handy tool !

Is it possible to implement it in a way that it is served from a /kubeview instead of / ?

If I use it behind a traefik ingress controller and searching for a pathPrefix - I wanna separate it from other calls on this URL.

So a URL like http://mypc.com/kubeview would be nice .

The icon for replicaset is not found in the image it appears. The for the icon at path img/res/rs-grey.svg is returning a 404:

I did a sanity check in the repo for this file in the repo and it doesn't appear to be there on master branch either.

First off, thanks for the great tool. I just happened to notice that your last two github releases are 1.1.18 and 1.1.19 instead of 0.1.18 and 0.1.19 like the tags.

Hi

I noticed the *.tgz files inside /charts directory (https://github.com/benc-uk/kubeview/tree/master/charts). Do you use the GitHub Pages feature for this repository (especially the branch gh-pages)?
Is there a reason, why you don't use a separate GitHub Action for this? Eg. you could use the helm-chart-releaser action.

in your file https://github.com/benc-uk/kubeview/blob/master/charts/kubeview/values.yaml It is trying to download 0.1.20 instead of 0.1.19, which kept giving me an error.

on some of our namespaces i get these errors in the browser's javascript console (chrome and firefox)

And that leads to the nodes being created and linked, but they are all stacked ontop of eachother:

This problem did not occur when i deployed kubeview into my HomeLab k8s cluster.
Diffrences between those 2 are:

Homelab:
No RBAC
Single Node
k8s Version 1.20

Other Cluster:
RBAC
Multi Node
k8s version 1.18

Logs of the pod are not showing anything suspicious.

i assume that the function that renders out the map is called to early since the loading animation is still displayed at that time, so i think it tries to render before the API call to get all the objects in the namespace is completed. does that make sense?

After updating to v0.1.11 with kubectl set image the new pods were crashing due to an error with the k8s configuration.

It seems to be related to the removal of IN_CLUSTER=true in the Dockerfile.

I will perform additional diagnostics and add the info here.

Log:

2020/03/12 13:30:17 ### Kubeview v0.1.11 starting...
2020/03/12 13:30:17 ### Connecting to Kubernetes...
2020/03/12 13:30:17 ### Creating client with config file: /.kube/config
panic: stat /.kube/config: no such file or directory

goroutine 1 [running]:
main.main()
	/build/cmd/server/main.go:59 +0xc54

PS: Thanks for all the upgrades! Great stuff! 👏

Seems like you forgot update image tag in helm chart

Although secrets' content is __VALUE REDACTED__, it's still possible to see full secret in the kubectl.kubernetes.io/last-applied-configuration annotation. It probably makes sense to simply drop this annotation from the full object view for Secret.

While running ./serve, I got this error.

panic: no Auth Provider found for name "oidc"

goroutine 1 [running]:
main.main()
/kubeview/cmd/server/main.go:66 +0xc29

#service.yaml

apiVersion: v1
kind: Service
metadata:
  name: {{ include "kubeview.fullname" . }}
  labels:
{{ include "kubeview.labels" . | indent 4 }}
spec:
  {{ if .Values.ingress.enabled }}
  type: ClusterIP
  {{ else }}
  type: LoadBalancer
  {{ end }}
...

We use a proxy that covers authorization logic and in such setup the app does not need neither Ingress, nor LoadBalancer.

Please add support for ClusterIP no matter if Ingress is enabled or not.

I have 2 projects with kubeview,
in one of them I see all green healthy pods, but in another I see some are greyed out and deployment icons are missing.
I cannot draw any reason so as to why this is occurring in one project and not other (both projects are identical just environment is different)

Version: v0.1.11 (Helm chart)

Hi,

Recently, I have upgraded to new Kubernetes v1.21.5 and ingress controller. After deploying the kubeview, pods are appearing in grey color , green/red colors are missing in the gui if we access the kubeview URL. It seems kubeview cant scrap the ingresses and can see the below in the logs

eW0927 02:08:34.821764 1 warnings.go:67] extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress
2021/09/27 02:08:36 ### 10.243.166.2 GET /api/scrape/smoketest

I believe kubeview is scrapping through the ingresses through the old API extensions/v1beta, am not sure

Please add support for custom object annotations.

# templates/service.yaml

apiVersion: v1
kind: Service
metadata:
  name: {{ include "kubeview.fullname" . }}
{{- if .Values.service.annotations }}
  annotations:
{{ toYaml .Values.service.annotations | indent 4 }}
{{- end }}
...

# values.yaml

service:
  # annotations:
  #   service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0"
  type: ClusterIP     # ← as per https://github.com/benc-uk/kubeview/issues/71

Same improvement can be added to other Yaml-resources.

Additionally, it would be nice to support extra labels.

For example in the kube-system namespace etcd-master isn't part of a ReplicaSet, DaemonSet or StatefulSet so you get an error

TypeError: Cannot read property '0' of undefined

caused by

let owner = pod.metadata.ownerReferences[0];

It looks like further down you do check if ownerReferences is set before using it

for(let ownerRef of pod.metadata.ownerReferences || []) {

Hi,

I just thought to give you some feedback about this project, great tool. Currently, I am using 1.17 version and in this version I can remove secrets from the clusterrole and app works fine. I dont want to display secrets because secrets are in base64 and anyone can decode easily.

But new version 1.20 , if I remove secret from clusterrole I get below errors

2021/02/09 23:29:36 ### 10.243.167.1 GET /api/scrape/smoketest
2021/02/09 23:29:36 ### Kubernetes API error secrets is forbidden: User "system:serviceaccount:kubeview:kubeview-helm-kubeview" cannot list resource "secrets" in API group "" in the namespace "smoketest"

Could you please fix this in all new versions? As I said, it is working fine in 1.17 if I remove secret from the clusterrole.

Secondly, it would be great if pods logs can be displayed as well, feature request.

It would be nice if you could package your helm chart as *.tgz and make it available through one of these portals:

• https://artifacthub.io/packages/search?page=1&ts_query_web=kubeview
• https://hub.helm.sh/

When this takes too much time it would be nice to upload it at least as a release tgz-package to the releases section here on GitHub.

Hi,

Would it be possible not to show all pods under a statefulset or deployment ?
It can get messy if i try to plot a diagram of a deployment with 10 pods, just showing the deployment icon there (eventually with a double click on it to expand the underneath pods) would suffice

Kubeview: master branch
Kubernetes: 1.14.x
Browser: Chrome

Sometimes Ingress object can have the following status:

  status:
    loadBalancer:
      ingress:
      - {}

Which leads to UI errors in InfoBox when clicking on Ingress node on the UI

TypeError: Cannot read property 'toString' of undefined
    at o.status (InfoBox.vue:136)
    at nr.get (vue.runtime.esm.js:4479)
    at nr.evaluate (vue.runtime.esm.js:4584)
    at o.status (vue.runtime.esm.js:4836)
    at o.u (InfoBox.vue?d998:1)
    at o.t._render (vue.runtime.esm.js:3548)
    at o.r (vue.runtime.esm.js:4066)
    at nr.get (vue.runtime.esm.js:4479)
    at new nr (vue.runtime.esm.js:4468)
    at In (vue.runtime.esm.js:4073)

This is happening because in this line (InfoBox.vue:136) ingress.ip in undefined:

statusCopy.loadBalancerIPs += (ingress.ip.toString() + ' ')